Feds Examine Fiat-Chrysler's Cyber-Hacking Recall; Lawmakers Fret Over Security Concerns | Edmunds

Feds Examine Fiat-Chrysler's Cyber-Hacking Recall; Lawmakers Fret Over Security Concerns


WASHINGTON — The National Highway Traffic Safety Administration is reviewing Fiat-Chrysler's recall of 1.4 million vehicles over fears about remote hacking as lawmakers continue to express concerns about cyber-threats that one U.S. senator called "real and urgent."

NHTSA posted its official investigation into what is said to be the first cyber-security recall in U.S. history on its Web site on Saturday, saying it wanted to better assess the remedy proposed by the automaker.

"A recall query has been opened to investigate the number and models of affected vehicles, the effectiveness of the recall remedy and whether any other security vulnerabilities exist in the recalled population," it said.

The recall covers certain 2013-'15 Chrysler, Dodge, Jeep and Ram vehicles equipped with Uconnect 8.4AN/RA4 and 8.4A-RA3 model radios that have software security vulnerabilities which may allow unauthorized third-party access to some networked vehicle control systems.

The recalled vehicles include the 2014-'15 Dodge Durango, Jeep Grand Cherokee and Jeep Cherokee SUVs and 2015 Chrysler 200, 300, Dodge Charger and Dodge Challenger vehicles.

The 2013-'15 Dodge Viper is also included in the recall, along with 2013-'15 Ram 1500, 2500, 3500 and 4500/5500 pickup trucks.

Federal safety regulators also want to know if similar radio units have been supplied for use in other vehicles.

Lawmakers, including Sen. Richard Blumenthal (D-Conn.), continue to weigh in on growing concerns about security gaps in U.S. cars and trucks.

"Cyber-threats in cars are real and urgent, no figment of the imagination — as this huge recall demonstrates," Blumenthal said in a statement. "Incredibly, Chrysler delayed disclosing this chilling cyber-security danger egregiously and inexcusably, and strong sanctions are appropriate to send a message that other auto manufacturers will heed.

"This recall is powerful evidence of spreading cyber-security threats in all cars — demanding strong protections and a potential investigation by NHTSA."

Sen. Edward Markey (D-Mass.) called for scrutiny of other vehicles on the road to make sure no security gaps exist.

"There are no assurances that these vehicles are the only ones that are this unprotected from cyber-attack," Markey said in a statement. "A safe and fully equipped vehicle should be one that is equipped to protect drivers from hackers and thieves."

He added: "Automakers and NHTSA should be immediately taking steps to verify that other similar vulnerabilities do not exist in other models that are on the road."

U.S. Energy and Commerce Committee Chairman Fred Upton (R-Mich.) and Ranking Member Frank Pallone, Jr, (D-N.J.) also issued a statement demanding that automakers and NHTSA work to meet the "challenges of the 21st century.

"Cars today are essentially computers on wheels, and the last thing drivers should have to worry about is some hacker along for the ride," they said.

But Edmunds.com Senior Consumer Advice Editor Ron Montoya has some reassuring words for anxious drivers.

"It's important to reiterate that there is no real safety threat to FCA owners," Montoya said. "The hack was an isolated incident that was performed on one specific vehicle and it was not something that could be replicated on a mass scale. Nevertheless, automakers recognize this as a very important issue and they're proactively working to identify flaws in their own connected systems and address whatever issues they may find."

Fiat-Chrysler is urging owners of the affected vehicles to acquire and install a software update to guard against hacking. Owners with questions or concerns may call Fiat-Chrysler Vehicle Care at 1-877-855-8400.

The automaker last week said it is conducting the recall "out of an abundance of caution" and that "no defect has been found."

Fiat-Chrysler told federal safety regulators that a previously open port on the radio of the recalled vehicles was remotely closed by the cellular provider on July 22, immediately eliminating any risk of long-range, illegal and unauthorized remote hacking.

Edmunds says: Software security vulnerability in cars and trucks will continue to be an urgent topic in the months and years to come.

Leave a Comment
ADVERTISEMENT
ADVERTISEMENT