DETROIT — Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the U.S. just days after two hackers revealed that they took control of a Jeep Cherokee SUV over the Internet.
The company also disclosed in government documents that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it. On Thursday, Fiat Chrysler sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks, the automaker said in a statement.
The vulnerability exposed by the hack rippled through the auto industry and drew the attention of government safety regulators, who on Friday opened an investigation into the Jeep incident.
The National Highway Traffic Safety Administration said it would find out which other automakers use the same radios. It came as the industry is rapidly adding Internet-connected features such as WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks.
“I think it’s a pretty big deal,” said James Carder, chief information security officer for LogRhythm Inc., a Boulder, Colorado, security company. “This isn’t intellectual property going out the door, this is 1.4 million lives on the line.”
Automakers, he said, have become accustomed to testing mechanical safety, but most aren’t doing enough online security testing. Carder said he wouldn’t be surprised to see a few more recalls as automakers check vehicle security. He noted that Internet-accessible cars have only been around for a few years, limiting the number of cars and trucks that could be affected.
Shortly after the hack was disclosed in a Wired magazine article this week, Fiat Chrysler said it would contact owners of vehicles and offer software updates to fix the problem. But documents show that the wider recall came at the urging of government safety regulators.
Fiat Chrysler, which already is facing penalties from NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims. The company also implied in its statement that the hackers broke the law by manipulating a vehicle remotely without authorization.
The fix came after two well-known hackers, Charlie Miller and Chris Valasek, remotely took control of the Cherokee through its UConnect entertainment system. They were able to change the vehicle’s speed and control the brakes, radio, windshield wipers, transmission and other features. They estimated 471,000 vehicles were vulnerable.
Miller said Friday that he didn’t think Fiat Chrysler’s statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said.
Copy the Story LinkSend questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.