Chrysler recalls 1.4m hackable cars to prevent ‘cyber carmageddon’
Issued on: Modified:
Fiat Chrysler ordered on Friday the recall of 1.4 million vehicles to upgrade their security systems after two researchers revealed that they took control of a jeep SUV over the Internet, with absolutely no physical access to the car.
Imagine your brand-new car slipping out of control, steering itself into oncoming traffic or braking suddenly while you’re driving at high speed. This is exactly the kind of disaster Fiat Chrysler is hoping to avoid by recalling 1.4 million vehicles in the United States after cyber security researchers managed to take remote control of a Jeep Cherokee for the first time.
A writer for US technology publication Wired described the wireless carjacking simulation in excruciating details on July 21. His account of the experiment, in which he played the role of the driver, reads like a horror movie script.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip-hop station (…) Then the windshield wipers turned on, and wiper fluid blurred the glass”, wrote Andy Greenberg.
The two hackers, Charlie Miller and Chris Valasek, were located around 16 kilometres away from the highway where the Wired writer was driving his SUV. When they decided to turn off the Jeep’s engine, Greenberg couldn’t resist anymore: he grabbed his phone and begged for the hackers to stop the experiment.
‘1.4 million lives on the line’
The vulnerability exposed in Chrysler’s Uconnect dashboard computers appears to be a wake-up call for the auto industry.
Cars are increasingly vulnerable as automakers add Internet-connected features, ranging from simply opening a vehicle with a smartphone to in-car entertainment systems capable of downloading content off the web. Other possibilities include applications that would process data about a driver's position to offer location-based advertisements and promotions, or systems helping drivers to plan their commutes based on real-time traffic measures.
Turning vehicles into networked computers on wheels means that online security has immediate implications for the drivers’ safety.
"I think it's a pretty big deal," James Carder, chief information security officer at LogRhythm, a security firm, told the AP news agency. "This isn't intellectual property going out the door, this is 1.4 million lives on the line".
This 2.0 carjacking promptly drew the attention of government safety regulators, who opened a probe into the Jeep incident. The National Highway Traffic Safety Administration (NHTSA) said on Friday it will investigate whether the fix offered by Fiat Chrysler – a USB stick containing a security upgrade – is enough to protect drivers from remote online attacks.
In this age of hackable cars, both manufacturers and authorities are now working to develop online security testing with as much scrutiny as they designed mechanical safety tests in the 20th century.
Daily news briefReceive essential international news every morningSubscribe