Fiat Chrysler Automobiles (FCA) has announced a software update for its models to improve safety.
FCA quietly made the safety update announcement on July 16, which at the time went mostly unnoticed. That is until news broke five days later on Wired that two hackers were able to access many functions on a 2014 Jeep Cherokee remotely.
Charlie Miller and Chris Valasek, two professional hackers, were able to remotely take control of the vehicle’s air conditioning, radio and windshield wipers, all from the comfort of their living room. They were also able to disable the brakes and shut off the vehicle’s engine.
They accessed the Cherokee through a vulnerability in FCA’s Uconnect infotainment system, which hooks up to the internet using a cellular data connection.
The hackers notified FCA of the weakness and worked with the company to come up with a secure solution to protect the brand’s vehicles from hackers.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems,” said FCA in a statement.
The software update will be provided at no cost to customers and also includes other improvements to the system. “Customers can either download and install this particular update themselves or, if preferred, their dealer can complete this one-time update at no cost to customers.”
The 8.4-inch touchscreen Uconnect system is available on all 2013-2014 Chrysler, Dodge, Jeep and Ram vehicles along with the 2015 Chrysler 200.
Miller and Valasek say that they plan on releasing part of the code at the Black Hat security conference, though they say it won’t be enough to allow other hackers to access Chrysler’s Uconnect system. Despite this, FCA is not in favor of the idea, saying “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorised and unlawful access to vehicle systems.”