If you own a newer Jeep Grand Cherokee, you will want to check this out: Fiat Chrysler Automobiles is recalling 1.4 million cars due to a security flaw that leaves the vehicles vulnerable to complete takeovers from hackers.
The software that powers millions of cars can be used to take control over the vehicles, cutting transmission and endangering the people in the car. A Wired investigation demonstrated how hackers can exploit a security hole in its UConnect software installed in many of the company's popular new models.
People who own those millions of cars won't all get shiny, new, unhackable versions of their rides. They will just get a USB stick. FCA's recall will give people a software update on a USB that fixes the security hole discovered by researchers.
FCA published a full list of the car models that are vulnerable to total takeovers from hackers:
Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
If you're not sure if your vehicle is affected, FCA has a website where you can input your Vehicle Identification Number to see.
This doesn't mean you need to panic. It's scary that cars with internet-connected software are now vulnerable to cyberattacks, but this exploit hasn't been used "in the wild". The researchers who found it had access their test car's IP address, and they're experts. It's not like run-of-the-mill car car jackers will know how to manipulate this flaw. This does mean that it's time for car makers to double down on prepping their car software against thieves and trolls who want to exploit it.