FCA US LLA -- Chrysler, in other words -- is recalling about 1.4 million vehicles to fix a flaw in their Uconnect softeware that makes it possible for hackers to remotely seize control of a car if they know its IP address.
Customers affected by the recall will receive a USB stick to upgrade their. Alternately, customers may visit http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.
The recall affects models with 8.4-inch touchscreens, including:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
The flaw was revealed earlier this week when cyber-security researchers Charlie Miller of IOActive and Chris Valasek (formerly with the NSA) went public with news of the security vulnerability, which they had discovered nine months earlier.
Miller and Valasek told Chrysler of the problem, then kept quiet about it for nine months while Chrysler figured out how to fix it.
On July 16, FCA made its first (thickly veiled) public reference to the problem, when it published an eye-glazing press release headlined “FCA US LLC Releases Software Update to Improve Vehicle Electronic Security and Communications System Enhancements.”
The announcement that followed made absolutely no mention of “security flaws” or “hackable exploits” or anything negative; instead, it boasted of a new “software update” which “offers customers improved vehicle electronic security and communications system enhancements” at absolutely “no cost to customers.”
Three days after that, on July 24, FCA published another statement which said that the number of affected vehicles is actually closer to 1.4 million. That, at least, is the number of vehicles subject to the “voluntary safety recall” FCA said it is conducting in order to apply a software update, aligning with “an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action.”