Fiat-Chrysler said today it was launching a voluntary recall of 1.4 million cars, trucks and SUVs out of “an abundance of caution,” following a demonstration earlier this week by Wired magazine from two hackers who took remote control of a Jeep Cherokee’s brakes and other systems. The hackers gained access through the Uconnect touchscreen entertainment system — a route they said could be available to any Fiat-Chrysler vehicle with the system installed. The recall covers vehicles equipped with 8.4-inch touchscreens, including Dodge Vipers, Ram pickups, Jeep Grand cherokees, and more.
When the story first broke this week, Fiat Chrysler has said a not a lot of vehicles were affected, and that it would offer a free software update that owners could download and install themselves via USB drive. Today’s move not only raised the number of vehicles affected; owners will get the USB directly from Chrysler, instead of going to a dealer as with a traditional recall.
Fiat Chrysler also said it had changed its controls over the network-level access to block the technique used by the hackers; they had found that every affected car was transmitting its IP address over the Sprint cellular network.
“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” Fiat Chrysler said in a statement.
While this isn’t a traditional safety recall, the National Highway Traffic Safety Administration said it would open a separate probe to investigate Fiat Chrysler’s handling of the problem. Fiat Chrysler revealed in documents given to the agency that it first became aware of the software flaw in January 2014 — 18 months before the Wired article.