Uconnect | July 24 2015

Unhacking the hack: Ensuring security

Actions speak louder than words.

When we first learned of the ability for others to hack into some of our 8.4-inch touchscreen systems, we developed, tested and implemented a software patch. Owners had the option to see if their vehicle was affected and if so, they could install the update.

Since then, we’ve taken more steps to ensure the confidence and security of our customers.

Note that, we began distribution of that first software before any compromise was demonstrated. Subsequently, we proactively opened a dialogue with NHTSA and decided, in an abundance of caution, to continue the distribution under the auspices of a recall. This will maximize awareness of the software’s availability and expedite its proliferation

On July 23, 2015, FCA US applied network-level security measures to prevent the type of remote manipulation demonstrated in the July 21 WIRED story. Those security measures block remote access to certain vehicle systems and were fully tested and implemented within the cellular network.

The recall FCA US issued today (July 24) provides additional security features to the affected 8.4-inch touchscreen systems and vehicles (listed below).

Owners of the approximately 1.4 million U.S. vehicles in the recall will receive a USB drive in the mail with the software update preloaded on it. Owners may use the USB to upgrade vehicle software themselves or they can visit their local CDJR dealer to have a dealer technician install the software. (See our previous blog post for details if you want apply the update yourself.)

In the meantime, customers may visit http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.

The following vehicles below are the affected models that may use the impacted 8.4-inch touchscreen systems:

  • 2013-2015 Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep® Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

As was noted in the initial story, the ability to hack a vehicle is not easy. It took the two security researchers, Charlie Miller and Chris Valasek, months to tap into and control certain systems of Miller’s SUV. They are experts.

The software update addressed by the recall, after the security steps we took July 23, would require unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write the appropriate code.

There is no defect in the affected 8.4-inch touchscreen system. We have taken these additional steps to demonstrate that the security of our customers is truly a priority.