X
Tech

Chrysler recalls 1.4M vehicles at risk of hack

The voluntary recall comes just days after a report showed how a car can be remotely hijacked.
Written by Zack Whittaker, Contributor
thumb.jpg
Inside a Chrysler vehicle
(Image: CNET/CBS Interactive

Chrysler is recalling more than a million vehicles thought to be affected by a remote hijacking flaw.

The company said Friday that it has applied "network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report" as of Thursday, but was also offering additional steps to patch the flaw.

The recall is voluntary, and is being carried out of an "abundance of caution," the statement read.

On Tuesday, Wired demonstrated a vulnerability in the Uconnect in-vehicle software allowed two security researchers to remotely hijack and control a moving vehicle. The software flaw allowed the hackers to remotely turn on and off the brakes, interfering with the driver's visibility by switching on the windshield wipers, and shutting off the engine.

Chrysler said it was "unaware" of any injuries or complaints related to the software vulnerability outside of the media report.

Although the Wired report suggested just shy of half a million vehicles in the US are vulnerable to the flaw, Chrysler said 1.4 million vehicles are affected -- more than three-times the initially reported figure.

It's not clear if international models are affected, though a spokesperson told the BBC that no vehicles in the UK were affected.

Vehicles equipped with 8.4-inch touch screens are affected across these product lines:

  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

The company said car owners will receive a USB stick that upgrades the vehicles firmware which "provides additional security features independent of the network-level measures."

The software could not be applied automatically and over-the-air, the company said previously.

Editorial standards