Fiat Chrysler has issued a voluntary recall of roughly 7,810 SUVs sold in the United States over a security flaw which could allow attackers to remotely control a vehicle.
The recall affects variants of the 2015 Jeep Renegade SUV models which are equipped with 6.5-inch touchscreens. However, the automaker says over half are still in the hands of dealers and will be patched and serviced before being put on sale to the public.
In July, two researchers unveiled a vulnerability in the Uconnect connected car system, used in a number of Fiat Chrysler's models. The flaw allows attackers to remotely control a car and perform actions including switching off the engine, which is naturally a serious threat to driver safety.
As a result, the company issued a recall for 1.4 million vehicles thought to be affected by the issue.
In a statement, Fiat Chrysler said measures have already been applied to stop this kind of cyberattack, and the remote block access controls issued "require no customer or dealer actions," commenting:
"The campaign -- which involves radios that differ from those implicated in another, similar recall - is designed to protect connected vehicles from remote manipulation. If unauthorized, such interference constitutes a criminal act.
The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents - independent of the media demonstration."
The automaker says customers can use this online service to check if their vehicles are included in the recall based on their Vehicle Identification Numbers (VINs). If so, the software can be downloaded, or from September 5, dealership technicians will perform the update on their behalf at no charge.
Affected customers will also automatically receive a USB device which they may use to upgrade vehicle software in the post, although this is not recommended by those in the security field.
Plugging a USB key which has been who-knows-where into your mode of transport is frankly more dangerous and may pose far more of a threat to personal safety than remote attacks -- as you have no way of knowing if the flash drive has been compromised with malware or malicious software.
The company said it is recalling the cars "out of an abundance of caution," and while the hack has cost the company dearly, there is a silver lining -- Fiat Chrysler is, at least, establishing a system quality engineering team to improve the quality of vehicle software.
Read on: Top picks
- How to access Wi-Fi anonymously from miles away
- Apple OS X zero-day flaw hands over root access without system passwords
- Getting physical: A $10 device to clone RFID access keys on the go
- Strike the source: RIAA targets BitTorrent protocol to block pirate content
- Three top tips to keep connected cars safe from hackers