Fiat Chrysler issues voluntary recall for vehicles at risk for software hack

DETROIT – FCA US LLC is conducting a voluntary safety recall to update software in approximately 1.4 million U.S. vehicles that could be at risk for being hacked remotely.

"No defect has been found. FCA US is conducting this campaign out of an abundance of caution," the automaker said in a statement (read it in full here). "The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration."

Affected are certain vehicles equipped with 8.4-inch touchscreens:

  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures. Alternately, customers may visit http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.

Customers are urged to acquire the software update. Those with questions or concerns may call the FCA US Customer Care Center at 1-800-853-1403.

What happened: Chryslers can be hacked over the Internet

The core problem? A flaw in the wireless service Uconnect that connects these cars to the Sprint cellphone network. Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire.

Researchers, Charlie Miller and Chris Valasek, first demonstrated the hack to Wired Magazine by remotely hijacking a Jeep Cherokee driven by a news reporter.

The researchers have concluded that the vulnerable Chrysler models are those from late 2013, all of 2014 and early 2015 that are loaded with Uconnect and the full navigation displays.

But Miller said there could be other vehicles with this weakness that he isn't aware of. The researchers did not test any cars made by Ford, General Motors or others -- but only because they're a tiny team that lacks the funding to keep buying cars and the time to break into them.