Fiat Chrysler Automobiles, under pressure from federal regulators,
said Friday it will recall 1.4 million cars and trucks to protect them
from cybersecurity attacks just days after Wired magazine revealed that a
Jeep Cherokee could be hacked remotely
The National HIghway Traffic Safety Administration has launched an investigation so it can closely monitor the recall.
The
automaker's decision to take action reflects the new automotive
regulatory environment following the high-profile massive recalls for
defective ignition switches last year by General Motors and the ongoing
recall of millions of airbags by Takata.
Mark Rosekind, who was
sworn in as the administrator of the NHTSA in December, said Friday that
his agency encouraged FCA to move quickly to issue recall notices and
beef up the security of the software in the vehicles.
"Launching a
recall is the right step to protect Fiat Chrysler’s customers and it
sets an important precedent for how NHTSA and the industry will respond
to cybersecurity vulnerabilities," Rosekind said in a statement.
FCA
also has been under pressure from NHTSA to take action faster on safety
issues and to work harder to communicate with customers when their cars
are affected by recalls.
“Opening this investigation will allow
NHTSA to better assess the effectiveness of the remedy proposed by Fiat
Chrysler," Rosekind said.
FCA's announcement also prompted a number of politicians to pounce on the issue.
"A
safe and fully-equipped vehicle should be one that is equipped to
protect drivers from hackers and thieves," Sen. Edward Markey,
D-Mass., said in a statement.
Markey and Sen. Richard Blumenthal,
D-Conn., introduced legislation to establish federal standards to secure
cars and protect drivers’ privacy. A group of automakers began working
on the development of cybersecurity standards about a year ago.
"Congress
needs to pass legislation that ensures automakers put in place minimum
standards to protect drivers in these connected cars," Markey said.
The
issue burst into the limelight on Tuesday when Wired magazine published
a story detailing how its security experts were able to remotely
hack into a 2014 Jeep Cherokee's Uconnect infotainment system while it
was being driven. They disabled the SUV's engine functions and
controlled interior features such as air conditioning, locks and the
radio.
"To FCA's knowledge, there has not been a single real world
incident of an unlawful or unauthorized remote hack into any FCA
vehicle," Gualberto Ranieri, a spokesman for the automaker said in a
blog post on Wednesday.
On Friday, when it announced its
recall, FCA said it has developed network-level security measures
designed to prevent "the type of remote manipulation demonstrated in a
recent media report."
The automaker said it will update the
software in the infotainment system of the cars it is recalling by
sending customers a USB drive that can be used to download new
software. The cars and trucks under the recall are equipped with
8.4-inch touchscreens on the following models:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Customers
who own cars subject to the recall will not need to take them to
dealers. They will receive a USB drive in the mail that is plugged into
the vehicles. The USB drive provides additional security features.
Owners who are not comfortable installing the software themselves can take their car to a dealer.
Also,
customers who want to check if their vehicle is affected by the recall
can visit www.driveuconnect.com/software-update/ to see if their vehicle
identification numbers is included in the recall.
"It's important
to reiterate that there is no real safety threat to FCA owners,"
said Edmunds.com consumer advice editor Ron Montoya. "This week's hack
was an isolated incident that was performed on one specific vehicle and
it was not something that could be replicated on a mass scale."
But
James Carder, chief information security officer for LogRhythm, said
the rapidly increasing inter-connectivity of today's cars makes it
necessary for automakers to increase the attention they pay to
preventing security breaches.
"The responsibility of the
manufacturers is to ensure that any Internet accessible application used
in a vehicle has gone through rigorous security testing, not just
functional testing," Carder said. "Vulnerabilities in a system as
powerful as Uconnect places human lives in danger."
The Wired magazine report came at a particularly sensitive time for FCA and its relationship with NHTSA.
Earlier
this month NHTSA took the rare step of holding a hearing to hear
testimony from the automaker and others for its handling of 23 recalls
involving about 11 million vehicles.
FCA could face fines or other
penalties - including a requirement that it buy back vehicles from
consumers - after National Highway Traffic Safety Administration
officials concluded that the automaker failed to follow federal laws
requiring expeditious recall notifications and fixes.
FCA CEO Sergio Marchionne said last week the automaker is in talks with U.S. highway safety regulators to settle those issues.
"We have to continue to work with the agency to put us on the right path," Marchionne said.
U.S.
Transportation Secretary Anthony Foxx acknowledged the settlement
discussions with FCA at a breakfast Friday morning in Washington, D.C.
"I
would urge you to give us some time. We’re working very hard to get
these issues closed out. But I don’t have any news for you this
morning," Foxx said.
Contact Brent Snavely: 313-222-6512 or bsnavely@freepress.com. Follow him on Twitter @BrentSnavely.
USA Today reporter Bart Jansen contributed to this report.
No comments:
Post a Comment