FCA takes steps toward unhacking its vehicles

Software download patches vulnerabilities with 8.4-inch touchscreen

Published: September 7, 2015, 10:00 AM
Updated: September 11, 2015, 11:32 PM

2014 Jeep Cherokee UConnect screen

Fiat Chrysler Automobiles (FCA) is fighting back to unhack the Jeep Cherokee at the centre of the vehicle hacking controversy.

The story revolved around well-known hackers Charlie Miller and Chris Valasek, who spent a year gaining remote access to the electronic controls of Miller’s 2014 Jeep Cherokee via the 8.4-inch touchscreen. They were able to completely brake the vehicle and take control of the steering, eventually guiding it into a ditch.

FCA was quick to ascertain that the vehicle had been worked on for quite some time in order to have its systems hacked, and that it wasn’t a hack of vehicle systems but of one particular vehicle’s systems as part of research into automotive cybersecurity. The pair of hackers has reportedly communicated their findings with FCA, and the company reiterates that it is not aware of any “unauthorized” incidents of hacking into its vehicles’ systems.

Still, after becoming aware of the vulnerabilities of its systems, FCA has reacted with a patch for 2014 and 2013 model year vehicles while fixing the systems in its 2015 models. The company has also been working with supplier to implement additional protocols to block remote access to vehicle systems.

The software update is available for download to a USB drive at for installation in the vehicle via the USB port used to plug in mobile devices. The company says it takes about 30-45 minutes and the vehicle has to be parked during the installation process.

FCA will be contacting customers of affected vehicles, urging them to take their vehicles to the nearest dealership to have the software updated, if they are unable or unwilling to do it on their own. Customers can also check with the FCA customer care centre at (877) 855-8400 to see if their vehicles are affected and if they need help with the software download/installation.

Potentially vulnerable vehicles (those equipped with the 8.4-inch touchscreen) are 2013-14 Ram pickups of all payload capacities and bodystyles, 2013-14 Vipers, 2014 Jeep Cherokees and Grand Cherokees, 2014 Dodge Durangos and some 2015 Chrysler 200s.