Chrysler recalls 1.4M cars over hacking fears

Chrysler said Friday it was recalling roughly 1.4 million vehicles after security researchers exposed a flaw that allowed hackers to kill transmissions remotely.

The recall affects several models of Dodge, Jeep and Chrysler cars.

{mosads}The company maintained it was conducting the recall “out of an abundance of caution” and not because of any reports that hackers had actually exploited the security defects.

Earlier this week, two security researchers demonstrated that they could remotely hack and take control of a Jeep Cherokee on the highway while stationed in a house 10 miles away.

The event was profiled in Wired, which had a reporter stationed in the Jeep as the researchers manipulated the air-conditioning, toggled on the windshield wipers and then cut the transmission.

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” the company said in a release. “No defect has been found.”

Chrysler said it has already updated the cellular network within the affected cars to block remote access to several of the vehicle systems that researchers manipulated in the demonstration.

But the automaker is also sending affected owners a USB device “that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures,” the company said.  

After Chrysler’s announcement, the National Highway Traffic Safety Administration launched a “recall query” into the action.

In a statement to The Wall Street Journal, NHTSA Administrator Mark Rosekind said the query would allow them to closely asssess Chrysler’s response.

The agency, Rosekind said, “encouraged” the recall, “which meets the critical responsibility of manufacturers to assure the American public that vehicles are secure from such threats, and that when vulnerabilities are discovered, there will be a swift and strong response.”

Earlier this week, Sens. Richard Blumenthal (D-Conn.) and Ed Markey (D-Mass.) introduced legislation that would direct federal regualtors to issue strict cybersecurity requirements for automakers.

Markey on Friday chastised Chrysler over reports the company had know about the flaw for nine months. 

“There are no assurances that these vehicles are the only ones that are this unprotected from cyberattack,” he said in a statement. “A safe and fully-equipped vehicle should be one that is equipped to protect drivers from hackers and thieves.”

— Updated 4:28 p.m.