In the wake of Wired’s report about a terrifying exploit found to affect Fiat Chrysler Automobiles’ (FCA) UConnect software, more than 1.4 million cars have been recalled. Discovered by a pair of security researchers, the exploit gives hackers the ability to remotely control an FCA car, from simple functions like climate control and windshield wipers, to more serious systems, like brakes, steering and transmission.
Owners of these vehicles can manually install a software fix themselves. Or, if you have the patience, go into a dealer and let them take care of it for you. Over 10 different FCA models are affected by the security hole, to the tune of 1.4 million cars. The full list is below.
Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
Additionally, FCA has setup a website where you can input your VIN to see if your vehicle is among the recall. Although your car might be vulnerable to an attack, the silver lining here is that nothing has been reported in the wild. What Wired experienced was a controlled demonstration, and the security researchers were professionals who knew what they were doing. Chances are your run-of-the-mill criminal won’t have the tools necessary to execute such a hack.
But let’s not let FCA off the hook that easy. Having such a huge security hole in your onboard infotainment software is incredibly worrying, especially on such a wide level. Although a fix is available, who’s to say more exploits won’t be found buried inside UConnect?
If your car is on the list, it’s probably a good idea to install the fix as soon as possible.