Today we need to talk to you about something important. Recently, you may have seen an article from Wired about a demonstration of a remote attack on a Jeep Cherokee. We take your safety very seriously, so we want to bring you up to speed on the contents of the article, the official response from Fiat Chrysler Automobiles (FCA), and the steps you can take to protect your vehicle from vulnerability.
Is my vehicle vulnerable to cyber-attack?
The Wired article details one reporter’s interaction with two cyber security specialists who discovered a vulnerability in the firmware of a number of vehicles. They spent a year developing a method to wirelessly breach the vehicle’s head unit, which allows them to control certain parts of the vehicle remotely, even while being driven. Showing concern for the safety of others, they have chosen to inform the public as well as relevant automotive manufacturers so that the vulnerabilities in question can be dealt with.
Why is this possible?
As automotive technology advances, many manufacturers have seen the benefits of giving drivers and passengers better ways to connect with their cars. For FCA customers, this comes in the form of Uconnect. Other automakers have their own solutions. All of these systems present similar challenges, and cyber security is something that brands take very seriously.
The extent of risk varies across make and model of car, but researchers have demonstrated the capability to ascertain a vehicle’s location via GPS, control onboard electronic systems, and, in extreme cases, tamper with mechanical systems. Not all cars have so-called “cyber-physical” components, but it is a trend that has grown in recent years.
What action has been taken to prevent car-hacking?
Concerns about automotive cyber-security have already reached Congress. This week, Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a bill outlining the Security and Privacy in Your Car Act.
The purpose of the bill is to establish new federal standards that would better protect vehicles from remote takeover and data breach. Legislation would create “minimum standards and transparency rules to protect the data, security and privacy of drivers.”
In his announcement, Markey went on to say, “Drivers shouldn’t have to choose between being connected and being protected.”
How can I protect my vehicle from cyber threats?
Last week, FCA issued a statement regarding the security of its customers and their vehicles. They announced that an Embedded System Quality Engineering team had issued a Technical Service Bulletin for a software update.
What does that mean?
It means if you drive a new Chrysler, Dodge, Jeep, or Ram vehicle, you may require a firmware update.
The statement reads:
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems. Today’s software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle.”
You can read the full text of the statement here.
It’s possible to perform the firmware update by yourself if you visit this link and follow the instructions. However, you may feel more comfortable letting our technicians at Leith Chrysler Dodge Jeep Ram perform the update for you. As said in the statement, this will be a free service, so all you need to do is visit our dealership in Aberdeen.
As we said at the start, we take your safety and security very seriously, so we recommend that you have your vehicle updated as soon as possible. If we can answer any more of your questions, feel free to contact our service department.