Skip to Content

Chrysler’s Recall of Hackable Cars Won’t Be the Last

As carmakers rush to make vehicles more connected, their products are likely to become more vulnerable to attacks.
July 24, 2015

Carmakers used to only worry about faulty components or shoddy workmanship leading to a damaging product recall. Now they can add another problem to the list: the risk of meddling computer hackers. And as the industry rushes to make vehicles more computerized and connected, the threat posed by computer flaws could get a lot worse.

Fiat-Chrysler issued a recall today for 1.4 million cars following a demonstration in which two computer security consultants showed that they could take remote control of a Jeep Cherokee, turning up the climate controls and the radio, activating the windscreen wipers, and even cutting the brakes and shutting off the engine.

The researchers behind the stunt, Charlie Miller and Chris Valasek, took over the car from miles away, through the Uconnect service, which links the infotainment systems in Fiat-Chrysler vehicles to the Internet. Almost all carmakers offer similar wireless services as an add-on these days. The recall issued by Fiat-Chrysler states that “exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.”

That may be true, but Miller and Valasek’s exploit is also a pretty complicated piece of work. It requires a “zero-day” (that is, previously unknown) software bug, as well as knowing how to reprogram a chip in the entertainment unit and communicate with other systems via the car’s internal network. A little ironically, the cars affected can’t be remotely updated with software patch. Instead you can download one to install yourself here, or have Chrysler mail it to you on a USB stick.

Unfortunately, much easier exploits may not be far away. Carmakers are rushing to add more computers and more connectivity to vehicles, not only for infotainment, but also to make drivetrain components more reconfigurable and customizable (as I reported in “Rebooting the Automobile”). Tesla’s Model S shows where the industry is headed: many of the car’s features can be accessed and controlled via the Internet, using the company’s app, and its hardware is routinely reprogrammed with remote software updates issued from the company. Added complexity and accessibility could make vehicles a much richer target for troublemakers. Borrowing more technology from the consumer electronics industry may also increase the risk, as it means more people will have the skills needed to access and modify a device and its code.

Carmakers do seem to be taking the issue seriously, as do large computer security companies, some of which see protecting vehicles as a big future opportunity. But when I spoke with Miller and Valasek for my story, they said that automakers are moving very slowly to address the problem, and that the computer security of vehicles remains mostly unknown. The good news is that proposed legislation as well as campaigns by computer security experts calling for more transparency and better security practices may help the industry finally get up to speed.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

Google DeepMind’s new generative model makes Super Mario–like games from scratch

Genie learns how to control games by watching hours and hours of video. It could help train next-gen robots too.

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.