Skip to Content

Chrysler’s Recall of Hackable Cars Won’t Be the Last

As carmakers rush to make vehicles more connected, their products are likely to become more vulnerable to attacks.
July 24, 2015

Carmakers used to only worry about faulty components or shoddy workmanship leading to a damaging product recall. Now they can add another problem to the list: the risk of meddling computer hackers. And as the industry rushes to make vehicles more computerized and connected, the threat posed by computer flaws could get a lot worse.

Fiat-Chrysler issued a recall today for 1.4 million cars following a demonstration in which two computer security consultants showed that they could take remote control of a Jeep Cherokee, turning up the climate controls and the radio, activating the windscreen wipers, and even cutting the brakes and shutting off the engine.

The researchers behind the stunt, Charlie Miller and Chris Valasek, took over the car from miles away, through the Uconnect service, which links the infotainment systems in Fiat-Chrysler vehicles to the Internet. Almost all carmakers offer similar wireless services as an add-on these days. The recall issued by Fiat-Chrysler states that “exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.”

That may be true, but Miller and Valasek’s exploit is also a pretty complicated piece of work. It requires a “zero-day” (that is, previously unknown) software bug, as well as knowing how to reprogram a chip in the entertainment unit and communicate with other systems via the car’s internal network. A little ironically, the cars affected can’t be remotely updated with software patch. Instead you can download one to install yourself here, or have Chrysler mail it to you on a USB stick.

Unfortunately, much easier exploits may not be far away. Carmakers are rushing to add more computers and more connectivity to vehicles, not only for infotainment, but also to make drivetrain components more reconfigurable and customizable (as I reported in “Rebooting the Automobile”). Tesla’s Model S shows where the industry is headed: many of the car’s features can be accessed and controlled via the Internet, using the company’s app, and its hardware is routinely reprogrammed with remote software updates issued from the company. Added complexity and accessibility could make vehicles a much richer target for troublemakers. Borrowing more technology from the consumer electronics industry may also increase the risk, as it means more people will have the skills needed to access and modify a device and its code.

Carmakers do seem to be taking the issue seriously, as do large computer security companies, some of which see protecting vehicles as a big future opportunity. But when I spoke with Miller and Valasek for my story, they said that automakers are moving very slowly to address the problem, and that the computer security of vehicles remains mostly unknown. The good news is that proposed legislation as well as campaigns by computer security experts calling for more transparency and better security practices may help the industry finally get up to speed.

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.