Chrysler Issues Security Update To Prevent Remote Control Of Vehicles

By Michael Justin Allen Sexton
published

Chrysler discovered a rather problematic security flaw in several of its vehicles and has now created a security update to fix the problem. The previous security software implemented on these vehicles didn't adequately prevent remote access to the vehicles.

Chrysler's security software used on many of its vehicles had one major vulnerability before this update: The security did not block remote access to the vehicles. Obviously, this is a major problem, as the last thing you want to happen when you are trying to drive is to realize that your car has a mind of its own. The security update fixes this defect by blocking remote access from cellular networks.

Despite this security problem affecting several vehicles sold by Chrysler, the company reported that no injuries were caused by the issue. The list of affected vehicles are as follows:

2013-2015 MY Dodge Viper specialty vehicles2013-2015 Ram 1500, 2500 and 3500 pickups2013-2015 Ram 3500, 4500, 5500 Chassis Cabs2014-2015 Jeep Grand Cherokee and Cherokee SUVs2014-2015 Dodge Durango SUVs2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans2015 Dodge Challenger sports coupes

To get the new security update, owners of these vehicles have two options. They can either go to a Chrysler dealership to get the update installed, or they can wait for a USB device with the security update, which will be mailed to them. The USB device can then be connected to the car to update the software.

Follow Michael Justin Allen Sexton @LordLao74. Follow us @tomshardware, on Facebook and on Google+.

Michael Justin Allen Sexton
Michael Justin Allen Sexton is a Contributing Writer for Tom's Hardware US. He covers hardware component news, specializing in CPUs and motherboards.
Topics
Security
38 Comments Comment from the forums
  • targetdrone
    There is a very simple way to fix and avoid these problems. DO NOT CONNECT A CAR TO THE INTERNET. Have these engineers never watched Mission Impossible or Battlestar Galactic?
    Reply
  • Blueberries
    There is a very simple way to fix and avoid these problems. DO NOT CONNECT A CAR TO THE INTERNET. Have these engineers never watched Mission Impossible or Battlestar Galactic?

    Or Bluetooth, or Satellite, or have a bug you don't know about...
    Reply
  • IInuyasha74
    There is a very simple way to fix and avoid these problems. DO NOT CONNECT A CAR TO THE INTERNET. Have these engineers never watched Mission Impossible or Battlestar Galactic?

    Like the Battlestar reference. Fortunately I don't think we need to worry about the machines becoming self aware until Skylake comes out at the end of the year.
    Reply
  • ko888
    Chrysler discovered a rather problematic security flaw in several of its vehicles

    I don't think Chrysler discovered the problem.

    Charlie Miller and Chris Valasek demonstrated a zero-day exploit that forced Chrysler to act.

    http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
    Reply
  • InvalidError
    Did the patch really disable the ability to remotely control vehicle features or just remove/replace a known method of gaining access?

    This is going to be fun with drive-by-wire vehicles where even the throttle body (if present) is controlled by software.
    Reply
  • mrmez
    Does this signal the age of regular security updates for cars?

    You get to work and can't use your PC for 10 minutes because Windows has to download and install updates.

    Now you can't start your car if you haven't installed critical security updates.
    Reply
  • InvalidError
    16320860 said:
    Now you can't start your car if you haven't installed critical security updates.
    And after 10 years, the vendor drops support for your car's software and hardware, so you have to buy a whole new car or face the increased security risk, possibly with increased insurance premium for running on obsolete software.
    Reply
  • IInuyasha74
    Honestly, as much as I like tech, I'd honestly prefer that my car not have an advanced enough computer system inside of it that it needs security updates.
    Reply
  • falchard
    Don't affect me and my 2015 Chrysler 200, because I could not afford the Wifi Internet service and thinks Sprint sucks in my area.
    Reply
  • rantoc
    Most likely due to cost savings the cars main electronics and "gadgets" are not separated allowing this. How come to the so called "geniuses" can't predict this is just the beginning if the slippery slope they take by playing with peoples safety like that? Its beyond me! The responsible should be fired before something worse will happen, a car shut down is bad - What happens when the hackers choose to go after say the steering servo?
    Reply