Tag: Chrysler

Fiat Chrysler are now facing the security issues associated with the connected car

Articles

Jeep Grand Cherokee outside family house - press picture courtesy of Fiat Chrysler North America

Jeep Grand Cherokee – make sure that the uConnect system runs the latest firmware

Jeep drivers: Install this security patch right now – or prepare to DIE | The Register

From the horse’s mouth

Fiat Chrysler

Blog Post

UConnect Website (Go here to update your vehicle)

Vehicle list

Model Model-years affected
Chrysler
200 2015
Dodge
Durango 2014
Viper 2013-2014
Jeep
Cherokee 2014
Grand Cherokee 2014
RAM
1500 2013-2014
2500 2013-2014
3500 2013-2014
4500 / 5500 2013-2014

The vehicles affected would be equipped with a uConnect-capable 8.4” touchscreen radio system.

My Comments

The connected car is now being highlighted as a device that has security issues. This was exemplified previously by BMW when they rolled out a patch for their connected infotainment system in the newest vehicles because of a security risk.

Now it is Fiat Chrysler’s turn where their UConnect connected infotainment system which has a stronger link with the car’s powertrain was needing a software update because of this same issue. It was brought about by a discovery that a pair of hackers found in relation to a 2014 Jeep Cherokee owned by one of these hackers concerning undesirable remote control of this “family 4WD”. The software can be downloaded by vehicle owners who have an affected 2013-2015 vehicle and can be done by downloading the update file from the UConnect Website to a USB memory stick then transferring that file to your vehicle. If you are not confident with this process, you can have the mechanics at the dealership where you bought the vehicle from perform this upgrade, while your vehicle is being serviced by them.

At the same time, the US Congress is legislating for security standards concerning connected vehicles including software protection for the vehicles’ powertrain, steering or braking in the form of the “Security and Privacy In Your Car Act” (SPY Car Act). This is in a similar vein to various design rules and standards that nations require vehicles to comply with for safety like seatbelt or lighting requirements. Even the US Senator Markey called out that drivers shouldn’t have to choose between being connected or being protected.

Again, this is a class of devices which is easily driven by the marketing impetus to have them on the market. But there needs to be a culture to encourage a secure environment for connected vehicles as there is for desktop computing.

One way would be a continual update process for the firmware associated with the connected vehicle, including aftermarket setups that have any effect on the vehicle’s steering, brakes or powertrain. This would preferably be in the form of a blind-update process like what happens with most operating systems when you set them to automatically update and patch.

Personally, this could be facilitated by having the connected vehicle work with the home network whenever it is garaged at home. This would then allow it to download the updates overnight while it is not in use. As well, the motorist should have the chance to choose what updates are provided like with enterprise variants of operating systems.