Detroit: Fiat Chrysler will recall 1.4 million vehicles in the US to instal software to prevent hackers from gaining remote control of the engine, steering and other systems in what US federal officials said was the first such action of its kind.
The announcement on Friday by FCA US, formerly Chrysler Group, was made after cybersecurity researchers used the Internet to turn off a Jeep Cherokee's engine as it drove, increasing concerns about the safety of Internet-connected vehicles.
The researchers used Fiat Chrysler's telematics system to break into the Cherokee being driven on the highway and issue commands to the engine, steering and brakes.
The National Highway Traffic Safety Administration (NHTSA) on Friday said it would investigate whether or not FCA's solution to upgrade software was enough to protect consumers from hackers.
FCA said in its recall announcement that it was unaware of any injuries related to hackers gaining access to a car's computer systems through its Uconnect system.
A spokesman for NHTSA said that it was the first recall of vehicles because of concerns about cybersecurity.
The risks of increasing connectivity to physical devices extend far beyond cars and into hospitals and chemical plants and factories, experts said.
"It's a huge problem, and it's an architectural problem with this Internet-of-Things concept," said Nicholas Weaver, a security researcher at the nonprofit International Computer Science Institute in Berkeley, California.
He said that for now there is a divide, in that cars and other things could be accessible from a variety of sources, such as smartphones, as with the Cherokee, or else can be designed to communicate only with a single authenticated server.
The former leaves a large "attack surface" that is easier to penetrate. But the latter gives one company a raft of information about the user, increasing privacy concerns, Weaver said.
Carmakers have until now sought to play down the threat that hackers could gain control of a vehicle using a wireless connection. While hackers had previously demonstrated the ability to tamper with onboard systems using a physical connection to the car's diagnostic system, the "white hat" hackers were able to control the Jeep Cherokee remotely.
The NHTSA and members of Congress have expressed concern about the security of Internet-connected vehicle control systems.
Two Democrats introduced a bill on Tuesday that would direct the NHTSA to develop standards for isolating critical software and detect hacking as it occurs.
"We have said that cars today are essentially computers on wheels, and the last thing drivers should have to worry about is some hacker along for the ride," Fred Upton, the Republican chairman of the Congressional Energy and Commerce Committee and the committee's ranking Democrat, Frank Pallone Jr of New Jersey, said in a statement on Friday.
The recalled vehicles include some of the top-selling FCA products including the Jeep Grand Cherokee and Cherokee SUVs from model years 2014 and 2015 and 2015 Dodge Challenger sports coupes, among others. (http://bit.ly/1IrgUR1)
FCA said it would mail a memory stick to affected customers to upgrade vehicle software and add security. A spokeswoman for FCA said the USB sticks would be mailed to customers "as soon as possible."
FCA declined to comment further than the statement it issued on the recall. The company did not respond to queries on whether the USB devices to be mailed to customers are on hand or have to be manufactured.
A NHTSA official said the investigation would also look at "how quickly they (FCA) are able to complete the recall."