Feds Say Fiat Chrysler Uconnect Radios Were The Only Ones Vulnerable To Hackers (This Time)

January 11, 2016

Last summer, two good-guy hackers wrote some very clever code that allowed them to take control of a Jeep Cherokee. After an extensive investigation, the National Highway Traffic Safety Administration has determined that the vulnerabilities those hackers exploited are found only on Fiat Chrysler Automobiles with Uconnect infotainment systems.

Or rather, they were found on the Uconnect system. FCA recalled nearly 1.5 million vehicles two days after the Cherokee story broke to update that software. 

As you might remember, the Jeep hack was just the first in a series of headline-grabbing news items that sparked a minor freakout across Planet Earth. "Now that our cars are connected to networks," drivers wondered, "what happens when bad guys and gals attack those networks?"

READ: 2017 Honda Ridgeline Preview

NHTSA had some concerns, too. Mostly importantly, it wanted to determine where Uconnect's vulnerabilities lay. Were they written into the Uconnect software? Were they holes in the wireless network, powered by FCA's partner, Sprint? Or could the problems be hardware-related?

To answer those questions, the agency looked at some 30 complaints "alleging incidents of theft from a vehicle or anomalous performance that the owner alleged were caused by, or may have been caused by, remote hacking". The vast majority -- 26 to be precise -- were filed after the Jeep Cherokee story was published.

NHTSA says that three of the complaints on file described engine stalls, and one included allegations of unintended acceleration. The others focused on issues that weren't critical to vehicle safety, like a car's radio or A/C system. 

Most importantly, none described a loss of ability to steer or apply brakes, as hackers Charlie Miller and Chris Valasek had done on the Jeep Cherokee. That led investigators to believe that the 30 complaints on file probably weren't an indication that the vehicles had been hacked -- at least not exploiting the vulnerabilities that Miller and Valasek had identified.

ALSO SEE: 2017 Chrysler Pacifica Preview

Even better, third-party tests revealed that those vulnerabilities had been fully addressed by FCA and Sprint, which had hardened both Uconnect software and the related network. That means that the problem wasn't rooted in the radio hardware, which was manufactured by Harmon International and installed on models sold by Audi, Bentley, and Volkswagen.

And so, NHTSA has ended its investigation -- at least for this instance of hacking. But as our vehicles become increasingly connected to networks large and small, expect problems and probes to proliferate.

The Car Connection
See the winners »
The Car Connection
Ratings and Reviews
Rate and review your car for The Car Connection
Review your car
The Car Connection Daily Headlines
I agree to receive emails from The Car Connection. I understand that I can unsubscribe at any time. Privacy Policy.
Thank you! Please check your email for confirmation.