FCA Radio Security Vulnerability Recall

Imagine that you’re happily driving your late model FCA (Fiat Chrysler Automobiles) Dodge, Jeep, RAM or Chrysler vehicle down the road when everything goes crazy inside the car. The radio freaks out, the A/C goes off or maybe goes into full blast artic storm mode and the door locks start to lock and unlock. And then, the engine shuts off or goes into limp mode. You coast your car onto the shoulder of the road and get out to check under the hood (maybe there’s a big “Freak Out” switch under there you can flip to the OFF position or something). You didn’t really notice the car that pulled over behind you because you were focused on your car, but suddenly a couple of mean looking ne’er-do-wells tie you up at gun point, one of them hops into your vehicle and you watch it drive off into the sunset, destined to be exported to some foreign black market or maybe a local chop shop to turn into domestic black market parts.

What just happened? A worst case scenario that could (but hasn’t) happen due to a vulnerability in some late model FCA vehicles that could allow a hacker to access and take control of your vehicle’s systems. That this was possible to accomplish was revealed earlier this year by Wired magazine. The magazine’s security experts were able to hack remotely into a 2014 Jeep Cherokee's Uconnect infotainment system while it was being driven. They were able to disable the SUV's engine functions and took over interior features such as air conditioning, locks and radio.

How can you hack into a car or truck? The same way you hack into any computer, through an unguarded port. You’re familiar with physical ports on your desktop or laptop computer. You can plug into USB, eSATA, mini-jack and other physical ports to transfer data from USB drives, your phone, etc. What you may not know is that your Windows or Mac computer has literally hundreds and hundreds of virtual ports. You can’t see them, but they’re there. These invisible ports are what allow your machine to connect to the Internet, the World Wide Web, your WiFi router, and carry on a multitude of virtual connections within your local and remote networks. You also have these virtual ports on your phone and in your car. Without these ports your infotainment system couldn’t connect your phone via Bluetooth, receive traffic updates, etc.

If you own a desktop or laptop computer you have some kind of antivirus software on it (if you don’t...) and that software locks down all of those virtual ports for you to make it harder for hackers to find backdoors into your machine. You can also have, and should have, an anti-malware app on your phone. But, what about your vehicle? There is no such thing as Norton or McAfee for your car or truck. We all just assume that the manufacturers have taken care of security for us. Well, funny thing about that.

What Wired magazine discovered was an open virtual port in the Uconnect system. We’re not sure, but we doubt that our navigation and satellite radio software is subject to the same kind of security scrutiny that our Windows or Mac operating systems are, but it probably will be from now on.

FCA has released Safety Recall R40, Radio Security Vulnerability. This is a system update to flash your infotainment system software to a newer version that closes the security vulnerability. This recall impacts:

2013-2015 Dodge Viper, Ram 1500, 2500 and 3500 pickups and Ram 3500, 4500, 5500 Chassis Cabs

2014-2015 Jeep Cherokee ,Grand Cherokee and Dodge Durangos

2015 Chrysler 200, Chrysler 300, Dodge Charger and Dodge Challenger

If your vehicle is affected you can make an appointment with your local dealership and have them take care of the recall. But FCA is also sending out kits to owners that allow you to do it yourself. When we received the kit in the mail for our Project Hardworking Hauler 2014 RAM Cummins 3500 truck, we had to see how this worked. A DIY recall, sure, we’ll take that over the time and hassle of taking our truck to the dealer. The kit comes with a disposable USB drive holding the software update, instructions, and a prepaid postcard to mail to FCA to let them know you’ve updated your vehicle. Here’s how the whole thing works.