July 25--Fiat Chrysler Automobiles recalled 1.4 million vehicles for a software update Friday, three days after a report that hackers took control of a Jeep Cherokee and drove it into a ditch.
The automaker said the hack appeared to be an isolated incident that could not be easily repeated, because it required extensive technical knowledge of the vehicle.
The company said it already has made the security fix via its cellular network, so drivers don't need to take their vehicles in to dealers. The recall applies to certain cars made between 2013 and 2015 that have 8.4-inch touch screens.
The online magazine Wired reported Tuesday that two well-known cybersecurity researchers this month took control of the Jeep Cherokee through the car's UConnect radio.
During the experiment, the Wired reporter drove on a St. Louis highway while researchers Charlie Miller and Chris Valasek toyed with the windshield wipers, radio and accelerator from 10 miles away. At one point, they cut the Jeep's brakes, sending the vehicle into a ditch.
The hack has raised questions about whether the convenience of Internet-connected features like navigation and Bluetooth compromises vehicle security.
On Friday, the National Highway Traffic Safety Administration said it would investigate Fiat Chrysler's recall to "better assess the effectiveness of the remedy." The organization said it would also contact the radio manufacturer to see if it is used by any other automakers.
In January, BMW also had to issue a software patch after the German Automobile Assn. found a potential security issue in the vehicles' cellular network.
The Jeep hack is at least the second time that researchers Miller and Valasek have taken control of a vehicle remotely.
But they're not the first to try.
In 2010 and 2011, a team of researchers from UC San Diego and the University of Washington showed that hackers could infiltrate a car's electronic control network to disable brakes or even the engine.
If hacking into vehicles can be profitable, it might become more common, said Stephen Checkoway, assistant professor of computer science at the University of Illinois, Chicago.
Researchers Miller and Valasek have shared their findings with Chrysler for nearly nine months, which allowed the automaker to release a patch, according to Wired.
Fiat Chrysler owners can check their Vehicle Identification Numbers at driveuconnect.com to see whether their vehicles are affected.
samantha.masunaga@latimes.com
UPDATE
5:50 p.m.: Updates with additional details and background.
Originally posted at 12:44 p.m.
