Fiat Chrysler Automobiles quietly released a software update last week before Wired Magazine published its report on the Jeep Cherokee remote hack. The automaker said the update “offers customers improved vehicle electronic security and communications system enhancements” and added that it is provided at no cost to customers. Furthermore, the update includes Uconnect improvements introduced in the 2015 model year.
The two events are obviously related, as FCA was aware of the 2014 Jeep Cherokee hack. Actually, the hackers let FCA know about the vulnerability and worked with the automaker on a solution, which was released five days before news of the hacking attack broke.
Hackers Charlie Miller and Chris Valasek discovered a vulnerability in some versions of FCA’s Uconnect infotainment system, which connects to the Internet via a cellular data connection through Sprint. The Uconnect system fitted with an 8.4-inch touch screen and Wi-Fi hot spot is present on 2013-14 Chrysler, Dodge, Jeep and Ram vehicles, as well as the 2015 Chrysler 200.
The hackers said they plan to release a portion of their code at a Black Hat security conference next month in Las Vegas. While the code will not allow other hackers to immediately exploit the Uconnect vulnerability, they’re doing it to convince automakers that their products are vulnerable.
Obviously, FCA is not thrilled about the release of the partial code, labeling it as dangerous. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company said in a statement cited by Automotive News.