Hackers cause recall of 1.4 million cars

by Kim O’Connell, Amanda Engels and Olivia Goudal

As foreshadowed in our post on cyber resilience, available here, data breaches and cybercrime are becoming increasing prevalent. These issues are well illustrated by the recent recall by Fiat Chrysler of 1.4 million cars in the United States.

On Friday 24 July 2015, Fiat Chrysler issued the recall of 1.4 million vehicles after cybersecurity researchers demonstrated they could wirelessly hack into a Jeep Cherokee and control the features and functions of the car, such as the engine, brakes and steering. The findings of the researchers were published on 21 July 2015 on the website, www.wired.com, with the article available here. That article details the extent of the wireless control that could be exerted on the vehicle from the comfort of one’s home, such as playing with the air-conditioning and radio, to cutting the transmission and disabling the accelerator.

As a result of these findings, Fiat Chrysler made network level changes and issued a voluntary recall, available here, to update the software in the affected vehicles. Customers who were affected by the recall are to receive a USB device to upgrade the vehicle software and provide additional security features. The Fiat Chrysler announcement noted that the software manipulation used to hack into the vehicle required extensive technical knowledge, prolonged physical access to the specific vehicle and extended periods of time to write the code.

Following the recall, there has been a call for lawmakers to respond to situations like this to ensure that other automakers do not face similar problems. It has further been reported that the recall comes soon after two US senators introduced a bill to set standards on vehicle security for car makers. See articles here and here.

In a world where technology increasingly permeates our everyday lives, this example illustrates the significant ramifications a breach of cybersecurity can potentially have on an organisation and consumers. It further highlights that organisations need to be vigilant and aware of the ever-growing risks that data breaches and cybercrime may have for their organisations.