Radio Hack Prompts 1.4M Vehicle Recall, Expanded Investigation

A reporter for Wired.com agreed to be the guinea pig for an experiment by two hackers who keyed in to the “infotainment” dashboard on his Jeep Cherokee.

The reporter was not told what the hackers would do once they gained access, but he was told not to panic and to know they would do nothing to endanger his life or the lives of others on the road. They didn’t exactly keep that promise.

At first, they tampered with the windshield wipers. Then, they blasted the radio. As the reporter cruised down the highway, his air conditioning went on full blast. He hadn’t once taken his hands off the steering wheel. But then they killed the transmission while the reporter was on the highway. The accelerator stopped immediately. He frantically stepped on the pedal, but there was nothing. He was stopped on the highway with no shoulder, cars backing up behind him. A semi-truck approached as a line of cars piled up behind him, horns honking. He called and begged them to turn the transmission back on immediately.

Previously, in other more controlled experiments (in parking lots), the hackers had shown how they were able to honk the horn, disable the brakes, jerk the steering wheel, and take other actions, rendering the driver helpless.

When the vulnerability was revealed in a published article, it drew national attention from the manufacturer, consumers, and federal safety regulators.

The story prompted Fiat Chrysler to recall 1.4 million Jeep, Chrysler, and Dodge vehicles that have an infotainment system installed. It’s called Uconnect, and a flaw in that system allows any hacker – not just those with the express goal of exposing the oversight – to access the dashboard functions while the vehicle is in motion.

Now, the National Highway Traffic Safety Administration has requested additional information from the manufacturer of Uconnect, which is installed in some 2.8 million systems nationally. NHTSA investigators have declined so far to say which manufacturers’ dash board vulnerabilities they may be analyzing, but they did say the problem extends beyond the recalled models.

This is extremely concerning for any motor vehicle driver. Although there have been no reports of hackers attempting to maliciously hack into vehicle systems, the threat has been identified, and some are no doubt trying.

Although civil case law traditionally holds that one party can’t be held liable for the tort or wrongdoing of another, in a case like this, when the manufacturers recognize there is a serious problem that could affect the safety of consumers, a duty to act may be established. This is the first element in any negligence lawsuit. One could argue a theory of product liability if the manufacturers were aware of this potentially fatal flaw – or should have been aware of it – and did nothing to correct it or warn of the risks.

The NHTSA investigation is the latest in its expanded effort to crack down on auto companies for dangerous vehicle defects. The agency has promised to be more aggressive on this issue, and now, in light of validated public concerns about hacking internet-connected cars, there is a need to make sure these vehicles are equipped with basic safety measures.

A former top official with the National Security Agency who now works for Twitter told reporters hundreds of thousands of cars on the road right now are vulnerable to cyber-attacks.

Harman Kardon, the manufacturer of UConnect, also produces systems for BMW, Volvo, Mercedes Benz, and Subaru. The NHTSA has said if there are similarities between the units installed in affected Jeeps and the other vehicles, the recall of vehicles will likely expand.

The federal regulator noted that while technology has mostly resulted in positive improvements to motor vehicle safety (including back-up cameras and sensors, anti-crash technology, and more), the risk of a data breach is a real possibility for which car manufacturers must prepare.

Some manufacturers, including Toyota and Ford, have built extensive firewall systems to prevent such activity, and they have even gone so far as to hire teams of hackers to scour their systems for potential vulnerabilities.

The Ferraro Law Firm handles claims resulting from defective products or dangerous pharmaceuticals. Call (888) 554-2030​ for a free and confidential consultation. Offices in Miami and Washington, D.C.