Fiat Chrysler Waited 18 Months To Tell Feds About Hacking Flaw

We may earn a commission from links on this page.

After a team of white hat hackers exploited a vulnerability through a Jeep Cherokee’s UConnect system that allowed them to remotely seize control of the car, Fiat Chrysler announced a 1.4-million vehicle recall and a vow to fix the problem. That’s good, seeing as how they knew about the problem for 18 months before disclosing it to safety regulators. (Update below.)

That, of course, comes out right after the National Highway Traffic Safety Administration hit Fiat Chrysler with a record $105 million fine for not recalling cars on time, misleading safety regulators about problems, failing to alert owners to recalls and more safety failures.


Bloomberg reports that the automaker “didn’t consider the problem a safety defect,” and that’s why they didn’t fix it sooner or report it to regulators.

From the Bloomberg story:

Documents Fiat Chrysler filed with NHTSA note that it didn’t consider the software issue, identified by a third party in January 2014, to be a safety defect under U.S. law. Under the Motor Vehicle Safety Act, which governs how and when recalls are conducted, automakers must notify NHTSA within five days of discovering a flaw that presents an unreasonable risk to public safety.

Fiat Chrysler said in a statement it advised NHTSA of the security issue “in a reasonable and timely manner.” The company said it’s “conducting a remedial campaign as a safety recall in the interest of protecting its customers” out of “an abundance of caution.”


An abundance of caution. After it gets reported in Wired.

Now is it true that the odds of getting your Jeep remotely hacked are extremely slim? Sure. But this, and the recent fine, all speak to a larger problem with this company when it comes to safety, recalls and disclosing problems to the public and to regulators — as they’re required to by law.


You fucking suck when it comes to safety, Fiat Chrysler. Stop sucking so much. In order for people to buy your cars, they need to not be dead. I’m no fancy MBA or engineer, but even I get that part.

Update: A Fiat Chrysler spokesman issued a statement that appears to dispute Bloomberg’s account of when the automaker knew exactly how this hacking vulnerability could be exploited. This story has been updated to reflect that.


“Prior to July, the precise means of the demonstrated vehicle manipulation was not known,” the spokesman said. No other details were immediately available.

Contact the author at