Fiat Chrysler Waited 18 Months To Tell Feds About Hacking Flaw

By
Patrick George
Comments (107)
We may earn a commission from links on this page.

After a team of white hat hackers exploited a vulnerability through a Jeep Cherokee’s UConnect system that allowed them to remotely seize control of the car, Fiat Chrysler announced a 1.4-million vehicle recall and a vow to fix the problem. That’s good, seeing as how they knew about the problem for 18 months before disclosing it to safety regulators. (Update below.)

Suggested Reading

The Next Audi RS6 And RS7 Are Getting Another New Set Of Drivetrains, This Time Hybrid V6 And Full EV
You (You!) Can Apply To Become A Dodge Badassador, But You Probably Aren't Badass Enough [Update]
Why Cops Tap Your Car’s Tail Lights During A Traffic Stop
It's Time To Discontinue The Model S | Jalopinions
Subtitles
  • Off
  • English

Suggested Reading

The Next Audi RS6 And RS7 Are Getting Another New Set Of Drivetrains, This Time Hybrid V6 And Full EV
You (You!) Can Apply To Become A Dodge Badassador, But You Probably Aren't Badass Enough [Update]
Why Cops Tap Your Car’s Tail Lights During A Traffic Stop
It's Time To Discontinue The Model S | Jalopinions
Subtitles
  • Off
  • English

That, of course, comes out right after the National Highway Traffic Safety Administration hit Fiat Chrysler with a record $105 million fine for not recalling cars on time, misleading safety regulators about problems, failing to alert owners to recalls and more safety failures.

Advertisement

Related Content

GMC Sierra EV Denali Goes 507 Miles In Edmunds' Range Test, But It’s Not Very Efficient
We Did It, Folks

Related Content

GMC Sierra EV Denali Goes 507 Miles In Edmunds' Range Test, But It’s Not Very Efficient
We Did It, Folks

Bloomberg reports that the automaker “didn’t consider the problem a safety defect,” and that’s why they didn’t fix it sooner or report it to regulators.

Advertisement

From the Bloomberg story:

Documents Fiat Chrysler filed with NHTSA note that it didn’t consider the software issue, identified by a third party in January 2014, to be a safety defect under U.S. law. Under the Motor Vehicle Safety Act, which governs how and when recalls are conducted, automakers must notify NHTSA within five days of discovering a flaw that presents an unreasonable risk to public safety.

Fiat Chrysler said in a statement it advised NHTSA of the security issue “in a reasonable and timely manner.” The company said it’s “conducting a remedial campaign as a safety recall in the interest of protecting its customers” out of “an abundance of caution.”

Advertisement

An abundance of caution. After it gets reported in Wired.

Now is it true that the odds of getting your Jeep remotely hacked are extremely slim? Sure. But this, and the recent fine, all speak to a larger problem with this company when it comes to safety, recalls and disclosing problems to the public and to regulators — as they’re required to by law.

Advertisement

You fucking suck when it comes to safety, Fiat Chrysler. Stop sucking so much. In order for people to buy your cars, they need to not be dead. I’m no fancy MBA or engineer, but even I get that part.

Update: A Fiat Chrysler spokesman issued a statement that appears to dispute Bloomberg’s account of when the automaker knew exactly how this hacking vulnerability could be exploited. This story has been updated to reflect that.

Advertisement

“Prior to July, the precise means of the demonstrated vehicle manipulation was not known,” the spokesman said. No other details were immediately available.

Contact the author at patrick@jalopnik.com.