Fiat Chrysler Automobiles (FCA) is issuing its second vehicle recall in as many months because of software-related vulnerabilities. The second recall, however, is significantly smaller than the July recall of 1.4 million vehicles after security researchers revealed flaws that could enable a hacker to take over a car remotely.
The new recall impacts only 7,810 sport utility vehicles (SUVs) in the United States. Of those, FCA said more than half are still at its dealers and will be fixed before they are sold.
“Affected are certain 2015 Jeep Renegade SUVs equipped with 6.5-inch touchscreens,” FCA noted in its recall notice.
The July recall included Dodge Viper, Ram Pickup, Chrysler 200, Chrysler 300, Dodge Durango, Dodge Charger, Dodge Challenger and Jeep Cherokee vehicles. As it did with that recall, FCA is sending those affected by the new recall a USB device to upgrade the vehicle software with additional security features.
“The campaign—which involves radios that differ from those implicated in another, similar recall—is designed to protect connected vehicles from remote manipulation,” FCA’s recall notice states.
Security experts contacted by eWEEK were not surprised by the second FCA recall.
“Often, when a vulnerability is disclosed or software flaw exposed, the company addresses that singular issue,” Ben Johnson, chief security strategist at Bit9 + Carbon Black, told eWEEK. “Then, they usually wake up and say, ‘Hey, maybe we should check other similar code snippets or architectures,’ and then they find more vulnerabilities and have to patch more.”
IDT911 Information Security Advisor Brian Huntley also is not surprised about the second FCA recall.
“This paces generally-agreed best practices for enterprise crisis management first demonstrated in the Tylenol event several decades ago, as well as generally-agreed best data breach communications practices,” Huntley told eWEEK. “When you are wrong, admit it openly, explain how the event happened and what you’re doing to fix it.”
Huntley expects to see more technology security-related recalls in the future from Chrysler as well as other automobile manufacturers. Because of market pressures, vendors often push immature technologies into the market, he said.
“Rush-to-market pressures around immature automotive technologies like automotive security systems and—in their day—air bags and catalytic converters sometimes result in design flaws being detected by the consumer, and not within automotive manufacturers’ structured quality control systems,” Huntley said.
As cars increasingly include more software, it is inevitable that there will be more recalls for security flaws, according to Johnson.
“Think about how often apps update on your phone or computer,” he said. “Let’s just hope the patches are not often around bugs in our brakes, accelerators or steering columns.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.