Close

Recall 15V461000

Radio Software Can Allow Third Party Outside Access To Vehicle Controls

Recall Details

The software for the vehicle radio can be exploited by unauthorized parties who can make changes vehicle system software remotely, possibly endangering vehicle operation. Chrysler will mail owners of affected vehicles a USB drive that includes a software update that eliminates the vulnerability free of charge to resolve the concern.  Alternatively, owners may download the software from Chrysler directly to their own USB device to update the vehicle software.

Our Quick Take

The software for the radio is vulnerable to third party outside access. An unknown computer user could possibly exploit the vehicle software and remotely modify certain vehicle systems, resulting in the risk of an accident.

What Should You Do?

Recall repairs on your Chrysler, Jeep, Dodge or Ram vehicle must be performed by Chrysler, Jeep, Dodge or Ram dealership. Chrysler began notifying owners of affected vehicles starting in 2015. If you did not receive a notification, but wish to check to see if your vehicle is included, please contact one of your local Chrysler, Jeep, Dodge or Ram dealerships. They will also check for any other uncompleted recalls on your vehicle. For best results, be prepared to provide your Vehicle Identification Number (VIN) to the service department consultant you speak with.

Electrical & Lights, July 23, 2015

Original Recall from the NHTSA

Manufacturer's Report Date
July 23, 2015
NHTSA Action Number
N/A
Potential Number of Units Affected
1,400,000
NHTSA CAMPAIGN ID Number
15V461000
Component
EQUIPMENT
Summary
Chrysler (FCA US LLC) is recalling certain model year 2013-2015 Ram 1500, 2500, 3500, 4500, and 5500, 2015 Chrysler 200, Chrysler 300, Dodge Charger, and Dodge Challenger, 2014-2015 Jeep Grand Cherokee, Cherokee, and Dodge Durango, and 2013-2015 Dodge Viper vehicles. The affected vehicles are equipped with radios that have software vulnerabilities that can allow third-party access to certain networked vehicle control systems.
Consequence
Exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.
Remedy
Chrysler will notify and mail affected owners a USB drive that includes a software update that eliminates the vulnerability, free of charge. Optionally, owners may download the update to their own USB drive from http://www.driveuconnect.com/software-update/ or take their vehicle to a Chrysler dealer for immediate installation. In an effort to mitigate the effects of this security vulnerability, Chrysler has had the wireless service provider close the open cellular connection to the vehicle that provided unauthorized access to the vehicle network. This measure may not have been implemented on all vehicles and does not address access by other means that will be remedied by the software update. The manufacturer has not yet provided a notification schedule. Owners may contact Chrysler customer service at 1-800-853-1403. Chrysler's number for this recall is R40.
Notify
Owners may also contact the National Highway Traffic Safety Administration Vehicle Safety Hotline at 1-888-327-4236 (TTY 1-800-424-9153), or go to www.safercar.gov.
Not your car? Find your recalls now:
National Highway Traffic Safety Administration logo
Recall data provided by the National Highway Traffic Safety Administration