Software Security Recall for Jeeps

Author’s Note: This is a follow-up to my July 27, 2015 BlogInfoSec column “Jeep Hacked, Manufacturer ‘Dismayed.’” Fiat Chrysler’s recall of vehicles for security-related, versus safety-related, vulnerabilities is a very big deal and may pave the way for an entirely new approach to companies assuming liability for, and dealing with software bugs.


There have been quite a number of previous vehicle software malfunctions (call them “bugs,” “glitches,” or what have you) in the past, such as the Toyota Prius recall in 2010 affecting the anti-lock braking system … see and the more recent (July 2015) Prius recall for software that might shut down the hybrid system while the car is being driven … see

But, up until now, affected systems have been vehicle-control systems which are clearly under the auspices of the automobile manufacturers and the latter have assumed liability.

However, the most recent such matter, in which Fiat Chrysler agreed to recall 1.4 million vehicles to fix a security bug that allows the infotainment system to be hacked remotely and the attacker to jump over to the control systems, is the first of its kind, as far as I know. But it is unlikely to be the last. The event is described in Andy Greenberg’s article in his July 24, 2015 article “After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix” available at

This emergence of software-related recalls reminded me of my letter to the editor, which was printed in The New York Times on June 18, 1999, with the title “Are ‘Viruses’ Naughty by Nature?” available at


In the letter, which was in response to a June 14, 1999 news article, “Illness as a Metaphor for Computer Bugs,” I compared the expectation of recalls on vehicles for safety defects to the lack of liability on the part of software developers, as follows:

“When we buy a car, we expect certain safety features to be built in, and if they don’t work, then the vehicle is recalled and fixed at no charge. We should expect the same guarantee from software developers.”

It is interesting to note that this is now actually beginning to happen, albeit by a circuitous route. Granted it is because of a vulnerability in software running on a motor vehicle that is not directly in control of safety-related features, but could this be a precedent for software resident on all devices (the Internet of Things), vehicles, etc.? If it becomes so, then we are at the start of a sea change in how software is viewed, especially IT software that can be bridged across to control systems … which eventually may be ALL software.

I had called for more rigorous design, development and testing of security-critical and safety-critical software in my book “Engineering Safe and Secure Software Systems,” (Artech House, 2012) especially when such systems are connected and interoperate, but had never expected that the issue would rear its ugly head so soon … shades of the movie “The Day After Tomorrow,” or perhaps William R. Forstchen’s book “One Second After.”

We have certainly arrived at a new era of software dependency and are beginning to experience the hazards of interfacing Web-facing software with safety-critical systems. If it were up to me, I would call a halt to all these systems until a reliable set of standards and certifications have been fully established but, of course, that’s not going to happen. The pressure to innovate, particularly in the area of automating road vehicles, is too great. The juggernaut cannot be held back. Instead we will be subjected to repeated software malfunctions and failures, vehicle takeovers, and all that they imply and, as with hacks affecting commercial and governmental information systems, there will be a lot of “tut-tuts” by politicians, followed by ineffective attempts to regulate minimally. And then life will go on … until the “big one.” But, by then it will be too late to do anything.

As Forstchen describes in his novel, the only vehicles running may be from decades earlier, when there were no electronics in them. But how many of these antiques are still operating? And what about getting gasoline? The delivery trucks wouldn’t be drivable either and the pumps wouldn’t work at the gas stations, as we in the North-East (USA) discovered in the aftermath of Hurricane Sandy. Sandy was an act of Nature that we couldn’t prevent, although we might have been better prepared to deal with the consequences. The catastrophic failure or mass takeover of vehicles can still be avoided, if we have the mind to do it.

Post a Comment

Your email is never published nor shared. Required fields are marked *