Jeep Recall R40: Radio Software Security Vulnerabilities
2015 Jeep Cherokee
Exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.
Chrysler (FCA US LLC) is recalling certain model year 2013-2015 Ram 1500, 2500, 3500, 4500, and 5500, 2015 Chrysler 200, Chrysler 300, Dodge Charger, and Dodge Challenger, 2014-2015 Jeep Grand Cherokee, Cherokee, and Dodge Durango, and 2013-2015 Dodge Viper vehicles. The affected vehicles are equipped with radios that have software vulnerabilities that can allow third-party access to certain networked vehicle control systems.
Chrysler will notify and mail affected owners a USB drive that includes a software update that eliminates the vulnerability, free of charge. Optionally, owners may download the update to their own USB drive from www.driveuconnect.com/software-update/ or take their vehicle to a Chrysler dealer for immediate installation. In an effort to mitigate the effects of this security vulnerability, Chrysler has had the wireless service provider close the open cellular connection to the vehicle that provided unauthorized access to the vehicle network. This measure may not have been implemented on all vehicles and does not address access by other means that will be remedied by the software update. The recall began on August 25, 2015. Owners may contact Chrysler customer service at 1-800-853-1403. Chrysler's number for this recall is R40.