The hacking demonstration on a Jeep Cherokee where two hackers remotely took control of the vehicle from miles away then left it stranded on the side of a highway has been followed by a recall order involving 1.4 million vehicles to make them hack proof, along with a Senate bill that seeks standards for the defenses of vehicle systems from hackers.
Now, Chrysler is facing a potentially massive lawsuit filed by three Jeep Cherokee owners against Fiat Chrysler Automobiles and Harman International, the company that developed the Uconnect dashboard computer that is found in millions of vehicles by Chrysler.
A security flaw in the Uconnect system was the entry point for the hack carried out by security researchers Charlie Miller and Chris Valasek, which allowed them to take over a Jeep Cherokee's transmission, steering and brakes. The plaintiffs are now calling for other owners of Chrysler vehicles with Uconnect systems to join the litigation, and if the complaint would be certified as a class action lawsuit, it could grow to include more than million plaintiffs.
Brian Flynn and George and Kelly Brown, in their complaint filed against Chrysler and Harman, accuse the two companies of negligence, fraud, breach of warranty and unjust enrichment. The complaint points out the fact that Miller and Valasek already alerted Chrysler of vulnerabilities in the Jeep Cherokee early last year over the unnecessary connections between the Uconnect system and the CAN Bus, which is the network that controls the critical driving components of the vehicles such as brakes and steering.
The attorney of the plaintiffs, Michael Gras, also noted that the filed lawsuit looks for an injunction against companies that may force Chrysler to issue another recall order to address other vulnerabilities, stating that the true goal of the lawsuit is for Chrysler to fully address all possible problems immediately.
Even after Chrysler's recall order and the company's released security update for the Uconnect system, the lawsuit claims that these measures do not address the underlying issue of the architectural vulnerabilities in Chrysler vehicles, with the potential for problems remaining as long as the Uconnect system is connected to the CAN Bus of the vehicles.
Gras declined to release an estimate on the damages that the lawsuit could seek against Chrysler and Harman, stating that it is too early in the process to provide such an estimate.
"Right now we're just focusing on trying to make these vehicles safe," wrote Gras in an e-mail.
