Chrysler is facing a lawsuit by vehicle owners that were affected by the 1.4 million vehicle recall last month, the largest recall in U.S. history. The recall was the result of a security flaw in the Uconnect dashboard computer that was exposed in WIRED magazine. Security researchers Chris Valasek and Charlie Miller were able to hack into the car’s computer and control the steering, braking, and transmission. The plaintiffs in the case, Brian Flynn and George and Kelly Brown, are accusing Chrysler of fraud, negligence, unjust enrichment, and breach of warranty, but the number of plaintiffs could top one million if the case is certified as a class action.
The plaintiffs’ case rests partly on the fact that Chrysler was alerted to the findings concerning the security flaw in early 2014. Although the most recent bug was remedied with the release of a software update by Chrysler, the fact remains that there is a physical connection between the internet-enabled Uconnect system, and the vehicle’s drivetrain functions. This vulnerability cannot be addressed by any number of software updates.
The plaintiff’s attorney, Michael Gras stated that the suit also seeks an injunction that would force Chrysler to address the architectural issue, “There is no good reason for the same vehicle system that runs Pandora to have the capability to talk to the brakes. This is the real defect with these vehicles.”
Chrysler is among other automakers who have been the target of cybersecurity-related class action suits, including GM, Ford, and Toyota. Hacking research by Valasek and Miller was also partly involved in those suits.
Harman International Industries Inc, which supplies software for Chyrysler’s Uconnect, as well as other manufacturers, stated that the hacking risk was isolated to that company. Chrysler collaborated with Harman in the release of its software patch for the recent security flaw.