Vulnerability Management

U.S. Supreme Court declines to hear Fiat Chrysler appeal in car hacking case


The U.S. Supreme court Monday declined to hear Fiat Chrysler’s appeal in a class action lawsuit claiming the automaker knew its vehicles were vulnerable to cyberattacks as early as 2011.

The case stems from three car owners who sued the Samsung Electronics Co subsidiary Harman International Industries which manufactures the vehicle’s Uconnect infotainment system, and the U.S. subsidiary of the Italian-controlled carmaker.

The lawsuit claims cyber criminals are able to take control over the vehicles safety-critical function to remotely control the vehicles’, acceleration, braking, steering and ignition and that the issue only received attention after researchers Chris Valasek and Charlie Miller publicly exposed the flaws in 2015.

The plaintiffs argues that both companies knew of the  defects for years and that had they known of the risks, they either would have not purchased the vehicles or paid less for them. In addition they claim the vulnerabilities reduced the car’s resale value.

The reveal resulted in the recall of 1.4 million affected trucks which received free software updates to patch the vulnerability.

The case is one of the first legal actions involving the cybersecurity risks of automobiles and paves the way for an October 2019 trial  in litigation concerning whether truck buyers can sue over hypothetical future injuries without having been actual victims of cyberattacks on their vehicles.

“This decision is a clarion call as to how vital cyber security has become for the automotive industry, and makes it clear that multi-layered cyber solutions need to be included from the initial vehicle design phase onward,” Yoni Heilbronn, Chief Marketing Officer at Argus Cyber Security told SC Media.

“The US Supreme Court sent a very clear statement to the automotive industry: An internet connected car should not be sold without proper cyber security protection.”

Fiat Chrysler told Reuters in a statement that it looked forward to presenting its case at trial.

“None of the more than 200,000 class members in this lawsuit have ever had their vehicles hacked, and the federal safety regulators at NHTSA (the U.S. National Highway Safety Administration) have determined that FCA US has fully corrected the issues raised by the plaintiffs,” the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.