Purchasers of cars manufactured by Fiat Chrysler Automobiles (FCA) have filed a purported class action in the U.S. District Court for the Southern District of Illinois arising out of their cars’ vulnerability to hackers taking control of their cars’ functions, including steering. The lawsuit has been brought against the car manufacturer, FCA, and the manufacturer of the computerized dashboard system known as Uconnect, Harman International Industries, Inc.
Plaintiffs allege that the Uconnect system, which controls the vehicle’s entertainment and navigation systems, can be accessed by hackers either through its cellular internet connectivity, USB or even radio signals. Plaintiffs claim that the vehicles are vulnerable to hackers accessing the Uconnect system and from there, can access and issue commands through the vehicle’s separate internal control and communication system that operates the functionality of the vehicle.
The complaint notes that as early as January, 2014, Defendants knew about vulnerabilities with the Uconnect system in certain vehicles, yet waited 18 months to release a software update attempting to fix the issue pursuant to a July 23, 2015 safety recall. Plaintiffs claim that Defendants only issued the software update after a July 21, 2015 article published by Wired reported how security researchers were able to remotely hack a Jeep Cherokee while in motion and control the radio, locks, wipers, steering, braking and engine functionality. Plaintiffs complain that the software update provided by FCA does not solve the security defect in the car as long as the Uconnect system is coupled with the vehicle’s internal control system.
The class action complaint contains a nationwide class, as well as an Illinois and Missouri class of owners of vehicles that were subject to the July 23, 2015 safety recall. The complaint alleges the following theories: (1) Violation of the Magnuson-Moss Warranty Act; (2) Breach of Implied Warranty of Merchantability; (3) Fraud; (4) Negligence; (5) Unjust Enrichment; (6) Violation of Illinois Consumer Fraud and Deceptive Business Practices Act (Illinois class); (7) Breach of Implied Warranty of Merchantability (Illinois class); (8) Fraudulent Concealment/Fraud by Omission (Illinois class); (9) Violation of Missouri Merchandising Practices Act (Missouri class); (10) Breach of Implied Warranty of Merchantability (Missouri class); and (11) Fraud by Concealment (Missouri class).
Aside from damages, the complaint seeks injunctive relief consisting of an order requiring Defendants to notify the class of the defective nature of the car and directing Defendants to permanently and completely remedy the defects in the car or issue refunds. The Plaintiffs also request that the court monitor any remedial program or measures to ensure its completion.
This case demonstrates that while the “Internet of Things” is bringing convenience to our daily lives, there are real potential drawbacks to giving this kind of access to our household devices. Further, the allegations in the class action complaint come as no surprise. For example, last December we predicted, “[w]hile vehicles capable of automated driving are already beyond the sketching phase, it is not difficult to envision a scenario where hackers could do more than merely steal data.” It appears that scenario has arrived.