Come on, Chrysler! Get in front of this one!

Recently, researchers pointed out that they could remote control a Jeep Cherokee from ten miles away. They had found its VIN number, broadcast without encryption over the Sprint network, and other information which made that possible. These are flaws which have been fixed by Chrysler, but affected owners (those with UConnect Access / via Mobile, in 2013-15 models, on the 8.4 inch screen) have to get that fix installed.

That’s not all that easy to do yourself, but it’s not impossible, either, and I did it and documented the process. (I don’t have that system but I did have other firmware upgrades to install, so I did those instead.)

Chrysler dealers have also been told to do it at the company’s expense for anyone who wants it done. There are two separate service bulletins, so use the list at Allpar’s news story to see if you’re affected, or put your VIN into Chrysler’s web site. Most dealers love avoiding warranty work; it’s far better to get you after the warranty is over because the factory pays set amounts, and retail customers pay $100+ per hour.

What amazes me is how poorly Chrysler PR handled this. Their press release was a master of software-industry obfuscosity. Wired published an article that broke the story, not Chrysler, though the fix was ready before the Wired story.

The public forgives quickly if you get out in front of a story. This should have been treated as a full bore release, complete with photos and videos, showing how to upgrade your own car. Someone should have gone through the process and made it easier for owners, even if that increased company costs — for example, if possible, using unzipped files, or at least making the instructions more clear and less time consuming. The tutorial is pretty but not helpful.

Most computer-industry updates come with a readme file, not a long, step by step tutorial that you have to go through before, not after, downloading the files you will need. And then while you’re doing the update, you find yourself trying to read white type on an almost white screen… and there’s a lot that can go wrong. Showing the antitheft code entry screen was just scary — I had to go online to find out you can get rid of it by starting your car!

But mainly, Chrysler could have handled this better, by first thanking the hackers for telling them about the problem, then pointing out that many cars from many automakers are vulnerable to similar hacks, and finally by telling people straight out that not only do they have a fix, but that customers have been notified.

Sometimes they do well in dealing with a problem. An old, old example was when a Jeep was indicted as having “sudden unexpected acceleration,” like the old Audi 5000. A Jeep PR man put reporters behind the wheel, and told them to stomp as hard as they could on the gas while holding the brake down. It turns out the brakes outpowered even the famed 4.0 engines.

During the Toyota runaway acceleration scandal, Chrysler could have made more of the fact that all their cars already had protection against this — flooring the brakes automatically cut engine power, a feature many other cars also had. Make hay while the sun shines!

Overall, there are lessons for every industry. Let’s see..

  1. When you have a high-impact, public problem, face it head on, make your response and viewpoint clear (and don’t use weasel words or technobabble)
  2. Put problems into perspective for everyone
  3. Make sure customers who are affected get their fix easily
  4. Review the processes for customers to get their fix before publicizing them, and get the kinks out
  5. Test everything on people who are not part of your industry

Update: Communications chief Gualberto Ranieri posted a good response on the corporate blog three hours ago, which I just saw. Sure, it’s a day after the event, but that’s better than nothing. I am waiting for a good response on the press site.