— A Chrysler infotainment system hacking lawsuit may finally be over after the U.S. Court of Appeals for the Seventh Circuit ruled the plaintiffs failed to show evidence they overpaid for their vehicles.
The Chrysler infotainment (Uconnect) system hacking lawsuit went through several actions in a U.S. district court, the Ninth Circuit Court of Appeals and now the Seventh Circuit.
According to the class action lawsuit, these vehicles have infotainment systems that can be hacked.
- 2013-2015 Dodge Viper
- 2013-2015 Ram 1500, 2500, 3500, 4500, 5500
- 2014-2015 Jeep Cherokee
- 2014-2015 Jeep Grand Cherokee
- 2014-2015 Dodge Durango
- 2015 Chrysler 200
- 2015 Chrysler 300
- 2015 Dodge Charger
- 2015 Dodge Challenger
The infotainment system class action was filed following a 2015 Wired article that described the controlled hack of a Jeep Cherokee through the Uconnect system.
The infotainment system, made by Harman International Industries, was exploited by professional security researchers who had physical access to the Jeep. The researchers were also working with the driver of the Jeep, a Wired journalist.
The researchers were able to access the Jeep's computer system and take control of many functions of the Jeep Cherokee.
With the media climbing all over them, Fiat Chrysler (FCA) announced a recall to provide a free software update to patch the vulnerability the Wired experiment had identified. And federal regulators supervising the recall determined the patch eliminated the exposed infotainment system vulnerability.
Additionally, out of more than 1 million Chrysler vehicles equipped with the infotainment systems, only the one Jeep Cherokee was successfully hacked.
About two weeks after the Wired article appeared, four plaintiffs, Brian Flynn, Michael Keith, and George and Kelly Brown, sued FCA and Harman International on behalf of every consumer who had purchased or leased a model year 2013-2015 Chrysler vehicle equipped with the Uconnect infotainment system.
According to the class action lawsuit, every FCA customer suffered an “overpayment” injury even though the controlled Jeep hack was the only hacking incident.
By claiming an overpayment injury, the plaintiffs argue they paid more for their Chrysler vehicles than they would have if they had known about the alleged cybersecurity vulnerability.
However, when the plaintiffs were faced with a factual challenge to their argument, the plaintiffs failed to provide evidence in support of their claimed overpayment injury. This caused the district judge to dismiss the case for lack of standing to sue.
"On the record before us, we agree with that disposition. When litigation moves beyond the pleading stage and Article III standing is challenged as a factual matter, a plaintiff can no longer rely on mere allegations of injury; he must provide evidence of a legally cognizable injury in fact. The plaintiffs did not do so here." — U.S. Court of Appeals for the Seventh Circuit
According to the Seventh Circuit, the more Chrysler challenged the more the plaintiffs continued to "rely on allegations and legal argument rather than pointing to evidence of an actual injury. Accordingly, the case was properly dismissed."
The Chrysler infotainment system hacking lawsuit was originally filed in the U.S. District Court for the Southern District of Illinois: Flynn, et al. v. FCA US LLC, et al.
The plaintiffs are represented by Armstrong Teasdale LLP, the Law Office of Christopher Cueto and Lloyd M. Cueto, P.C., and the Law Office of Stephen R. Wigginton.