IOSiX: Software Security Vulnerability in IO-1020 Dongle

Agency Publication Date: September 18, 2024

Summary

IOSiX is recalling approximately 140,000 IO-1020 micro device dongles from the model years 2017-2024. These electronic devices have a software security vulnerability that could allow unauthorized third-party software to be uploaded to the device or grant access to the vehicle's primary data systems. To fix this issue, IOSiX has released an over-the-air software update that can be applied to the dongles remotely and free of charge.

Risk

If the software vulnerability is exploited, it can cause the vehicle's engine to stall unexpectedly, which significantly increases the risk of a crash while driving.

What You Should Do

Identify if you have an affected IOSiX IO-1020 micro device dongle from the model years 2017 to 2024.
Check your device for the over-the-air (OTA) software update released by IOSiX; this update is provided free of charge to fix the security vulnerability.
If you have questions about the update or need assistance, contact IOSiX customer service at 1-855-623-1939.
For further information or to report additional concerns, contact the National Highway Traffic Safety Administration Vehicle Safety Hotline at 1-888-327-4236 (TTY 1-800-424-9153) or visit www.nhtsa.gov.

Your Remedy Options

Free Repair

Over-the-air (OTA) software update

How to: IOSiX has released a free over-the-air software update to resolve the vulnerability. Owners may contact IOSiX customer service at 1-855-623-1939 for more details.

Affected Products

Product: IOSiX IO-1020 micro device dongle

Part / Model:

IO-1020

Date Ranges: 2017-2024

Additional Information

Agency: National Highway Traffic Safety Administration (NHTSA)

Recall ID: 24E077000

Status: Active

Manufacturer: IOSiX

Sold By: authorized dealers

Units Affected: 140,000 vehicles(140000% estimated defective)

Park Vehicle: No

Park Outside: No

OTA Update: Yes — fix may be delivered as an over-the-air software update

Product Type: Equipment (E)

Recall Classification: Safety Defect

Owner Notification Date: November 15, 2024

Notes: Owners may also contact the National Highway Traffic Safety Administration Vehicle Safety Hotline at 1-888-327-4236 (TTY 1-800-424-9153), or go to www.nhtsa.gov. Please be reminded of the following requirements: You are required to submit a draft owner notification letter to this office no less than five days prior to mailing it to the customers. Also, copies of all notices, bulletins, dealer notifications, and other communications that relate to this recall, including a copy of the final owner notification letter and any subsequent owner follow-up notification letter(s), are required to be submitted to this office no later than 5 days after they are originally sent (if they are sent to more than one manufacturer, distributor, dealer, or purchaser/owner). Please be reminded that under 49 U.S.C. § 30112(a)(3), it is illegal for a manufacturer, to sell, offer for sale, import, or introduce or deliver into interstate commerce, a motor vehicle or item of motor vehicle equipment that contains a safety defect once the manufacturer has notified NHTSA about that safety defect. This prohibition does not apply once the motor vehicle or motor vehicle equipment has been remedied according to the manufacturer's instructions. As stated in 49 U.S.C. § 30118(f), submission of eight consecutive quarterly reports followed by three annual reports is required. As described in 573.7, submission of the first of eight consecutive quarterly status reports is required within one month after the close of the calendar quarter in which notification to purchasers occurs. Therefore, the first quarterly report will be due on, or before, 30 days after the close of the calendar quarter. The first of three consecutive annual status reports will be due on, or before, 1 year after the eighth quarterly report was submitted.

Distributed To: Nationwide

Agency Last Updated: May 18, 2025

Were You Affected by This Recall?

If you or a family member were harmed by this recalled product, you may have legal rights. Consider consulting a consumer protection attorney to understand your options for compensation.

Find an Attorney

This is general information, not legal advice. Go Backs is not a law firm and does not provide legal services.

AI-Enhanced Content: The summary, action steps, and risk assessment on this page were generated by AI from official government recall data to improve readability. This is not legal or medical advice. Always refer to the official agency sources below for authoritative information.

Sources: NHTSA Notice · Raw API Response

Summary

What You Should Do

Identify if you have an affected IOSiX IO-1020 micro device dongle from the model years 2017 to 2024.

Check your device for the over-the-air (OTA) software update released by IOSiX; this update is provided free of charge to fix the security vulnerability.

If you have questions about the update or need assistance, contact IOSiX customer service at 1-855-623-1939.

For further information or to report additional concerns, contact the National Highway Traffic Safety Administration Vehicle Safety Hotline at 1-888-327-4236 (TTY 1-800-424-9153) or visit www.nhtsa.gov.

Additional Information

Agency: National Highway Traffic Safety Administration (NHTSA)

Recall ID: 24E077000

Status: Active

Manufacturer: IOSiX

Sold By: authorized dealers

Units Affected: 140,000 vehicles(140000% estimated defective)

Park Vehicle: No

Park Outside: No

OTA Update: Yes — fix may be delivered as an over-the-air software update

Product Type: Equipment (E)

Recall Classification: Safety Defect

Owner Notification Date: November 15, 2024

Distributed To: Nationwide

Agency Last Updated: May 18, 2025