After Jeep hack, Fiat Chrysler recalls 1.4 million cars and trucks

25 Jul 2015 | Author: | No comments yet »

1.4mn vehicles recalled over remote hack vulnerability.

Fiat Chrysler announced the recall of about 1.4m cars and trucks in the US on Friday after two hackers were able to take control of a Jeep over the internet. Fiat Chrysler will recall 1.4 million vehicles in the United States to install software to prevent hackers from gaining remote control of the engine, steering and other systems in what federal officials said was the first such action of its kind.

Just days after hackers demonstrated that they could remotely access Jeep Cherokee’s electronic entertainment system, control cars while engines are running, or even crash one, Fiat Chrysler Automobiles has recalled some 1.4mn vehicles for a software update.WASHINGTON — When the call came to officials at the National Highway Traffic Safety Administration, they knew they had a problem they had never faced but had long feared. The announcement on Friday by FCA US LLC, formerly Chrysler Group LLC, was made days after reports that cybersecurity researchers used a wireless connection to turn off a Jeep Cherokee’s engine as it drove, increasing concerns about the safety of Internet-enabled vehicles. It followed an investigation by computer programmers and Wired magazine, where they managed to manipulate a Jeep Cherokee being driven on a Missouri motorway.

The automaker said the hack appeared to be an isolated incident that could not be easily repeated, because it required extensive technical knowledge of the vehicle. The company also disclosed in government documents that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it. However, car manufacturers in the UK have been under increased pressure to improve the security features on vehicles that can be accessed by computer hackers.

He said that at present there is a divide in terms of design, in that cars and other products could be accessible from a variety of sources, such as smartphones, as with the Cherokee, or else can be designed to communicate only with a single authenticated server. It came as the industry is rapidly adding internet-connected features such as Wi-Fi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. The initial call from Fiat Chrysler to Washington on July 15 led to a long set of discussions between the automaker and regulators that extended through the weekend, according to a person briefed on the activities. Ed Skoudis, an expert in securing connected devices, said the fact that the recall came so soon after publication of the FCA cybersecurity issue “is a shot across the bow of other IoT manufacturers that this could cost them a lot of money.” Skoudis said he hoped companies would reconsider what they spend on security earlier in the design process in order to avoid similar recalls, lawsuits and the threat of increased regulation. Staff specialists at the safety agency aimed to grasp the full scope of the breach, and were particularly alarmed that the hacking allowed someone to essentially crash a vehicle.

Fiat Chrysler, which faces penalties from the NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims. Interestingly, a Fiat blog entry by Gualberto Ranieri stated the company was aware the hackers were doing ongoing research intentionally hacking Miller’s vehicle over the past year, and that they had communicated with the company about aspects of their work. “To [the] FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorized remote hack into any FCA vehicle,” said Ranieri. Accordingly, FCA US has established a dedicated [engineering] team focused on identifying and implementing best practices for software development and integration.” The company said it was unaware of any injuries related to what it called “software exploitation”.

The researchers, Charlie Miller and Chris Valasek, had given the automaker a heads up: The two men planned to make their findings public early this week. In January, BMW also had to issue a software patch after the German Automobile Assn. found a potential security issue in the vehicles’ cellular network. In 2010 and 2011, a team of researchers from UC San Diego and the University of Washington showed that hackers could infiltrate a car’s electronic control network to disable brakes or even the engine. Two Democratic Senators introduced a bill on Tuesday that would direct the NHTSA to develop standards for isolating critical software and detect hacking as it occurs. “We have said that cars today are essentially computers on wheels, and the last thing drivers should have to worry about is some hacker along for the ride,” Fred Upton, the Republican chairman of the House Energy and Commerce Committee and the committee’s ranking Democrat, Frank Pallone Jr of New Jersey, said in a statement on Friday.

Some carmarkers, including BMW (BMWG.DE) and Tesla Motors Inc (TSLA.O), can update car software over the air, as Apple Inc (AAPL.O) does with its phones. The problems for FCA come just a day after rival General Motors revealed second-quarter profits were four times higher than in 2014, hitting $1.1bn (£710m) as bosses put last year’s troubles behind them – $1.28bn in recalls and compensation for a potentially fatal ignition switch fault in millions of compact cars.

Researchers Miller and Valasek have shared their findings with Chrysler for nearly nine months, which allowed the automaker to release a patch, according to Wired. Miller said Friday that he didn’t think the company statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said.

The hacking issues may not have hit the UK, but last year 6,000 cars were stolen in London by thieves using computers to trick cars into starting without keys. Fiat Chrysler software specialists scrambled to make a patch available to plug the hole, and released one on the automaker’s website on July 16, the day after the call to Washington. Figures revealed that one in three car thefts in the capital were carried out this way, and the pressure is on carmakers, particularly Land Rover and BMW, to improve their security.

Also covered are 2014 and 2015 Dodge Durango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Challenger. A spokeswoman for FCA said the USB sticks would be mailed to customers “as soon as possible.” FCA declined to comment beyond the statement it issued on the recall.

Experts have warned that thieves may even be using computer malware to take over vehicle systems via satellite, issuing remote commands for them to unlock and start up. In broad terms, “this is another example of a problem with an embedded system, some computer that is something that is not really a computer from a user perspective but is built to make something else work,” said Steven Bellovin, a professor of computer science at Columbia University. “I suspect we’re going to need some kind of regulatory frameworks. And if drivers were vulnerable to an attack where they could lose control of their cars, that would certainly seem to qualify, even though a recall for a web security threat had never before taken place. Rosekind was visiting Michigan for a speech in which he addressed the need for improved web security in vehicles.) N.H.T.S.A. officials decided that the vulnerability was simply too dangerous not to require a formal recall.

Valasek, one of the two researchers, posted on social media that when he tried connecting again to his test Jeep, the pathway through Sprint’s network had been blocked. Markey, along with Senator Richard Blumenthal, Democrat of Connecticut, recently drafted legislation to set federal standards for web security protection in vehicles.

Here you can write a commentary on the recording "After Jeep hack, Fiat Chrysler recalls 1.4 million cars and trucks".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site