Breaking: FCA Recalls 1.4 Million Chrysler, Dodge, Jeep, Ram Vehicles Over …

24 Jul 2015 | Author: | No comments yet »

After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix.

DETROIT — Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the U.S. just days after two hackers detailed how they were able to take control of a Jeep Cherokee SUV over the Internet.

On Friday, Chrysler announced that it’s issuing a formal recall for 1.4 million vehicles that may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers. The company will update software to insulate the vehicles from being remotely controlled, and it said in a statement that hackers are committing a crime by manipulating vehicle without authorization. The hack detailed in the Wired article took place under somewhat controlled conditions—the driver, a Wired writer knew that it was about to happen—but it occurred on the busy Interstate 64 near St.

The vulnerability was first demonstrated to WIRED by security researchers Charlie Miller and Chris Valasek earlier this month when they wirelessly hacked a Jeep I was driving, taking over dashboard functions, steering, transmission and brakes. This is a response to a Wired investigation demonstrated how hackers can exploit a security hole in the UConnect software installed in many of the company’s popular new models. The breach showed just how vulnerable the new breeds of web-connected vehicles can be, and the challenges that manufacturers face in defending against attacks common in other technology fields. Also covered are 2014 and 2015 Dodge Durango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Challenger. Chrysler says it’s also taken steps to block the digital attack Miller and Valasek demonstrated with “network-level security measures”—presumably security tools that detect and block the attack on Sprint’s network, the cellular carrier that connect Chrysler’s vehicles to the Internet.

It stressed that no defect was found and that it’s conducting the campaign out of “an abundance of caution.” The recall covers almost a million more models than those initially identified as needing a software patch. Miller, one of the two researchers who developed the Uconnect-hacking technique, said he was happy to see the company respond. “I was surprised they hadn’t before and I’m glad they did,” he told WIRED in a phone call. He particularly praised the move to work with Sprint to prevent attacks through its network. “Blocking the Sprint network is a huge thing,” Miller adds. “The biggest problem before was that cars would never get fixed or fixed way down the road. Giving people a USB stick as protection against getting their cars zombified sounds like a wimpy response from FCA, but this doesn’t mean you need to panic.

The company briefly addressed the hack and, like most organizations caught off guard by hackers, underlined how sophisticated and difficult it must have been. “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.” And that’s exactly why two U.S. senators on Tuesday proposed new regulations that would mandate auto makers provide much better protection against hackers. Assuming that they did [the Sprint network fix] correctly…you don’t have to worry about that tail-end of cars that won’t get fixed.” Chrysler had already issued a patch in a software update for its vehicles last week, but announced it with a vague press release on its website only. It’s scary that cars with internet-connected software are now vulnerable to cyberattacks, but this exploit hasn’t been used “in the wild.” The researchers who found it were experts who had easy access to the car’s IP address.

FCA US, the new name for what used to be Chrysler Group, said the recall “aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action.” It also says it has applied network-level security measures to prevent the type of remote manipulation demonstrated by Wired. Miller said Friday that he didn’t think the company statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said.

Part of the reason for FCA’s anger is that its technology does not allow it to “push” updates to customer cars over the internet, so needs owners to visit a website or go to a dealer to download the security patch. Both Audi and Mercedes-Benz say they remain unconcerned, insisting their security development is at a different level to the potentially impacted Chryslers, Dodges, Rams and Jeeps. “Safety-critical systems get a lot of work from us,” Audi’s head of electronics said, while Mercedes-Benz insisted there was no way their cars could be hacked from the outside. The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. Audi, pointedly, regularly uses professional hackers to test their electronics security work, Ricky Hudi admitted. “We pay companies to take our cars away to hack them, before they get to production.

Careful Chrysler owners don’t need to depend on that network protection or wait for a USB drive to be mailed to them to patch their Uconnect computers. While the Jeep hacking scandal has caused widespread public concern, it hasn’t slowed Mercedes-Benz’s push for autonomous and semi-autonomous driving, according to the company’s head of transmissions. Customers can go to and punch in their vehicle identification number to find out if they’re included in the recall. Congress has taken note of the rising threat of car hacking, too, with two senators introducing a bill earlier this week to set minimum cybersecurity standards for automobiles. But for now, Miller says that a recall is a strong first step for Chrysler. “What I really want is for them to design secure cars and include detection mechanisms,” Miller says. “They can’t do that in three days.

Here you can write a commentary on the recording "Breaking: FCA Recalls 1.4 Million Chrysler, Dodge, Jeep, Ram Vehicles Over …".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site