Fiat Chrysler to Recall 1.4 Million Vehicles to Prevent Hacking

25 Jul 2015 | Author: | No comments yet »

Chrysler Issues Recall To Prevent Hacking Of Its Car Software.

WASHINGTON — Fiat Chrysler said Friday it is voluntarily recalling 1.4 million U.S. cars to fix a software defect that could allow the vehicles to be hacked remotely.Fiat Chrysler has recalled 1.4 million cars and trucks under pressure from the US Government after it was revealed that the vehicles’ computers could be hacked and remotely controlled.

FILE – In this Tuesday, May 6, 2014, file photo, the Fiat Chrysler Automobiles sign is seen after being unveiled at Chrysler World Headquarters in Auburn Hills, Mich. This week, security researchers Chris Valasek and Charlie Miller remotely disabled a Jeep Cherokee’s brakes and steering — while the car was on the highway.

It followed an investigation by computer programmers and Wired magazine, where they managed to manipulate a Jeep Cherokee being driven on a Missouri motorway. The company also disclosed in government documents that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it. The ethical hackers, who shared their studies with the manufacturers, hacked into the car’s uConnect infotainment system, taking control of the car, shutting down brakes, and driving it into a ditch. “Probably a 10 or 15 minute actual process,” says Cole. “Of course, sometimes there’s waiting until we get to them, but it’s a very easy process.” While this recall involves certain models of Chrysler, Jeep, and Dodge, if hackers can use a cell phone to lock into the computer system of any vehicle, the manufacturers of all kinds will have to pay attention and get on top of this problem in the weeks and months ahead.

However, car manufacturers in the UK have been under increased pressure to improve the security features on vehicles that can be accessed by computer hackers. On Thursday, Fiat Chrysler sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks, the automaker said in a statement. Many of these products — which are commonly called the “Internet of Things” — carry the same software flaws that have been continually exploited by hackers operating on the Web. It came as the industry is rapidly adding Internet-connected features such as WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. “I think it’s a pretty big deal,” said James Carder, chief information security officer for LogRhythm Inc., a Boulder, Colorado, security company. “This isn’t intellectual property going out the door, this is 1.4 million lives on the line.” Automakers, he said, have become accustomed to testing mechanical safety, but most aren’t doing enough online security testing.

Vehicles today talk to the outside world through remote key systems, satellite radios, Bluetooth connections, dashboard Internet links and even wireless tire-pressure monitors. Accordingly, FCA US has established a dedicated [engineering] team focused on identifying and implementing best practices for software development and integration.” The company said it was unaware of any injuries related to what it called “software exploitation”.

Infotainment systems are particularly good attack surfaces because modern versions often use a driver’s smartphone to connect directly to the Internet — or such systems connect to the Internet directly through cellular signals. Playing down the possible risks, it added: “Software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle, and extended periods of time to write code.” The US Transportation Secretary Anthony Foxx said President Obama would be pushing hard to make sure the 250 million vehicles on US roads were properly protected from cyber hacking. Fiat Chrysler, which already is facing penalties from NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims.

The problems for FCA come just a day after rival General Motors revealed second-quarter profits were four times higher than in 2014, hitting $1.1bn (£710m) as bosses put last year’s troubles behind them – $1.28bn in recalls and compensation for a potentially fatal ignition switch fault in millions of compact cars. The hacking issues may not have hit the UK, but last year 6,000 cars were stolen in London by thieves using computers to trick cars into starting without keys. Edward Markey, D-Mass., found that nearly all cars on the market “include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.” But while wireless technology is frequently cited as a potential source of problems — it’s also thought of by some experts as a way to help fix them. Figures revealed that one in three car thefts in the capital were carried out this way, and the pressure is on carmakers, particularly Land Rover and BMW, to improve their security. Secure over-the-air updates could help ease the process of fixing security flaws once they are discovered, said Josh Corman, the founder of I Am The Cavalry.

Experts have warned that thieves may even be using computer malware to take over vehicle systems via satellite, issuing remote commands for them to unlock and start up. The group has urged vehicle manufacturers to adopt a five-star-style rating system for security best practices, akin to the ratings for traditional vehicle safety. Miller said Friday that he didn’t think Fiat Chrysler’s statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said.

Fiat’s recall will require that customers manually update their vehicles using a USB stick they can install through a port in the vehicle’s dashboard, rather than taking their vehicles to a dealer. The upgrade will provide additional security features to the network-level measures the company has already rolled out in response to the demonstration. Also covered are 2014 and 2015 Dodge Durango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Challenger.

While Fiat Chrysler’s recall is notable because it appears to be a result of the publicly demonstrated exploit, software problems have increasingly become the source of recalls as computer systems have taken over more vehicles. Customers can go to http://www.driveuconnect.com/software-update/ and punch in their vehicle identification number to find out if they’re included in the recall.

Here you can write a commentary on the recording "Fiat Chrysler to Recall 1.4 Million Vehicles to Prevent Hacking".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site