Fiat recalls 1.4 million vehicles after hack of Jeep Cherokee

25 Jul 2015 | Author: | No comments yet »

After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix.

Fiat Chrysler is recalling roughly 1.4 million automobiles after security researchers successfully demonstrated that certain high-tech cars can be remotely hacked and commandeered.

DETROIT — Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the U.S. just days after two hackers detailed how they were able to take control of a Jeep Cherokee SUV over the Internet.On Friday, Chrysler announced that it’s issuing a formal recall for 1.4 million vehicles that may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers.

The auto giant said on Friday this week that it is issuing a fix to patch a vulnerability that affects vehicles sold in the United States that are outfitted with 8.4-inch touchscreens, including select Ram pickups, Dodge Viper sports cars and Jeep Grand Cherokees. The company will update software to insulate the vehicles from being remotely controlled, and it said in a statement that hackers are committing a crime by manipulating vehicle without authorization. The hack detailed in the Wired article took place under somewhat controlled conditions—the driver, a Wired writer knew that it was about to happen—but it occurred on the busy Interstate 64 near St.

The vulnerability was first demonstrated to WIRED by security researchers Charlie Miller and Chris Valasek earlier this month when they wirelessly hacked a Jeep I was driving, taking over dashboard functions, steering, transmission and brakes. Once exploited, they explained, hackers could gain access to critical functions normally controlled through the car’s onboard computer, including steering, brakes, speed and transmission. Andy Greenberg, the Wired journalist who first reported on the hack, had been driving a Cherokee at the moment the researchers demonstrated their exploit to him. “The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch,” he wrote. Chrysler said there’s no indication such an attack has been launched against unsuspecting car owners, but it clearly illuminated a hole in the auto-maker’s security. Chrysler says it’s also taken steps to block the digital attack Miller and Valasek demonstrated with “network-level security measures”—presumably security tools that detect and block the attack on Sprint’s network, the cellular carrier that connect Chrysler’s vehicles to the Internet.

Miller, one of the two researchers who developed the Uconnect-hacking technique, said he was happy to see the company respond. “I was surprised they hadn’t before and I’m glad they did,” he told WIRED in a phone call. The recall covers about 1 million more vehicles than the company had originally believed were affected, all with a certain type of radio, the company statement said. He particularly praised the move to work with Sprint to prevent attacks through its network. “Blocking the Sprint network is a huge thing,” Miller adds. “The biggest problem before was that cars would never get fixed or fixed way down the road.

Richard Blumenthal, Democrats from Massachusetts and Connecticut, respectively, proposed legislation calling on the National Highway Safety and Transportation Administration and the Federal Trade Commission to work toward implementing new standards to save cars from further breaches. The company briefly addressed the hack and, like most organizations caught off guard by hackers, underlined how sophisticated and difficult it must have been. “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.” And that’s exactly why two U.S. senators on Tuesday proposed new regulations that would mandate auto makers provide much better protection against hackers. Assuming that they did [the Sprint network fix] correctly…you don’t have to worry about that tail-end of cars that won’t get fixed.” Chrysler had already issued a patch in a software update for its vehicles last week, but announced it with a vague press release on its website only.

A recall, by contrast, means all affected customers will be notified about the security vulnerability and urged to patch their software. “The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action,” writes a Chrysler spokesperson in an email. That list of potentially vulnerable cars is slightly longer than the one Chrysler gave WIRED on Monday, which excluded the the Chrysler 200 and 300, and the Dodge Charger and Challenger. The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks.

Customers can go to http://www.driveuconnect.com/software-update/ and punch in their vehicle identification number to find out if they’re included in the recall. Congress has taken note of the rising threat of car hacking, too, with two senators introducing a bill earlier this week to set minimum cybersecurity standards for automobiles. But for now, Miller says that a recall is a strong first step for Chrysler. “What I really want is for them to design secure cars and include detection mechanisms,” Miller says. “They can’t do that in three days.

Here you can write a commentary on the recording "Fiat recalls 1.4 million vehicles after hack of Jeep Cherokee".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site