Recommended Reading: The Jeep hack that led to a massive recall

25 Jul 2015 | Author: | No comments yet »

1.4mn vehicles recalled over remote hack vulnerability.

Detroit: Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the US just days after two hackers revealed that they took control of a Jeep Cherokee SUV over the internet. WASHINGTON — When the call came to officials at the National Highway Traffic Safety Administration, they knew they had a problem they had never faced but had long feared. The company also disclosed in government documents that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it.

On Thursday, Fiat Chrysler sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks, the automaker said in a statement. However, car manufacturers in the UK have been under increased pressure to improve the security features on vehicles that can be accessed by computer hackers. That revelation set in motion a nine-day flurry of activity by the automaker and the safety agency that culminated Friday in a sweeping recall of 1.4 million vehicles. “Launching a recall is the right step to protect Fiat Chrysler’s customers, and it sets an important precedent for how N.H.T.S.A. and the industry will respond to cybersecurity vulnerabilities,” said Mark R. It came as the industry is rapidly adding internet-connected features such as WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. “I think it’s a pretty big deal,” said James Carder, chief information security officer for LogRhythm Inc., a Boulder, Colorado, security company. “This isn’t intellectual property going out the door, this is 1.4 million lives on the line.” Automakers, he said, have become accustomed to testing mechanical safety, but most aren’t doing enough online security testing. Interestingly, a Fiat blog entry by Gualberto Ranieri stated the company was aware the hackers were doing ongoing research intentionally hacking Miller’s vehicle over the past year, and that they had communicated with the company about aspects of their work. “To [the] FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorized remote hack into any FCA vehicle,” said Ranieri.

Accordingly, FCA US has established a dedicated [engineering] team focused on identifying and implementing best practices for software development and integration.” The company said it was unaware of any injuries related to what it called “software exploitation”. The researchers, Charlie Miller and Chris Valasek, had given the automaker a heads up: The two men planned to make their findings public early this week. Fiat Chrysler, which already is facing penalties from NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims.

Playing down the possible risks, it added: “Software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle, and extended periods of time to write code.” The US Transportation Secretary Anthony Foxx said President Obama would be pushing hard to make sure the 250 million vehicles on US roads were properly protected from cyber hacking. The problems for FCA come just a day after rival General Motors revealed second-quarter profits were four times higher than in 2014, hitting $1.1bn (£710m) as bosses put last year’s troubles behind them – $1.28bn in recalls and compensation for a potentially fatal ignition switch fault in millions of compact cars. The hacking issues may not have hit the UK, but last year 6,000 cars were stolen in London by thieves using computers to trick cars into starting without keys. Fiat Chrysler software specialists scrambled to make a patch available to plug the hole, and released one on the automaker’s website on July 16, the day after the call to Washington.

Figures revealed that one in three car thefts in the capital were carried out this way, and the pressure is on carmakers, particularly Land Rover and BMW, to improve their security. Miller said Friday that he didn’t think Fiat Chrysler’s statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said. Experts have warned that thieves may even be using computer malware to take over vehicle systems via satellite, issuing remote commands for them to unlock and start up.

Also covered are 2014 and 2015 Dodge Durango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Challenger. And if drivers were vulnerable to an attack where they could lose control of their cars, that would certainly seem to qualify, even though a recall for a web security threat had never before taken place. Rosekind was visiting Michigan for a speech in which he addressed the need for improved web security in vehicles.) N.H.T.S.A. officials decided that the vulnerability was simply too dangerous not to require a formal recall. Customers can go to http://www.driveuconnect.com/software-update/ and punch in their vehicle identification number to find out if they’re included in the recall. Valasek, one of the two researchers, posted on social media that when he tried connecting again to his test Jeep, the pathway through Sprint’s network had been blocked.

A Fiat Chrysler spokesman, Berj Alexanian, declined to comment on the precise timeline of when the patch was developed, but said that since its release the company has “taken more steps to ensure the confidence and security of our customers,” including deciding, “in an abundance of caution, to continue the distribution under the auspices of a recall.” “This was a wake-up call for automakers,” said Michelle Krebs, a senior analyst with Autotrader.com. “I will bet emergency meetings are being called at many auto companies.” Web security specialists say that while intrusions into consumers’ computers and phones result in financial damage, or possibly issues like identify theft, the danger posed by vehicles is unique in its potential to inflict physical harm. “The transformation you’ve seen is that hacking has moved into the safety realm,” said Jon Allen, a security specialist with Booz Allen Hamilton. “Autos take it to a new level.” “Both automakers and N.H.T.S.A. should be immediately taking steps to verify that other similar vulnerabilities do not exist in other models that are on the road,” said Senator Edward Markey, Democrat of Massachusetts. Markey, along with Senator Richard Blumenthal, Democrat of Connecticut, recently drafted legislation to set federal standards for web security protection in vehicles. The chairman of the House Energy and Commerce Committee, Fred Upton, Republican of Michigan, and the panel’s top Democrat, Frank Pallone Jr. of New Jersey, also issued a statement, saying that “cars today are essentially computers on wheels, and the last thing drivers should have to worry about is some hacker along for the ride.”

Here you can write a commentary on the recording "Recommended Reading: The Jeep hack that led to a massive recall".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site