UPDATE 2-Fiat Chrysler US to recall vehicles to prevent hacking

24 Jul 2015 | Author: | No comments yet »

After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix.

The recall comes days after Wired reported a demonstration by hackers in which they were able to access and control a Chrysler Jeep as it was being driven. On Friday, Chrysler announced that it’s issuing a formal recall for 1.4 million vehicles that may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers.If you own a newer Jeep Grand Cherokee or Dodge Durango, you will want to check this out: Fiat Chrysler Automobiles is recalling 1.4 million cars due to a security flaw that leaves the vehicles vulnerable to complete takeovers from hackers.

Charlie Miller, left, and Chris Valasek, are displayed on the navigation screen of a Jeep Cherokee, which the duo successfully hacked, in Ladue, Mo., July 23, 2015. The hack detailed in the Wired article took place under somewhat controlled conditions—the driver, a Wired writer knew that it was about to happen—but it occurred on the busy Interstate 64 near St. This is a response to a Wired investigation demonstrated how hackers can exploit a security hole in the UConnect software installed in many of the company’s popular new models. The breach showed just how vulnerable the new breeds of web-connected vehicles can be, and the challenges that manufacturers face in defending against attacks common in other technology fields. The software has a flaw can be used to take control over the vehicles, cutting transmission and endangering/scaring the bejeezus out of the people in the car.

Rather, Fiat Chrysler said the recall applied to vehicles with “certain radios.” Shortly after the recall was announced, National Highway Traffic Safety Administration (NHTSA) said it is launching an investigation to assess whether Fiat Chrysler’s recall will be effective. “Launching a recall is the right step to protect Fiat Chrysler’s customers, and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” NHTSA Administrator Mark Rosekind said in a statement. Chrysler says it’s also taken steps to block the digital attack Miller and Valasek demonstrated with “network-level security measures”—presumably security tools that detect and block the attack on Sprint’s network, the cellular carrier that connect Chrysler’s vehicles to the Internet. It stressed that no defect was found and that it’s conducting the campaign out of “an abundance of caution.” The recall covers almost a million more models than those initially identified as needing a software patch. Miller, one of the two researchers who developed the Uconnect-hacking technique, said he was happy to see the company respond. “I was surprised they hadn’t before and I’m glad they did,” he told WIRED in a phone call.

He particularly praised the move to work with Sprint to prevent attacks through its network. “Blocking the Sprint network is a huge thing,” Miller adds. “The biggest problem before was that cars would never get fixed or fixed way down the road. Giving people a USB stick as protection against getting their cars zombified sounds like a wimpy response from FCA, but this doesn’t mean you need to panic. The company briefly addressed the hack and, like most organizations caught off guard by hackers, underlined how sophisticated and difficult it must have been. “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.” And that’s exactly why two U.S. senators on Tuesday proposed new regulations that would mandate auto makers provide much better protection against hackers. Assuming that they did [the Sprint network fix] correctly…you don’t have to worry about that tail-end of cars that won’t get fixed.” Chrysler had already issued a patch in a software update for its vehicles last week, but announced it with a vague press release on its website only.

It’s scary that cars with internet-connected software are now vulnerable to cyberattacks, but this exploit hasn’t been used “in the wild.” The researchers who found it were experts who had easy access to the car’s IP address. A recall, by contrast, means all affected customers will be notified about the security vulnerability and urged to patch their software. “The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action,” writes a Chrysler spokesperson in an email.

That list of potentially vulnerable cars is slightly longer than the one Chrysler gave WIRED on Monday, which excluded the the Chrysler 200 and 300, and the Dodge Charger and Challenger. Part of the reason for FCA’s anger is that its technology does not allow it to “push” updates to customer cars over the internet, so needs owners to visit a website or go to a dealer to download the security patch. Both Audi and Mercedes-Benz say they remain unconcerned, insisting their security development is at a different level to the potentially impacted Chryslers, Dodges, Rams and Jeeps. “Safety-critical systems get a lot of work from us,” Audi’s head of electronics said, while Mercedes-Benz insisted there was no way their cars could be hacked from the outside.

The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. Audi, pointedly, regularly uses professional hackers to test their electronics security work, Ricky Hudi admitted. “We pay companies to take our cars away to hack them, before they get to production. While the Jeep hacking scandal has caused widespread public concern, it hasn’t slowed Mercedes-Benz’s push for autonomous and semi-autonomous driving, according to the company’s head of transmissions. Congress has taken note of the rising threat of car hacking, too, with two senators introducing a bill earlier this week to set minimum cybersecurity standards for automobiles.

Here you can write a commentary on the recording "UPDATE 2-Fiat Chrysler US to recall vehicles to prevent hacking".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site