Fiat-Chrysler is recalling 1.4 million cars in the U.S. to fix a software vulnerability that could allow a hacker to remotely control the car over the Internet.
--
Affected models include late-model Ram, Jeep, Dodge, and Chrysler vehicles with the 8.4-inch Uconnect screen: The 2013-2015 Dodge Viper, Ram 1500/2500/3500/4500/5500; 2014-2015 Jeep Cherokee, Grand Cherokee, and Dodge Durango; and the 2015 Chrysler 200, 300, and Dodge Charger and Challenger.
-Two days earlier, the company released an update for its Uconnect infotainment system after a Wired report claimed two cybersecurity experts had broken into a Jeep Cherokee’s computer via the vehicle’s Sprint data connection and were then able to infiltrate the vehicle’s powertrain, sending the car into a ditch with a reporter inside. The hack, tested alongside FCA engineers for the past year, has called the automaker’s security measures into question after the same experts—one of whom consults, the other is a security researcher at Twitter—named the Cherokee one of the most “hackable” new cars.
-Chrysler said it will ship customers a USB stick they can plug into the car to complete the update themselves—a convenient but unusual method, since there was no mention of dealers conducting the service—and that it had already patched a hole on the Sprint network to block such exploits.
-“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” the company said in a statement. “No defect has been found. FCA US is conducting this campaign out of an abundance of caution.”
-Sen. Edward Markey (D-Mass.), who just entered a bill this week calling for new federal standards on automotive cybersecurity, issued a stern statement taking Chrysler to task, no doubt in part to get support and publicity for his legislation. Still, while Chrysler worked for nine months with the hackers to resolve the problem and quietly said it had a fix earlier this week, the recall wasn’t formalized until after the Wired report went viral.
--
- -
- Why the Recent Jeep Cherokee Hack is Not Cause for Panic -
- Senate Introduces Automotive Anti-Hacking Bill -
- Tesla Wants to Pay Hackers a Full-Time Salary to Hack Into Its Cars -
-
Owners can enter their VIN number at this website to see if their cars are part of the recall. No one has been affected by this hack outside of the Wired story, where the reporter tested the bug exclusively with the hacking duo.
-
No comments:
Post a Comment