- The Washington Times - Friday, July 24, 2015

Fiat Chrysler is recalling roughly 1.4 million automobiles after security researchers successfully demonstrated that certain high-tech cars can be remotely hacked and commandeered.

The auto giant said on Friday this week that it is issuing a fix to patch a vulnerability that affects vehicles sold in the United States that are outfitted with 8.4-inch touchscreens, including select Ram pickups, Dodge Viper sports cars and Jeep Grand Cherokees.

Three days earlier, Wired published an article in researchers Charlie Miller and Chris Valasek showed how they had discovered a flaw with the Jeep Cherokee’s UConnect entertainment system. Once exploited, they explained, hackers could gain access to critical functions normally controlled through the car’s onboard computer, including steering, brakes, speed and transmission.

Andy Greenberg, the Wired journalist who first reported on the hack, had been driving a Cherokee at the moment the researchers demonstrated their exploit to him.

“The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch,” he wrote.

Within hours of his article being published, Sen. Ed Markey and Sen. Richard Blumenthal, Democrats from Massachusetts and Connecticut, respectively, proposed legislation calling on the National Highway Safety and Transportation Administration and the Federal Trade Commission to work toward implementing new standards to save cars from further breaches.

Fiat Chrysler said Friday that it is unaware of the vulnerability discovered by the researchers to have been exploited elsewhere, but it was issuing a recall anyways out of “an abundance of caution.”

Owners of affected vehicles will be provided with USB sticks that contain security patches, the company said.

The hack, the company added, “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”

The research in which Mr. Miller and Mr. Valasek manipulated its software “constitutes criminal action,” the automaker said in a statement on Friday.

“Launching a recall is the right step to protect Fiat Chrysler’s customers, and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” NHTSA Administrator Mark Rosekind said in a statement, Bloomberg reported.

“I wonder what is cheaper, designing secure cars or doing recalls?” Mr. Miller tweeted on Friday. Along with Mr. Valasek, he is expected to divulge further details about their research at an upcoming security conference in Las Vegas.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide