Saturday, July 25, 2015
Followup to “Resist getting hacked, don’t buy a hackable car”
by Larry Geller
It’s not just the Jeep Cherokee that can be hacked. The recall has been expanded to include, according to the website linked below, the Dodge Ram pickup, the Grand Cherokee, the Dodge Durango, three of Chrysler’s most popular sedans, and the Dodge Challenger two-door coupe. The total number of vehicles vulnerable is reported to be about 1.4 million.
If you have one of those, pay attention. If you don’t, think of whether you really want to buy an Internet-connected car.
We were waiting for the other shoe to drop, and here it is: Fiat Chrysler Automobiles (FCA) has announced it is voluntarily recalling 1.4 million vehicles across its various brands and model lines, in the wake of the discovery of a zero-day exploit that lets hackers remotely force late-model Jeep Cherokees off the road. All someone needs is the IP address of a car armed with Chrysler’s UConnect infotainment system, and they can infiltrate the car’s network via its Wi-Fi hotspot feature, rewrite the OS firmware, and then control all of the major systems of the car: accelerator, brakes, steering, air conditioning, and more.
[ExtremeTech, Fiat-Chrysler recalls 1.4 million vehicles in wake of hack, 7/24/2015]
The article has a comprehensive list of vehicles recalled. It also describes how the problem is “solved.” Apparently you get a USB drive to stick someplace in the car and it updates your firmware.
Ok for now. Until next time.
Oh, it should be mentioned that not everyone makes repairs in response to a recall notice. So the rest of us are endangered as long as any of the affected cars with defective firmware are still on the road. You could be in front of one when the hacker disables the brakes, for example…
If hackers are looking for vulnerable cars, they’ll find the ones not yet modified. It could be a huge risk. With sufficient pressure, perhaps nearly all owners will get their new firmware installed before hackers find them.