Jeep hacking scare ‘confined to the US’

BY RON HAMMERTON | 22nd Jul 2015


FIAT Chrysler Automobiles (FCA) Australia has ruled out a local repetition of a car computer hacking incident in the United States, where a Jeep Cherokee’s engine was powered down remotely as it was driven at 110km/h along a highway in St Louis.

Apart from turning off the vehicles’ engine, the hackers used a software security vulnerability to cause the brakes to fail, take control of the steering wheel as the car was being reversed and turn up the radio, according to a report in Wired magazine.

The demonstration attack on a Cherokee driven by journalist Andy Greenberg was made over the internet, from a laptop operated in a basement about 16km away. The episode started when the hackers posted a picture of themselves on the Jeep’ s infotainment screen, and ended with the Jeep off the road in a ditch after the brakes were deactivated.

Thousands of Chrysler, Dodge, Jeep and RAM vehicles – mainly from 2013-14 – are affected by the problem, but not in Australia.

The Australian branch of FCA today released a statement saying the problem was confined to the US, and that vehicles sold elsewhere, including Australia, were not equipped with an external cellular internet connection – the apparent source of the issue.

In the US, FCA has already issued a software update for the UConnect infotainment system.

Fortunately, the issue was discovered by hacking experts with good intentions. They reportedly advised FCA of the problem nine months ago and helped the company to work on a fix that was released five days before the problem became public.

But the hackers, Charlie Miller and Chris Valasek, raised hackles at FCA by saying they would release part of their code at a security conference in Las Vegas in an effort to convince car-makers that their products are vulnerable.

In Detroit, FCA said in a statement: “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorised and unlawful access to vehicle systems.

“We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.” As news of the hacking hit the wires overnight, FCA Australia also released a statement pointing out that none of its products sold here have the vulnerability.

“No vehicles in Australia nor any international market outside of the USA were affected by this issue, as it is an American-only system not present in Australian vehicles,” the statement said.

“Vehicles sold in Australia and other international markets are not equipped with an external cellular connection”

Read more

FCA introduces ‘transparent’ servicing scheme
Diesel Jeep Cherokee could be joined by others
Full Site
Back to Top

Main site

Researching

GoAutoMedia