Fiat Chrysler Automobiles announced that it would voluntary recall 1.4 million vehicles to patch a security exploit that could allow hackers to infiltrate a car’s vital systems.
The recall would apply to cars fitted with the Uconnect 8.4-inch touchscreen. A story released by Wired magazine this week detailed two hackers’ system that could take over a Jeep Cherokee and control the car’s systems, including throttle, braking and steering.
Jeep released the update last week, saying the patch was for “nothing in particular” and that they “continuously test vehicles systems to identify vulnerabilities and develop solutions.”
The release required owners to download the update onto a USB drive and install it themselves, or go to a dealership. FCA will mail affected owners a USB drive with the update now.
According to FCA, the company is unaware of any injuries related to the hack.
Automakers are not well known for their expertise in embedded security with vulnerabilities surfacing for many models. Nick Bilton of the New York Times decided to investigate a wireless key vulnerability after his Prius was broken into with a mystery black box. The investigation sounded somewhat promising at first, but quickly deflated, ending at a point where he told us to put our car keys in the freezer.
The story originally unfolded on Twitter as Bilton posted about the break-in and quickly followed up he’d figured out a $100 broadcasting device allowed teenagers to break into his car so easily.
Locking the doors may not be enough to deter would-be thieves now, thanks to wireless technology.
This is the Renault Zoe. It’s like most EVs on the road, with its limited range, limited power, and limited usability.
Unlike the other EVs, however, the Zoe comes with DRM attached to its battery pack. In short: If you value your ability to drive the Zoe at all, then you will submit to a rental contract with the pack’s manufacturer. Should you fail to pay the rent or your lease term expires, Renault can and will turn your Zoe into an expensive, useless paperweight by preventing the pack’s ability to be recharged, consequences be damned.
It’s only the beginning.
A team of researchers at UC San Diego and the University of Washington, Seattle, has just published a paper titled “Comprehensive Experimental Analyses of Automotive Attack Surfaces“. Behind that dry title is a very exciting research study. In essence, they bought a modern reasonably-priced car with lots of fancy features, including a built-in cellular phone interface, and did a serious reverse-engineering exercise to determine whether it had any security vulnerabilities. It’s the most comprehensive study of its kind.