QR code to the original page

Luca Colantuoni ,

Fiat Chrysler Automobiles (FCA) has decided to recall about 1.4 million vehicles sold in the United States between 2013 and 2015. These models are equipped with 8.4-inch touchscreen and the infotainment system Uconnect, for which two security researchers have developed an exploit that takes advantage of a serious vulnerability, subsequently resolved with an update. The bad week the automaker ended with a fine of 105 million dollars , imposed by NHTSA.

Five days ago, a journalist for Wired USA has published a detailed description the attack carried out by the computer hacker Charlie Miller and Chris Valasek against a Jeep Cherokee . Using a cell phone “disposable”, a notebook and software, the two experts have managed to check vehicle several kilometers away , after identifying the IP address shown on the Internet by Uconnect. FCA had promptly released an update to close the security hole, but the update operation requires manual intervention.

Since many customers may not know the severity of the problem and postpone installation of the patch, the manufacturer has put in place a first measure of security by blocking remote access via the network operator Sprint US. Chris Valasek has confirmed that the tool used to identify the Jeep does not work anymore. The voluntary recall includes sending a USB drive that vehicle owners (not only Jeep Cherokee, but also pickups and sedans) can be used to install the update. FCA clear, however, that has not been any reported incident and remote access to cars require deep technical knowledge and a lot of time to write the code.

fine of $ 105 million is instead related to the delay in Fiat Chrysler has made 23 calls to over 11 million vehicles. The owners of about 500,000 cars with faulty suspension can sell them to the manufacturer, while others will receive an incentive to solve the security problems identified. Perhaps, to avoid further fines, FCA has decided to send the update to Uconnect directly to customers.