Saturday, 25 July 2015

Chrysler Raises 1.4 Million Cars Back Because Of Vulnerability

Carmaker Chrysler raises some 1.4 million cars and trucks back because of a vulnerability in the software that allow attackers over the internet can access the vehicles. It is then possible to switch on the brakes, to turn off and to turn off the motor at low speeds.

The vulnerability was by researchers Charlie Miller and Chris Valasek discovered . The problem is in Uconnect, a component that gives the cars online capabilities and that the entertainment and navigation are operable. The functionality even offers a wifi hotspot and makes phone calls possible. Uconnect allows anyone with a vehicle connection as long as the IP address of the car is known.

After the connection was made with a car, the researchers succeeded in order to adapt the firmware of the system. This custom firmware can then send instructions via the internal network of the car to the physical components such as the engine and the wheels.


After Chrysler nine months ago was informed, was the manufacturer on July 16 with a security update . The update must be installed via a USB stick by car owners. The fear was that many owners would not do this. Therefore Chrysler now launched a voluntary recall, let the manufacturer through their own website to know. It is about 1.4 million vehicles. According to Chrysler there are no attacks still in the "wild" that have been observed using the vulnerability.

The problem is present in the MY Dodge Viper and different models of RAM pickup, the Jeep Grand Cherokee and Cherokee SUVs, Dodge Durango SUVs, different My Chrysler and Dodge Charger sedans and Dodge Challenger sports coupe.Customers of an affected vehicle will have received a USB device that they can use to upgrade the car software. The upgrade not only resolves the vulnerability, but also adds additional security measures, according to Chrysler.

No comments:

Post a Comment