Wednesday, 29 July 2015

Experts Denounce Sending USB Drives By Chrysler

Last week, carmaker Chrysler announced that the 1.4 million cars because of a vulnerability in the software recall. The vulnerability allows an attacker cars via the Internet partly control. So the brakes can be switched on and off and it is possible to turn off the engine.

Chrysler developed an update for the security vulnerability and offers now via three ways. Consumers can download the update itself and update the car software via a USB stick. This is now a comprehensive manual ( pdf ) appeared online. The second option is to return the car to the dealer who then installs the update. In addition, there is also a third possibility.Namely to allow sending a USB stick with the update.

And it is this last option that can count on criticism from security experts. "This is the dumbest action that I've heard in a long time," said Khalil Sehnaoui Krypton Security embarrassed about ZDNet . Also Tod Beardsley security company Rapid7 is not happy with the action. "Just a USB stick into the computer stabbing without knowing exactly where it comes from is a bad idea," he observes. He warns that teaching users that they have a USB stick that can confidence be sent by post creates a dangerous behavior and opens the door for criminals to take advantage of this.

Chris Kennedy of anti-fraud business Trustev takes the decision to send around USB sticks "incredibly irresponsible" and "unsafe". Kennedy is especially worried that the USB sticks be intercepted. Also on Twitter users react with amazement."Now is a good time to send USB sticks containing exploits for any Chrysler owners", as a late Twitterer know. Beardsley advises owners of Chrysler to go to a dealer. Since there are then at least one more track is that paper shows that there is a reliable party is searched. Chrysler states in response that the measure is selected to increase convenience for customers.

No comments:

Post a Comment