Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Crazy Chrysler security hole: USB stick fix incoming for 1.4 million cars

Watchdog sparks mass recall, sheds light on ridiculous flaw

Fiat Chrysler's bad week just got even worse: the US National Highway Traffic Safety Administration has recalled 1.4 million of the manufacturer's cars after a dangerous software flaw was revealed just days ago.

Renowned hackers Charlie Miller and Chris Valasek warned on Tuesday of a ridiculous vuln in the computer systems built into Fiat Chrysler cars: the flaw can be exploited by an attacker to wirelessly take control of the engine, brakes and entertainment system.

The cars connect to the internet via Fiat Chrysler's uConnect cellular network, and thus can be accessed and tampered with from miles away by anyone who knows the vehicle's public IP address. No authentication is required. The US network has been attempting to block incoming connections, we're told.

The NHTSA has also been probing whether or not Fiat Chrysler's efforts to patch the vuln were fully effective. The motor giant has produced a software fix for the root cause of the vulnerability – unfortunately, the update has to be manually installed via a USB stick plugged into the car.

"In an effort to mitigate the effects of this security vulnerability, Chrysler has had the wireless service provider close the open cellular connection to the vehicle that provided unauthorized access to the vehicle network," said the NHTSA recall notice.

"This measure may not have been implemented on all vehicles and does not address access by other means that will be remedied by the software update. The manufacturer has not yet provided a notification schedule."

The recall affects five models of Fiat Chrysler's 2013-2015 Ram range, 2014-2015 Jeep Grand Cherokee, Cherokee and Dodge Durango models, this year's Dodge Charger and Dodge Challenger vehicles and any Dodge Viper sold in the past two years.

 

Similar topics

TIP US OFF

Send us news


Other stories you might like