Fiat Chrysler recalls 1.4 million vehicles after remote hack

[Kaido]

http://www.engadget.com/2015/07/24/fiat-chrysler-recall/

CA is obviously acting fast to patch the problem, and it's clear why. As Wired details, the hack makes it possible to "kill" the engine, remotely activate or disable the brakes, and keep tabs on a vehicle's location. Full steering control is currently being worked on. The party responsible for the hack revealed it would "publish a portion of their exploit" openly on the web, timed to coincide with the Black Hat security conference in August.

More details:

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, “no matter what happens, don’t panic.”1

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

...

Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

Additional discussion in the Security sub-forum:

http://forums.anandtech.com/showthread.php?t=2440096

TL;DR:
1. They hacked in through the UConnect infotainment system via built-in 3G hotspot
2. This enables them to take control of the CANBUS functions (brakes, transmissions, GPS location, etc.) from any Internet-connected computer, anywhere in the world
3. Nearly 500k vehicles on the road are vulnerable (the hackers are able to scan the cellular networks), and that's not to mention unpublished/undiscovered zero-day exploits on other telematics systems like Onstar, Bluelink, Tesla, Hondalink (for like the Fit EV), etc.

Time to buy something pre-70's computer systems

 

[shabby]

Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures.

I wouldn't call that a recall, fca is getting lazy and doesn't want to update it for customers. Here's a usb now fuck off.

 

[BoberFett]

Firewalls are for pussies.

It's amazing that someone thought they could connect a 2-ton steel missile to the internet and not ensure that the critical functions were secure.

 

[mmntech]

My Granddad always used to say that the more bells and whistles a car had, the more there was to go wrong. I really don't like this trend towards increasing computerization. Automakers pushing DRM to keep tuners and amateur mechanics out was bad enough. Which makes this somewhat ironic given how easy the system was hacked.

FWIW, the NHTSA is starting to get a might ticked off at Fiat Chrysler's BS. They just slapped them with a $105 million fine for the Pinto-Jeeps.
https://ca.news.yahoo.com/u-auto-safety-regulator-fine-fiat-chrysler-105-105447833--finance.html

Chrysler has a pretty solid track record of making and selling junk. I wouldn't shed a single tear if they went out of business tomorrow.

 

[Fenixgoon]

I dont know why safery critical systems are open to the internet. That is asinine.

The fine for the jeeps is bullshit. They met all FMVSS at the time of manufacture. There is no reason for the NHSTA to be fining chrysler for that, especially since they are offering a fix on a ~20 y/o model

 

[cabri]

I dont know why safery critical systems are open to the internet. That is asinine.

The fine for the jeeps is bullshit. They met all FMVSS at the time of manufacture. There is no reason for the NHSTA to be fining chrysler for that, especially since they are offering a fix on a ~20 y/o model

lapses in safety recalls involving millions of vehicles,

It is not that they did not meet specs; it seems to be that recalls were not handled properly.

 

[gorcorps]

My Granddad always used to say that the more bells and whistles a car had, the more there was to go wrong. I really don't like this trend towards increasing computerization. Automakers pushing DRM to keep tuners and amateur mechanics out was bad enough. Which makes this somewhat ironic given how easy the system was hacked.

FWIW, the NHTSA is starting to get a might ticked off at Fiat Chrysler's BS. They just slapped them with a $105 million fine for the Pinto-Jeeps.
https://ca.news.yahoo.com/u-auto-safety-regulator-fine-fiat-chrysler-105-105447833--finance.html

Chrysler has a pretty solid track record of making and selling junk. I wouldn't shed a single tear if they went out of business tomorrow.

Not to start P&N style bickering in the garage... but they damn near went out of business and were saved just to continue producing garbage

 

[mmntech]

It is not that they did not meet specs; it seems to be that recalls were not handled properly.

This would be correct. Chrysler took their sweet time fixing the affected vehicles. Far longer than the industry norm, which is why the NHTSA is so upset.

According to Scott Yon, the NHTSA's chief of the vehicle integrity division...

“In my experience, Fiat Chrysler’s recall performance often differs from that of its peers. Fiat Chrysler takes a long time to produce the parts needed to get vehicles fixed. Their dealers have difficulty getting parts for recalls. Their customers have trouble getting recall repairs done. Fiat Chrysler’s recall remedies sometimes fail to remedy the defects they are supposed to fix.”

Not to start P&N style bickering in the garage... but they damn near went out of business and were saved just to continue producing garbage

Yeah, and 2009 wasn't the first time either. They were bailed out by the US government in 1979. That was the start of the Iaocca years, the brief period when their vehicles weren't complete garbage. Problem is they employ too many people and both their execs and the UAW have the politicians in their back pockets.

The great tragedy with Chrysler is they used to be a cutting edge automaker back in the 60s. The Turbine Car is a fantastic piece of engineering.

 

[xBiffx]

But I thought I heard somewhere that Chrysler was #1 in total quality. :whiste:

 

[gorcorps]

Yeah, and 2009 wasn't the first time either. They were bailed out by the US government in 1979. That was the start of the Iaocca years, the brief period when their vehicles weren't complete garbage. Problem is they employ too many people and both their execs and the UAW have the politicians in their back pockets.

The great tragedy with Chrysler is they used to be a cutting edge automaker back in the 60s. The Turbine Car is a fantastic piece of engineering.

The REALLY sad part is their designs and technology are actually quite good... now if only they could put all that stuff into a car that friggin functions properly.

 

[RLGL]

I used to think Chrysler products were quite decent. My sister in-law bought a 1/2 ton truck...my opinion started to go downhill and hasn't stopped.

 

[BoberFett]

The REALLY sad part is their designs and technology are actually quite good... now if only they could put all that stuff into a car that friggin functions properly.

I like their design, not sure I'd say their technology is good. If it was, they wouldn't have gotten the reputation of being unreliable.

I want to like Chrysler, I really do. But the couple of Chryslers I've owned have put me off of them.

 

[SSSnail]

Not to get into P&N territory, but the Germans have their auto workers union as well, and they seem to produce fine cars. What the fuck happened to the US?

 

[pcgeek11]

Not to get into P&N territory, but the Germans have their auto workers union as well, and they seem to produce fine cars. What the fuck happened to the US?

Greed and corrupt union leadership.

 

[cabri]

I like their design, not sure I'd say their technology is good. If it was, they wouldn't have gotten the reputation of being unreliable.

I want to like Chrysler, I really do. But the couple of Chryslers I've owned have put me off of them.

Quality control went down hill.

Cut corners to save $$.

Best technology designs will not save a product from manufacturing flaws.

 

[gorcorps]

I like their design, not sure I'd say their technology is good. If it was, they wouldn't have gotten the reputation of being unreliable.

I want to like Chrysler, I really do. But the couple of Chryslers I've owned have put me off of them.

Well, I guess by technology I mean the design of their head units and instrument cluster screens (for example). But you're right, they haven't been reliable... so I guess I like their ideas and design of their technology, but the execution is definitely lacking.

 

[mmntech]

Not to get into P&N territory, but the Germans have their auto workers union as well, and they seem to produce fine cars. What the fuck happened to the US?

I'll just leave this here. :sneaky:

The problem with US cars is there's no pride in craftsmanship anymore. It's no longer about making a good product, it's all about maximizing profits in the short term. So they opt for lower grade parts. That's what got GM into hot water with those ignitions. That mentality will always come back to bite you in the long run.

Plus you have people running these companies that know nothing about the product they're selling. Chrysler's CEO was a bloody tax accountant before he got hired there. They're not passionate about, nor do they believe in what they're selling. That reflects as low quality.

 

[dawp]

I'm not sure what is worse, this or the buyback of those 500k trucks:

http://www.nbcnews.com/business/aut...y-back-hundreds-thousands-ram-pickups-n398911

 

[natto fire]

That is a shame because now people are going to associate electronic driving aids as a bad thing. The truth is that the cars have been evolving for decades to protect the squishy morons inside operating it.

Even though these systems can be compromised, IMO, it is still better to have cars driving themselves at some point. Using Chrysler as a benchmark for anything besides how to use style over substance in selling a car is what has me worried about this.

If they hadn't bought Jeep from AMC and rode the SUV profit wave in the '90s, I am sure they would be long gone..