2010 Chrysler 300 Touring/signature/executive Series on 2040-cars

Auto blog

Now at Costco: Bales of toilet paper and a Volvo or Pacifica to haul them

Costco, the beacon of bulk buying, where you can buy everything from gasoline to your own casket at deep discount, is offering some Costco-only incentives through its Auto Program in partnership with specific car brands: for now, Volvo and Chrysler, with other brands planned for later. First, Volvo: Now through Oct. 2, you can get both special incentives AND employee pricing (aka "A-Plan" pricing) AND whatever rebates and incentives Volvo might already have going on. The Costco incentives are: $3,000 on 2017 and 2018 S90 sedans. $750 on 2017 and 2018 S60 sedans. $750 on 2017 and 2018 V60 and V90 Cross Country wagons. $750 on 2017 and 2018 XC90 SUVs. $750 on the outgoing 2017 XC60 crossovers. Automaker incentives usually vary by region, but in the Detroit area, at least, Volvo currently has a $2,500 incentive on the 2018 XC90 and $3,500 on the 2017 model. Those end Aug. 31 but could be renewed in September, and others could be added then as well. Volvo is also offering special interest rates on financing some of the other models. And when all is said and done, if you fill out a Costco customer survey you'll get a $200 cash card. The Chrysler Pacifica deal, also through Oct. 2, is even simpler: Go to the Costco site, print out a certificate worth $1,000, and take it to a Chrysler dealership — any dealership, not just those that usually work with Costco, which is a first. The incentive covers both 2017 and 2018 models. And like the Volvo promotion, these Costco incentives can be combined with whatever Chrysler's doing — and it currently has a myriad of incentives on 2017 Pacificas, in various combinations that differ depending on whether you're leasing or buying. If you register at the Costco Auto Program website, you'll be put in touch with a dealer who can review the bottom line after all the discounts are factored in. Participating dealerships have offered special pricing to Costco members for years, up to the price automaker employees get. Costco's program doesn't typically work the way these Volvo and Chrysler programs do, though a similar joint promotion with Volvo back in 2013 sold 7,500 cars. If you haven't used the Costco Auto Program, but you don't like haggling at a dealership, you might give it a try. The beauty of it is that a dealer is obligated to offer you a set price and is also obligated to treat you by certain rules, such as not trying to upsell you. Last year, 490,000 vehicles were sold to Costco members through the program.

Feds fretting over remote hack of Jeep Cherokee

A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had "floated around the entire federal government." "The Homeland Security folks sent out broadcasts that, 'Here's an issue that needs to be addressed,'" said Nathaniel Beuse, an associate administrator with the National Highway Traffic Safety Administration. Valasek and Miller commandeered remote control of the Cherokee through a security flaw in the cellular connection to the car's Uconnect infotainment system. From his Pittsburgh home, Valasek manipulated critical safety inputs, such as transmission function, on Miller's Jeep as he drove along a highway near St. Louis, MO. The scope of the remote breach is believed to be the first of its kind. The prominent cyber-security researchers needed no prior access to the vehicle to perform the hack, and the scope of the remote breach is believed to be the first of its kind. A NHTSA spokesperson said the agency's cyber-security staff members are "putting their expertise to work assessing this threat and the response, and we will take action if we determine it's necessary to protect safety." A Homeland Security spokesperson referred questions about the hack to Chrysler. Fiat Chrysler Automobiles has already been the subject of a federal hearing this month, in which officials scrutinized whether the company had adequately fixed recalled vehicles and repeatedly failed to notify the government about defects. But cyber-security concerns are a new and different species for the regulatory agency. Only hours before the Jeep hack was announced by Wired magazine earlier this week, NHTSA administrator Dr. Mark Rosekind said hacking vulnerabilities were a threat to privacy, safety, and the public's trust with new connected and autonomous technologies that allow vehicles to communicate. NHTSA outlined its response to the cyber-security challenges facing the industry in a report issued Tuesday. In it, the agency summarized its best practices for thwarting attacks and said it will analyze possible real-time infiltration responses. But the agency's ability to handle hackers may only go so far.

The problem with how automakers confront hacking threats

More than anyone, Chris Valasek and Charlie Miller are responsible for alerting Americans to the hacking perils awaiting them in their modern-day cars. In 2013, the pair of cyber-security researchers followed in the footsteps of academics at the University of Cal-San Diego and University of Washington, demonstrating it was possible to hack and control cars. Last summer, their research established which vehicles contained inherent security weaknesses. In recent weeks, their latest findings have underscored the far-reaching danger of automotive security breaches. From the comfort of his Pittsburgh home, Valasek exploited a flaw in the cellular connection of a Jeep Cherokee and commandeered control as Miller drove along a St. Louis highway. Remote access. No prior tampering with the vehicle. An industry's nightmare. As a result of their work, FCA US recalled 1.4 million cars, improving safety for millions of motorists. For now, Valasek and Miller are at the forefront of their profession. In a few months, they could be out of jobs. Rather than embrace the skills of software and security experts in confronting the unforeseen downside of connectivity in cars, automakers have been doing their best to stifle independent cyber-security research. Lost in the analysis of the Jeep Cherokee vulnerabilities is the possibility this could be the last study of its kind. In September or October, the U.S. Copyright Office will issue a key ruling that could prevent third-party researchers like Valasek and Miller from accessing the components they need to conduct experiments on vehicles. Researchers have asked for an exemption in the Digital Millennial Copyright Act that would preserve their right to analyze cars, but automakers have opposed that exemption, claiming the software that runs almost every conceivable vehicle function is proprietary. Further, their attorneys have argued the complexity of the software has evolved to a point where safety and security risks arise when third parties start monkeying with the code. Their message on cyber security is, as it has been for years, that they know their products better than anyone else and that it's dangerous for others to meddle with them. But in precise terms, the Jeep Cherokee problems show this is not the case. Valasek and Miller discovered the problem, a security hole in the Sprint cellular connection to the UConnect infotainment system, not industry insiders.