2010 Chrysler Pt Cruiser on 2040-cars

Auto blog

The problem with how automakers confront hacking threats

More than anyone, Chris Valasek and Charlie Miller are responsible for alerting Americans to the hacking perils awaiting them in their modern-day cars. In 2013, the pair of cyber-security researchers followed in the footsteps of academics at the University of Cal-San Diego and University of Washington, demonstrating it was possible to hack and control cars. Last summer, their research established which vehicles contained inherent security weaknesses. In recent weeks, their latest findings have underscored the far-reaching danger of automotive security breaches. From the comfort of his Pittsburgh home, Valasek exploited a flaw in the cellular connection of a Jeep Cherokee and commandeered control as Miller drove along a St. Louis highway. Remote access. No prior tampering with the vehicle. An industry's nightmare. As a result of their work, FCA US recalled 1.4 million cars, improving safety for millions of motorists. For now, Valasek and Miller are at the forefront of their profession. In a few months, they could be out of jobs. Rather than embrace the skills of software and security experts in confronting the unforeseen downside of connectivity in cars, automakers have been doing their best to stifle independent cyber-security research. Lost in the analysis of the Jeep Cherokee vulnerabilities is the possibility this could be the last study of its kind. In September or October, the U.S. Copyright Office will issue a key ruling that could prevent third-party researchers like Valasek and Miller from accessing the components they need to conduct experiments on vehicles. Researchers have asked for an exemption in the Digital Millennial Copyright Act that would preserve their right to analyze cars, but automakers have opposed that exemption, claiming the software that runs almost every conceivable vehicle function is proprietary. Further, their attorneys have argued the complexity of the software has evolved to a point where safety and security risks arise when third parties start monkeying with the code. Their message on cyber security is, as it has been for years, that they know their products better than anyone else and that it's dangerous for others to meddle with them. But in precise terms, the Jeep Cherokee problems show this is not the case. Valasek and Miller discovered the problem, a security hole in the Sprint cellular connection to the UConnect infotainment system, not industry insiders.

Feds fretting over remote hack of Jeep Cherokee

A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had "floated around the entire federal government." "The Homeland Security folks sent out broadcasts that, 'Here's an issue that needs to be addressed,'" said Nathaniel Beuse, an associate administrator with the National Highway Traffic Safety Administration. Valasek and Miller commandeered remote control of the Cherokee through a security flaw in the cellular connection to the car's Uconnect infotainment system. From his Pittsburgh home, Valasek manipulated critical safety inputs, such as transmission function, on Miller's Jeep as he drove along a highway near St. Louis, MO. The scope of the remote breach is believed to be the first of its kind. The prominent cyber-security researchers needed no prior access to the vehicle to perform the hack, and the scope of the remote breach is believed to be the first of its kind. A NHTSA spokesperson said the agency's cyber-security staff members are "putting their expertise to work assessing this threat and the response, and we will take action if we determine it's necessary to protect safety." A Homeland Security spokesperson referred questions about the hack to Chrysler. Fiat Chrysler Automobiles has already been the subject of a federal hearing this month, in which officials scrutinized whether the company had adequately fixed recalled vehicles and repeatedly failed to notify the government about defects. But cyber-security concerns are a new and different species for the regulatory agency. Only hours before the Jeep hack was announced by Wired magazine earlier this week, NHTSA administrator Dr. Mark Rosekind said hacking vulnerabilities were a threat to privacy, safety, and the public's trust with new connected and autonomous technologies that allow vehicles to communicate. NHTSA outlined its response to the cyber-security challenges facing the industry in a report issued Tuesday. In it, the agency summarized its best practices for thwarting attacks and said it will analyze possible real-time infiltration responses. But the agency's ability to handle hackers may only go so far.

Weekly Recap: Marchionne's Manifesto again calls for industry consolidation

Sergio Marchionne isn't taking no for an answer. Despite public rebuffs from General Motors and Ford, the leader of Fiat Chrysler Automobiles continues to push for consolidation within the auto industry. His latest assertion came Wednesday when he said a combination of FCA with another automaker could net savings of $5 billion or more annually. No, this isn't about selling his company, he claimed, it's about cutting costs. Put simply, the auto industry wastes money, Marchionne said during FCA's earnings conference call. Companies invest billions to develop basic components that all cars use, but many consumers don't care how they work or recognize the differences. "About half of this is really relevant in terms of positioning the car in the marketplace," he said. "The other half, in our view, is stuff which is neither visible to the consumer nor is it relevant to the consumer." In 2014, top automakers spent more than $100 million on product development, FCA estimated. Marchionne said consolidation could save up to $1 billion on powertrains alone, noting that almost every automaker offers four- and six-cylinder engines. Not everyone has to make their own, he contended. "The consumer could not give a flying leap whose engines we are using because they are irrelevant to the buying decision." That's pretty provocative for enthusiasts, but less so for average consumers. Still, there are major differences in power and efficiency ratings, even among similar engines. Skeptics could argue consolidation would also weaken competition and reduce choices for car buyers. Marchionne stressed his presentation, curiously entitled Confessions of a Capital Junkie, wouldn't require closing factories or dealerships. It's not his final "big deal" as CEO, intent to sell FCA, or a way to elevate his company up the automotive food chain. He claims he wants to fundamentally change the industry and its habit for burning cash. "The horrible part about this, and the thing that I find most offensive, is that the capital consumption rate is duplicative," he said. "It doesn't deliver real value to the consumer and it is in its purest form, economic waste." Other News & Notes Ford Profits dip in first quarter Ford profits fell $65 million to $924 million in the first quarter, hampered by slight dips in revenue and sales.