2007 Chrysler Pacifica Touring on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Jeep still working to improve Cherokee's 9-speed auto

Fiat Chrysler is hoping an upcoming software update will stem the tide of consumer complaints surrounding its nine-speed automatic transmission. Owners of the 2014 Jeep Cherokee have reported a number of problems on the National Highway Traffic Safety Administration's SaferCar.gov website, since the new model and its troubled gearbox arrived way back in October 2013. The software update is "intended to keep the vehicle performing as intended, and to prevent durability issues from occurring in the future," an FCA spokesperson told Automotive News, and will be available to owners of both the 2014 to 2015 Jeep Cherokee and the 2015 Chrysler 200, which also uses the 9AT. While FCA will be notifying consumers of the update, owners can also request the software reflash if they happen into their dealer before then. Despite the widely documented problems with the transmission, the only complaints on NHTSA's website relate to the 2014 Cherokee – neither the 2015 Jeep nor the 200 have received any complaints. That bodes well as FCA prepares to begin deliveries of the 2015 Jeep Renegade and launch the Fiat 500X, both of which pair the 9AT with the 2.4-liter Tigershark four-cylinder. "We have had to do an inordinate amount of intervention on that transmission, surely beyond what any of us had forecast," FCA CEO Sergio Marchionne told Automotive News. "There are things that we have done – that we continue to do. Our proactive customer care intervention has actually increased in intensity on these vehicles in 2014, especially in the second half." What's fascinating about the 9AT's problems are that they haven't been the fault of manufacturer ZF, but have related to software that wasn't "mature" and had "teething problems," Marchionne has said previously, AN reports. With the lack of criticism for the 9AT in 2015 models and this pending software update, though, here's hoping that FCA has finally figured out its fuel-sipping gearbox. Related Video:

Chrysler recalling nearly half a million vehicles with active head restraints

Chrysler has announced that it will recall roughly 490,000 vehicles around the globe due to a potential active head-restraint problem. The problem is being blamed on "potentially faulty microcontrollers" that may keep the vehicles' anti-whiplash active safety feature from working properly. Chrysler says it has no knowledge of any accidents or injuries related to the issue. Models covered under the recall include the 2011-2013 Chrysler Sebring, 200 (shown) and Dodge Avenger models, along with 2011-2013 Jeep Liberty and 2011-2012 Dodge Nitro SUVs.
Interestingly, the Pentastar notes that the faulty part came from an (unnamed) supplier who furnished the parts in the wake of Japan's 2011 earthquake and tsunami, natural disasters which decimated the world's supply of microcontrollers.
Chrysler says of those nearly half a million vehicles affected, around 442,000 of them reside in the US, with an additional 25,000 in Canada and 10,000 units in Mexico. A further 12,000 models were shipped beyond the NAFTA region. The Auburn Hills automaker will begin sending out recall notices shortly, and technicians will upgrade the system software or replace the microcontroller as necessary at no cost to owners.