2022 Chrysler Voyager Lx on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Brand new cars are being sold with defective Takata airbags

If you just bought a 2016 Audi TT, 2017 Audi R8, 2016–17 Mitsubishi i-MiEV, or 2016 Volkswagen CC, we have some unsettling news for you. A report provided to a US Senate committee that oversees the US National Highway Traffic Safety Administration (NHTSA) and reported on by Automotive News claims these vehicles were sold with defective Takata airbags. And it gets worse. Toyota and FCA are called out in the report for continuing to build vehicles that will need to be recalled down the line for the same issue. That's not all. The report also states that of the airbags that have been replaced already in the Takata recall campaign, 2.1 million will need to eventually be replaced again. They don't have the drying agent that prevents the degradation of the ammonium nitrate, which can lead to explosions that can destroy the airbag housing and propel metal fragments at occupants. So these airbags are out there already. We're not done yet. There's also a stockpile of about 580,000 airbags waiting to be installed in cars coming in to have their defective airbags replaced. These 580k airbags also don't have the drying agent. They'll need to be replaced down the road, too. A new vehicle with a defective Takata airbag should be safe to drive, but that margin of safety decreases with time. If all this has you spinning around in a frustrated, agitated mess, there's a silver lining that is better than it sounds. So take a breath, run your fingers through your hair, and read on. Our best evidence right now demonstrates that defective Takata airbags – those without the drying agent that prevents humidity from degrading the ammonium nitrate propellant – aren't dangerous yet. It takes a long period of time combined with high humidity for them to reach the point where they can rupture their housing and cause serious injury. It's a matter of years, not days. So a new vehicle with a defective Takata airbag should be safe to drive, but that margin of safety decreases with time – and six years seems to be about as early as the degradation happens in the worst possible scenario. All this is small comfort for the millions of people who just realized their brand-new car has a time bomb installed in the wheel or dashboard, or the owners who waited patiently to have their airbags replaced only to discover that the new airbag is probably defective in the same way (although newer and safer!) as the old one.

Five automakers now being investigated by NHTSA for airbag woes

It appears that Toyota's renotification to owners of recalled vehicles from last year is just the tip of the iceberg for what could potentially be a much larger industry-wide recall. The National Highway Traffic Safety Administration is opening a preliminary evaluation investigation into roughly 1.1 million vehicles from Chrysler, Honda, Mazda, Nissan, Toyota and parts supplier Takata regarding faulty airbag inflators in several models.
NHTSA has received six reports - three directly, two from Takata and one from Toyota - of vehicles with ruptured airbag inflators from 2002-2006, which resulted in three injuries. So far, all six incidents have occurred in high humidity areas like Florida and Puerto Rico. According to Toyota's latest recall announcement, the inflators may have an improper propellant that could cause it to rupture in a crash and the bag to deploy abnormally.
This new investigation follows a previous recall from April 2013 of about 3.4 million vehicles worldwide for the airbag inflators from Takata. As Autoblog reported, Toyota jumpstarted the new situation when it found that the original list of serial numbers for the faulty part was incomplete and discovered more cars in need of replacement. Honda and Nissan told us that they were investigating whether further models would need called in again as well. Mazda told Autoblog: "Regarding the current Takata situation, we're working closely with NHTSA and investigating the situation, but nothing else to report at this time." Chrysler Group responded to us with the statement: "Chrysler Group engineers are conducting the appropriate analysis. The Company will cooperate fully with the National Highway Traffic Administration."