Auto blog
FCA Recalls Jeep in Wake of Wireless Hack | Autoblog Minute
Wed, Jul 29 2015Carjacking has gone wireless, as automakers and Congress scramble for a solution. Adam Morath reports on this edition of Autoblog Minute.
Certain Chrysler owners eligible for buyback program
Mon, Jul 27 2015Certain car owners whose Chrysler vehicles contain dangerous defects will soon have a way to get rid of their lemons without losing money. As part of an agreement with federal regulators, Fiat Chrysler Automobiles has agreed to buy back more than 500,000 vehicles susceptible to veering out of control without warning at above market-value prices. The deal mainly covers certain models of RAM trucks, the Dodge Dakota pickup and Dodge Durango SUV. Further, owners of more than 1.5 million Jeep Liberty and Grand Cherokees at heightened risk for lethal fires are eligible to trade in their vehicles at above market value or, alternately, get a gift certificate if they prefer to have repairs made. Chrysler has "a heavy responsibility to make sure the products they make are safe for the traveling public," said Mark Rosekind, administrator of the National Highway Traffic Safety Administration. "... Here, we are sending an unambiguous signal to industry that if you skirt the laws or violate the law, or don't live up to the responsibility that consumers expect, we are going to penalize you." The buy-back and trade-in options for motorists come as part of an unprecedented penalty NHTSA slapped against Chrysler for violating federal motor-vehicle safety laws. Chrysler will pay a $105 million fine, the highest ever levied by the regulatory agency. In addition to the buy-backs, Chrysler also agreed to an independent monitor for three years. Investigators had outlined problems in the company's conduct in 23 recalls that affected more than 11 million defect vehicles. As part of a consent-order agreement, Chrysler acknowledged it did not notify vehicle owners of recalls in an effective manner and did not notify NHTSA of safety problems. Though those recalls affected millions of drivers, the buy-back and trade-in options are only for a small portion of the vehicles involved. Because Chrysler struggled to fix the problem and no repair was apparent, Rosekind said the buy-backs are reserved "for customers who didn't have a remedy." Buy-backs are for trucks and SUVs affected by three recalls that occurred in 2013 (recalls 13V-038, 13V-527 and 13V-529), that addressed a rear-axle pinion nut that could come loose and cause a loss of vehicle control. Those recalls covered 579,228 vehicles, including 2009-2012 Ram 1500, 2500, 3500, 4500 and 5500 trucks, 2009-2012 Dodge Dakotas, 2009 Chrysler Aspen and the 2009 Dodge Durango.
Fiat Chrysler to get $105M fine from NHTSA for recall woes
Sun, Jul 26 2015The National Highway Traffic Safety Administration is about to send a powerful message to automakers doing business in the United States, assuming reports of an upcoming $105 million fine against Fiat Chrysler Automobiles comes to fruition. In addition to the record-setting monetary fine, according to The Wall Street Journal, FCA will have to accept an independent auditor that will monitor the company's recall and safety processes and will be forced to buy back certain recalled vehicles. In other cases, such as with Jeep Grand Cherokee and Liberty models with gas tanks that could potentially catch fire in certain types of accidents, FCA will offer financial encouragement for owners to get their recall work done or to trade those older vehicles in on new cars, according to the report. FCA could reportedly reduce its fines if it meets certain conditions, though those remain unclear at this time. These actions against FCA are being taken after NHTSA began a probe into the automaker over almost two dozen separate instances where the government claims FCA failed to follow proper procedures for recalls and safety defects. Included in those safety lapses are more than 11 million vehicles currently in customer hands. These penalties and fines are separate from the investigation over security problems with Chrysler's Uconnect system that allowed hackers to obtain remote access into key vehicle systems in 1.4 million vehicles. Related Video: Image Credit: Marco Bertorello/AFP/Getty Earnings/Financials Government/Legal Recalls Chrysler Dodge Fiat Jeep RAM Safety fiat chrysler automobiles fine
How to update and secure a vulnerable Chrysler Uconnect system
Sat, Jul 25 2015If you own one of the 1.4 million vehicles affected by the recent Chrysler software recall, you may want to watch this video. In it, we explain how to get the latest infotainment software loaded onto the 8.4-inch Uconnect system. The recall was a response to the findings of researchers who were able to hack into and remotely control a 2014 Jeep Cherokee through its cellular connection. Although Fiat Chrysler has worked with Sprint to plug most of the holes on the carrier side, there are still some vulnerabilities that only this latest software version can patch. Owners have three options to get the update: download it now, wait for a USB stick in the mail, or take the vehicle to an FCA dealer. Chrysler will be sending USB sticks loaded with the software update to customers. Anyone with an internet connection and a USB stick of their own with at least 4 GB capacity can speed things up by downloading the patch from the Uconnect website. We cover that process from start to finish in the video, with the final portion still applicable to those using the FCA-supplied USB stick. If after watching this you still don't want to tackle the patch yourself, you can take your vehicle to the dealer to have it done. Also note that this process is the same for all Uconnect updates, not just the one patching the exploits. Our demonstrator vehicle is a 2015 Ram 1500 pickup. The procedure should be very similar on other products with the 8.4-inch Uconnect system, with only the location of the USB port varying. Once you have the USB stick with the software on it – either after having downloaded it yourself or receiving it in the mail from Chrysler – the installation process is relatively simple. It takes about 15 minutes to perform the update; we edited out the wait in the video. To check whether or not your car's 8.4-inch Uconnect system is running the latest software, go to System Information on the touch screen's Settings page and look at Software Version. The update related to the recall is version 15.17.5. Related Video: Recalls Chrysler Dodge Jeep RAM Safety Technology Infotainment Videos Original Video hacking
Weekly Recap: Hackers demonstrate auto industry's vulnerability
Sat, Jul 25 2015There's always been a certain risk associated with driving, and this week cyber security came into focus as the latest danger zone when researchers demonstrated how easily they could hack into a 2014 Jeep Cherokee from across the country. The incident raised concerns over the vulnerability of today's cars, many of which double as smartphones and hot spots. During the now-infamous experiment, Chris Valasek and Charlie Miller infiltrated the Jeep's cellular connection and were able to control the infotainment system, brakes, and other functions. The hackers told the Jeep's maker, FCA US, of their findings last year, the company devised a software fix. Though Valesek and Miller hacked a Cherokee (like the one shown above), several FCA products, including recent versions of the Ram, Grand Cherokee, Dodge Durango, and Viper were also affected, illustrating potentially wide exposure that could reverberate across the sector. "For the auto industry, this is a very important event and shows that cyber-security protection is needed even sooner than previously planned," Egil Juliussen, senior analyst and research director for IHS Automotive, wrote in a research note. "Five years ago, the auto industry did not consider cyber security as a near-term problem. This view has changed." Hours after the Cherokee hacking incident was publicized on Tuesday, Sens. Ed Markey (D-Mass) and Richard Blumenthal (D-Conn) introduced legislation to direct the National Highway Traffic Safety Administration and Federal Trade Commission to establish national standards for automotive cyber security. The bill also would require vehicles to have a cyber-rating system to alert consumers how well their cars' privacy and security are defended. "Drivers shouldn't have to choose between being connected and being protected," Markey said in a statement. "We need clear rules of the road that protect cars from hackers and American families from data trackers." Though FCA and its Jeep Cherokee were in the spotlight this time, they were just the latest to showcase how automotive technology has advanced faster than safety and regulatory measures. IHS forecasts 82.5 million cars will be connected to the internet by 2022, which is more than three times today's level. "Cyber-security will become a major challenge for the auto industry and solutions are long overdue," Juliussen said.
FCA issuing software update for 1.4M vehicles to prevent hacking
Fri, Jul 24 2015In the wake of a Jeep Cherokee being hacked remotely while on the road through its Uconnect infotainment system, FCA US is now issuing a software update for 1.4 million vehicles in the United States. Affected customers will receive a USB stick in the mail with the improved version; owners can check this website to see if their cars are affected. A large variety of models with FCA's 8.4-inch touchscreen infotainment system are affected. They include the 2015 Chrysler 200, 2015 Chrysler 300, 2015 Dodge Charger, and 2015 Dodge Challenger; 2013-2015 Dodge Viper; 2013-2015 Ram 1500, 2500, and 3500; 2013-2015 Ram 3500, 4500, and 5500 chassis cab; 2014-2015 Jeep Grand Cherokee and Cherokee; and 2014-2015 Dodge Durango. According to FCA in its announcement, the new software "insulates connected vehicles from remote manipulation." As of July 23, the company also "fully tested and implemented within the cellular network" additional security to prevent access to many of a vehicle's systems. FCA US says that it's conducting this campaign out of an abundance of caution and disputes the notion that there's a defect with these vehicles. Beyond the demonstration of the hack in the Cherokee, the automaker says that it's unaware of any other reports of these attacks actually happening. Related Video: Statement: Software Update July 24, 2015 , Auburn Hills, Mich. - FCA US LLC is conducting a voluntary safety recall to update software in approximately 1,400,000 U.S. vehicles equipped with certain radios. The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action. Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015. The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.
Feds fretting over remote hack of Jeep Cherokee
Fri, Jul 24 2015A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had "floated around the entire federal government." "The Homeland Security folks sent out broadcasts that, 'Here's an issue that needs to be addressed,'" said Nathaniel Beuse, an associate administrator with the National Highway Traffic Safety Administration. Valasek and Miller commandeered remote control of the Cherokee through a security flaw in the cellular connection to the car's Uconnect infotainment system. From his Pittsburgh home, Valasek manipulated critical safety inputs, such as transmission function, on Miller's Jeep as he drove along a highway near St. Louis, MO. The scope of the remote breach is believed to be the first of its kind. The prominent cyber-security researchers needed no prior access to the vehicle to perform the hack, and the scope of the remote breach is believed to be the first of its kind. A NHTSA spokesperson said the agency's cyber-security staff members are "putting their expertise to work assessing this threat and the response, and we will take action if we determine it's necessary to protect safety." A Homeland Security spokesperson referred questions about the hack to Chrysler. Fiat Chrysler Automobiles has already been the subject of a federal hearing this month, in which officials scrutinized whether the company had adequately fixed recalled vehicles and repeatedly failed to notify the government about defects. But cyber-security concerns are a new and different species for the regulatory agency. Only hours before the Jeep hack was announced by Wired magazine earlier this week, NHTSA administrator Dr. Mark Rosekind said hacking vulnerabilities were a threat to privacy, safety, and the public's trust with new connected and autonomous technologies that allow vehicles to communicate. NHTSA outlined its response to the cyber-security challenges facing the industry in a report issued Tuesday. In it, the agency summarized its best practices for thwarting attacks and said it will analyze possible real-time infiltration responses. But the agency's ability to handle hackers may only go so far.
Jeep in St. Louis hacked from Pittsburgh
Tue, Jul 21 2015One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.
Fiat Chrysler wins top Total Quality Award for first time
Mon, Jul 20 2015The Strategic Vision Total Quality Awards are 20 years old in 2015, and Chrysler has never topped the awards before. Until now, that is. Fiat Chrysler takes the overall award on the corporate level with six segment leaders from Fiat, Dodge, Jeep, and Ram. The Fiat 500 won Small Multi-Function Car, the 500e won Small Alternative Powertrain, the Dodge Challenger tied at the top in the Specialty Coupe category alongside the very un-coupe Mini Cooper Countryman, the Jeep Wrangler Unlimited took the Entry SUV category, the Dodge Durango won in Mid-Size SUV, and Ram took the overall in Best Non-Luxury Brand. The accolade means FCA has gone from one segment winner in 2010 to overall victory in five years. Cars have gotten so good, says Strategic Vision, that it is harder than ever to win. In fact, says the group, 18 years ago 85 percent of all vehicle brands had more than half a problem per vehicle. This year, no brand has more than half a problem per vehicle. The organization measures "over 155 specific aspects of the customer's experience," and scores are based on input from more than 46,000 customers. Other notables in and near the winner's circle include Volkswagen and General Motors, who tied for second place on the corporate scale, one point behind FCA. The Mini Cooper Roadster scored the highest of any model, the Corvette Stingray Convertible and Coupe scored the second- and third-highest. The Chevrolet Colorado is the first domestic Standard Pickup winner in more than ten years, and the Nissan Titan carried the Full-Size Pickup category. The press release below has all the details on how winners and losers are selected, and the full list of automakers and how they finished. "The Customer's 'Total' Experience Defines Quality, Fiat Chrysler Scores Highest in Total Quality," says Strategic Vision The 2015 Total Quality Awards® SAN DIEGO, Friday, July 17, 2015 — Unknown to many, when some consumer research firms rank a car company's quality performance they often do so by simply "counting problems." In the past, this may have been acceptable, but in today's modern and efficient manufacturing world the difference between the worst brand and best brand is LESS than half-a-problem per vehicle. Thus, any "quality ranking" based on this method is severely lacking in the complete picture of the "Total" Quality experience that customers actually use to judge their product ownership.
Daily Driver: 2015 Jeep Renegade Sport 4x4
Fri, Jul 10 2015Daily Driver videos are micro-reviews of vehicles in the Autoblog test fleet, reviewed by the staffers who drive them every day. Today's Daily Driver features the 2015 Jeep Renegade Sport 4x4, reviewed by Adam Morath. Something to note: The vehicle tested here is a pre-production unit, and we had some issues with the MySky removable roof system. (Associate editor Brandon Turkus mentioned these problems in his Quick Spin.) FCA confirms that improvements were made for production-spec cars. You can watch the video above or read a transcript below. Watch more Autoblog videos at /videos. [00:00:00] Hey, this is Adam Morath with another Daily Driver. Today, we're in the 2015 Jeep Renegade and I'm excited to be driving this in a Sport trim level. That's the lowest trim that they offer it in. I say I'm excited, because often we get the cars to totally spec-ed out to the max, the automaker trying to show off what they can do with the car but it doesn't always give you a realistic view of how most customers are going to spec the car, and I think with the Renegade being the entry-level model for Jeep now [00:00:30] replacing the outgoing Patriot and Compass, it makes sense to drive this in the Sport trim. We do have it in 4x4, comes in at just around $23,000. It's powered by a turbocharged 1.4 liter inline 4 and we've got it, made it to the 6-speed manual transmission, which is pretty cool. Again you can see FCA's fingerprints on this car. If they wanted to do well in Europe, of course you've got to offer it with a manual and that's nice for consumers here to have that choice of having a stick shift in the Jeep again. [00:01:00] That's kind of fun. It produces 160-horsepower, 184 pound-feet of torque. It's got a little pack to it. I wouldn't call it sporty but it's enough for a vehicle of this size. This is a pretty basic version of the renegade. The only options we have on it are the AC, the roof rails, 4-wheel drive, which is a must here in Michigan and then these MySky roof panels, which I'll get to in a minute, but that takes us from a base price of $18,000, the cheapest you'll be able to get into a Renegade for [00:01:30] up to about $23,700, which is where we're at. Yes, these are MySky roof panels. It's a totally new feature on the Renegade that Jeep is trying out and I think it's pretty cool. It's like a tee top system, except the panels aren't side by side. You have one in the front and one in the back.