2005 Jeep Grand Cherokee Limited 4x4 on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Mixed sales results, but automaker stocks rise on need for cars in Houston

DETROIT — The Big Three Detroit automakers on Friday reported better-than-expected August sales and issued optimistic outlooks for demand as residents of the Houston area replace flood-damaged cars and trucks after Hurricane Harvey, sending their stocks higher. General Motors, Ford and Fiat Chrysler posted mixed August U.S. sales, with GM up 7.5 percent and Ford and Fiat Chrysler down. Japanese automaker Toyota improved sales by nearly 7 percent, while Honda fell 2.4 percent. Still, analysts focused on the potential for Detroit automakers to cut inventories and stabilize used vehicle prices as residents of Houston, the fourth largest city in the United States, are forced to replace tens of thousands, perhaps hundreds of thousands, of vehicles after the devastation from Hurricane Harvey. Mark LaNeve, Ford's U.S. sales chief, told analysts on Friday that following Hurricane Katrina in 2005 "we saw a very dramatic snapback" in demand. That said, Ford sales fell 2.1 percent in August. It sold 209,897 vehicles in the United States, compared with 214,482 a year earlier. Sales were down 1.9 percent in the Ford division and off 5.8 percent at Lincoln. Demand was down for cars, crossovers and SUVs. It was not clear how many vehicles in the Houston area will be scrapped, LaNeve said, saying he had seen estimates ranging from 200,000 to 400,000 to 1 million. Ford's Houston dealers may have lost fewer than 5,000 vehicles in inventory, he said. Ford is the No. 1 automaker in the Houston market, with 18 percent share, according to IHS Markit. The company plans to ship used vehicles to Houston dealers and has "every indication we would have to add some production" of new vehicles to meet demand, LaNeve said. Investor concerns about inventories of unsold vehicles and falling used car prices have weighed on Detroit automakers' shares most of this year. Now, automakers can anticipate a jolt of demand from a big market that is a stronghold for Detroit brand trucks and SUVs. "It's got to be a positive for the industry," LaNeve said. Investors appeared to agree. GM shares rose as much as 3.3 percent to their highest since early March. Ford increased 2.8 percent at $11.34, and Fiat Chrysler's U.S.-traded shares were up 5.2 percent $15.91, hitting their highest in more than five years. GM reported a 7.5 percent increase in U.S. auto sales in August, helped by robust sales of crossovers across its four brands.

NHTSA investigating power modules on Chrysler Group SUVs and minivans

The Center for Auto Safety is officially petitioning the National Highway Traffic Safety Administration to begin scrutinizing alleged problems with the totally integrated power module (TIPM) on about 24 Chrysler Group SUVs and minivans. The advocacy group claims that the part's failure can cause affected vehicles to stall or not start at all. NHTSA is still looking into the accusations and deciding whether a full investigation is actually warranted.
The CAS petition claims at least 70 TIPM failures, but according to NHTSA, six of the complaints are for models that don't have the modules. In 34 of the reported cases, the vehicles refused to start, and in 17 of them the engine stalled. There were also two allegations of smoke and one of a fire. However, none of these affected airbag deployment or resulted in a crash.
This petition isn't the first TIPM-related problem for Chrysler Group. A recent report in the New York Times alleged that it found 240 complaints potentially related to the issue on NHTSA's website alone. In September, the automaker also recalled 230,760 examples worldwide (188,723 in the US) of the 2011 Jeep Grand Cherokee and Dodge Durango replace the fuel pump relay circuit inside of the TIPM-7 with one external to the unit. The original part could allegedly cause the models to stall without warning. Even earlier, the company also recalled about 80,000 examples of the Jeep Wrangler and Dodge Nitro in 2007 to have the module reprogrammed.