Find or Sell Used Cars, Trucks, and SUVs in USA

Auto blog

Are future vehicular hacks inevitable?

Wed, Jul 29 2015

Before the hack of the Uconnect system in a Jeep Cherokee resulted in a 1.4-million vehicle recall, the potential software vulnerabilities in vehicles were already a hot topic with Congressional inquiries and even proposed legislation in the US. As cars' interconnected systems gain the ability to go online, they become open to a host of new threats. Automakers are trying to stop this, but it might be too late to put the genie back into the bottle. Throughout 2015, the issue of software security in vehicles has become increasingly vital. For example, the recent Jeep case wasn't even the biggest hack this year. In February, a major flaw was discovered in the BMW Connected Drive service that allowed researchers to remotely lock and unlock the doors and potentially affected 2.2 million cars. The fix was an over-the-air patch for the problem. Automakers are actively working to fix the issues. Mercedes-Benz, BMW, and Audi reportedly are using encrypted connections and firewalls in their vehicles to prevent hacking. "Absolute, 100-percent safety isn't possible," Daimler spokesperson Benjamin Oberkersch said to Automotive News Europe. "But we develop our systems, tested by internal and external experts, so they're up to date." These vulnerabilities seem to be popping up more often. A successful hack took $14 in parts from Radio Shack in one case. There was also a 60 Minutes report earlier in the year about DARPA's ability to hack into OnStar to take control of a Chevrolet Impala. Experts aren't so sure companies can contend with hackers' advancement. "The difficulty for the carmakers at the moment is the question whether they can keep pace with advances in technology, and especially hacking technology," Rainer Scholz, executive director for telematics consultant EY, said to Automotive News Europe. "We seriously doubt they can." At this point, vehicle hacks are coming more from researchers looking for holes than from those with malicious intent. Still, the vulnerabilities are definitely there. It's up to automakers to keep patching the problems before they become dangerous to drivers. Related Video: News Source: Automotive News Europe - sub. req.Image Credit: Bill O'Leary / The Washington Post via Getty Images Audi BMW Jeep Mercedes-Benz Safety Technology Emerging Technologies hacking cyber security

Autoblog Minute: FCA issues Uconnect software update amid hacking fears

Wed, Jul 29 2015

Carjacking has gone wireless, as automakers and Congress scramble for a solution after a disturbing video on Wired showed a pair of researchers controlling a Jeep Cherokee remotely. Autoblog's Adam Morath and David Gluckman report on this edition of Autoblog Minute. Show full video transcript text [00:00:00] Carjacking has gone wireless, as automakers and Congress scramble for a solution. I'm Adam Morath and this is your Autoblog Minute. Cars with wireless connections are susceptible to remote hacking, as demonstrated in a disturbing video on Wired.com. The segment showed two researchers remotely controlling a Jeep Cherokee, including running vehicle's the wipers, turning up the music, and ultimately shutting down [00:00:30] the Jeep while it was being driven on the highway by Wired senior writer Andy Greenberg. Washington took note. A press release issued from the desks of senators Ed Markey and Richard Blumenthal introduces legislation protecting drivers from auto security privacy risks. Fiat Chrysler, parent company of Jeep, has a solution for its customers. For more we go to Autoblog's David Gluckman. [GLUCKMAN INTERVIEW] Chrysler has worked with the Uconnect cellular provider Sprint to plug security holes on the carrier side. The vehicles themselves can't be updated wirelessly, so [00:01:00] the remaining changes require physical access. For that, customers have three options: One, download the Uconnect software update to a USB stick and install. Two, wait for FCA to send a USB stick with the latest software that they can install, or third, visit a dealer. Owners should do what they're most comfortable with. I made a video that walks through the whole process from download to install and it took about a half hour. [MORATH] David's full video tutorial of how to install the Uconnect fix can be seen on Autoblog. [00:01:30] It remains to be seen how the rest of the auto industry will respond to these security risks. For Autoblog, I'm Adam Morath. Related Video: Autoblog Minute is a short-form news video series reporting on all things automotive. Each segment offers a quick and clear picture of what's happening in the automotive industry from the perspective of Autoblog's expert editorial staff, auto executives, and industry professionals.

Georgia judge slashes verdict to $40M in Jeep fire case

Wed, Jul 29 2015

A judge in Georgia has drastically reduced the damages that Fiat Chrysler Automobiles will have to pay to the family of Remington Walden, who a court said died as a result of the unsafe design of one of its vehicles. While the jury originally awarded the family $150 million at FCA's expense, Judge J. Kevin Chason cut that amount to $40 million, the Detroit News reported. The automaker may still appeal the verdict. The case dates to March 2012, when a 1999 Jeep Grand Cherokee in which four-year-old Walden was riding was rear-ended by another vehicle. Due to what the jury ruled was an unsafe fuel tank, a fire erupted, and Walden died in the fire. The family's lawyers successfully argued that the automaker knew there was a problem and didn't take sufficient action to address the issue, while FCA countered that its vehicles met the applicable safety standards when they were built. The jury found FCA 99 percent responsible for the fire and Walden's death, reserving the final one percent for the driver who caused the crash. The court awarded the Waldens $150 million in damages to be paid by the automaker: $120 million for wrongful death, and a further $30 million for pain and suffering. FCA, however, argued that the damages were disproportionate to the incident, noting that the $120 million was 11 times higher and the $30 million four times higher than any comparable awards upheld on appeal in the state. Chason agreed and cut the penalties extensively. The Walden family has reportedly accepted the reduced verdict. But according to the News, company spokesman Michael Palese said, "The reduction in the damage awards does not cure the many errors that tainted this verdict and denied FCA US a fair trial. We are considering our legal options." News Source: The Detroit NewsImage Credit: Jeep Government/Legal Recalls Jeep lawsuit court

FCA Recalls Jeep in Wake of Wireless Hack | Autoblog Minute

Wed, Jul 29 2015

Carjacking has gone wireless, as automakers and Congress scramble for a solution. Adam Morath reports on this edition of Autoblog Minute.

Certain Chrysler owners eligible for buyback program

Mon, Jul 27 2015

Certain car owners whose Chrysler vehicles contain dangerous defects will soon have a way to get rid of their lemons without losing money. As part of an agreement with federal regulators, Fiat Chrysler Automobiles has agreed to buy back more than 500,000 vehicles susceptible to veering out of control without warning at above market-value prices. The deal mainly covers certain models of RAM trucks, the Dodge Dakota pickup and Dodge Durango SUV. Further, owners of more than 1.5 million Jeep Liberty and Grand Cherokees at heightened risk for lethal fires are eligible to trade in their vehicles at above market value or, alternately, get a gift certificate if they prefer to have repairs made. Chrysler has "a heavy responsibility to make sure the products they make are safe for the traveling public," said Mark Rosekind, administrator of the National Highway Traffic Safety Administration. "... Here, we are sending an unambiguous signal to industry that if you skirt the laws or violate the law, or don't live up to the responsibility that consumers expect, we are going to penalize you." The buy-back and trade-in options for motorists come as part of an unprecedented penalty NHTSA slapped against Chrysler for violating federal motor-vehicle safety laws. Chrysler will pay a $105 million fine, the highest ever levied by the regulatory agency. In addition to the buy-backs, Chrysler also agreed to an independent monitor for three years. Investigators had outlined problems in the company's conduct in 23 recalls that affected more than 11 million defect vehicles. As part of a consent-order agreement, Chrysler acknowledged it did not notify vehicle owners of recalls in an effective manner and did not notify NHTSA of safety problems. Though those recalls affected millions of drivers, the buy-back and trade-in options are only for a small portion of the vehicles involved. Because Chrysler struggled to fix the problem and no repair was apparent, Rosekind said the buy-backs are reserved "for customers who didn't have a remedy." Buy-backs are for trucks and SUVs affected by three recalls that occurred in 2013 (recalls 13V-038, 13V-527 and 13V-529), that addressed a rear-axle pinion nut that could come loose and cause a loss of vehicle control. Those recalls covered 579,228 vehicles, including 2009-2012 Ram 1500, 2500, 3500, 4500 and 5500 trucks, 2009-2012 Dodge Dakotas, 2009 Chrysler Aspen and the 2009 Dodge Durango.

Fiat Chrysler to get $105M fine from NHTSA for recall woes

Sun, Jul 26 2015

The National Highway Traffic Safety Administration is about to send a powerful message to automakers doing business in the United States, assuming reports of an upcoming $105 million fine against Fiat Chrysler Automobiles comes to fruition. In addition to the record-setting monetary fine, according to The Wall Street Journal, FCA will have to accept an independent auditor that will monitor the company's recall and safety processes and will be forced to buy back certain recalled vehicles. In other cases, such as with Jeep Grand Cherokee and Liberty models with gas tanks that could potentially catch fire in certain types of accidents, FCA will offer financial encouragement for owners to get their recall work done or to trade those older vehicles in on new cars, according to the report. FCA could reportedly reduce its fines if it meets certain conditions, though those remain unclear at this time. These actions against FCA are being taken after NHTSA began a probe into the automaker over almost two dozen separate instances where the government claims FCA failed to follow proper procedures for recalls and safety defects. Included in those safety lapses are more than 11 million vehicles currently in customer hands. These penalties and fines are separate from the investigation over security problems with Chrysler's Uconnect system that allowed hackers to obtain remote access into key vehicle systems in 1.4 million vehicles. Related Video: Image Credit: Marco Bertorello/AFP/Getty Earnings/Financials Government/Legal Recalls Chrysler Dodge Fiat Jeep RAM Safety fiat chrysler automobiles fine

How to update and secure a vulnerable Chrysler Uconnect system

Sat, Jul 25 2015

If you own one of the 1.4 million vehicles affected by the recent Chrysler software recall, you may want to watch this video. In it, we explain how to get the latest infotainment software loaded onto the 8.4-inch Uconnect system. The recall was a response to the findings of researchers who were able to hack into and remotely control a 2014 Jeep Cherokee through its cellular connection. Although Fiat Chrysler has worked with Sprint to plug most of the holes on the carrier side, there are still some vulnerabilities that only this latest software version can patch. Owners have three options to get the update: download it now, wait for a USB stick in the mail, or take the vehicle to an FCA dealer. Chrysler will be sending USB sticks loaded with the software update to customers. Anyone with an internet connection and a USB stick of their own with at least 4 GB capacity can speed things up by downloading the patch from the Uconnect website. We cover that process from start to finish in the video, with the final portion still applicable to those using the FCA-supplied USB stick. If after watching this you still don't want to tackle the patch yourself, you can take your vehicle to the dealer to have it done. Also note that this process is the same for all Uconnect updates, not just the one patching the exploits. Our demonstrator vehicle is a 2015 Ram 1500 pickup. The procedure should be very similar on other products with the 8.4-inch Uconnect system, with only the location of the USB port varying. Once you have the USB stick with the software on it – either after having downloaded it yourself or receiving it in the mail from Chrysler – the installation process is relatively simple. It takes about 15 minutes to perform the update; we edited out the wait in the video. To check whether or not your car's 8.4-inch Uconnect system is running the latest software, go to System Information on the touch screen's Settings page and look at Software Version. The update related to the recall is version 15.17.5. Related Video: Recalls Chrysler Dodge Jeep RAM Safety Technology Infotainment Videos Original Video hacking

Weekly Recap: Hackers demonstrate auto industry's vulnerability

Sat, Jul 25 2015

There's always been a certain risk associated with driving, and this week cyber security came into focus as the latest danger zone when researchers demonstrated how easily they could hack into a 2014 Jeep Cherokee from across the country. The incident raised concerns over the vulnerability of today's cars, many of which double as smartphones and hot spots. During the now-infamous experiment, Chris Valasek and Charlie Miller infiltrated the Jeep's cellular connection and were able to control the infotainment system, brakes, and other functions. The hackers told the Jeep's maker, FCA US, of their findings last year, the company devised a software fix. Though Valesek and Miller hacked a Cherokee (like the one shown above), several FCA products, including recent versions of the Ram, Grand Cherokee, Dodge Durango, and Viper were also affected, illustrating potentially wide exposure that could reverberate across the sector. "For the auto industry, this is a very important event and shows that cyber-security protection is needed even sooner than previously planned," Egil Juliussen, senior analyst and research director for IHS Automotive, wrote in a research note. "Five years ago, the auto industry did not consider cyber security as a near-term problem. This view has changed." Hours after the Cherokee hacking incident was publicized on Tuesday, Sens. Ed Markey (D-Mass) and Richard Blumenthal (D-Conn) introduced legislation to direct the National Highway Traffic Safety Administration and Federal Trade Commission to establish national standards for automotive cyber security. The bill also would require vehicles to have a cyber-rating system to alert consumers how well their cars' privacy and security are defended. "Drivers shouldn't have to choose between being connected and being protected," Markey said in a statement. "We need clear rules of the road that protect cars from hackers and American families from data trackers." Though FCA and its Jeep Cherokee were in the spotlight this time, they were just the latest to showcase how automotive technology has advanced faster than safety and regulatory measures. IHS forecasts 82.5 million cars will be connected to the internet by 2022, which is more than three times today's level. "Cyber-security will become a major challenge for the auto industry and solutions are long overdue," Juliussen said.

FCA issuing software update for 1.4M vehicles to prevent hacking

Fri, Jul 24 2015

In the wake of a Jeep Cherokee being hacked remotely while on the road through its Uconnect infotainment system, FCA US is now issuing a software update for 1.4 million vehicles in the United States. Affected customers will receive a USB stick in the mail with the improved version; owners can check this website to see if their cars are affected. A large variety of models with FCA's 8.4-inch touchscreen infotainment system are affected. They include the 2015 Chrysler 200, 2015 Chrysler 300, 2015 Dodge Charger, and 2015 Dodge Challenger; 2013-2015 Dodge Viper; 2013-2015 Ram 1500, 2500, and 3500; 2013-2015 Ram 3500, 4500, and 5500 chassis cab; 2014-2015 Jeep Grand Cherokee and Cherokee; and 2014-2015 Dodge Durango. According to FCA in its announcement, the new software "insulates connected vehicles from remote manipulation." As of July 23, the company also "fully tested and implemented within the cellular network" additional security to prevent access to many of a vehicle's systems. FCA US says that it's conducting this campaign out of an abundance of caution and disputes the notion that there's a defect with these vehicles. Beyond the demonstration of the hack in the Cherokee, the automaker says that it's unaware of any other reports of these attacks actually happening. Related Video: Statement: Software Update July 24, 2015 , Auburn Hills, Mich. - FCA US LLC is conducting a voluntary safety recall to update software in approximately 1,400,000 U.S. vehicles equipped with certain radios. The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action. Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015. The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.

Feds fretting over remote hack of Jeep Cherokee

Fri, Jul 24 2015

A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had "floated around the entire federal government." "The Homeland Security folks sent out broadcasts that, 'Here's an issue that needs to be addressed,'" said Nathaniel Beuse, an associate administrator with the National Highway Traffic Safety Administration. Valasek and Miller commandeered remote control of the Cherokee through a security flaw in the cellular connection to the car's Uconnect infotainment system. From his Pittsburgh home, Valasek manipulated critical safety inputs, such as transmission function, on Miller's Jeep as he drove along a highway near St. Louis, MO. The scope of the remote breach is believed to be the first of its kind. The prominent cyber-security researchers needed no prior access to the vehicle to perform the hack, and the scope of the remote breach is believed to be the first of its kind. A NHTSA spokesperson said the agency's cyber-security staff members are "putting their expertise to work assessing this threat and the response, and we will take action if we determine it's necessary to protect safety." A Homeland Security spokesperson referred questions about the hack to Chrysler. Fiat Chrysler Automobiles has already been the subject of a federal hearing this month, in which officials scrutinized whether the company had adequately fixed recalled vehicles and repeatedly failed to notify the government about defects. But cyber-security concerns are a new and different species for the regulatory agency. Only hours before the Jeep hack was announced by Wired magazine earlier this week, NHTSA administrator Dr. Mark Rosekind said hacking vulnerabilities were a threat to privacy, safety, and the public's trust with new connected and autonomous technologies that allow vehicles to communicate. NHTSA outlined its response to the cyber-security challenges facing the industry in a report issued Tuesday. In it, the agency summarized its best practices for thwarting attacks and said it will analyze possible real-time infiltration responses. But the agency's ability to handle hackers may only go so far.