NHTSA investigating Harman Kardon for software vulnerabilities
Mon, Aug 3 2015 The National Highway Traffic Safety Administration is investigating infotainment units from Harman Kardon, which produces FCA's Uconnect, to determine if Harman Kardon systems used by other companies are also vulnerable to hackings. Researchers discovered a hole in the cellular connection to the Uconnect infotainment in a Jeep Cherokee. They were able to exploit it to gain access to the vehicle's brakes, radio, and other systems. In the wake of the hack, FCA pledged to send out 1.4 million USB drives to update the software. Politicians also attacked the automaker for not reporting the problem sooner, and NHTSA opened an investigation to find whether the fix worked.
INVESTIGATION Subject : Software security vulnerability
Date Investigation Opened: JUL 29, 2015
Date Investigation Closed: Open
NHTSA Action Number: EQ15005
Component(s): EQUIPMENT
All Products Associated with this Investigation
Equipment Brand Name Part No. or Model No.Production Dates
HARMAN KARDON R3R4 -
Details
Manufacturer: HARMAN INTERNATIONAL
SUMMARY:
On July 23, 2015, Fiat Chrysler Automobiles (FCA) submitted a safety recall report to NHTSA concerning a software security defect condition in approximately 1.4 million model year (MY) 2013 through 2015 vehicles equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios manufactured by Harman Kardon (Recall 15V-461). According to FCA, software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems.
Unauthorized access or manipulation of the vehicle control systems could reduce the driver?s control of the vehicle increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other vehicles and their occupants within proximity to the affected vehicle.
This EQ is being opened to obtain information from the supplier of Chrysler Uconnect units to determine the nature and extent of similarities in other infotainment products provided to other vehicle manufacturers. If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products.
Date Investigation Opened: JUL 29, 2015
Date Investigation Closed: Open
NHTSA Action Number: EQ15005
Component(s): EQUIPMENT
All Products Associated with this Investigation
Equipment Brand Name Part No. or Model No.Production Dates
HARMAN KARDON R3R4 -
Details
Manufacturer: HARMAN INTERNATIONAL
SUMMARY:
On July 23, 2015, Fiat Chrysler Automobiles (FCA) submitted a safety recall report to NHTSA concerning a software security defect condition in approximately 1.4 million model year (MY) 2013 through 2015 vehicles equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios manufactured by Harman Kardon (Recall 15V-461). According to FCA, software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems.
Unauthorized access or manipulation of the vehicle control systems could reduce the driver?s control of the vehicle increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other vehicles and their occupants within proximity to the affected vehicle.
This EQ is being opened to obtain information from the supplier of Chrysler Uconnect units to determine the nature and extent of similarities in other infotainment products provided to other vehicle manufacturers. If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products.
Related Video:
By Chris Bruce
See also: Weekly Recap: FCA hit with record fine as NHTSA crackdown continues, Weekly Recap: FCA hit with record fine as NHTSA crackdown continues, FCA profits surge in second quarter.