No Reserve Auction! Highest Bidder Wins! Convertible! Ready To Go For Summer! on 2040-cars

Auto blog

NHTSA investigating Harman Kardon for software vulnerabilities

The National Highway Traffic Safety Administration is investigating infotainment units from Harman Kardon, which produces FCA's Uconnect, to determine if Harman Kardon systems used by other companies are also vulnerable to hackings. Researchers discovered a hole in the cellular connection to the Uconnect infotainment in a Jeep Cherokee. They were able to exploit it to gain access to the vehicle's brakes, radio, and other systems. In the wake of the hack, FCA pledged to send out 1.4 million USB drives to update the software. Politicians also attacked the automaker for not reporting the problem sooner, and NHTSA opened an investigation to find whether the fix worked. INVESTIGATION Subject : Software security vulnerability Date Investigation Opened: JUL 29, 2015 Date Investigation Closed: Open NHTSA Action Number: EQ15005 Component(s): EQUIPMENT All Products Associated with this Investigation Equipment Brand Name Part No. or Model No.Production Dates HARMAN KARDON R3R4 - Details Manufacturer: HARMAN INTERNATIONAL SUMMARY: On July 23, 2015, Fiat Chrysler Automobiles (FCA) submitted a safety recall report to NHTSA concerning a software security defect condition in approximately 1.4 million model year (MY) 2013 through 2015 vehicles equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios manufactured by Harman Kardon (Recall 15V-461). According to FCA, software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems. Unauthorized access or manipulation of the vehicle control systems could reduce the driver?s control of the vehicle increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other vehicles and their occupants within proximity to the affected vehicle. This EQ is being opened to obtain information from the supplier of Chrysler Uconnect units to determine the nature and extent of similarities in other infotainment products provided to other vehicle manufacturers. If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products. Related Video:

The problem with how automakers confront hacking threats

More than anyone, Chris Valasek and Charlie Miller are responsible for alerting Americans to the hacking perils awaiting them in their modern-day cars. In 2013, the pair of cyber-security researchers followed in the footsteps of academics at the University of Cal-San Diego and University of Washington, demonstrating it was possible to hack and control cars. Last summer, their research established which vehicles contained inherent security weaknesses. In recent weeks, their latest findings have underscored the far-reaching danger of automotive security breaches. From the comfort of his Pittsburgh home, Valasek exploited a flaw in the cellular connection of a Jeep Cherokee and commandeered control as Miller drove along a St. Louis highway. Remote access. No prior tampering with the vehicle. An industry's nightmare. As a result of their work, FCA US recalled 1.4 million cars, improving safety for millions of motorists. For now, Valasek and Miller are at the forefront of their profession. In a few months, they could be out of jobs. Rather than embrace the skills of software and security experts in confronting the unforeseen downside of connectivity in cars, automakers have been doing their best to stifle independent cyber-security research. Lost in the analysis of the Jeep Cherokee vulnerabilities is the possibility this could be the last study of its kind. In September or October, the U.S. Copyright Office will issue a key ruling that could prevent third-party researchers like Valasek and Miller from accessing the components they need to conduct experiments on vehicles. Researchers have asked for an exemption in the Digital Millennial Copyright Act that would preserve their right to analyze cars, but automakers have opposed that exemption, claiming the software that runs almost every conceivable vehicle function is proprietary. Further, their attorneys have argued the complexity of the software has evolved to a point where safety and security risks arise when third parties start monkeying with the code. Their message on cyber security is, as it has been for years, that they know their products better than anyone else and that it's dangerous for others to meddle with them. But in precise terms, the Jeep Cherokee problems show this is not the case. Valasek and Miller discovered the problem, a security hole in the Sprint cellular connection to the UConnect infotainment system, not industry insiders.

Feds investigating FCA sales fraud focusing on strange code word

The US government is currently investigating Fiat Chrysler Automobiles (FCA) over the possibility of sales fraud, and according to The Wall Street Journal, the investigation has revealed a strange phrase about a nonexistent "unnatural acts department." People knowledgeable about the term told The Wall Street Journal that this phrase was a "rallying cry." Basically, if it looked like the company, region, or dealer wasn't going to hit sales targets, this was a sign that some outside-the-box sales solutions were needed. People told the news outlet those solutions could include selling cars at a loss or having the dealer buy a fleet of customer test-drive cars. However, this could also be evidence of some less savory ways to boost sales. In addition to the investigation, the company is already facing at least one lawsuit from a dealer group that alleges it would bribe dealers to pad monthly sales figures. FCA had an incentive to maintain sales numbers as well, considering that it was claiming a long streak of increasing sales. Under scrutiny recently, the company changed its sales reporting practices and numbers for previous years. Under the old reporting methods, it was possible for dealers to sell cars, report the sales, and then cancel or "unwind" the sales later. This wouldn't count as a lost sale, but the car also couldn't be recorded as another sale later. As a result, an unscrupulous dealer could have hypothetically used it to "sell" a car one month and "unwind" it the next. If FCA knew about this, it's also possible the company could have pushed dealers to use the system for false sales, something the Feds theorize may be related to the "unnatural acts department" phrase. It's still entirely possible this "unnatural acts department" was just a corporate term for thinking of creative ways to meet sales goals. And selling cars at a loss is definitely unnatural for businesses that are trying to make money. Whatever the phrase truly meant to dealers, it certainly is bizarre. Related Video: News Source: The Wall Street JournalImage Credit: GIUSEPPE CACACE/AFP/Getty Images Government/Legal Chrysler Fiat FCA fiat chrysler automobiles fca us investigation