2004 Chrysler Crossfire Florida Car With Only 41,000 Miles on 2040-cars

Auto blog

The problem with how automakers confront hacking threats

More than anyone, Chris Valasek and Charlie Miller are responsible for alerting Americans to the hacking perils awaiting them in their modern-day cars. In 2013, the pair of cyber-security researchers followed in the footsteps of academics at the University of Cal-San Diego and University of Washington, demonstrating it was possible to hack and control cars. Last summer, their research established which vehicles contained inherent security weaknesses. In recent weeks, their latest findings have underscored the far-reaching danger of automotive security breaches. From the comfort of his Pittsburgh home, Valasek exploited a flaw in the cellular connection of a Jeep Cherokee and commandeered control as Miller drove along a St. Louis highway. Remote access. No prior tampering with the vehicle. An industry's nightmare. As a result of their work, FCA US recalled 1.4 million cars, improving safety for millions of motorists. For now, Valasek and Miller are at the forefront of their profession. In a few months, they could be out of jobs. Rather than embrace the skills of software and security experts in confronting the unforeseen downside of connectivity in cars, automakers have been doing their best to stifle independent cyber-security research. Lost in the analysis of the Jeep Cherokee vulnerabilities is the possibility this could be the last study of its kind. In September or October, the U.S. Copyright Office will issue a key ruling that could prevent third-party researchers like Valasek and Miller from accessing the components they need to conduct experiments on vehicles. Researchers have asked for an exemption in the Digital Millennial Copyright Act that would preserve their right to analyze cars, but automakers have opposed that exemption, claiming the software that runs almost every conceivable vehicle function is proprietary. Further, their attorneys have argued the complexity of the software has evolved to a point where safety and security risks arise when third parties start monkeying with the code. Their message on cyber security is, as it has been for years, that they know their products better than anyone else and that it's dangerous for others to meddle with them. But in precise terms, the Jeep Cherokee problems show this is not the case. Valasek and Miller discovered the problem, a security hole in the Sprint cellular connection to the UConnect infotainment system, not industry insiders.

NHTSA investigating Harman Kardon for software vulnerabilities

The National Highway Traffic Safety Administration is investigating infotainment units from Harman Kardon, which produces FCA's Uconnect, to determine if Harman Kardon systems used by other companies are also vulnerable to hackings. Researchers discovered a hole in the cellular connection to the Uconnect infotainment in a Jeep Cherokee. They were able to exploit it to gain access to the vehicle's brakes, radio, and other systems. In the wake of the hack, FCA pledged to send out 1.4 million USB drives to update the software. Politicians also attacked the automaker for not reporting the problem sooner, and NHTSA opened an investigation to find whether the fix worked. INVESTIGATION Subject : Software security vulnerability Date Investigation Opened: JUL 29, 2015 Date Investigation Closed: Open NHTSA Action Number: EQ15005 Component(s): EQUIPMENT All Products Associated with this Investigation Equipment Brand Name Part No. or Model No.Production Dates HARMAN KARDON R3R4 - Details Manufacturer: HARMAN INTERNATIONAL SUMMARY: On July 23, 2015, Fiat Chrysler Automobiles (FCA) submitted a safety recall report to NHTSA concerning a software security defect condition in approximately 1.4 million model year (MY) 2013 through 2015 vehicles equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios manufactured by Harman Kardon (Recall 15V-461). According to FCA, software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems. Unauthorized access or manipulation of the vehicle control systems could reduce the driver?s control of the vehicle increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other vehicles and their occupants within proximity to the affected vehicle. This EQ is being opened to obtain information from the supplier of Chrysler Uconnect units to determine the nature and extent of similarities in other infotainment products provided to other vehicle manufacturers. If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products. Related Video:

US prepares to sue Fiat Chrysler over diesel emissions testing

NEW YORK - The Justice Department plans to file a civil lawsuit against Fiat Chrysler Automobiles NV over excess diesel emissions as early as this week if no agreement is reached with the Italian-American automaker, two sources briefed on the matter said on Wednesday. The Environmental Protection Agency in January accused FCA of illegally using undisclosed software to allow excess diesel emissions in about 104,000 cars and SUVs, the result of a probe that stemmed from regulators' investigation of rival Volkswagen AG. The EPA and California Air Resources Board have been in talks with FCA about the excess emissions and whether the agencies would approve the sale of 2017 FCA diesel models. A federal judge in California has set a May 24 hearing on a series of lawsuits filed by owners of vehicles against Fiat Chrysler and the Justice Department is expected to file its action by then if no agreement is reached. FCA said on Wednesday it believed that any litigation would be "counterproductive" to ongoing discussions with the EPA and California Air Resources Board. The company added that "in the case of any litigation, FCA US will defend itself vigorously, particularly against any claims that the company deliberately installed defeat devices to cheat U.S. emissions tests." The Justice Department took the same procedural step in early 2016 against Volkswagen, nearly four months after the German company admitted using software to emit excess diesel emissions in nearly 500,000 vehicles. The Justice Department has had an ongoing criminal investigation into FCA's conduct since last year, Reuters reported in January. The probe has turned up internal emails written in Italian and other documents about engine development and emissions issues, sources briefed on the probe said. U.S. regulators said FCA failed to disclose engine management software in 104,000 U.S. 2014-2016 Jeep Grand Cherokees and Dodge Ram 1500 trucks with 3.0-liter diesel engines. The European Commission has launched legal action against Italy for failing to respond to allegations of emission-test cheating by Fiat Chrysler in a procedure that could lead to the country being taken to court. The EPA has said the maximum possible fine against FCA could be $4.6 billion. In February, FCA said it had received requests for information and subpoenas from U.S. federal and state authorities, including the Securities and Exchange Commission, for diesel issues.