Chrysler issues Jeep Cherokee security patch via USB drive mailed to owners

midian182

midian182

Posts: 9,726   +121
Staff member

Fiat Chrysler has been criticized after a patch it released for the Jeep Cherokee security flaw was mailed to more than a million customers on a USB drive via the US Postal Service.

In July, two hackers demonstrated a zero-day exploit involving the infotainment system of a Jeep Cherokee. The pair showed how they were not only able to remotely control the vehicle’s windshield wipers and radio, but could also kill the engine, put the jeep into neutral and apply or completely disable the brakes.

Chrysler's decision to mail a patch out on a USB stick has come under fire from several security experts, who say it could pave the way for a future attacker to send out their own spoof letters and USB drives so as to trick users into installing rogue software on their vehicles.

It’s been suggested that Fiat should include a method for validating the authenticity of the USB drive so users can verify it really has come from them before it’s plugged in. There’s also the fear that hackers will be able to pull the data off the USB and reverse-engineer it, giving them an insight into how the vehicles receive their software updates and perhaps finding new vulnerabilities to exploit.

“An auto manufacturer is basically conditioning customers into plugging things into their vehicles,” says Mark Trumpbour, an organizer of the New York hacker conference Summercon.

Chrysler has responded by pointing out the security concerns arising from the letters are only “speculation,” it also pointed out the USB drives are read-only. “Consumer safety and security is our highest priority,” the spokesperson added. “We are committed to improving from this experience and working with the industry and with suppliers to develop best practices to address these risks.”

Days after the Jeep hack story went public, Chrysler released a security update for download on its website. It also implemented a layer of protection on the Uconnects’ Sprint network designed to block the wireless attack.

Permalink to story.

https://www.techspot.com/news/62019-jeep-cherokee-security-issue-patched-usb-drive-mailed.html

 
I would take less Tech in a car if they would just build them better. Why do we need wifi in a car? Most people have cell phones. If you can't use a map, get a stand alone GPS. All this extra tech in cars is just one more thing to break, and get hacked. Keep It Simple Stupid.
 
  • Like
Reactions: agb81
kendall007 said:
I would take less Tech in a car if they would just build them better. Why do we need wifi in a car? Most people have cell phones. If you can't use a map, get a stand alone GPS. All this extra tech in cars is just one more thing to break, and get hacked. Keep It Simple Stupid.
Click to expand...

Cars today are the most reliable in history. Truck defect rate over time for example:
TIQI-PickupYearlyRateOfDefects.png


The industry as a whole follows similar trends. Technology made that possible. Now it asks users to perform maintenance instead of waiting for the old lady to run the oil to 25K miles. Now it reports problems back to the manufacturer for patching. Now it helps you avoid collisions and adjusts suspension on the fly by scanning the road ahead prolonging the life of tires and shocks. Now it adjusts fuel/air ratios on demand to maximize performance and gas mileage.

Give me the technology anyday.
 
insect said:
kendall007 said:
I would take less Tech in a car if they would just build them better. Why do we need wifi in a car? Most people have cell phones. If you can't use a map, get a stand alone GPS. All this extra tech in cars is just one more thing to break, and get hacked. Keep It Simple Stupid.
Click to expand...

Cars today are the most reliable in history. Truck defect rate over time for example:
TIQI-PickupYearlyRateOfDefects.png


The industry as a whole follows similar trends. Technology made that possible. Now it asks users to perform maintenance instead of waiting for the old lady to run the oil to 25K miles. Now it reports problems back to the manufacturer for patching. Now it helps you avoid collisions and adjusts suspension on the fly by scanning the road ahead prolonging the life of tires and shocks. Now it adjusts fuel/air ratios on demand to maximize performance and gas mileage.
Click to expand...

Indeed. But as a consequence failures are often far more serious and/or inconvenient than previous generations of cars. As a tow truck driver once commented (while towing a vehicle with a faulty computer board), it's the new stuff he always has to tow, bricked because of some computer or sensor problem.

Or, in my case, a faulty computer component causing the transmission to shift from 4th to reverse at 85mph on the express way. That was an interesting glitch.

I'll take low tech and more minor maintenance over high tech and expensive repairs all day long.
 
You must log in or register to reply here.

Similar threads

A
VMware forced to patch dangerous vulnerabilities in discontinued products
Replies
0
Views
105
Alfonso Maruccia
A
D
Popular Tesla, Nissan and Ford EVs no longer qualify for the full $7,500 federal tax credit
Replies
3
Views
278
netman
netman
Daniel Sims
Blizzard just gave us a hint of how many World of Warcraft subscribers remain (and it's still in the millions)
Replies
14
Views
216
lripplinger
lripplinger

Latest posts

Back