Δεν έχουν περάσει ούτε δύο ημέρες από τότε που δύο διάσημοι χάκερς απέδειξαν πως μπορούν να χακάρουν ένα Jeep Cherokee και να πάρουν το έλεγχο του και η FCA ανακοίνωσε πως ήδη προσφέρει μια αναβάθμιση στο σύστημα ενημέρωσης και ψυχαγωγίας Uconnect. Η νέα έκδοση του λογισμικού, μεταξύ άλλων, βελτιώνει και την ασφάλεια του αυτοκινήτου.
Η FCA δηλώνει αντίθετη στην απόφαση των χάκερς που θέλουν να παρουσιάζουν μέρος του κώδικα τους σε ένα συνέδριο ασφαλείας τον επόμενο μήνα στο Las Vegas, παρότι οι χάκερς δηλώνουν πως ο κώδικας που θέλουν να δημοσιοποιήσουν, δεν θα δίνει άμεση πρόσβαση στο κενό ασφαλείας του λογισμικού του Uconnect που ανακάλυψαν οι ίδιοι. Από την “ανάκληση” αυτή, επηρεάζονται συνολικά 1,4 εκατ. αυτοκίνητα. Συγκεκριμένα τα προς ανάκληση αυτοκίνητα είναι τα:
- 2013-2015 Dodge Viper
- 2013-2015 Ram 1500, 2500, 3500
- 2013-2015 Ram 3500, 4500, 5500
- 2014-2015 Jeep Grand Cherokee και Cherokee
- 2014-2015 Dodge Durango
- 2015 MY Chrysler 200, Chrysler 300, Dodge Charger
- 2015 Dodge Challenger
Statement: Software Update
July 24, 2015 , Auburn Hills, Mich.- FCA US LLC is conducting a voluntary safety recall to update software in approximately 1,400,000 U.S. vehicles equipped with certain radios.The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action.Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.
The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.
Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
2013-2015 MY Dodge Viper specialty vehicles 2013-2015 Ram 1500, 2500 and 3500 pickups 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs 2014-2015 Jeep Grand Cherokee and Cherokee SUVs 2014-2015 Dodge Durango SUVs 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans 2015 Dodge Challenger sports coupes Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which providesadditional security features independent of the network-level measures. Alternately, customers may visit http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.
The security of FCA US customers is a top priority, as is retaining their confidence in the Company’s products. Accordingly, FCA US has established a dedicated System Quality Engineering team focused on identifying and implementing best practices for software development and integration.
The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.
No defect has been found. FCA US is conducting this campaign out of an abundance of caution.
Customers are urged to acquire the software update. Those with questions or concerns may call the FCA US Customer Care Center at 1-800-853-1403.
Unhacking the hacked Jeep
We read about “hacks” every day. All industries are potential targets of a hacker and the automotive industry has been no exception.
Well-known hackers Charlie Miller and Chris Valasek recently teamed-up with a WIRED reporter to publish a story that you may have read about or seen on the news. The story highlights how Miller and Valasek hacked into Miller’s 2014 Jeep Cherokee and remotely controlled some functions. Miller and Valasek have been working on intentionally hacking into Miller’s vehicle over the past year as part of their on-going research in the area of automotive cybersecurity and have communicated with FCA about some aspects of their work.
To FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorized remote hack into any FCA vehicle.
After becoming aware of the vulnerabilities in some 2013 and 2014 vehicles equipped with the 8.4 inch touchscreen systems, FCA and several suppliers worked to fix the vulnerabilities in model year 2015 vehicles. FCA also created a software update that eliminates the vulnerabilities uncovered by Miller and Valasek in their laboratory tests. This software update is available to customers right now and can be downloaded to a USB drive from http://www.driveuconnect.com/software-update/ and installed in a vehicle.
FCA will be contacting potentially affected customers with these details and has provided the software update to the FCA US dealer network for immediate customer installation.
Customers can enter a vehicle identification number (VIN) and find out if their vehicle needs the software update. If your vehicle needs the update, you can download the software update to a USB drive and install it yourself. Another option is to make an appointment with your FCA US dealership and have them install it for you at no charge. The update, if installed DIY, will take 30-45 minutes, and your vehicle needs to be parked throughout the software update/installation process.
In addition, FCA US has been working with its suppliers to implement additional protocols to block remote access. These changes will not require any action by our customers.
The vehicles listed below that have a 8.4 inch touchscreen radio system need this software update:
2013-2014 Ram 1500 Pickup 2013-2014 Ram 3500 Cab Chassis 2013-2014 Ram 2500 Pickup 2013-2014 Ram 4500/5500 Cab Chassis 2013-2014 Ram 3500 Pickup 2014 Grand Cherokee 2014 Durango 2013-2014 Viper 2014 Cherokee Some 2015 Chrysler 200s For any questions regarding how to complete the software update please call our Customer Care Center at 1-877-855-8400.