Fiat Chrysler Recalls 1.4M Vehicles to Prevent Hacking
By THE ASSOCIATED PRESS

DETROIT — Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the U.S. just days after two hackers revealed that they took control of a Jeep Cherokee SUV over the Internet.

The company also disclosed in government documents that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it. On Thursday, Fiat Chrysler sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks, the automaker said in a statement.

The vulnerability exposed by the hack rippled through the auto industry and drew the attention of government safety regulators, who on Friday opened an investigation into the Jeep incident.

The National Highway Traffic Safety Administration said it would find out which other automakers use the same radios. It came as the industry is rapidly adding Internet-connected features such as WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks.

“I think it’s a pretty big deal,” said James Carder, chief information security officer for LogRhythm Inc., a Boulder, Colorado, security company. “This isn’t intellectual property going out the door, this is 1.4 million lives on the line.”

Automakers, he said, have become accustomed to testing mechanical safety, but most aren’t doing enough online security testing. Carder said he wouldn’t be surprised to see a few more recalls as automakers check vehicle security. He noted that Internet-accessible cars have only been around for a few years, limiting the number of cars and trucks that could be affected.

Shortly after the hack was disclosed in a Wired magazine article this week, Fiat Chrysler said it would contact owners of vehicles and offer software updates to fix the problem. But documents show that the wider recall came at the urging of government safety regulators.

Fiat Chrysler, which already is facing penalties from NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims. The company also implied in its statement that the hackers broke the law by manipulating a vehicle remotely without authorization.

The fix came after two well-known hackers, Charlie Miller and Chris Valasek, remotely took control of the Cherokee through its UConnect entertainment system. They were able to change the vehicle’s speed and control the brakes, radio, windshield wipers, transmission and other features. They estimated 471,000 vehicles were vulnerable.

Miller said Friday that he didn’t think Fiat Chrysler’s statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said.

The recall affects vehicles with 8.4-inch touchscreens including 2013 to 2015 Ram pickups and chassis cabs and Dodge Viper sports cars. Also covered are 2014 and 2015 Dodge Durango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Challenger.

NHTSA encouraged people to get the repairs done quickly and said the recall is the right step to protect customers.

Mark Reuss, General Motors’ product development chief, wouldn’t comment specifically on the Jeep incident, but said Friday that GM is learning about security measures from the U.S. military and aircraft manufacturers such as Boeing.

“Cyber security is one of the most important things we spend time on these days,” he told reporters on Friday.

Miller said he and Valasek first told Fiat Chrysler about their research in October and have been in touch with the company several times since then.

Owners of the recalled vehicles will get a USB drive that they can use to update the software. Fiat Chrysler says it provides added security beyond the cellular network fixes.

Customers can go to http://www.driveuconnect.com/software-update/ and punch in their vehicle identification number to find out if they’re included in the recall.

Carder, the security expert, said the odds that an average person’s vehicle would be hacked are slim, but the news will make people more paranoid. He owns the same model Jeep that was hacked, and says he’ll get the software fix done quickly.

“I’m sure my wife would appreciate it,” he said.

美傳駭客入侵 克萊斯勒召回140萬輛車

媒體報導，兩名駭客透過網路控制一輛Jeep Cherokee休旅車，促使飛雅特克萊斯勒公司24日宣布在美國召回大約140萬輛汽車和貨車，創汽車業因網路安全問題召回首例。

由收音機駭入

該公司向政府提交文件說，駭客經由收音機的一個電子漏洞進入Jeep操控系統，將更新軟體杜絕漏洞。

召回的車輛都配備8.4吋的觸控螢幕，包括2013至2015年的Ram小貨車和道奇Viper跑車，2014和2015年的道奇Durango 、Jeep Grand Cherokee和Cherokee休旅車，2015年的克萊斯勒200和300，以及道奇Charger和Challenger。

美國全國公路交通安全管理署（NHTSA）說，將查明還有哪些車廠使用相同的收音機。

汽車業正為車輛增加Wi-Fi無線上網和導航系統之類的連網功能，以便利駕駛人，可是車輛卻可能因此受到攻擊。Jeep遇駭暴露連網車輛存在的弱點，汽車業為之震撼，並引起政府安全管制當局注意。

Wired科技雜誌報導，兩個著名駭客用自己擁有的Cherokee休旅車做實驗，透過車輛的UConnet娛樂系統遙控車輛，包括引擎、煞車、轉向系統等。

事件曝光後，飛雅特克萊斯勒宣布將與47萬1000個車主連絡，並提供更新軟體以消除問題。但是，有關文件顯示，在NHTSA敦促下，召回車輛增加。

BMW車門鎖曾遇駭

這並非車輛遭到駭客攻擊首例。今年稍早，BMW也因有車輛門鎖遭到駭客遙控解鎖而更新軟體。

原文參照：
http://www.nytimes.com/aponline/2015/07/24/us/ap-us-fiat-chrysler-hacking-recall.html

2015-07-25．聯合晚報．B3．國際財經．國際新聞組