Following a report last month that suggested certain Fiat Chrysler vehicles were susceptible to remote hacks, the auto maker issued a software patch and a subsequent recall. Now, federal regulators are taking over, opening an investigation not into the car manufacturer, but the company behind the radios that provide an entryway for would-be hackers.
The National Highway Traffic Safety Administration announced that it will probe Harman Kardon, the maker of the infotainment system used by two researchers to take control of a 2014 Jeep Cherokee from miles away, to determine if vehicles by other manufacturers could be at risk for remote hacks.
According to a notice [PDF] from NHTSA, the investigation was opened to obtain information about the Harman-supplied Chrysler Uconnect units to determine the nature and extent of similarities in other infotainment products provided to other vehicle manufacturers.
“If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products,” NHTSA states in the notice.
Regulators estimate that Harman has supplied infotainment systems of some kind for about 2.8 million vehicles.
Fiat Chrysler (FCA) issued a software patch for its Uconnect onboard system in late July, though at that time it didn’t directly acknowledge the Wired.com report of what it was like to be inside a hijacked Jeep.
Just days later, the company announced it would recall 1.4 million vehicles that include the Uconnect units.
In a notice [PDF] to NHTSA regarding that recall, FCA detailed how software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems.
“Unauthorized access or manipulation of the vehicle control systems could reduce the driver’s control of the vehicle increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other vehicles and their occupants within proximity to the affected vehicle,” the notice states.
Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures.
by Ashlee Kieler via Consumerist
ليست هناك تعليقات:
إرسال تعليق