‘No impact’ from software flaw for Middle East Chrysler drivers

Region’s vehicles not using wireless network that caused 1.4m-unit recall in US, car-maker tells ITP.net

Tags: Chrysler USAFiatUSAUnited Arab Emirates
  • E-Mail
‘No impact’ from software flaw for Middle East Chrysler drivers While US drivers need to patch the software flaw, Middle East customers are not exposed to the vuln, because of differences in infrastructure, FCA said.
By  Stephen McBride Published  July 28, 2015

Middle East drivers of Fiat-Chrysler vehicles will suffer "no impact" from the widely reported software vulnerabilities that led to a 1.4m-unit recall in the US, a US-based spokesperson for the car-maker told ITP.net.

The Italian-American auto-giant, also known as FCA, issued the US recall after two hackers last week demonstrated a zero-day exploit in a 2013 Jeep Cherokee to a Wired journalist, who volunteered to drive the vehicle. The software vulnerability allowed hackers Charlie Miller and Chris Valasek to take control of the air-conditioning system, stereo and windscreen wipers, before decelerating the car, killing the engine, cutting off control of the brakes and driving the vehicle into a ditch.

US roads regulator, the National Highway Traffic Safety Administration (NHTSA), reported the recall on its website on Thursday, naming a number of FCA models dated between 2013 and 2015, including the Jeep Grand Cherokee, Cherokee, Dodge Charger, Dodge Challenger, Dodge Durango and Dodge Viper.

But according to an FCA spokesperson, "There is no impact on any of the [NHTSA-listed] vehicles in the Middle East. Due to market access to cellular connectivity, the... issue applies only to vehicles sold in the US."

While US drivers need to patch the software flaw with a fix via USB stick, the spokesperson said Middle East customers were not exposed to the vuln, because of differences in the infrastructure used to deliver smart functionality.

"The key difference is that Uconnect-equipped vehicles available in the region currently do not have wireless capability, and the hack was only possible as a result of a port that was left open by a US telecommunications provider," the spokesperson said, insisting that there was "no defect in the affected Uconnect 8.4-inch touchscreen system".

They added that the software patch in the US was designed to close the comms port and radio firewalls and "has removed the known risk of long-range remote hacking". The spokesperson also confirmed that Miller and Valasek, whom FCA refers to as "highly skilled expert security researchers", had "shared their findings and key learnings with FCA US".

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code