Radio maker says hack unique to Fiat Chrysler
The company that makes car radios that friendly hackers exploited to take control of a Jeep Cherokee says its other infotainment systems don’t have the same security flaw.
Harman International CEO Dinesh Paliwal said Tuesday that the hackers used a cellular connection to get to the radio, which they used to control critical functions such as brakes and steering.
The hack by Twitter security expert Charlie Miller and Chris Valasek, who heads auto security for a consulting firm, touched off the recall of 1.4 million vehicles from Fiat Chrysler to patch software holes. On Saturday, the government announced that it would investigate the Harman Kardon radios to see which other manufacturers use them and whether they had the same vulnerabilities.
The hackers, who informed Fiat Chrysler of their findings, were able to control the Jeep remotely with a laptop computer, sending the auto industry scrambling to make sure its systems are secure. They were to release specifics about their attack at a hackers’ conference in Las Vegas this week.
But Paliwal said the radio system that was hacked, with an 8.4-inch touch screen, was developed about five years ago and doesn’t have as many security safeguards as current models. “We believe based on our assessment with all other customers we supply our system to that the Chrysler system is the only one exposed to this particular experimental hack,” Paliwal said on the company’s fiscal fourth- quarter earnings conference call. “So it’s a unique situation.”
The hackers, he said, were able to get from cellular connection into the radio and then to a network that handles commands for critical functions. “Once you go through an open port in a network, it’s like leaving a door open in a secure house,” he said. “Once you get in, then you can mimic as if you are one of the authorized messengers, you start to send messages.”
Miller and Valasek released some of their findings last week, but Paliwal said Harman was told about the hack late last year and worked with Fiat Chrysler on a software fix. He also said Harman engineers are cooperating with the National Highway Traffic Safety Administration investigation.
NHTSA said it is investigating about 2.8 million Harman radios. “If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products,” the agency wrote.
The vulnerability was exposed last week in a Wired magazine story. Fiat Chrysler said it sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks. Owners will be sent a USB drive that they can plug in and fix the software issue.
Harman International Industries Inc., which makes infotainment systems and designs software, on Tuesday reported earnings of US$100 million, or US$1.37 per share, during its fiscal fourth quarter, up 14 percent from a year ago.
This product image provided by Fiat Chrysler Automobiles shows the Uconnect 8.4 inch infotainment system on a 2014 Jeep Cherokee Limited.