Ra­dio maker says hack unique to Fiat Chrysler


The com­pany that makes car ra­dios that friendly hack­ers ex­ploited to take con­trol of a Jeep Cherokee says its other in­fo­tain­ment sys­tems don’t have the same se­cu­rity flaw.

Har­man In­ter­na­tional CEO Di­nesh Pali­wal said Tues­day that the hack­ers used a cel­lu­lar con­nec­tion to get to the ra­dio, which they used to con­trol crit­i­cal func­tions such as brakes and steer­ing.

The hack by Twit­ter se­cu­rity ex­pert Char­lie Miller and Chris Valasek, who heads auto se­cu­rity for a con­sult­ing firm, touched off the re­call of 1.4 mil­lion ve­hi­cles from Fiat Chrysler to patch soft­ware holes. On Satur­day, the gov­ern­ment an­nounced that it would in­ves­ti­gate the Har­man Kar­don ra­dios to see which other man­u­fac­tur­ers use them and whether they had the same vul­ner­a­bil­i­ties.

The hack­ers, who in­formed Fiat Chrysler of their find­ings, were able to con­trol the Jeep re­motely with a lap­top com­puter, send­ing the auto in­dus­try scram­bling to make sure its sys­tems are se­cure. They were to re­lease specifics about their at­tack at a hack­ers’ con­fer­ence in Las Ve­gas this week.

But Pali­wal said the ra­dio sys­tem that was hacked, with an 8.4-inch touch screen, was de­vel­oped about five years ago and doesn’t have as many se­cu­rity safe­guards as cur­rent mod­els. “We be­lieve based on our as­sess­ment with all other cus­tomers we sup­ply our sys­tem to that the Chrysler sys­tem is the only one ex­posed to this par­tic­u­lar ex­per­i­men­tal hack,” Pali­wal said on the com­pany’s fis­cal fourth- quar­ter earn­ings con­fer­ence call. “So it’s a unique sit­u­a­tion.”

The hack­ers, he said, were able to get from cel­lu­lar con­nec­tion into the ra­dio and then to a net­work that han­dles com­mands for crit­i­cal func­tions. “Once you go through an open port in a net­work, it’s like leav­ing a door open in a se­cure house,” he said. “Once you get in, then you can mimic as if you are one of the au­tho­rized mes­sen­gers, you start to send mes­sages.”

Miller and Valasek re­leased some of their find­ings last week, but Pali­wal said Har­man was told about the hack late last year and worked with Fiat Chrysler on a soft­ware fix. He also said Har­man engi­neers are co­op­er­at­ing with the Na­tional High­way Traf­fic Safety Ad­min­is­tra­tion in­ves­ti­ga­tion.

NHTSA said it is in­ves­ti­gat­ing about 2.8 mil­lion Har­man ra­dios. “If suf­fi­cient sim­i­lar­i­ties ex­ist, the in­ves­ti­ga­tion will ex­am­ine if there is cause for con­cern that se­cu­rity is­sues ex­ist in other Har­man Kar­don prod­ucts,” the agency wrote.

The vul­ner­a­bil­ity was ex­posed last week in a Wired mag­a­zine story. Fiat Chrysler said it sealed off a loop­hole in its in­ter­nal cel­lu­lar tele­phone net­work with ve­hi­cles to pre­vent sim­i­lar at­tacks. Own­ers will be sent a USB drive that they can plug in and fix the soft­ware is­sue.

Har­man In­ter­na­tional In­dus­tries Inc., which makes in­fo­tain­ment sys­tems and de­signs soft­ware, on Tues­day re­ported earn­ings of US$100 mil­lion, or US$1.37 per share, dur­ing its fis­cal fourth quar­ter, up 14 per­cent from a year ago.


This prod­uct im­age pro­vided by Fiat Chrysler Au­to­mo­biles shows the Ucon­nect 8.4 inch in­fo­tain­ment sys­tem on a 2014 Jeep Cherokee Lim­ited.

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.