1956 Chrylser Imperial on 2040-cars

Auto blog

Feds fretting over remote hack of Jeep Cherokee

A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had "floated around the entire federal government." "The Homeland Security folks sent out broadcasts that, 'Here's an issue that needs to be addressed,'" said Nathaniel Beuse, an associate administrator with the National Highway Traffic Safety Administration. Valasek and Miller commandeered remote control of the Cherokee through a security flaw in the cellular connection to the car's Uconnect infotainment system. From his Pittsburgh home, Valasek manipulated critical safety inputs, such as transmission function, on Miller's Jeep as he drove along a highway near St. Louis, MO. The scope of the remote breach is believed to be the first of its kind. The prominent cyber-security researchers needed no prior access to the vehicle to perform the hack, and the scope of the remote breach is believed to be the first of its kind. A NHTSA spokesperson said the agency's cyber-security staff members are "putting their expertise to work assessing this threat and the response, and we will take action if we determine it's necessary to protect safety." A Homeland Security spokesperson referred questions about the hack to Chrysler. Fiat Chrysler Automobiles has already been the subject of a federal hearing this month, in which officials scrutinized whether the company had adequately fixed recalled vehicles and repeatedly failed to notify the government about defects. But cyber-security concerns are a new and different species for the regulatory agency. Only hours before the Jeep hack was announced by Wired magazine earlier this week, NHTSA administrator Dr. Mark Rosekind said hacking vulnerabilities were a threat to privacy, safety, and the public's trust with new connected and autonomous technologies that allow vehicles to communicate. NHTSA outlined its response to the cyber-security challenges facing the industry in a report issued Tuesday. In it, the agency summarized its best practices for thwarting attacks and said it will analyze possible real-time infiltration responses. But the agency's ability to handle hackers may only go so far.

Harsh words from senators over Chrysler's delay in reporting hack

The federal agency charged with protecting American motorists wants to know more about how hackers remotely commandeered and controlled a Jeep Cherokee. Hours after Fiat Chrysler Automobiles recalled 1.4 million cars affected by a flaw in their cellular connections, officials with the National Highway Traffic Safety Administration said Friday they'll further probe the defect by conducting a formal recall query investigation. "Opening this investigation will allow NHTSA to better assess the effectiveness of the remedy proposed," the agency said in a written statement. The remedy works, said Chris Valasek, one of the researchers who first discovered the security flaw. After testing for the vulnerability again Friday, he wrote on Twitter: "Looks like I can't get to @0xcharlie's Jeep from my house via my phone. Good job FCA/Sprint!" From his Pittsburgh home, Valasek had previously accessed and controlled co-worker Charlie Miller's Jeep along a St. Louis highway. Researchers have demonstrated remote hacks before, but the scope and severity of the Jeep vulnerability was unprecedented. The recall for a cyber threat was the first of its kind. Although a software patch and changes made by cellular provider Sprint appeared to fix the problem, news of the exploit and Chrysler's response brought a fresh round of consternation on Capitol Hill, where federal lawmakers had already expressed concerns about automotive cyber security. The Jeep hack elevated their concerns to a new level. "Cyber threats in cars are real and urgent, no figment of the imagination, as this huge recall demonstrates," said Sen. Richard Blumenthal (D-CT). "Incredibly, Chrysler delayed disclosing this chilling cyber-security danger egregiously and inexcusably, and strong sanctions are appropriate to send a message that other auto manufacturers will heed." Chrysler had known about the security gap since October, and Sen. Ed Markey (D-MA) wondered why it took the company so long to let customers know they were at risk. "Despite knowing about this security gap for nearly nine months, Chrysler is only now recalling 1.4 million vehicles to fix this vulnerability," he said. That's a potential pitfall for Chrysler, and something NHTSA will likely address in its investigation. Automakers are supposed to report safety-related defects to the agency within five days of discovery. But according to a chronology of events Chrysler submitted in its recall paperwork, it didn't inform NHTSA until July 15.

Rising aluminum costs cut into Ford's profit

When Ford reports fourth-quarter results on Wednesday afternoon, it is expected to fret that rising metals costs have cut into profits, even as rivals say they have the problem under control. Aluminum prices have risen 20 percent in the last year and nearly 11 percent since Dec. 11. Steel prices have risen just over 9 percent in the last year. Ford uses more aluminum in its vehicles than its rivals. Aluminum is lighter but far more expensive than steel, closing at $2,229 per tonne on Tuesday. U.S. steel futures closed at $677 per ton (0.91 metric tonnes). Republican U.S. President Donald Trump's administration is weighing whether to impose tariffs on imported steel and aluminum, which could push prices even higher. Ford gave a disappointing earnings estimate for 2017 and 2018 last week, saying the higher costs for steel, aluminum and other metals, as well as currency volatility, could cost the company $1.6 billion in 2018. Ford shares took a dive after the announcement. Ford Chief Financial Officer Bob Shanks told analysts at a conference in Detroit last week that while the company benefited from low commodity prices in 2016, rising steel prices were now the main cause of higher costs, followed by aluminum. Shanks said the automaker at times relies on foreign currencies as a "natural hedge" for some commodities but those are now going in the opposite direction, so they are not working. A Ford spokesman added that the automaker also uses a mix of contracts, hedges and indexed buying. Industry analysts point to the spike in aluminum versus steel prices as a plausible reason for Ford's problems, especially since it uses far more of the expensive metal than other major automakers. "When you look at Ford in the context of the other automakers, aluminum drives a lot of their volume and I think that is the cause" of their rising costs, said Jeff Schuster, senior vice president of forecasting at auto consultancy LMC Automotive. Other major automakers say rising commodity costs are not much of a problem. At last week's Detroit auto show, Fiat Chrysler Automobiles NV's Chief Executive Officer Sergio Marchionne reiterated its earnings guidance for 2018 and held forth on a number of topics, but did not mention metals prices. General Motors Co gave a well-received profit outlook last week and did not mention the subject. "We view changes in raw material costs as something that is manageable," a GM spokesman said in an email.