89k Mileage *** Extra Clean *** on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Ford Expedition, F-150 Limited and Cadillac V Series | Autoblog Podcast #583

In this week's Autoblog Podcast, Editor-in-Chief Greg Migliore is joined by Consumer Editor Jeremy Korzeniewski and Assistant Editor Zac Palmer. First, they talk about the cars they've been driving, including the Ford Expedition, Ford F-150 Limited and the Mini Cooper JCW Knights Edition. Then they discuss the news, including Ian Callum stepping down from Jaguar, Cadillac's V cars and the latest in the saga between FCA and Renault. Autoblog Podcast #583 Get The Podcast iTunes – Subscribe to the Autoblog Podcast in iTunes RSS – Add the Autoblog Podcast feed to your RSS aggregator MP3 – Download the MP3 directly Rundown Cars we're driving: Ford Expedition Ford F-150 Limited Mini Cooper JCW Knights Edition Ian Callum resigns from Jaguar Cadillac V FCA backs down from Renault merger talks Feedback Email – Podcast@Autoblog.com Review the show on iTunes Related Video:

NHTSA preparing to wallop FCA, automaker 'failed to do its job'

As embattled the National Highway Traffic Safety Administration may be, but that certainly doesn't mean it isn't willing or able to put the smack down on automakers that violate its recall procedures. Following a public hearing on Thursday, the government safety arm is preparing what will likely be some very serious punishments for Fiat Chrysler Automobiles. FCA stands accused of mishandling 23 individual recalls covering some 11 million vehicles since 2013, with NHTSA claiming the Italian-American automaker kept it "in the dark," failing to notify the government of safety defects. Uncle Sam also alleges that FCA failed to notify consumers of important safety notices and didn't provide a steady supply of replacement parts. For these charges, the automaker could be fined up to $35 million per recall, which could mean a maximum of $805 million in fines. FCA could also be forced to buy back the unrepaired vehicles. "We have serious concerns with Fiat Chrysler notifications to owners and to NHTSA about its recalls. In every one of the 23 recalls, we have identified ways in which Fiat Chrysler failed to do its job," Jennifer Timian, the head of the Office of Defects Investigation, said during the FCA hearing, The Detroit News reports. The company also "repeatedly failed to provide NHTSA with other critical information about its recalls, including changes to the vehicles impacted by the recalls and its plans for remedying those vehicles." Fiat Chrysler, for its part, didn't really fight back during its hearing, although Scott Kunselman (shown above during the hearing), the senior vice president of vehicle safety and regulatory affairs at FCA, did tell The News that, "We absolutely had no mis-intent." "The plan is to move forward," Kunselman said, adding that the company has "fallen short," and that "some of the things we've done were sloppy." NHTSA administrator Mark Rosekind told The News that the regulator would issue its sanctions by the end of July, adding that he saw no way that FCA could avoid punishment.