2004 Chrysler Crossfire on 2040-cars

Auto blog

Harsh words from senators over Chrysler's delay in reporting hack

The federal agency charged with protecting American motorists wants to know more about how hackers remotely commandeered and controlled a Jeep Cherokee. Hours after Fiat Chrysler Automobiles recalled 1.4 million cars affected by a flaw in their cellular connections, officials with the National Highway Traffic Safety Administration said Friday they'll further probe the defect by conducting a formal recall query investigation. "Opening this investigation will allow NHTSA to better assess the effectiveness of the remedy proposed," the agency said in a written statement. The remedy works, said Chris Valasek, one of the researchers who first discovered the security flaw. After testing for the vulnerability again Friday, he wrote on Twitter: "Looks like I can't get to @0xcharlie's Jeep from my house via my phone. Good job FCA/Sprint!" From his Pittsburgh home, Valasek had previously accessed and controlled co-worker Charlie Miller's Jeep along a St. Louis highway. Researchers have demonstrated remote hacks before, but the scope and severity of the Jeep vulnerability was unprecedented. The recall for a cyber threat was the first of its kind. Although a software patch and changes made by cellular provider Sprint appeared to fix the problem, news of the exploit and Chrysler's response brought a fresh round of consternation on Capitol Hill, where federal lawmakers had already expressed concerns about automotive cyber security. The Jeep hack elevated their concerns to a new level. "Cyber threats in cars are real and urgent, no figment of the imagination, as this huge recall demonstrates," said Sen. Richard Blumenthal (D-CT). "Incredibly, Chrysler delayed disclosing this chilling cyber-security danger egregiously and inexcusably, and strong sanctions are appropriate to send a message that other auto manufacturers will heed." Chrysler had known about the security gap since October, and Sen. Ed Markey (D-MA) wondered why it took the company so long to let customers know they were at risk. "Despite knowing about this security gap for nearly nine months, Chrysler is only now recalling 1.4 million vehicles to fix this vulnerability," he said. That's a potential pitfall for Chrysler, and something NHTSA will likely address in its investigation. Automakers are supposed to report safety-related defects to the agency within five days of discovery. But according to a chronology of events Chrysler submitted in its recall paperwork, it didn't inform NHTSA until July 15.

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Stellantis reports record margins, $7B profits despite chip shortage

MILAN — Automaker Stellantis on Tuesday said it achieved faster-than-expected progress on synergies and record margins in its first six months as a combined company, despite suffering 700,000 units in lower production due to interruptions in the semiconductor supply chain. The company — formed from French carmaker Peugeot PSAÂ’s takeover of the Italian-American company Fiat Chrysler — reported net profit of 5.9 billion euros ($7 billion) in the first half of 2021, compared with a loss 813 million euros during the same period a year earlier, which was impacted by the coronavirus restrictions around the globe. Shipments rose 44% to 3.2 million units, while revenues rose 46% to 75 billion euros. “We are very pleased with the speed with which the new team has begun to execute as one company, as Stellantis,Â’Â’ Chief Financial Officer Richard Palmer told reporters. Semiconductor shortages accounted for 200,000 units of production losses in the first quarter and 500,000 in the second quarter. Semiconductors are used more than ever before in new vehicles with electronic features such as Bluetooth connectivity and driver assist, navigation and hybrid electric systems. Stellantis achieved 1.3 billion euros in cost savings in the first half, mostly by sharing investments in new technologies and platforms, which Palmer said was a faster rate than initially forecast. It aims to achieve 80% of the targeted 5 billion in cost savings by 2024. “These synergies allow us to continue to invest in the electrification strategy, which we talk about every day,” Palmer said. Stellantis, which lags competitors in rolling out electric vehicles, plans to launch 21 fully electric or plug-in gas electric hybrid vehicles over the next two years. North American posted record profitability on global sales of Ram trucks and the strong launch of the Jeep Wrangler 4xe, which was the best-selling plug-in gas electric vehicle in the United States in the second quarter. Stellantis was the market leader in South America and second in Europe. The results were presented on a pro-forma basis, taking into account the performance of each of the carmakers as separate entities during 2020. Related video: 2021 Jeep Wrangler Rubicon 392 Inside and Out