Recent reports of a late-model Jeep Cherokee being hacked wirelessly by two researchers spread fear among American motorists and prompted a massive recall that affects 1.4 million cars. Harman, the company that manufactures the hacker-friendly Uconnect infotainment system, stresses that the other systems it provides to companies like Volvo, Mercedes-Benz parent company Daimler and BMW are secure and don’t suffer from the same vulnerabilities.
“We believe, based on our assessment with all other customers we supply our system to, that the Chrysler system is the only one exposed to this particular experimental hack. So it’s a unique situation,” affirmed company CEO Dinesh Paliwal during a conference call.
The executive acknowledged that hackers managed to take complete control of the Cherokee’s brakes, steering and engine by going into the infotainment system through the cell phone connection. “Once you get in, then you can mimic as if you are one of the authorized messengers, you start to send messages,” summed up Paliwal.
Harman says the Uconnect system that Charlie Miller and Chris Valasek hacked last month was designed about five years ago, and so it doesn’t boast the same safety features as the more modern systems that it provides to other automakers. To prevent future attacks, Fiat-Chrysler quickly designed a fix that it is sending to owners of affected cars on a USB drive.
The long list of vulnerable cars extends to 2013-2015 model year vehicles equipped with the 8.4-inch infotainment system. It includes the Dodge Viper, Durango, Challenger and Charger, several Ram pickups, Chrysler’s 200 and 300 and, of course, the Jeep Cherokee.
In spite of Harman’s attempt to reassure the auto industry, the National Highway Trafic Safety Administration (NHTSA) is taking a closer look at about 2.8 million cars, trucks and vans equipped with a Harman-designed infotainment system in order to ensure the issue exclusively affects Fiat-Chrysler products. The agency is worried that all of Harman’s infotainment systems could suffer from similar vulnerabilities, and it will summarize its findings in a report that will be published in the coming months.