Only Fiat Chrysler vehicles had flaw behind Jeep hack

U.S. safety regulators have determined that only Fiat Chrysler radios have a security flaw that allowed friendly hackers to take control of a Jeep last year.

National Highway Traffic Safety Administration says safety systems would block hack on other brands

Security researchers were able to change a Jeep Cherokee's speed and control the brakes, radio, windshield wipers and transmission through the Uconnect infotainment system in a demo last year. (Wired/YouTube)

U.S. safety regulators have determined that only Fiat Chrysler radios have a security flaw that allowed friendly hackers to take control of a Jeep last year.

The National Highway Traffic Safety Administration said in documents posted online Saturday that it's ending a five-month investigation into the vulnerabilities of automotive radios.

The agency also said last summer's recall of 1.4 million Jeep, Chrysler, Dodge and Ram vehicles closed the opening that allowed hackers to remotely take over a Jeep Cherokee.

The hack by security experts Charlie Miller and Chris Valasek touched off the investigation in July and raised fears that millions of cars and trucks could be vulnerable. They were able to change the Cherokee's speed and control the brakes, radio, windshield wipers and transmission through the Uconnect infotainment system.

The hackers informed Fiat Chrysler of their findings and detailed them at a cyber conference, triggering the investigation.

Volkswagen, Audi, Bentley safe

But the fear of widespread vulnerability to hackers appears to be unfounded. NHTSA investigators said in documents that similar radios made by Harman International went to Volkswagen, Audi and Bentley, but that those vehicles have safety systems that would stop hackers.

"Based on a thorough review of technical information supplied during the course of this investigation, there does not appear to be a reason to suspect that the infotainment head units Harman supplied to other vehicle manufacturers contain the vulnerabilities identified by FCA," NHTSA said in the documents.

In addition, the agency said Sprint, Fiat Chrysler's wireless provider, blocked access to a radio communications port that was unintentionally left open. The FCA recall also included software changes that thwarted hackers, the agency said.

"Third party security evaluation and regression testing identified vulnerabilities that were either remedied by Sprint or through updates to the FCA Uconnect software," the agency said.

NHTSA also checked 30 consumer complaints to the company and the agency but could not confirm that hackers caused any of the reported problems.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.