The repercussions from the hacking of a Jeep Cherokee continue to be the in the news. It has been reported that FCA knew about the software security problem 18 months in advance. HARMAN’s representative says that the software hacking glitch is limited to FCA vehicles and a class action lawsuit filed against HARMAN and FCA.
According to Bloomberg News, Fiat Chrysler Autos waited a year and a half to inform regulators of the security flaw that allowed hackers to take control of a Jeep. The company says that it was working on a fix and didn’t consider the problem a safety defect.
Documents Fiat Chrysler filed with NHTSA report that it didn’t consider the software issue, identified by a third party in January 2014, to be a safety defect. For the Motor Vehicle Safety Act, automakers must notify NHTSA within five days of discovering a flaw that presents an unreasonable risk to public safety.
HARMAN reports that only FCA infotainment units have the software flaw that allowed for the hack. Other vehicles with HARMAN systems do not have the vulnerability.
The Jeep hack used a loophole in the internal cellular network that exposed the vehicle’s control area network (CAN bus).
“This experimental hack is unique to Chrysler,” Dinesh Paliwal, CEO HARMAN, said in an interview Tuesday with Reuters, “This does not exist, to our assessment, in any other vehicle.”
NHTSA opened an investigation for HARMAN systems because software vulnerabilities may exist in other Harman Kardon products in other vehicle models.
Three Jeep owners filed a class action lawsuit against HARMAN and FCA for fraud, negligence, unjust enrichment and breach of warranty.
The lawsuit notes that hackers Miller and Valasek previously warned the company of the vulnerabilites of the vehicles.
“The [affected] Vehicles are defectively designed in that essential engine and safety functionality is connected to the unsecure Uconnect system through the CAN bus. Uconnect should be segregated from these other critical systems. There is no good reason for this current design. The risks associated with coupling these systems far outweigh any conceivable benefit.”
The attorneys seek an injunction against the two companies that would require Chrysler to recall the vehicles to address those architectural security claims.
“As long as the Uconnect system is physically connected to the vehicles’ CAN bus, the potential for vulnerability exists. The overarching defect is a design and system architecture problem in that non-secured systems are coupled with essential engine and safety controls. This is not a software issue.”
The complaint argues that the value of vehicles has been decreased, safety/lives are threatened. The suit will seek damages for Jeep, Chrsyler, RAM, Dodge owners.
Almost 80% of car owners and shoppers say car hacking will be a frequent problem within the next three years or less, according to an all-new survey by Kelley Blue Book.
However, most car owners don’t have to worry about their cars being hacked.