Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability

A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint’s cellular network, which connects FCA vehicles to the Internet. Sprint has blocked the port used for attacks. FCA and the National Highway Transportation Safety Administration (NHTSA) have also initiated a safety recall for all potentially affected Chrysler, Dodge, Jeep, and Ram models. See the NHTSA recall announcement for a complete list.

US-CERT recommends that users review ICS Alert 15-203-01 and Vulnerability Note VU#819439 for more information. Uconnect users are encouraged to review the NHTSA recall announcement and apply the software update.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s