Chrysler was only automaker with cyber vulnerability, feds say

Getty Images

Fiat Chrysler cars were the only ones vulnerable to the cybersecurity defects that prompted the recall of 1.4 million vehicles, according to federal regulators.

The conclusion ends a five-month investigation into whether other automakers had also left their vehicles exposed to the same security shortcomings that allowed hackers to remotely hijack a Jeep last year.

ADVERTISEMENT
The National Highway Traffic Safety Administration (NHTSA) explained its findings in documents posted to its website over the weekend.

The Jeep hack in July demonstrated that researchers could take control of a car on the highway while stationed in a house 10 miles away. The two researchers manipulated the air-conditioning, toggled on the windshield wipers and then cut the car’s transmission. The bug was apparently in the vehicle's radio system.

The event, profiled in a Wired article, caused Chrysler’s recall and spurred the NHTSA to launch an investigation to see whether other automakers had received similarly defective parts from radio manufacturers.

The agency said that similar radios made by Harman International had been installed in cars made by Volkswagen, Audi and Bentley, but that those vehicles included security systems that would block hackers.

“Based on a thorough review of technical information supplied during the course of this investigation, there does not appear to be a reason to suspect that the infotainment head units Harman supplied to other vehicle manufacturers contain the vulnerabilities identified,” NHTSA said in the documents, first reported on by The Associated Press.

The Jeep hack briefly made auto cybersecurity a hot-button issue on Capitol Hill. Two days after it was revealed, Sens. Ed MarkeyEd MarkeyDems: Keep gun research ban out of spending bills Overnight Tech: Groups grade Clinton tech agenda | Facebook activates safety check in Istanbul | Another holdup for location data bill Overnight Cybersecurity: US sees drop in Chinese cyberattacks MORE (D-Mass.) and Richard BlumenthalRichard BlumenthalOvernight Tech: Groups grade Clinton tech agenda | Facebook activates safety check in Istanbul | Another holdup for location data bill Senate faces critical vote on Puerto Rico Reid backs House Puerto Rico bill MORE (D-Conn.) introduced the Spy Car Act, which would require the NTSA and Federal Trade Commission (FTC) to set automaker cybersecurity guidelines.  

Markey is one of several lawmakers who has been investigating the auto industry’s cybersecurity preparedness for over a year. Markey released his own report last February that described vehicles’ digital defenses as “inconsistent and haphazard.”

Security specialists have long agreed, warning that cars are being loaded up with digital devices with little heed for cybersecurity. Researchers have shown that a car can be hijacked by any number of increasingly common features — Wi-Fi, keyless locks and Bluetooth, for instance.

But the NHTSA report concluded that at least in the case of digital car radios, there is no widespread security shortcoming across the entire industry.