CERT mailing list archives
Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Mon, 27 Jul 2015 17:11:35 -0500
NCCIC / US-CERT National Cyber Awareness System: Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2015/07/27/Fiat-Chrysler-Automobiles-FCA-Uconnect-Vulnerability ] 07/27/2015 05:06 PM EDT Original release date: July 27, 2015 A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's cellular network, which connects FCA vehicles to the Internet. Sprint has blocked the port used for attacks. FCA and the National Highway Transportation Safety Administration (NHTSA) have also initiated a safety recall for all potentially affected Chrysler, Dodge, Jeep, and Ram models. See the NHTSA recall announcement [ http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf ] for a complete list. US-CERT recommends that users review ICS Alert 15-203-01 [ https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01 ] and Vulnerability Note VU#819439 [ http://www.kb.cert.org/vuls/id/819439 ] for more information. Uconnect users are encouraged to review the NHTSA recall announcement and apply the software update [ http://www.driveuconnect.com/software-update/ ]. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability US-CERT (Jul 27)