Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2015/07/27/Fiat-Chrysler-Automobiles-FCA-Uconnect-Vulnerability ] 
07/27/2015 05:06 PM EDT 
Original release date: July 27, 2015

A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may 
allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's 
cellular network, which connects FCA vehicles to the Internet. Sprint has blocked the port used for attacks. FCA and 
the National Highway Transportation Safety Administration (NHTSA) have also initiated a safety recall for all 
potentially affected Chrysler, Dodge, Jeep, and Ram models. See the NHTSA recall announcement [ 
http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf ] for a complete list.

US-CERT recommends that users review ICS Alert 15-203-01 [ https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01 ] 
and Vulnerability Note VU#819439 [ http://www.kb.cert.org/vuls/id/819439 ] for more information. Uconnect users are 
encouraged to review the NHTSA recall announcement and apply the software update [ 
http://www.driveuconnect.com/software-update/ ].

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]