NHTSA Investigation: 2.8 Million Vehicles Could be Vulnerable to Software Hacks

NHTSA Investigation: 2.8 Million Vehicles Could be Vulnerable to Software Hacks
Image: Jeep
August 3, 2015

A software hack that famously took control of a Jeep Cherokee may affect more vehicles than just those sold by Fiat Chrysler.

An investigation by the National Highway Traffic Safety Administration (NHTSA) estimates that 2.8 million vehicles could be affected by a software security defect in infotainment systems made by Harman Kardon, double the number recently recalled by Fiat Chrysler.

According to NHTSA documents, the investigation will determine the nature and extent of similarities in other products provided to other carmakers. Depending on the results, the investigation will examine if there is a cause for concern and if other Harman Kardon products harbor similar security flaws.

Automotive News reports that the company also supplies products to BMW, Subaru, and Mercedes-Benz.

In late July Fiat Chrysler recalled 1.4 million vehicles spanning model years 2013 through 2015 equipped with Uconnect 8.4A and 8.4AN radios after a Wired reporter had his SUV taken over by a pair of hackers sitting at home, 10 miles away.

Wired reporter Andy Greenberg had this to say about his experience.

"Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun."

Hackers Charlie Miller and Chris Valasek have been sharing their research with Fiat Chrysler for almost a year, which allowed the company to come up with a fix to plug the security holes. Fiat Chrysler notified owners of the patch, but it wasn't until the article was published that the company issued a full on recall.

Senators Ed Markey (D-MA) previously contacted 20 automakers to gain more knowledge of their security practices. Of the 16 that responded, all confirmed that almost every current model of vehicle has some sort of wireless connection, but only seven hired independent security firms to ensure online safety. Markey and Senator Richard Blumenthal (D-CT) plan to introduce an automotive security bill to set new digital standards.