The automotive world began featuring the technological underworld when Chrysler vehicles were hacked to prove that their UConnect system had a serious case of security flaws that could allow a hacker to take control of your vehicles transmission and brakes. Now, Chrysler is facing some criticism from the way they chose to handle the patching of the devices.
“Six weeks after hackers revealed vulnerabilities in a 2014 Jeep Cherokee that they could use to take over its transmission and brakes, Chrysler has pushed out its patch for that epic exploit,” reported Wired.
“Now it’s getting another round of criticism for what some are calling a sloppy method of distributing that patch: On more than a million USB drives mailed to drivers via the US Postal Service.”
Normally when automotive companies have recalls or mechanical issues to address they ask that the consumer bring the vehicle to a certified dealer to be handled professionally. In this case, some are saying that Chrysler dropped the ball on handling the security flaw patch. Some believe that Chrysler could be opening doors for hackers to think it’s okay to mail malware filled USB’s after such a well-known automotive company set the blueprint.
“Security pros have long warned computer users not to plug in USB sticks sent to them in the mail—just as they shouldn’t plug in thumb drives given to them by strangers or found in their company’s parking lot—for fear that they could be part of a mass malware mailing campaign,” according to Wired.Â
“Now Chrysler is asking consumers to do exactly that, potentially paving the way for a future attacker to spoof the USB mailers and trick users into installing malware on their cars or trucks.”
According to Chrysler, that scenario is strictly speculation. It might have been best to patch the vehicles at certified dealers rather than distribute them in the mail, especially for vehicle owners who might not be very technologically savvy. Yes, they still do exist.
Read the full story.