Many owners of software-faulted vehicles claim that these errors represent a decrease in their value
According to cybersecurity and ethical hacking specialists from the International Institute of Cyber Security, a collective lawsuit has been filed against Fiat Chrysler Automobiles (FCA). The plaintiffs claim that the company was aware of some cybersecurity gaps present in their cars, but did nothing to correct them. The company and plaintiffs are expected to go to trial in a few months.
In recent days, the U.S. Supreme Court rejected the company’s request for appeal against the lawsuit filed after a group of cybersecurity specialists revealed an investigation conducted in the year 2015, where they claimed they were able to take control of the systems of a Jeep vehicle thanks to a deficient coding work in the car’s entertainment software.
After this information was disclosed, the lawsuit went through the courts to the Supreme Court, alleging that the company was always aware of these security flaws, but was unable to correct them. On the other hand, the company claims that there is no reason to file this lawsuit, since no owner of the vehicles with these errors was directly affected.
The owners of the Jeep with defective software assure that they would have not acquired this car if having known the security risks in advance; in addition they affirm that the scandal has significantly affected the value of their Jeep when trying to resell it.
The company corrected its software after the security failures were revealed. Researchers Chris Valasek and Charkue Miller discovered that they were able to take remote control of the engine management systems on some car models by exploiting a critical vulnerability in the software known as UConnect, which allows owners to connect to the Internet while driving these cars.
The team of researchers conducted a demonstration in which a journalist specializing in technological issues was driving one of the affected vehicles, managing to take control of the car while the journalist was driving. When these findings were published, millions of potentially affected vehicle owners began questioning the company, which bordered Chrysler to take out of sale almost a million and a half cars to update the flawed software.
The lawsuit, filed against the Fiat-Chrysler U.S. subsidiary and the manufacturer of the UConnect software, is being analyzed by the judges of the Supreme Court. According to case reports, companies could be found responsible for not securing their products, even if there are no known cases of users directly affected by these flaws.
Sometime after the company corrected these bugs, the investigators found a new method of taking control of the vehicle, although it was not considered as serious because this new attack required physical access to the Jeep.
Since these vulnerabilities were revealed, the car company has consistently fallen into new scandals. For example, in September 2015 other 8k vehicles were removed from the market due to multiple security loopholes, and in May 2018 the sales of almost 5 million vehicles were interrupted to correct software errors.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.