Many owners of software-faulted vehicles claim that these errors represent a decrease in their value
According to cybersecurity and ethical hacking
specialists from the International Institute of Cyber Security, a collective
lawsuit has been filed against Fiat Chrysler Automobiles (FCA). The plaintiffs
claim that the company was aware of some cybersecurity gaps present in their
cars, but did nothing to correct them. The company and plaintiffs are expected
to go to trial in a few months.
In recent days, the U.S. Supreme Court rejected
the company’s request for appeal against the lawsuit filed after a group of cybersecurity specialists revealed an investigation conducted in the year 2015, where
they claimed they were able to take control of the systems of a Jeep
vehicle thanks to a deficient coding work in the car’s entertainment software.
After this information was disclosed, the
lawsuit went through the courts to the Supreme Court, alleging that the company
was always aware of these security flaws, but was unable to correct them. On
the other hand, the company claims that there is no reason to file this lawsuit,
since no owner of the vehicles with these errors was directly affected.
The owners of the Jeep with defective software
assure that they would have not acquired this car if having known the security
risks in advance; in addition they affirm that the scandal has significantly
affected the value of their Jeep when trying to resell it.
The company corrected its software after the
security failures were revealed. Researchers Chris Valasek and Charkue Miller
discovered that they were able to take remote control of the engine management
systems on some car models by exploiting a critical vulnerability in the
software known as UConnect, which
allows owners to connect to the Internet while driving these cars.
The team of researchers conducted a
demonstration in which a journalist specializing in technological issues was
driving one of the affected vehicles, managing to take control of the car while
the journalist was driving. When these findings were published, millions of
potentially affected vehicle owners began questioning the company, which bordered
Chrysler to take out of sale almost a million and a half cars to update the
flawed software.
The lawsuit, filed against the Fiat-Chrysler
U.S. subsidiary and the manufacturer of the UConnect software, is being
analyzed by the judges of the Supreme Court. According to case reports,
companies could be found responsible for not securing their products, even if
there are no known cases of users directly affected by these flaws.
Sometime after the company corrected these bugs,
the investigators found a new method of taking control of the vehicle, although
it was not considered as serious because this new attack required physical
access to the Jeep.
Since these vulnerabilities were revealed, the
car company has consistently fallen into new scandals. For example, in
September 2015 other 8k vehicles were removed from the market due to multiple
security loopholes, and in May 2018 the sales of almost 5 million vehicles were
interrupted to correct software errors.
