After hackers determined in July that they could take control of a Jeep Cherokee through its internet-connected entertainment system, Fiat Chrysler, the makers of the car, have sent out an update to the system via a USB stick sent through the mail. Security experts have criticized the car company’s fix as not being a viable panacea. “Now that they’re out there, letters like this will be easy to imitate,” said Pete Bassill, chief investigator of UK firm Hedgehog Security. “Attackers could send out fake USB sticks and go fishing for victims. It’s the equivalent of email users clicking a malicious link or opening a bad attachment. There should be a method for validating the authenticity of the USB stick to verify it has really come from Fiat Chrysler before it is plugged in.” Fiat Chrysler has yet to respond to the criticism against them.
Contributor: Katie Campbell