Fiat Chrysler has started distributing a software patch for millions of vehicles, via a USB stick sent in the mail. The car firm has been criticised by security experts who say posting a USB stick is “not a good idea”.
Source: BBC News
Date: September 7th, 2015
This is an update to the Wiley Information Systems Updates blog post at: http://wp.me/p5Oa48-15F
1) The article says “This is not a good idea. Now they’re out there, letters like this will be easy to imitate” and “Attackers could send out fake USB sticks and go fishing for victims. It’s the equivalent of email users clicking a malicious link or opening a bad attachment.” How can a company like Fiat Chrysler, which has a global presence and presumably a well staffed IT department, decide that sending out a USB stick to affected customers is a good idea?
2) The article also criticizes Fiat Chrysler for sending the USB stick updates as “Hackers will be able to pull the data off the USB stick and reverse-engineer it. They’ll get an insight into how these cars receive their software updates and may even find new vulnerabilities they can exploit.” What are some of the ways Fiat Chrysler could have distributed this update without allowing hackers to see what was being done?