Software security vulnerability

In a Part 573 safety recall report, Fiat Chrysler Automobiles (FCA) notified the NHTSA on July 23, 2015, of certain software security vulnerabilities in approximately 1.4 million model year (MY) 2013 through 2015 vehicles equipped with Uconnect Access head units 8.4A (RA3 radio) and 8.4AN (RA4 radio) manufactured by Harman International (Recalls 15V-461 and 15V-508). According to FCA, software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems. Unauthorized manipulation of vehicle control systems could reduce the driver's control of the vehicle, increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other highway users. On July 29, 2015, the Office of Defects Investigation (ODI) opened Equipment Query, EQ 15-005, to determine the existance, nature and extent of similar security concerns in other head unit (HU) products installed in motor vehicles. On August 12, 2015, the Recall Management Division (RMD) issued an information request (IR) letter to Harman International requesting information pertaining to infotainment HUs provided to other vehicle manufacturers that share, or may share, similar wireless connectivity and to remind Harman of their responsibilities under Federal Law as an equipment manufacturer. Harman International responded and identified all infotainment head units supplied to other vehicle manufacturers with built-in cellular access or short range wireless communication features. The information submitted indicated that Volkswagen Audi AG and Bentley infotainment HUs used similar versions of the same Uconnect operating system. According to Harman, vulnerabilities identified by FCA are not present in the HUs supplied to Audi AG and Bentley given the distinct hardware components and software architectures of these varying infotainment systems. HU products supplied to the Volkswagen group c