No, it's a stopgap. They have to be seen to do something to counter all the bad press. You can be sure they'll be looking at a more definitive and more robust solution in the longer term but in the shorter term they need to be able to say 'this particular hole was plugged'. That's just damage control on their part, nothing more or less.
The problem is that a fix for this particular problem doesn't actually make anyone secure, it only blocks the one specific attack the hacker told them about. (Hopefully the hackers kept another bug in reserve so they can trigger another recall/patch cycle as soon as this is over.)
We need to communicate that this isn't a decent half-measure, this is specifically a worthless measure intended to keep vulnerable cars on the street where they can kill people because a real fix is seen as being too expensive.
> The problem is that a fix for this particular problem doesn't actually make anyone secure, it only blocks the one specific attack the hacker told them about.
You are absolutely correct. Unfortunately, so is "jacquesm":
> > They have to be seen to do something to counter all the bad press.
To me, Fiat Chrysler is doing classic PR damage control that the automotive industry knows far too well. It wouldn't surprise me to find out that Fiat Chrysler has threat analysis reports regarding this and other vulnerabilities within their organization.
Sadly, this is not uncommon in the automotive industry[1]:
GM has been heavily critiqued after the
company admitted that engineers were aware of
the issues that caused this recall as early as
2004. Yet it took nearly 10 years later for GM
to finally issue a recall ...
