>>> US Close Dow-0.92% S&P-1.07% Nasdaq-1.12% Russell-1.52%

Closing Summary: Economic Growth and Valuation Concerns Clip Market

It can't be said that the week closed on a high note -- certainly not for the broader market anyway.  There were some individual standouts like Amazon.com (AMZN 530.50, +48.32), Visa (V 74.80, +3.05), Starbucks (SBUX 57.32, +0.76), and Juniper Networks (JNPR 27.54, +1.05), which impressed investors with their earnings results, yet there were far more losers on Friday than winners as economic slowdown concerns and valuation concerns got the better of market participants.

The slowdown concerns were rooted in a variety of factors:
  • The Flash PMI reading for China dropping to a 15-month low of 48.2 in July and signaling a contraction in manufacturing activity
  • Weaker than expected PMI readings out of Germany and France that pointed to a deceleration in growth momentum
  • The continued drop in crude futures ($48.13, -0.26), which traded further into bear market territory having fallen more than 20% from their June peak; and
  • The disappointing report on new home sales in the U.S., which declined 6.8% in June to 482,000 units (consensus 550,000)
The valuation concerns, meanwhile, revolved in large part around two factors:
  • Biogen Idec (BIIB 299.85, -85.20) cutting its FY15 revenue and EPS guidance, which unleashed a wave of selling interest in that stock and peer companies in the highflying biotech group; and
  • The weak economic data, which raised questions about future earnings prospects
The early strength in Amazon.com helped the market stand its ground for a bit, yet selling interest picked up steadily after the New Home Sales report at 10:00 a.m. ET.  For most of the day thereafter, the major indices logged a progression of new lows before the steady selling activity subsided entering the final hour of trading.

There was some chatter that a proposal by Democratic presidential candidate Hillary Clinton to raise the short-term capital gains tax on top-bracket payers was responsible for today's negative price action.

While such a headline might have contributed to the negative sentiment that was already in place in the wake of Biogen's warning and the disappointing economic data, it would be overstating things to list that proposal as the cause of today's weakness.  That's because Mrs. Clinton hasn't even been elected president, let alone won her party's nomination.  Moreover, passage of such a proposal is no sure thing if there is a Republican-controlled Congress on the other side of the 2016 presidential election.

The worst-performing areas of the day were a manifestation of the two bigger issues noted above.  To that end, the health care sector (-2.5%) topped the list of losers as the weight of losses in the biotech space, evidenced by a 4.0% drop in the iShares Nasdaq Biotechnology ETF (IBB 378.01, -15.74), weighed heavily.

In turn, the economic worries showed up in the underperformance of the materials (-2.2%), energy (-2.0%), and industrials (-1.3%) sectors, as well as the front end of the Treasury yield curve, which is most sensitive to rate hike expectations.

Longer-dated maturities were little changed, but the 2-yr note saw its yield drop two basis points to 0.68%.

Elsewhere, gold futures settled down 0.8% at $1085.60/troy ounce, but ran back to $1100/troy ounce in extended action on short-covering interest before losing momentum.

NYSE volume was on the light side today at just 645 million shares.  The lopsided nature of today's trade was seen in the A/D line, which favored decliners by a better than 2-to-1 margin at the NYSE and a 3-to-1 margin at the Nasdaq.

The earnings results will continue pour in next week, but economic data and the Federal Reserve will also be in the limelight with the Federal Open Market Committee policy decision on Wednesday and the advance estimate for Q2 GDP on Thursday.

(BN) Allergan Said to Be Exploring Breaking Up Into 2 Businesses



Allergan Said to Be Exploring Breaking Up Into 2 Businesses
2015-07-24 22:23:11.725 GMT


By Jeffrey McCracken, Ruth David and Ed Hammond
(Bloomberg) -- Allergan Plc, the $121 billion
pharmaceutical company created through a merger with Actavis
Plc, is exploring a breakup of the company, people with
knowledge of the matter said.
Allergan is leaning toward keeping the branded-drugs
business and spinning off or selling parts or all of the
generics business, said the people, who asked not to be
identified because the information is private. The maker of the
blockbuster wrinkle-treatment Botox is working with advisers on
a possible plan, the people said.
The generics drug and distribution businesses make up about
a third of the company’s total revenue, and had sales of $8.43
billion last year. That’s more than Mylan NV, which has a market
value of $32.3 billion.
The discussions are ongoing and there is no certainty
Allergan will decide to break up the company. It’s unclear if
Allergan has identified a potential buyer for the generics part
of its business.
A spokesman for Allergan declined to comment. The company
is based in Dublin, with operating headquarters in Parsippany,
New Jersey.
Actavis Plc agreed to buy Allergan Inc. for $66 billion in
November 2014, after spending months locked in bitter conflict
with Valeant Pharmaceuticals International Inc., a rival
drugmaker that had started a hostile takeover effort that year.
The deal was completed in March.
Last month, Actavis rebranded the combined company
Allergan. The combination created a health-care giant, with
projected annual sales of more than $20 billion this year.
Actavis, which already had brand-name drugs such as
enlarged-prostrate treatment Rapaflo, acquired Allergan to
bolster the business and further reduce its dependence on its
generic division.

For Related News and Information:
Worried About Wrinkles, Guys? Allergan Bets You’ll Want ‘Brotox’
Allergan to Buy Kythera Biopharmaceuticals for $2.1 Billion
Top Stories:TOP<GO>

--With assistance from Drew Armstrong and Cynthia Koons in New
York.

To contact the reporters on this story:
Jeffrey McCracken in New York at +1-212-617-8517 or
jmccracken3@bloomberg.net;
Ruth David in London at +44-20-3525-8095 or
rdavid9@bloomberg.net;
Ed Hammond in New York at +1-212-617-1963 or
ehammond12@bloomberg.net
To contact the editors responsible for this story:
Aaron Kirchfeld at +44-20-3525-8830 or
akirchfeld@bloomberg.net
Elizabeth Wollman, Crayton Harrison

WSJ : Clinton to Propose Rise in Capital Gains Taxes on Short-Term Investments

Clinton to Propose Rise in Capital Gains Taxes on Short-Term Investments
The presidential candidate will argue in a Friday speech that a focus on short-term results is undercutting longer-term economic growth

Hillary Clinton will propose a sharp increase in the capital-gains tax rate for the highest earners for investments held only a few years, a campaign official said Friday.

Under the Clinton plan, investments held between one and two years would be taxed at the normal income-tax rate of 39.6%, nearly double the existing 20% capital gains rate. Neither figure counts an extra 3.8% tax on net investment income included as part of the health-care law, a campaign official said.

The campaign isn't proposing any changes to the capital-gains rate for lower-income taxpayers.

The rate for top-bracket taxpayers would be set on a sliding scale, with the lowest rate applied to investments held the longest. To qualify for the existing 20% rate, one would have to hold an investment for at least six years.

Mrs. Clinton will lay out the plan in a speech Friday in New York City, where she plans to spotlight what she sees as unhealthy corporate efforts to boost stock prices. She will argue that a focus on short-term results is undercutting longer-term economic growth and hurting American workers.

The campaign said she would also call for greater disclosure of stock buybacks by companies, saying that while they may give a quick lift to stock prices, they often come at the expense of research and development spending. She will also call for a review of securities rules related to shareholder activism and rules governing tax treatment of executive compensation.

The capital-gains tax changes are the centerpiece of her proposal.

Under existing law, investments held for less than a year are already taxed at normal income-tax rates, and that wouldn't change under the Clinton plan.

But her plan would affect taxes for the top-tier taxpayers who hold investments for anywhere between two and six years. For instance, investments held for two to three years would be taxed at 36%;, those held three to four years would face a tax of 32%. The sliding scale ends at six years.

Her campaign labeled the short-term focus “the tyranny of today’s earnings report” in its preview of the speech. The change in the capital-gains tax rates are meant to focus investors and corporations for the long term.

“Clinton will acknowledge that these changes to the tax code alone will not shift investors’ focus from short-term to long-term overnight,” the campaign said in previewing the speech. “But she believes this reform is a strong first step toward removing some of the incentives pushing us toward short-termism, and aligning investment toward long-term value.”

Some economists and many Republicans argue there is little the government can do to change corporate behavior. Republican presidential contenders by and large want to go in the opposite direction by eliminating taxes on investment income or at least reducing them.

Campaigning in Greenville, S.C., on Thursday, Mrs. Clinton was asked how she thought her ideas on corporate America will be received. She declined to speculate but said: “I’m proposing policies that will make our economy stronger, that will promote both strong growth and fair growth but will do so with a longer-term perspective. That’s what I think is best for the country. I think it’s also best for business whether they agree with it or not.”

Her speech Friday is meant to explain how short-term outlooks helped produce near-record high profits but stagnant wages. The campaign cited studies showing that companies that increase spending on stock buybacks, sometimes in an effort to boost the share price, also cut spending on things such as new plants and equipment.

Mrs. Clinton plans to extol both the virtues and risks of shareholder activism, but it was unclear if her speech would ask for anything beyond a review of securities rules. The campaign said shareholder activists can often push a company to improve its operations, but can also pressure management to embrace measures that boost short-term stock performance at the expense of long-term growth.

On stock buybacks, the campaign noted that some countries require daily disclosures, whereas the U.S. mandates it only on a quarterly basis. She will call for greater disclosure in the U.S.

*FCA RECALLS ABOUT 1.4M VEHICLES FOR HACKING DEFENSE

*FCA RECALLS ABOUT 1.4M VEHICLES FOR HACKING DEFENSE

From: LAURENT CHEKROUN (MAKOR SECURITIES LO) At: Jul 23 2015 10:48:00
Subject: Fwd:(Wired) Hackers Remotely Kill a Jeep on the Highway--> More Security needed
--> More upside for Security software ...FTNT, CHKP,...

(Wired) Hackers Remotely Kill a Jeep on the Highway—With Me in It Link : http://wrd.cm/1OnSAOc


I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.
The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, “no matter what happens, don’t panic.”

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

“You’re doomed!” Valasek shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller’s advice: I didn’t panic. I did, however, drop any semblance of bravery, grab my iPhone with a clammy fist, and beg the hackers to make it stop.

Wireless Carjackers
This wasn’t the first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it really changes your whole view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker’s PC had been wired into the vehicles’ onboard diagnostic port, a feature that normally gives repair technicians access to information about the car’s electronically controlled systems.

A mere two years later, that carjacking has gone wireless. Miller and Valasek plan to publish a portion of their exploit on the Internet, timed to a talk they’re giving at the Black Hat security conference in Las Vegas next month. It’s the latest in a series of revelations from the two hackers that have spooked the automotive industry and even helped to inspire legislation; WIRED has learned that senators Ed Markey and Richard Blumenthal plan to introduce an automotive security bill today to set new digital security standards for cars and trucks, first sparked when Markey took note of Miller and Valasek’s work in 2013.

As an auto-hacking antidote, the bill couldn’t be timelier. The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment.

Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.

From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They’ve only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to try remotely hacking into other makes and models of cars.

After the researchers reveal the details of their work in Vegas, only two things will prevent their tool from enabling a wave of attacks on Jeeps around the world. First, they plan to leave out the part of the attack that rewrites the chip’s firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.

Second, Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch ahead of the Black Hat conference. On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler’s website that didn’t offer any details or acknowledge Miller and Valasek’s research. “[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions,” reads a statement a Chrysler spokesperson sent to WIRED. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”

Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. (Download the update here.) That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.

Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

The two researchers say that even if their code makes it easier for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it allows their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles’ digital security. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren’t the first to hack a car over the Internet. In 2011 a team of researchers from the University of Washington and the University of California at San Diego showed that they could wirelessly disable the locks and brakes on a sedan. But those academics took a more discreet approach, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

Miller and Valasek represent the second act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in 2011 now face the possibility of a public dump of their vehicles’ security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the 2011 study. Earlier this month, in fact, Range Rover issued a recall to fix a software security flaw that could be used to unlock vehicles’ doors. “Imagine going up against a class-action lawyer after Anonymous decides it would be fun to brick all the Jeep Cherokees in California,” Savage says.

For the auto industry and its watchdogs, in other words, Miller and Valasek’s release may be the last warning before they see a full-blown zero-day attack. “The regulators and the industry can no longer count on the idea that exploit code won’t be in the wild,” Savage says. “They’ve been thinking it wasn’t an imminent danger you needed to deal with. That implicit assumption is now dead.”

Sitting on a leather couch in Miller’s living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

Uconnect computers are linked to the Internet by Sprint’s cellular network, and only other Sprint devices can talk to them. So Miller has a cheap Kyocera Android phone connected to his battered MacBook. He’s using the burner phone as a Wi-Fi hot spot, scouring for targets using its thin 3G bandwidth.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, appears on the laptop screen. It’s a Dodge Ram. Miller plugs its GPS coordinates into Google Maps to reveal that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to appear on his screen is a Jeep Cherokee driving around a highway cloverleaf between San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Seeing the actual, mapped locations of these unwitting strangers’ vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, confining its range to a few dozen yards. When they discovered the Uconnect’s cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn’t the limit. “When I saw we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fnck, that’s a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington study to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, though, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “robust and secure” against wireless attacks. “We didn’t have the impact with the manufacturers that we wanted,” Miller says. To get their attention, they’d need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles’ technical manuals and wiring diagrams. Using those specs, they rated 24 cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers: How many and what types of radios connected the vehicle’s systems to the Internet; whether the Internet-connected computers were properly isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital commands could trigger physical actions like turning the wheel or activating brakes.

Based on that study, they rated Jeep Cherokee the most hackable model. Cadillac’s Escalade and Infiniti’s Q50 didn’t fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [new] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a new Escalade since Miller and Valasek’s last study, but that cybersecurity is “an emerging area in which we are devoting more resources and tools,” including the recent hire of a chief product cybersecurity officer.

After Miller and Valasek decided to focus on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn’t until June that Valasek issued a command from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller’s St. Louis driveway.

Since then, Miller has scanned Sprint’s network multiple times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.

Pinpointing a vehicle belonging to a specific person isn’t easy. Miller and Valasek’s scans reveal random VINs, IP addresses, and GPS coordinates. Finding a particular victim’s vehicle out of thousands is unlikely through the slow and random probing of one Sprint-enabled phone. But enough phones scanning together, Miller says, could allow an individual to be found and targeted. Worse, he suggests, a skilled hacker could take over a group of Uconnect head units and use them to perform more scans—as with any collection of hijacked computers—worming from one dashboard to the next over Sprint’s network. The result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.

“For all the critics in 2013 who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking
Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to reveal new legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set new security standards and create a privacy and security rating system for consumers. “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose between being connected and being protected…We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their 2013 Darpa-funded research and hacking demo, he sent a letter to 20 automakers, asking them to answer a series of questions about their security practices. The answers, released in February, show what Markey describes as “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the 16 automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn’t reveal the automakers’ individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles’ digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital commands.

UCSD’s Savage says the lesson of Miller and Valasek’s research isn’t that Jeeps or any other vehicle are particularly vulnerable, but that practically any modern vehicle could be vulnerable. “I don’t think there are qualitative differences in security between vehicles today,” he says. “The Europeans are a little bit ahead. The Japanese are a little bit behind. But broadly writ, this is something everyone’s still getting their hands around.”

Aside from wireless hacks used by thieves to open car doors, only one malicious car-hacking attack has been documented: In 2010 a disgruntled employee in Austin, Texas, used a remote shutdown system meant for enforcing timely car payments to brick more than 100 vehicles. But the opportunities for real-world car hacking have only grown, as automakers add wireless connections to vehicles’ internal networks. Uconnect is just one of a dozen telematics systems, including GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.

In fact, automakers are thinking about their digital security more than ever before, says Josh Corman, the cofounder of I Am the Cavalry, a security industry organization devoted to protecting future Internet-of-things targets like automobiles and medical devices. Thanks to Markey’s letter, and another set of questions sent to automakers by the House Energy and Commerce Committee in May, Corman says, Detroit has known for months that car security regulations are coming.

But Corman cautions that the same automakers have been more focused on competing with each other to install new Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They’re getting worse faster than they’re getting better,” he says. “If it takes a year to introduce a new hackable feature, then it takes them four to five years to protect it.”

Corman’s group has been visiting auto industry events to push five recommendations: safer design to reduce attack points, third-party testing, internal monitoring systems, segmented architecture to limit the damage from any successful penetration, and the same Internet-enabled security software updates that PCs now receive. The last of those in particular is already catching on; Ford announced a switch to over-the-air updates in March, and BMW used wireless updates to patch a hackable security flaw in door locks in January.

Corman says carmakers need to befriend hackers who expose flaws, rather than fear or antagonize them—just as companies like Microsoft have evolved from threatening hackers with lawsuits to inviting them to security conferences and paying them “bug bounties” for disclosing security vulnerabilities. For tech companies, Corman says, “that enlightenment took 15 to 20 years.” The auto industry can’t afford to take that long. “Given that my car can hurt me and my family,” he says, “I want to see that enlightenment happen in three to five years, especially since the consequences for failure are flesh and blood.”

As I drove the Jeep back toward Miller’s house from downtown St. Louis, however, the notion of car hacking hardly seemed like a threat that will wait three to five years to emerge. In fact, it seemed more like a matter of seconds; I felt the vehicle’s vulnerability, the nagging possibility that Miller and Valasek could cut the puppet’s strings again at any time.

The hackers holding the scissors agree. “We shut down your engine—a big rig was honking up on you because of something we did on our couch,” Miller says, as if I needed the reminder. “This is what everyone who thinks about car security has worried about for years. This is a reality.”

1Correction 10:45 7/21/2015: An earlier version of the story stated that the hacking demonstration took place on Interstate 40, when in fact it was Route 40, which coincides in St. Louis with Interstate 64.

WSJ : France’s Renault in Talks to Buy Stake, Plants From Iranian Joint Venture

France’s Renault in Talks to Buy Stake, Plants From Iranian Joint Venture Partner
Move comes as signing of nuclear accord with world powers spells end to sanctions

VIENNA—French car maker Renault SA is in talks to buy a minority stake or manufacturing plants from its Iranian joint venture partner, according to an executive at the Iranian firm.

Naser Aghamohammadi, managing director of Renault’s state-controlled partner Pars Khodro, said the French firm is “in discussions” to buy less than half of the shares in his company

A spokeswoman for Renault declined to comment. People familiar with the matter have previously said that Renault executives considered investing in Pars Khodro should the West lift sanctions.

Renault is also in talks to buy infrastructure such as car plants owned by Pars Khodro’s parent company Saipa Group, Mr. Aghamohammadi said. Pars Khodro assembles Renault models in its body shop in Southern Tehran, using kits of spare parts delivered by the French manufacturer.

Western corporations have been fast off the mark in an attempt to expand or gain entry into the country following the July 14 signing of a nuclear accord between Iran and world powers. The agreement spells an end to Western European and U.S. economic sanctions against the Middle Eastern country in exchange for curbs to Iran’s ability to build a nuclear weapon.

Mr. Aghamohammadi was speaking at a Vienna conference promoting trade between the European Union and Iran—the first event of its kind since the nuclear deal was clinched.

Leading the charge into Iran are France’s two largest car makers—Renault and PSA Peugeot Citroën—among the most aggressive and active western companies salivating at the market potential of the country’s 80 million inhabitants. The two were among the top foreign car brands in the country before the sanctions.

Peugeot officially pulled out of Iran in 2012, while Renault maintained its joint venture partnership but had to drastically reduce its production as it was unable to import the parts it required due to the economic blockade.

Mr. Aghamohammadi didn’t disclose the potential value of the transaction. Renault has €513 million ($562.5 million) stuck in Iranian bank accounts due to sanctions.

Before the sanctions, Iran had a thriving auto industry, producing a high of 1.6 million cars and commercial vehicles in 2011. However, the economic blockade reduced production to about 744,000 by 2013.

Renault and Peugeot have long been anticipating an end to the sanctions, according to people familiar with the matter, quietly negotiating with local partners in the month

>>> US Gapping down

Gapping down

In reaction to disappointing earnings/guidance: TRUE -33.5% (also downgraded to Neutral from Buy at Goldman; downgraded to Neutral from Overweight at JP Morgan, downgraded to Sector Perform at RBC Capital Mkts;), SPNC -21.5%, ABGB -13.6%, BIIB -11.7%, TRIP -6.8%, PMCS -6.7%, COF -6.1% (also downgraded to Market Perform from Outperform at Wells Fargo, downgraded to Neutral at Goldman), ALGN -5.8%, CTCT -5.2% (also downgraded to Perform at Oppenheimer , downgraded to Neutral at Robert W. Baird), GIMO -3.8%, ATHN -2.1%, XRX -1.9%, ABAX -0.8%.

Metals/mining related names trading lower: HMY -6.4%, AU -4.6%, GG -3.5%, IAG -3.1%, EGO -1.8%, ABX -0.8%.

Other news: SNSS -64% ( reports regulatory updates from its interactions with the EMA and US FDA; was informed that the Agency did not support a filing and encouraged the company to provide additional clinical evidence to support a future NDA submission; downgraded to Market Perform at Cowen, downgraded to Sell at ROTH Capital), CSII -10.6% (SPNC sympathy), AAVL-5% (announces the resignation of CEO Thomas Chalberg, effective July 23, 2015; appoints SVP of Business Operations, Hans Hull as Interim CEO), ITEK -3.8% (following yesterday's ~200% move higher), QSII -2.4% (following yesterday's ~20% move lower), EXEL -2.2% (priced its upsized underwritten public offering of 25 mln shares of common stock at $5.40/share), UTX-0.5% (disclosed that it will continue to be the subject of one or more US Government investigations).

>>> Johnson Controls beats by $0.01, reports revs in-line; JCI to pursue tax-fre

Johnson Controls beats by $0.01, reports revs in-line; JCI to pursue tax-free spin-off of Automotive Experience business

Reports Q3 (Jun) earnings of $0.91 per share, $0.01 better than the Capital IQ Consensus Estimate of $0.90; revenues fell 2.3% year/year to $9.61 bln vs the $9.67 bln consensus.
  • Johnson Controls also announced that it plans to pursue a tax-free spin-off of its Automotive Experience business. Following the separation, which is expected to close in approximately 12 months, the Automotive Experience business will operate as an independent, publicly traded company. Once the transaction is completed, Bruce McDonald, Johnson Controls vice chairman and executive vice president, will serve as the chairman and CEO of the new company. Beda Bolzenius will serve as president and chief operating officer. As part of the spin-off preparation, Johnson Controls is initiating a comprehensive cost savings program.

>>> US Gapping up

In reaction to strong earnings/guidance: AMZN +20.1% (also upgraded by several analysts), NTGR +13%, (light volume), MKTO +14%, P +10.2%, LOGM +9.9%, QLIK +9.6%, JNPR +9.5%, MITK +7.8%, IG +6.2%, PFPT +5.6%, MXIM +5.4% (also upgraded to Buy from Hold at Evercore ISI ; upgraded to Buy from Neutral at BofA/Merrill), TRN +5.1%, SBUX +5%,(also authorizes the repurchase of an additional 50 million shares of its common stock under its ongoing share repurchase program; Starbucks and PepsiCo entered into agreement for the marketing and sale of SBUX ready-to-drink coffee in Latin America), STS +4.9% (thinly traded), V +4.5% (also Visa believes there is compelling logic for both Visa Inc. and Visa Europe to consummate a business combination), BYD +4%, BLDR +3.9% (light volume), HWAY +3.1%, N +3.1%, LEA +3%, VOD +2.8%, AAL +2.1%, T +2%, SYK +1.8% (light volume), SWKS +1.8%, VFC +1.8% (light volume), ABBV +1.7%, FLEX +1%, RT +0.8%, (light volume), ACTG +0.6%, SAVE +0.5%.

M&A news: SFG +37.5% (StanCorp Fin to be acquired by Meiji Yasuda Life Insurance for $115/share in a $5 bln deal), NOK +2.1% (Nokia receives approval from the European Commission for its pending acquisition of Alcatel-Lucent), DTV +1.7% (FCC releases statement of commissioner Michael O'Rielly on the AT&T (T)/DTV merger application; says ‘process should not have taken this long'), BEE +1.1% (following late move higher on M&A related speculation - Bloomberg indicated co hired advisor to explore sale).

Other news: AMDA +64.8% (signs an original equipment manufacturer letter of intent supply agreement, with a leading orthopedic device design and manufacturing company), ACRX +16.5% (Zalviso (sufentanil), received a positive opinion from the Committee for the treatment of post-operative pain. Hybrid applications rely in part on the results of studies carried out with a reference product and in part on new data), FXCM +5.8% (still checking), UCTT +4.9% (following yesterday's ~30% move higher), JD +3.5% (Nasdaq announced that JD.com (JD) will become a component of the NASDAQ-100 Index and the NASDAQ-100 Equal Weighted Index prior to market open on July 29, 2015), ALU +3.1% (Nokia receives approval from the European Commission for its pending acquisition of Alcatel-Lucent), MA +3% (V sympathy), QRVO +2.7% (following SWKS results), REGN +1.4% (Regeneron Pharms and Sanofi (SNY) receive a positive opinion for the marketing authorization of Praluent, recommending its approval for use in certain adult patients with hypercholesterolemia from the EMA), DEO +1.3% (following late sell-off on potential SEC distribution inquiry), NFLX +1.3% (European pay TV deals under scrutiny), AVGO +0.8% (following SWKS results), TWTR +0.6% (announced plans to introduce event based ad targeting), QCOM +0.4% (Reuters discusses comments from analysts that Intel (INTC) might be a possible suitor for QCOM chip unit), NUE +0.3% (favorable commentary on Thursday's Mad Money).

Analyst comments: BCC +4.3% (upgraded to Buy from Neutral at DA Davidson), SCTY +2.1% (upgraded to Outperform at Robert W. Baird), GOLD +1.4% (upgraded to Buy at Citigroup), UA +1.1% (upgraded to Sector Weight from Underweight at KeyBanc Capital Mkts), UN +1.1% (upgraded to Buy at Canaccord Genuity), UAL +0.9% (upgraded to Buy at Deutsche Bank), DIS +0.5% (upgraded to Buy at Topeka), GM +0.3% (upgraded to Neutral from Underperform at Credit Suisse; also mentioned positively at Citigroup -- discusses several reasons to buy)