Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > Audio/Visual/Navigation

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #1  
Old 08-01-2014, 02:19 PM
Premium Member
My Jeep: 2014 WK2
 
Join Date: Apr 2014
Location: Coastal NJ
Posts: 169
Thanks: 10
Thanked 12 Times in 11 Posts
Rep Power: 2172
46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute
Nothing good can come of this

I wonder what Jeep systems could be compromised.

BadUSB: Big, bad USB security problems ahead | ZDNet
__________________

__________________
2014 Grand Cherokee Limited, Bright White, MDH 031503, V6, QTII, nav, sun roof, fold flat pass seat
Reply With Quote
The Following User Says Thank You to 46er For This Useful Post:
  #2  
Old 08-01-2014, 02:26 PM
Member
My Jeep: 2012 3.6L WK2
 
Join Date: Apr 2012
Location: AZ
Posts: 642
Thanks: 1
Thanked 10 Times in 7 Posts
Rep Power: 2766
eibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond reputeeibyer has a reputation beyond repute
Re: Nothing good can come of this

And there's this one... How hackers could slam on your car's brakes - Aug. 1, 2014
__________________

__________________
Reply With Quote
The Following User Says Thank You to eibyer For This Useful Post:
  #3  
Old 08-02-2014, 07:22 AM
1stJeepGC's Avatar
Premium Member
My Jeep: 2011 3.6L WK2
 
Join Date: Jul 2011
Location: NYC Area
Posts: 780
Thanks: 79
Thanked 64 Times in 59 Posts
Rep Power: 4956
1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute
Re: Nothing good can come of this

Greetings,

Here comes the virus and malware protection systems for the Jeep. Wonder what the subscriptions fees are going to be?

On a more serious note, as more and more of these cases seem to come to light, the Unconect software programmers and Jeep engineers should start thing about protecting the computers down the road and possible develop a system for the existing owners. It is quite obvious that the HU should not be used as a serial bus to feed data to other sensitive computers within the Jeep. The HU should not be allowed for bidirectional data either.

On the same note, the aftermarket HU also fall into this situation. The aftermarket harness are sending data along the bus.

More on the BadUBS will be talked about later this month at the Black Hat conference, in Las Vegas. This conference is about hacking.

Best for now.
__________________
Laredo X, Trail Rated, QTii, Sele-Terrian, Quadra Lift, Off-Road Adventure Package ii, Nokian Rotiva AT, Tow, AFE CAI, Custom Sound System ( HAT speakers, JLAudio , Pioneer , JBL MS-8 & RF 3.sixty.3 see the writeup for more details http://www.jeepgarage.org/f155/2011-...ver-79121.html )
Reply With Quote
  #4  
Old 08-02-2014, 08:56 AM
Member
 
Join Date: Aug 2013
Location: Middle America
Posts: 90
Thanks: 0
Thanked 5 Times in 4 Posts
Rep Power: 587
sterno is on a distinguished road
Re: Nothing good can come of this

I think this shouldn't be a big deal for in-car systems. A general-purpose computer needs to support random keyboards and network dongles you buy, and needs to be able to boot from external storage for OS recovery and installation. This is not true of most embedded systems, which typically have specific, known functions and configurations. They often only include support for devices they're required to run, like mass storage, hub, and whatever type of control panel is installed. Booting from anything other than the internal storage usually requires human intervention.

That's not to say that Chrysler's uconnect variants necessarily did their USB device support right, but there probably isn't any obstacle to having done it right.

I think the bigger problem is hooking things up to the internet and the internal control bus at the same time. But when I complain about not wanting to link my car to the outside world people seem to act like I'm some kind of backwards Luddite or paranoid nut.
__________________
Reply With Quote
  #5  
Old 08-02-2014, 09:12 AM
Premium Member
My Jeep: 2014 WK2
 
Join Date: Apr 2014
Location: Coastal NJ
Posts: 169
Thanks: 10
Thanked 12 Times in 11 Posts
Rep Power: 2172
46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute46er has a reputation beyond repute
Re: Nothing good can come of this

Quote:
Originally Posted by sterno View Post
I think this shouldn't be a big deal for in-car systems. A general-purpose computer needs to support random keyboards and network dongles you buy, and needs to be able to boot from external storage for OS recovery and installation. This is not true of most embedded systems, which typically have specific, known functions and configurations. They often only include support for devices they're required to run, like mass storage, hub, and whatever type of control panel is installed. Booting from anything other than the internal storage usually requires human intervention.

That's not to say that Chrysler's uconnect variants necessarily did their USB device support right, but there probably isn't any obstacle to having done it right.

I think the bigger problem is hooking things up to the internet and the internal control bus at the same time. But when I complain about not wanting to link my car to the outside world people seem to act like I'm some kind of backwards Luddite or paranoid nut.
You may be missing the point. From what I have read, it is not the internet or what the USB device is, but what is contained in its firmware that is the problem. For the Jeeps, that would be the USB memory stick you purchase for your music or UConnect updates. And we all know where virtually all USB devices are manufactured. Time will tell I guess.
__________________
2014 Grand Cherokee Limited, Bright White, MDH 031503, V6, QTII, nav, sun roof, fold flat pass seat
Reply With Quote
  #6  
Old 08-02-2014, 11:03 AM
Member
 
Join Date: Aug 2013
Location: Middle America
Posts: 90
Thanks: 0
Thanked 5 Times in 4 Posts
Rep Power: 587
sterno is on a distinguished road
Re: Nothing good can come of this

No, I'm not missing the point, I just know a little too much about how USB devices work. My complaint about the internet link is a different problem, which I think is more significant than the USB firmware issue for in-car systems.

When you plug common types of USB device in to your PC you don't have to install software to say it's a thumb drive, keyboard, mouse, etc. The device and the host talk to each other to figure out how they should work together, and the host will blindly trust that the device is whatever it claims to be. There are standards for common simple device types so anything that works with one of those standards will just automatically function. That's why a fancy multi-button mouse or multimedia keyboard will come with a driver CD to take advantage of the extra buttons, but will still let you type and click without installing anything.

If you can customize or overwrite the firmware in a USB thumb drive then you can make something that LOOKS like a thumb drive actually DO something else. Same thing if you can alter the firmware on the PC end so that it presents a device that doesn't really exist. Stand outside an office building handing out free "promotional" thumb drives that you've modified, and if you get lucky you could intercept internal network traffic (ie e-mail or files) or get control over a computer that handles trade secrets.

But that only happens because a typical desktop computer has the drivers to recognize everything and automatically tries to use it for your convenience. If you don't have the driver for that type of device it will ignore it or prompt you. Since embedded systems have specific, defined functionality and hardware they often have a very limited set of built-in drivers and no mechanism for user-installed drivers, so the problem is more manageable.

But again, that doesn't guarantee that any given system really did it right, or that the vendor will release a firmware update if it's not. It just means it probably can be done right without unreasonable difficulty or loss of functionality. Offhand, I think the biggest unfixable problem on an in-car system might be that you plug in your thumb drive with an update file and instead it presents a malicious update. Or maybe you plug in your music and instead you get rickrolled.
__________________
Reply With Quote
  #7  
Old 08-02-2014, 12:52 PM
1stJeepGC's Avatar
Premium Member
My Jeep: 2011 3.6L WK2
 
Join Date: Jul 2011
Location: NYC Area
Posts: 780
Thanks: 79
Thanked 64 Times in 59 Posts
Rep Power: 4956
1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute1stJeepGC has a reputation beyond repute
Re: Nothing good can come of this

Greetings,

I thought this would be interesting to watch again:

AppRadioWorld: See How Hackers Could Make Your Car Go Nuts! [Video]

Best for now.
__________________

__________________
Laredo X, Trail Rated, QTii, Sele-Terrian, Quadra Lift, Off-Road Adventure Package ii, Nokian Rotiva AT, Tow, AFE CAI, Custom Sound System ( HAT speakers, JLAudio , Pioneer , JBL MS-8 & RF 3.sixty.3 see the writeup for more details http://www.jeepgarage.org/f155/2011-...ver-79121.html )
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What are these 20" wheels good for...Absolutely Nothing AquaForester Suspension/Driveline/Brakes/Wheels/Tires 50 05-09-2014 09:14 AM
430N (RHB) gives me a blank, then white SCREEN OF DEATH!...nothing works! THEPRFCT10 Audio/Visual/Navigation 5 06-07-2011 09:53 AM
430N (RHB) gives me the blank, then white SCREEN OF DEATH!...nothing works! THEPRFCT10 Audio/Visual/Navigation 6 03-22-2011 11:35 AM
three visits to the dealership, nothing. Relwarc Audio, Video, Navigation & Electronic Modifications 11 12-12-2009 10:59 PM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 08:24 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by Chrysler Group LLC.