UConnect firmware vulnerabiltiy - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > 2014+ Jeep Grand Cherokee Ecodiesel 3.0

Reply
 
Thread Tools Display Modes
 
  #1  
Old 07-21-2015, 02:39 PM
netboy's Avatar
Premium Member
My Jeep: 2014 3.0L WK2
 
Join Date: Aug 2013
Location: CT
Posts: 401
Thanks: 47
Thanked 91 Times in 55 Posts
Rep Power: 581905
netboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond repute
UConnect firmware vulnerabiltiy

Please forgive me for posting in the wrong forum but this is a major security threat and I wanted to make sure my EcoDiesel friends here are aware of it.

The Uconnect firmware in all 2014-2015 models has a security vulnerability that allows a hacker to break into UConnect over the car's Sprint data link (over the Internet). The Uconnect compromise allows the hacker to control the vehicle's CAN bus which is a complete control over the car.

Chrysler released an urgent RRT #13-071 to plug the issue. You do not need to wait for the dealer to implement it and can download it yourself (this is a UConnect update) at Uconnect® Software Update.

You can read more about it in "wired" magazine at: Hackers Remotely Kill a Jeep on the Highway With Me in It. Premium members can view the thread about the new UConnect update in the UConnect section of the forum.

__________________
Summit 4x4 Turbo-Diesel, Black / Jeep Brown.
Reply With Quote
Sponsored Links
Advertisement
 
  #2  
Old 07-21-2015, 02:48 PM
bill_de's Avatar
Premium Member
My Jeep: 2017 5.7L WK2
 
Join Date: Sep 2012
Posts: 8,623
Thanks: 736
Thanked 1,074 Times in 835 Posts
Rep Power: 1806024
bill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

http://www.jeepgarage.org/f73/scary-...ked-89171.html

Hackers take control over Jeep Cherokee via uConnect

Hackers Remotely Kill a Jeep on the Highway Through Uconnect

Hackers Remotely Kill a Jeep!

Hackers take control over Jeep Cherokee via uConnect


That might cover it ... for now.


---
__________________
If you need a shoulder to cry on ...
... pull over to the side of the road!

Reply With Quote
  #3  
Old 07-21-2015, 02:48 PM
Diesel Dan's Avatar
Member
My Jeep: 2015 3.0L WK2
 
Join Date: May 2015
Location: Mi.
Posts: 151
Thanks: 6
Thanked 27 Times in 17 Posts
Rep Power: 15208
Diesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

Thanks, I will look into this.
__________________
'15 GC Limited, Diesel, Adventure 2, Luxury 2, CD, Block Heater, Blue/Black.
Reply With Quote
Sponsored Links
Advertisement
 
  #4  
Old 07-21-2015, 02:51 PM
losbot's Avatar
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Aug 2013
Location: Florida
Posts: 121
Thanks: 4
Thanked 7 Times in 7 Posts
Rep Power: 1491
losbot is on a distinguished road
Re: UConnect firmware vulnerabiltiy

I just happened to see that article and came here to see if anyone else had seen it.
Rather troubling.
__________________
---------------------------------------------------
2014 JGC Overland
V6 & Stebel Air Horn in True Blue / Vesuvio Blue/Brown. :thumbsup:

What pays for my Jeep: IT Manager / Network Engineer :cool:
Prev: '90 NSX, '96 3000GT VR4, '99 325i, '02 ES300, '06 328i, '08 X3, '11 528i
Reply With Quote
  #5  
Old 07-21-2015, 03:14 PM
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Sep 2014
Posts: 50
Thanks: 40
Thanked 14 Times in 7 Posts
Rep Power: 14404
Bluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

I just now downloaded and updated my Uconnect (2015 GC ED Limited).

Very easy to do.
Reply With Quote
  #6  
Old 07-21-2015, 03:50 PM
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Nov 2014
Location: Chicago
Posts: 127
Thanks: 24
Thanked 13 Times in 11 Posts
Rep Power: 1054
thrawn86 is on a distinguished road
Re: UConnect firmware vulnerabiltiy

I just had mine in the shop yesterday and they said they did the update....lo and behold it was still 14.47....flashing mine right now.
Reply With Quote
  #7  
Old 07-21-2015, 03:51 PM
Plik's Avatar
Member
 
Join Date: Aug 2014
Location: Houston, TX
Posts: 153
Thanks: 16
Thanked 32 Times in 21 Posts
Rep Power: 1165
Plik is on a distinguished road
Garage
Re: UConnect firmware vulnerabiltiy

Is there anyway to disable the sprint data link? I'd rather not have anyone able to control my vehicle remotely, that includes Chrysler.
__________________

2015 JGC Overland Diesel 4X4 + QDII + GDE Hot Tune
Reply With Quote
The Following User Says Thank You to Plik For This Useful Post:
  #8  
Old 07-21-2015, 04:09 PM
Member
My Jeep: 2014 3.0L WK2
 
Join Date: Aug 2014
Location: Western Wisconsin
Posts: 497
Thanks: 186
Thanked 38 Times in 31 Posts
Rep Power: 1530
chadg2 is on a distinguished road
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by Plik View Post
Is there anyway to disable the sprint data link? I'd rather not have anyone able to control my vehicle remotely, that includes Chrysler.
I second that....I would prefer to disable the Sprint data.
Reply With Quote
The Following User Says Thank You to chadg2 For This Useful Post:
  #9  
Old 07-21-2015, 05:26 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 4,105
Thanks: 74
Thanked 293 Times in 257 Posts
Rep Power: 46532
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy


North Koreans have taken control of your Jeep.
Reply With Quote
  #10  
Old 07-21-2015, 06:11 PM
Senior Member
 
Join Date: Sep 2013
Posts: 1,352
Thanks: 49
Thanked 176 Times in 139 Posts
Rep Power: 17551
Roadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond repute
The ideal solution would be to install a notch filter on the cell antenna, as was proposed in the other thread.

It's not like the services provided by uConnect are worthwhile, and the manufacturers admit they are using the telematics module to track you around (and they keep track of when you break the speed limit, etc).

All that really needs to be done is to install a notch filter inline on the antenna; one that blocks sprint frequencies. Other alternatives are likely to annoy the head unit, causing it to bitch about things being awry. However if you've blocked the sprint frequencies there's no way for the unit to tell you aren't simply in a dead zone.
Reply With Quote
The Following User Says Thank You to Roadkill For This Useful Post:
  #11  
Old 07-22-2015, 08:15 AM
jaje's Avatar
Member
 
Join Date: May 2014
Posts: 342
Thanks: 6
Thanked 69 Times in 48 Posts
Rep Power: 3690
jaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by netboy View Post
The Uconnect firmware in all 2014-2015 models has a security vulnerability that allows a hacker to break into UConnect over the car's Sprint data link (over the Internet). The Uconnect compromise allows the hacker to control the vehicle's CAN bus which is a complete control over the car.

Chrysler released an urgent RRT #13-071 to plug the issue. You do not need to wait for the dealer to implement it and can download it yourself (this is a UConnect update) at Uconnect® Software Update.
I tried to go to the software update website (have a 2014) but it gives me an error when I enter my VIN. Tried it with Internet Exploder browser.
__________________
'14 XV Crosstrek
#74 Exomotive Exocet NASA ST3 / E0
'14 WK2 EcoDiesel (replaces '07 WK CRD)
Reply With Quote
  #12  
Old 07-22-2015, 09:34 AM
Plik's Avatar
Member
 
Join Date: Aug 2014
Location: Houston, TX
Posts: 153
Thanks: 16
Thanked 32 Times in 21 Posts
Rep Power: 1165
Plik is on a distinguished road
Garage
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by Roadkill View Post
The ideal solution would be to install a notch filter on the cell antenna, as was proposed in the other thread.

It's not like the services provided by uConnect are worthwhile, and the manufacturers admit they are using the telematics module to track you around (and they keep track of when you break the speed limit, etc).

All that really needs to be done is to install a notch filter inline on the antenna; one that blocks sprint frequencies. Other alternatives are likely to annoy the head unit, causing it to bitch about things being awry. However if you've blocked the sprint frequencies there's no way for the unit to tell you aren't simply in a dead zone.
So when can we expect Dom to team up with some techies and release a notch filter sprint delete kit?
__________________

2015 JGC Overland Diesel 4X4 + QDII + GDE Hot Tune
Reply With Quote
The Following User Says Thank You to Plik For This Useful Post:
Reply

Tags
uconnect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Uconnect Firmware Thanandon Audio/Visual/Navigation 26 07-27-2015 11:33 AM
New Uconnect Firmware seedar Export Grand Cherokee 2011+ 2 08-20-2014 09:13 PM
REC NAV radio with uconnect latest firmware? jeepmanjim Grand Cherokee - WK 3 12-02-2013 01:51 AM
My uConnect 8.4AN with 13.28.2 Firmware rebooted on me mswlogo Grand Cherokee - WK2 - 12 09-18-2013 05:49 AM
430N RHB Firmware Update DieselvRR Audio/Visual/Navigation 20 10-05-2011 11:23 PM

» Premium Vendor Showcase
Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 06:19 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.