UConnect firmware vulnerabiltiy - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > 2014+ Jeep Grand Cherokee Ecodiesel 3.0

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #1  
Old 07-21-2015, 03:39 PM
netboy's Avatar
Premium Member
My Jeep: 2014 3.0L WK2
 
Join Date: Aug 2013
Location: CT
Posts: 386
Thanks: 44
Thanked 86 Times in 52 Posts
Rep Power: 581714
netboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond repute
UConnect firmware vulnerabiltiy

Please forgive me for posting in the wrong forum but this is a major security threat and I wanted to make sure my EcoDiesel friends here are aware of it.

The Uconnect firmware in all 2014-2015 models has a security vulnerability that allows a hacker to break into UConnect over the car's Sprint data link (over the Internet). The Uconnect compromise allows the hacker to control the vehicle's CAN bus which is a complete control over the car.

Chrysler released an urgent RRT #13-071 to plug the issue. You do not need to wait for the dealer to implement it and can download it yourself (this is a UConnect update) at Uconnect® Software Update.

You can read more about it in "wired" magazine at: Hackers Remotely Kill a Jeep on the Highway With Me in It. Premium members can view the thread about the new UConnect update in the UConnect section of the forum.

__________________
Summit 4x4 Turbo-Diesel, Black / Jeep Brown.
Reply With Quote
Sponsored Links
Advertisement
 
  #2  
Old 07-21-2015, 03:48 PM
bill_de's Avatar
Premium Member
My Jeep: 2017 5.7L WK2
 
Join Date: Sep 2012
Posts: 8,240
Thanks: 673
Thanked 927 Times in 738 Posts
Rep Power: 1804906
bill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

http://www.jeepgarage.org/f73/scary-...ked-89171.html

Hackers take control over Jeep Cherokee via uConnect

Hackers Remotely Kill a Jeep on the Highway Through Uconnect

Hackers Remotely Kill a Jeep!

Hackers take control over Jeep Cherokee via uConnect


That might cover it ... for now.


---
__________________
If you need a shoulder to cry on ...
... pull over to the side of the road!

Reply With Quote
  #3  
Old 07-21-2015, 03:48 PM
Diesel Dan's Avatar
Member
My Jeep: 2015 3.0L WK2
 
Join Date: May 2015
Location: Mi.
Posts: 122
Thanks: 5
Thanked 27 Times in 17 Posts
Rep Power: 15004
Diesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

Thanks, I will look into this.
__________________
'15 GC Limited, Diesel, Adventure 2, Luxury 2, CD, Block Heater, Blue/Black.
Reply With Quote
  #4  
Old 07-21-2015, 03:51 PM
losbot's Avatar
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Aug 2013
Location: Florida
Posts: 121
Thanks: 4
Thanked 7 Times in 7 Posts
Rep Power: 1315
losbot is on a distinguished road
Re: UConnect firmware vulnerabiltiy

I just happened to see that article and came here to see if anyone else had seen it.
Rather troubling.
__________________
---------------------------------------------------
2014 JGC Overland
V6 & Stebel Air Horn in True Blue / Vesuvio Blue/Brown. :thumbsup:

What pays for my Jeep: IT Manager / Network Engineer :cool:
Prev: '90 NSX, '96 3000GT VR4, '99 325i, '02 ES300, '06 328i, '08 X3, '11 528i
Reply With Quote
  #5  
Old 07-21-2015, 04:14 PM
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Sep 2014
Posts: 44
Thanks: 35
Thanked 12 Times in 6 Posts
Rep Power: 14223
Bluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

I just now downloaded and updated my Uconnect (2015 GC ED Limited).

Very easy to do.
Reply With Quote
  #6  
Old 07-21-2015, 04:50 PM
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Nov 2014
Location: Chicago
Posts: 122
Thanks: 24
Thanked 13 Times in 11 Posts
Rep Power: 873
thrawn86 is on a distinguished road
Re: UConnect firmware vulnerabiltiy

I just had mine in the shop yesterday and they said they did the update....lo and behold it was still 14.47....flashing mine right now.
Reply With Quote
  #7  
Old 07-21-2015, 04:51 PM
Plik's Avatar
Member
 
Join Date: Aug 2014
Location: Houston, TX
Posts: 143
Thanks: 14
Thanked 25 Times in 19 Posts
Rep Power: 980
Plik is on a distinguished road
Garage
Re: UConnect firmware vulnerabiltiy

Is there anyway to disable the sprint data link? I'd rather not have anyone able to control my vehicle remotely, that includes Chrysler.
__________________

2015 JGC Overland Diesel 4X4 + QDII, Billet silver w/ black interior
2011 Toyota Tacoma PreRunner DCSB TRD Sport
1972 Plymouth Duster, 383 wedge resto-mod (under construction)
Reply With Quote
The Following User Says Thank You to Plik For This Useful Post:
  #8  
Old 07-21-2015, 05:09 PM
Member
My Jeep: 2014 3.0L WK2
 
Join Date: Aug 2014
Location: Western Wisconsin
Posts: 382
Thanks: 115
Thanked 27 Times in 20 Posts
Rep Power: 1239
chadg2 is on a distinguished road
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by Plik View Post
Is there anyway to disable the sprint data link? I'd rather not have anyone able to control my vehicle remotely, that includes Chrysler.
I second that....I would prefer to disable the Sprint data.
Reply With Quote
The Following User Says Thank You to chadg2 For This Useful Post:
  #9  
Old 07-21-2015, 06:26 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 3,948
Thanks: 72
Thanked 264 Times in 236 Posts
Rep Power: 46199
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy


North Koreans have taken control of your Jeep.
Reply With Quote
  #10  
Old 07-21-2015, 07:11 PM
Senior Member
 
Join Date: Sep 2013
Posts: 1,288
Thanks: 46
Thanked 155 Times in 126 Posts
Rep Power: 2810
Roadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond repute
The ideal solution would be to install a notch filter on the cell antenna, as was proposed in the other thread.

It's not like the services provided by uConnect are worthwhile, and the manufacturers admit they are using the telematics module to track you around (and they keep track of when you break the speed limit, etc).

All that really needs to be done is to install a notch filter inline on the antenna; one that blocks sprint frequencies. Other alternatives are likely to annoy the head unit, causing it to bitch about things being awry. However if you've blocked the sprint frequencies there's no way for the unit to tell you aren't simply in a dead zone.
Reply With Quote
The Following User Says Thank You to Roadkill For This Useful Post:
  #11  
Old 07-22-2015, 09:15 AM
jaje's Avatar
Member
 
Join Date: May 2014
Posts: 281
Thanks: 5
Thanked 44 Times in 31 Posts
Rep Power: 1220
jaje is on a distinguished road
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by netboy View Post
The Uconnect firmware in all 2014-2015 models has a security vulnerability that allows a hacker to break into UConnect over the car's Sprint data link (over the Internet). The Uconnect compromise allows the hacker to control the vehicle's CAN bus which is a complete control over the car.

Chrysler released an urgent RRT #13-071 to plug the issue. You do not need to wait for the dealer to implement it and can download it yourself (this is a UConnect update) at Uconnect® Software Update.
I tried to go to the software update website (have a 2014) but it gives me an error when I enter my VIN. Tried it with Internet Exploder browser.
__________________
'14 XV Crosstrek
#74 Exomotive Exocet NASA ST3 / E0
'14 WK2 EcoDiesel (replaces '07 WK CRD)
Reply With Quote
  #12  
Old 07-22-2015, 10:34 AM
Plik's Avatar
Member
 
Join Date: Aug 2014
Location: Houston, TX
Posts: 143
Thanks: 14
Thanked 25 Times in 19 Posts
Rep Power: 980
Plik is on a distinguished road
Garage
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by Roadkill View Post
The ideal solution would be to install a notch filter on the cell antenna, as was proposed in the other thread.

It's not like the services provided by uConnect are worthwhile, and the manufacturers admit they are using the telematics module to track you around (and they keep track of when you break the speed limit, etc).

All that really needs to be done is to install a notch filter inline on the antenna; one that blocks sprint frequencies. Other alternatives are likely to annoy the head unit, causing it to bitch about things being awry. However if you've blocked the sprint frequencies there's no way for the unit to tell you aren't simply in a dead zone.
So when can we expect Dom to team up with some techies and release a notch filter sprint delete kit?
__________________

2015 JGC Overland Diesel 4X4 + QDII, Billet silver w/ black interior
2011 Toyota Tacoma PreRunner DCSB TRD Sport
1972 Plymouth Duster, 383 wedge resto-mod (under construction)
Reply With Quote
The Following User Says Thank You to Plik For This Useful Post:
Reply

Tags
uconnect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Uconnect Firmware Thanandon Audio/Visual/Navigation 26 07-27-2015 12:33 PM
New Uconnect Firmware seedar Export Grand Cherokee 2011+ 2 08-20-2014 10:13 PM
REC NAV radio with uconnect latest firmware? jeepmanjim Grand Cherokee - WK 3 12-02-2013 02:51 AM
My uConnect 8.4AN with 13.28.2 Firmware rebooted on me mswlogo Grand Cherokee - WK2 - 12 09-18-2013 06:49 AM
430N RHB Firmware Update DieselvRR Audio/Visual/Navigation 20 10-06-2011 12:23 AM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 09:00 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.