UConnect firmware vulnerabiltiy - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > 2014+ Jeep Grand Cherokee Ecodiesel 3.0

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #1  
Old 07-21-2015, 03:39 PM
netboy's Avatar
Premium Member
My Jeep: 2014 3.0L WK2
 
Join Date: Aug 2013
Location: CT
Posts: 393
Thanks: 45
Thanked 89 Times in 54 Posts
Rep Power: 581801
netboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond reputenetboy has a reputation beyond repute
UConnect firmware vulnerabiltiy

Please forgive me for posting in the wrong forum but this is a major security threat and I wanted to make sure my EcoDiesel friends here are aware of it.

The Uconnect firmware in all 2014-2015 models has a security vulnerability that allows a hacker to break into UConnect over the car's Sprint data link (over the Internet). The Uconnect compromise allows the hacker to control the vehicle's CAN bus which is a complete control over the car.

Chrysler released an urgent RRT #13-071 to plug the issue. You do not need to wait for the dealer to implement it and can download it yourself (this is a UConnect update) at Uconnect® Software Update.

You can read more about it in "wired" magazine at: Hackers Remotely Kill a Jeep on the Highway With Me in It. Premium members can view the thread about the new UConnect update in the UConnect section of the forum.

__________________
Summit 4x4 Turbo-Diesel, Black / Jeep Brown.
Reply With Quote
Sponsored Links
Advertisement
 
  #2  
Old 07-21-2015, 03:48 PM
bill_de's Avatar
Premium Member
My Jeep: 2017 5.7L WK2
 
Join Date: Sep 2012
Posts: 8,543
Thanks: 725
Thanked 1,039 Times in 812 Posts
Rep Power: 1805848
bill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond reputebill_de has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

http://www.jeepgarage.org/f73/scary-...ked-89171.html

Hackers take control over Jeep Cherokee via uConnect

Hackers Remotely Kill a Jeep on the Highway Through Uconnect

Hackers Remotely Kill a Jeep!

Hackers take control over Jeep Cherokee via uConnect


That might cover it ... for now.


---
__________________
If you need a shoulder to cry on ...
... pull over to the side of the road!

Reply With Quote
  #3  
Old 07-21-2015, 03:48 PM
Diesel Dan's Avatar
Member
My Jeep: 2015 3.0L WK2
 
Join Date: May 2015
Location: Mi.
Posts: 143
Thanks: 5
Thanked 27 Times in 17 Posts
Rep Power: 15105
Diesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond reputeDiesel Dan has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

Thanks, I will look into this.
__________________
'15 GC Limited, Diesel, Adventure 2, Luxury 2, CD, Block Heater, Blue/Black.
Reply With Quote
  #4  
Old 07-21-2015, 03:51 PM
losbot's Avatar
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Aug 2013
Location: Florida
Posts: 121
Thanks: 4
Thanked 7 Times in 7 Posts
Rep Power: 1395
losbot is on a distinguished road
Re: UConnect firmware vulnerabiltiy

I just happened to see that article and came here to see if anyone else had seen it.
Rather troubling.
__________________
---------------------------------------------------
2014 JGC Overland
V6 & Stebel Air Horn in True Blue / Vesuvio Blue/Brown. :thumbsup:

What pays for my Jeep: IT Manager / Network Engineer :cool:
Prev: '90 NSX, '96 3000GT VR4, '99 325i, '02 ES300, '06 328i, '08 X3, '11 528i
Reply With Quote
  #5  
Old 07-21-2015, 04:14 PM
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Sep 2014
Posts: 49
Thanks: 38
Thanked 14 Times in 7 Posts
Rep Power: 14308
Bluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond reputeBluegrass Picker has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

I just now downloaded and updated my Uconnect (2015 GC ED Limited).

Very easy to do.
Reply With Quote
  #6  
Old 07-21-2015, 04:50 PM
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Nov 2014
Location: Chicago
Posts: 124
Thanks: 24
Thanked 13 Times in 11 Posts
Rep Power: 955
thrawn86 is on a distinguished road
Re: UConnect firmware vulnerabiltiy

I just had mine in the shop yesterday and they said they did the update....lo and behold it was still 14.47....flashing mine right now.
Reply With Quote
  #7  
Old 07-21-2015, 04:51 PM
Plik's Avatar
Member
 
Join Date: Aug 2014
Location: Houston, TX
Posts: 146
Thanks: 14
Thanked 25 Times in 19 Posts
Rep Power: 1063
Plik is on a distinguished road
Garage
Re: UConnect firmware vulnerabiltiy

Is there anyway to disable the sprint data link? I'd rather not have anyone able to control my vehicle remotely, that includes Chrysler.
__________________

2015 JGC Overland Diesel 4X4 + QDII, Billet silver w/ black interior
2011 Toyota Tacoma PreRunner DCSB TRD Sport
1972 Plymouth Duster, 383 wedge resto-mod (under construction)
Reply With Quote
The Following User Says Thank You to Plik For This Useful Post:
  #8  
Old 07-21-2015, 05:09 PM
Member
My Jeep: 2014 3.0L WK2
 
Join Date: Aug 2014
Location: Western Wisconsin
Posts: 427
Thanks: 142
Thanked 30 Times in 23 Posts
Rep Power: 1364
chadg2 is on a distinguished road
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by Plik View Post
Is there anyway to disable the sprint data link? I'd rather not have anyone able to control my vehicle remotely, that includes Chrysler.
I second that....I would prefer to disable the Sprint data.
Reply With Quote
The Following User Says Thank You to chadg2 For This Useful Post:
  #9  
Old 07-21-2015, 06:26 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 4,031
Thanks: 74
Thanked 279 Times in 246 Posts
Rep Power: 46362
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy


North Koreans have taken control of your Jeep.
Reply With Quote
  #10  
Old 07-21-2015, 07:11 PM
Senior Member
 
Join Date: Sep 2013
Posts: 1,328
Thanks: 49
Thanked 165 Times in 133 Posts
Rep Power: 2930
Roadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond repute
The ideal solution would be to install a notch filter on the cell antenna, as was proposed in the other thread.

It's not like the services provided by uConnect are worthwhile, and the manufacturers admit they are using the telematics module to track you around (and they keep track of when you break the speed limit, etc).

All that really needs to be done is to install a notch filter inline on the antenna; one that blocks sprint frequencies. Other alternatives are likely to annoy the head unit, causing it to bitch about things being awry. However if you've blocked the sprint frequencies there's no way for the unit to tell you aren't simply in a dead zone.
Reply With Quote
The Following User Says Thank You to Roadkill For This Useful Post:
  #11  
Old 07-22-2015, 09:15 AM
jaje's Avatar
Member
 
Join Date: May 2014
Posts: 317
Thanks: 6
Thanked 57 Times in 42 Posts
Rep Power: 3002
jaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond reputejaje has a reputation beyond repute
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by netboy View Post
The Uconnect firmware in all 2014-2015 models has a security vulnerability that allows a hacker to break into UConnect over the car's Sprint data link (over the Internet). The Uconnect compromise allows the hacker to control the vehicle's CAN bus which is a complete control over the car.

Chrysler released an urgent RRT #13-071 to plug the issue. You do not need to wait for the dealer to implement it and can download it yourself (this is a UConnect update) at Uconnect® Software Update.
I tried to go to the software update website (have a 2014) but it gives me an error when I enter my VIN. Tried it with Internet Exploder browser.
__________________
'14 XV Crosstrek
#74 Exomotive Exocet NASA ST3 / E0
'14 WK2 EcoDiesel (replaces '07 WK CRD)
Reply With Quote
  #12  
Old 07-22-2015, 10:34 AM
Plik's Avatar
Member
 
Join Date: Aug 2014
Location: Houston, TX
Posts: 146
Thanks: 14
Thanked 25 Times in 19 Posts
Rep Power: 1063
Plik is on a distinguished road
Garage
Re: UConnect firmware vulnerabiltiy

Quote:
Originally Posted by Roadkill View Post
The ideal solution would be to install a notch filter on the cell antenna, as was proposed in the other thread.

It's not like the services provided by uConnect are worthwhile, and the manufacturers admit they are using the telematics module to track you around (and they keep track of when you break the speed limit, etc).

All that really needs to be done is to install a notch filter inline on the antenna; one that blocks sprint frequencies. Other alternatives are likely to annoy the head unit, causing it to bitch about things being awry. However if you've blocked the sprint frequencies there's no way for the unit to tell you aren't simply in a dead zone.
So when can we expect Dom to team up with some techies and release a notch filter sprint delete kit?
__________________

2015 JGC Overland Diesel 4X4 + QDII, Billet silver w/ black interior
2011 Toyota Tacoma PreRunner DCSB TRD Sport
1972 Plymouth Duster, 383 wedge resto-mod (under construction)
Reply With Quote
The Following User Says Thank You to Plik For This Useful Post:
Reply

Tags
uconnect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Uconnect Firmware Thanandon Audio/Visual/Navigation 26 07-27-2015 12:33 PM
New Uconnect Firmware seedar Export Grand Cherokee 2011+ 2 08-20-2014 10:13 PM
REC NAV radio with uconnect latest firmware? jeepmanjim Grand Cherokee - WK 3 12-02-2013 02:51 AM
My uConnect 8.4AN with 13.28.2 Firmware rebooted on me mswlogo Grand Cherokee - WK2 - 12 09-18-2013 06:49 AM
430N RHB Firmware Update DieselvRR Audio/Visual/Navigation 20 10-06-2011 12:23 AM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 11:15 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.