Scary - Jeep Hacked! - Page 2 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Site Information > Jeep/Chrysler/Fiat news, spy shots and more!

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #13  
Old 07-21-2015, 05:43 PM
Senior Member
 
Join Date: Sep 2010
Location: brOOklyn
Posts: 1,326
Thanks: 1
Thanked 10 Times in 10 Posts
Rep Power: 8783
JoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond reputeJoeSchmoe007 has a reputation beyond repute
Re: Scary - Jeep Hacked!

As a software developer I'd say the universal solution is relatively simple - complete separation of electrical interfaces.

I see no need for anything drivetrain-related to access the internet. So this should use one bus and entertainment system - completely different one that is not connected to drivetrain bus in any way. But that will cause your vehicle to cost $300* more and who would want that?

*I am not an electrical engineer. $300 is just a guess.

Reply With Quote
The Following User Says Thank You to JoeSchmoe007 For This Useful Post:
Sponsored Links
Advertisement
 
  #14  
Old 07-21-2015, 06:00 PM
canistel's Avatar
Member
My Jeep: 2012 3.6L WK2
 
Join Date: Mar 2014
Posts: 130
Thanks: 6
Thanked 18 Times in 13 Posts
Rep Power: 1276
canistel has a reputation beyond reputecanistel has a reputation beyond reputecanistel has a reputation beyond reputecanistel has a reputation beyond reputecanistel has a reputation beyond reputecanistel has a reputation beyond reputecanistel has a reputation beyond repute
Garage
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by mswlogo View Post
I beg to differ. The Computer and Complexity in the Jeep is quite complex.
You may beg to differ all you like, but you're wrong

Something like Windows is a massive code base. There are so many points of entry to the system it's unbelievable; whether it's hacking at the application level, the windows framework layer, or the kernel layer underneath. The jeep software is not even a fraction of all the code that comes installed on a fresh install of windows 7 (for example).

Just as an example; windows at one point had a bug in how it handled parsing jpeg data; it was a low-level bug, almost any windows app that displayed jpegs would then use the library underneath it to do the work. Simply viewing a malicious web page in IE (or opening an email in outlook with the jpeg attached inline) was enough to screw you over. (This was back in early 2000's; starting to feel old...)

The amount of ways for a hacker to gain control of your computer is a million times greater than the few ways of accessing your jeep remotely. Yes jeep needs to fix this and fix it properly (separation of buses for a start), but there is need for chicken-little "sky is falling" paranoia.
Reply With Quote
  #15  
Old 07-21-2015, 06:20 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 3,948
Thanks: 72
Thanked 264 Times in 236 Posts
Rep Power: 46198
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by mswlogo View Post
I beg to differ. The Computer and Complexity in the Jeep is quite complex.
One thing that is helping though is, that it's a closed system so it won't have apps from 3rd parties that could add vulnerables.

I also don't agree that developers on this system are any better trained than say those who write things like IE. In fact I'd say the folks that write IE are better trained in security vulnerabilities than UConnect folks.

And I suspect there is very little security down at the Can-Bus level.

Once they gained access to Can-Bus, they had everything that is on Can-Bus.
The base operating system is QNX, from Research In Motion.

However, the app interfaces added in by UConnect are where the majority of the vulnerabilities lie.

I still suspect that the ability to remotely update software was built into UConnect but never really implemented, and that nobody routinely makes sure that none of the interfaces can be used to gain access. Given the liability issues and press coverage, this may be about to change for the better.

Is similar to smart TVs and your cable box that get pushed updates. But at least those don't have the ability to kill you.
Reply With Quote
  #16  
Old 07-21-2015, 06:21 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 3,948
Thanks: 72
Thanked 264 Times in 236 Posts
Rep Power: 46198
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by JTS97Z28 View Post
Reminds me of those recent stories of someone claiming to have been able to control the Boeing aircraft that he was flying on through the cabins inflight entertainment system.
Don't laugh. Another area where liability issues and publicity will likely make senior management think at least twice about doing better to keep miscreants, script kiddies, and foreign governments out.
Reply With Quote
  #17  
Old 07-21-2015, 06:24 PM
Bigskiddy's Avatar
Member
My Jeep: 2014 3.0L WK2
 
Join Date: May 2013
Location: Sydney - Australia
Posts: 654
Thanks: 99
Thanked 114 Times in 84 Posts
Rep Power: 1962
Bigskiddy is on a distinguished road
Nothing to worry about down here in Australia. Our Uconnect has no internet connectivity.

Heck your lucky if the bluetooth connects to your phone properly.
Reply With Quote
  #18  
Old 07-21-2015, 08:02 PM
SRTgirl's Avatar
Chief Mediator

 
Join Date: Mar 2010
Location: Florida
Posts: 11,707
Thanks: 43
Thanked 477 Times in 406 Posts
Rep Power: 4406254
SRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond reputeSRTgirl has a reputation beyond repute
Re: Scary - Jeep Hacked!

After watching over a dozen threads now on the same subject this will now be moved to Jeep news with a re-direct so it's easy to find for EVERYONE, not just WK2'ers. Please refrain from starting any more threads on the subject.
__________________


________
~Debbie~
Reply With Quote
  #19  
Old 07-21-2015, 08:07 PM
billt's Avatar
Senior Member
My Jeep: 2015 5.7L WK2
 
Join Date: Mar 2015
Location: Glendale, Arizona
Posts: 1,295
Thanks: 305
Thanked 221 Times in 164 Posts
Rep Power: 1928
billt is on a distinguished road
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by JoeSchmoe007 View Post
I see no need for anything drivetrain-related to access the internet.
Then how is the cell phone / remote start feature going to work?
Reply With Quote
  #20  
Old 07-21-2015, 08:41 PM
padgett's Avatar
Premium Member
 
Join Date: Feb 2012
Location: Orlando
Posts: 1,807
Thanks: 0
Thanked 40 Times in 37 Posts
Rep Power: 82237
padgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond repute
Re: Scary - Jeep Hacked!

a) Every IP packet the car sends has its IP address.
b) Answer has always (at least this century) been digital signing and encryption

See UEFI.

Not difficult, just not done. Maybe time for professionals to become involved.
Reply With Quote
  #21  
Old 07-21-2015, 08:50 PM
macfan's Avatar
Member
My Jeep: 2014 3.2L KL
 
Join Date: Oct 2013
Location: Fenton, Michigan USA
Posts: 608
Thanks: 130
Thanked 92 Times in 77 Posts
Rep Power: 5905
macfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond reputemacfan has a reputation beyond repute
Re: Scary - Jeep Hacked!

Sorry for the double post but did not realize what SRTgirl did until I already posted.

I really think people are all excited about nothing. What the news is not saying because they want a sensational story is that this hack works a bit like sending a text to a cell phone. I can not send a text to thousands of people all at once unless I know the thousands of phone numbers involved where as I can easily send you a text if I know your specific phone number. People are forgetting that the so called hacker knew the specific location and the specific radio identification numbers of the Jeep used in the demonstration. The hacker did not just pick a Jeep at random and invade its radio.
Reply With Quote
  #22  
Old 07-21-2015, 08:51 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Posts: 330
Thanks: 0
Thanked 11 Times in 11 Posts
Rep Power: 1645
geox19 has a reputation beyond reputegeox19 has a reputation beyond repute
Re: Scary - Jeep Hacked!

I made a post about this when I first bought my GC back in 2013 and started digging into the unconnect software. Actually the Unconnect software is less complicated and less secure then a pc OS. If people are concerned about things like this just pull out the sierra wireless aircard no clue why chrysler doesnt make an easy option to turn it off. I guess that would hurt their Uconnect subscription sales. Tip cover up those Vin numbers and stop giving them out on forums...
Reply With Quote
  #23  
Old 07-21-2015, 08:54 PM
FStephenMasek's Avatar
Member
 
Join Date: Feb 2013
Posts: 263
Thanks: 3
Thanked 15 Times in 13 Posts
Rep Power: 1657
FStephenMasek is on a distinguished road
Re: Scary - Jeep Hacked!

I do not use U-connect, and have not bought the service manuals. Therefore, I'd like to disconnect U-connect (the Sprint cellular antenna, or better power to the cellular transceiver). How is that done?
Reply With Quote
  #24  
Old 07-21-2015, 08:58 PM
Member
My Jeep: 2015 6.4L WK2
 
Join Date: Apr 2015
Location: Hunter Valley Aus
Posts: 104
Thanks: 9
Thanked 12 Times in 9 Posts
Rep Power: 694
Anzac is on a distinguished road
Re: Scary - Jeep Hacked!

Check out the video


https://screen.yahoo.com/hackers-wir...103000318.html
__________________
2015 JGC SRT...Injen CAI, Borla ATAK Axle Back, DRL mod, BT Catch Can, R1 Rotors, Hawk Pads, 180 Tstat, Cosmoblaze 20 120W CREE LED Light Bar hidden behind grill
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Jeep Twitter account hacked CLowe40 Grand Cherokee - WK2 - 5 02-19-2013 10:55 PM
Scary Jeep Moment 06GCLDK Grand Cherokee - WK 11 04-25-2012 03:25 PM
Scary sounding codes, PLEASE translate and advise! Kaliber35 Grand Cherokee - WK 9 04-20-2010 08:32 PM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 04:50 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.