Scary - Jeep Hacked! - Page 3 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Site Information > Jeep/Chrysler/Fiat news, spy shots and more!

Reply
 
Thread Tools Display Modes
 
  #25  
Old 07-21-2015, 08:00 PM
Member
My Jeep: 2015 6.4L WK2
 
Join Date: Apr 2015
Location: Hunter Valley Aus
Posts: 104
Thanks: 9
Thanked 12 Times in 9 Posts
Rep Power: 895
Anzac is on a distinguished road
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by macfan View Post
Sorry for the double post but did not realize what SRTgirl did until I already posted.

I really think people are all excited about nothing. What the news is not saying because they want a sensational story is that this hack works a bit like sending a text to a cell phone. I can not send a text to thousands of people all at once unless I know the thousands of phone numbers involved where as I can easily send you a text if I know your specific phone number. People are forgetting that the so called hacker knew the specific location and the specific radio identification numbers of the Jeep used in the demonstration. The hacker did not just pick a Jeep at random and invade its radio.
Check out the video I just posted..............................before you say anymore

__________________
2015 JGC SRT...Injen CAI, Borla ATAK Axle Back, DRL mod, BT Catch Can, R1 Rotors, Hawk Pads, 180 Tstat, Cosmoblaze 20 120W CREE LED Light Bar hidden behind grill
Reply With Quote
Sponsored Links
Advertisement
 
  #26  
Old 07-21-2015, 08:17 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Posts: 330
Thanks: 0
Thanked 11 Times in 11 Posts
Rep Power: 1846
geox19 has a reputation beyond reputegeox19 has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by FStephenMasek View Post
I do not use U-connect, and have not bought the service manuals. Therefore, I'd like to disconnect U-connect (the Sprint cellular antenna, or better power to the cellular transceiver). How is that done?
You actually brought up a good point. Let me take a look and see if you're less vulnerable since you don't subscribe to the service. I'm pretty sure that the way the guys in the article so called hacking of the jeep was only able to be done if the jeep had a valid subscription to Uconnect service. If not its more unsecure then I thought. Didn't read the article fully. Haven't messed with uconnect software in a while or pulled the code from the latest patch. I'll look into if you pull out the aircard if it will throw errors before I make a post on how to disconnect because I'm sure that 911 service thing can get me in trouble...
Reply With Quote
  #27  
Old 07-21-2015, 11:34 PM
jacko15's Avatar
Premium Member
My Jeep: 2014 3.6L WK2
 
Join Date: Feb 2013
Location: Pennsylvania's North Shore
Posts: 2,815
Thanks: 317
Thanked 316 Times in 248 Posts
Rep Power: 91618
jacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond reputejacko15 has a reputation beyond repute
Re: Scary - Jeep Hacked!

Anything connected to the web is vulnerable to some degree, ask the Iranians and Sony. It will always become a game of whack-a-mole. This is the world we live in. Only escape is to become a Luddite, and that's not a guarantee. At least Chrysler is trying to stay out in front of this, but they should probably push the update out more vigorously. And remember, it's the consumer constantly begging for more gadgets the brings a lot of this on.
__________________
Mine: 2014 Overland 4x4 V6, ORA II, billet silver/black, Michelin LTX M/S 2's, MaxCare Lifetime, delivered 4-13-'13
Wife's Jeep: 2017 Compass Latitude 4x4, redline pearl coat/black, delivered 4-25-'17
Reply With Quote
Sponsored Links
Advertisement
 
  #28  
Old 07-22-2015, 03:31 AM
Member
My Jeep: 2013 6.4L SRT8 WK2
 
Join Date: Jan 2011
Location: Laguna Beach, CA
Posts: 505
Thanks: 22
Thanked 85 Times in 62 Posts
Rep Power: 8033
Carbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond reputeCarbon6 has a reputation beyond repute
Garage
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by macfan View Post
Sorry for the double post but did not realize what SRTgirl did until I already posted.

I really think people are all excited about nothing. What the news is not saying because they want a sensational story is that this hack works a bit like sending a text to a cell phone. I can not send a text to thousands of people all at once unless I know the thousands of phone numbers involved where as I can easily send you a text if I know your specific phone number. People are forgetting that the so called hacker knew the specific location and the specific radio identification numbers of the Jeep used in the demonstration. The hacker did not just pick a Jeep at random and invade its radio.
I agree that a mass attack is probably not possible however the bigger point is what was said above your post:
Quote:
Originally Posted by JoeSchmoe007 View Post
As a software developer I'd say the universal solution is relatively simple - complete separation of electrical interfaces.

I see no need for anything drivetrain-related to access the internet. So this should use one bus and entertainment system - completely different one that is not connected to drivetrain bus in any way.
Reply With Quote
  #29  
Old 07-22-2015, 06:06 AM
Scsigman's Avatar
Member
My Jeep: 2015 3.0L WK2
 
Join Date: Nov 2012
Location: lansdale, PA
Posts: 55
Thanks: 4
Thanked 3 Times in 3 Posts
Rep Power: 1734
Scsigman is on a distinguished road
Garage
Re: Scary - Jeep Hacked!

should have bought a MAC BAHAHAHAHAHAHAHa or in hacked case MUHAHAHAHAHAHAHAHA
Reply With Quote
  #30  
Old 07-22-2015, 06:27 AM
billt's Avatar
Senior Member
My Jeep: 2015 5.7L WK2
 
Join Date: Mar 2015
Location: Glendale, Arizona
Posts: 1,467
Thanks: 377
Thanked 323 Times in 219 Posts
Rep Power: 18270
billt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by Anzac View Post
That's unbelievable! How do they control the steering and the brakes? Wouldn't it have to have the automatic parallel parking feature? Does Jeep even have it?
Reply With Quote
  #31  
Old 07-22-2015, 07:37 AM
Member
 
Join Date: Nov 2013
Posts: 63
Thanks: 1
Thanked 14 Times in 9 Posts
Rep Power: 1370
ramblinman is on a distinguished road
Re: Scary - Jeep Hacked!

The only way to protect the car is have an "air gap" between the control systems for the car and the infotainment system. Once Chrysler decided to give you all these neat controls for the car over the internet through the embedded cell phone system, the cars become vulnerable to hacking. Ford says they do that now. Mike Morrell the former director of the CIA says that every unclassified email system can and is hacked. Basically if you are on the internet you can be hacked. They can make it more difficult with something like 2 factor authentication to get access to the system, but even that can be overcome. When I saw that Jeep allows me to remote start the JGC with an app or an internet application, I knew it was vulnerable to hacking. At least Jeep doesn't' use electric steering or have a capability to auto steer the car--yet. The fact that nothing bad has actually happened doesn't mean anything. The black hats just haven't figured it out yet. But they will. I wonder how hard it is to disable the cell phone communication device.
Reply With Quote
  #32  
Old 07-22-2015, 07:42 AM
FHLH's Avatar
Member
My Jeep: 2014 3.0L WK2
 
Join Date: Jun 2014
Location: HouTX
Posts: 206
Thanks: 74
Thanked 22 Times in 19 Posts
Rep Power: 2118
FHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond reputeFHLH has a reputation beyond repute
Garage
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by mswlogo View Post
I beg to differ. The Computer and Complexity in the Jeep is quite complex.
One thing that is helping though is, that it's a closed system so it won't have apps from 3rd parties that could add vulnerables.

I also don't agree that developers on this system are any better trained than say those who write things like IE. In fact I'd say the folks that write IE are better trained in security vulnerabilities than UConnect folks.

And I suspect there is very little security down at the Can-Bus level.

Once they gained access to Can-Bus, they had everything that is on Can-Bus.
Since it's apparently impossible to install a tune on the ecodiesel using a simple hand held ODBII capable device. I guess I'm ok
__________________
'00 Ram 2500 QCLB Cummins 6spd 4x4
'11 GLK350
'13 335i M-Sport
'14 Grand Cherokee Summit EcoDiesel 4x4 (sold)
Reply With Quote
The Following User Says Thank You to FHLH For This Useful Post:
  #33  
Old 07-22-2015, 08:06 AM
billt's Avatar
Senior Member
My Jeep: 2015 5.7L WK2
 
Join Date: Mar 2015
Location: Glendale, Arizona
Posts: 1,467
Thanks: 377
Thanked 323 Times in 219 Posts
Rep Power: 18270
billt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by ramblinman View Post
At least Jeep doesn't' use electric steering or have a capability to auto steer the car--yet.
Then please explain how those guys in the video took over the steering and brakes with their laptops?
Reply With Quote
  #34  
Old 07-22-2015, 09:35 AM
padgett's Avatar
Premium Member
 
Join Date: Feb 2012
Location: Orlando
Posts: 1,883
Thanks: 0
Thanked 60 Times in 55 Posts
Rep Power: 82515
padgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond reputepadgett has a reputation beyond repute
Re: Scary - Jeep Hacked!

OK, just because you don't understand something does not mean it cannot be done.

You can have multiple systems on the same bus and keep them isolated. In the IP world they are VLANs and differing encryption is used to seperate.

Agree airgaps are best protection but doubt if Jeep would agree. Future is liable to become like the Insurance company that requires a dongle in the OBD-II (I already have one). OTOH was useful for me to be able to record the time, location, and speed (0) when rearended in 2012. Difference is that I want that information in my control.

UEFI - Unified Extensible Firmware Interface, a BIOS replacement for a PC that permits v&v of the boot sequence during start up.

My point is that there are professionals, many at low levels in letter agencies, who have known how to secure systems like this for decades (something like this was being done for digital engine controls in '77-'78, just afterburning ones).

So it is not a question of can it be secured, but who is willing to do it. Not difficult just not done.

Just need a CISSP-ISSAP who graduated from Kettering.

ps suspect they didn't grab the steering but rather applied one front brake using the ABS. Would feel the same to the driver. Does that model have electrohydraulic brakes ? See the video in F&F6.
Reply With Quote
  #35  
Old 07-22-2015, 10:01 AM
billt's Avatar
Senior Member
My Jeep: 2015 5.7L WK2
 
Join Date: Mar 2015
Location: Glendale, Arizona
Posts: 1,467
Thanks: 377
Thanked 323 Times in 219 Posts
Rep Power: 18270
billt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond repute
Re: Scary - Jeep Hacked!

I look at it this way. I currently drive 2 vehicles. A 24 year old 1991 Ford F-150. And a 2015 Jeep Grand Cherokee. Is the Grand Cherokee as safe from hackers as the F-150 is? If it's not, then there is something to be said for being concerned as to why.
Reply With Quote
  #36  
Old 07-22-2015, 11:10 AM
Member
 
Join Date: Oct 2011
Location: Chandler, AZ
Posts: 430
Thanks: 26
Thanked 36 Times in 28 Posts
Rep Power: 2984
rubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by billt View Post
That's unbelievable! How do they control the steering and the brakes? Wouldn't it have to have the automatic parallel parking feature? Does Jeep even have it?
Yes, the Cherokee does have auto park.
__________________
2007 Jeep Commander Limited, 1998 Jeep Wrangler Sahara, 1955 Willys Jeep Pickup (Restoration Project), 2011 Subaru Outback 2.5i Limited: Photos & Specifications
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Jeep Twitter account hacked CLowe40 Grand Cherokee - WK2 - 5 02-19-2013 09:55 PM
Scary Jeep Moment 06GCLDK Grand Cherokee - WK 11 04-25-2012 02:25 PM
Scary sounding codes, PLEASE translate and advise! Kaliber35 Grand Cherokee - WK 9 04-20-2010 07:32 PM

» Premium Vendor Showcase
Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 05:15 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.