Scary - Jeep Hacked! - Page 4 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Site Information > Jeep/Chrysler/Fiat news, spy shots and more!

Reply
 
Thread Tools Display Modes
 
  #37  
Old 07-22-2015, 12:02 PM
Yadkin's Avatar
Senior Member
My Jeep: 2012 3.6L WK2
 
Join Date: Mar 2012
Location: Yadkin Valley, NC
Posts: 1,333
Thanks: 10
Thanked 33 Times in 29 Posts
Rep Power: 203399
Yadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond reputeYadkin has a reputation beyond repute
Re: Scary - Jeep Hacked!

I'll be keeping my '12 for a long time...

Reply With Quote
Sponsored Links
Advertisement
 
  #38  
Old 07-22-2015, 12:40 PM
Hitchhiking
 
Join Date: Jul 2015
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
what? is on a distinguished road
Re: Scary - Jeep Hacked!

In other news 600MB for the update. That's over twice what the first PC I owned could hold.
Reply With Quote
  #39  
Old 07-22-2015, 12:58 PM
SnoFire's Avatar
The Negotiator
 
Join Date: Jun 2011
Location: S of GB WI
Posts: 5,212
Thanks: 76
Thanked 199 Times in 154 Posts
Rep Power: 391387
SnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond repute
Garage
Re: Scary - Jeep Hacked!

So I'm curious...Other than the test vehicle that they worked on, has it happened to ANY vehicle yet? Has Anonymous hacked into Chrysler to get everyone's uConnect codes and shared them to the masses? No and No? Some people and the media need to really stop scaring people when the threat isn't even close to what reality is. I give them credit for finding a vulnerability in the system, Kudos, but to make it seem like the world is going to end is not the way to do it.
__________________
2017 Grand Cherokee Limited Lux II Granite Metallic

2014 Jeep Grand Cherokee Limited Max Steel V6
2001 Jeep Grand Cherokee Laredo Black 4.0 I6
1997 Jeep Grand Cherokee Laredo Silver I6
Reply With Quote
Sponsored Links
Advertisement
 
  #40  
Old 07-22-2015, 01:21 PM
Hitchhiking
 
Join Date: Jul 2015
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
what? is on a distinguished road
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by SnoFire View Post
So I'm curious...Other than the test vehicle that they worked on, has it happened to ANY vehicle yet? Has Anonymous hacked into Chrysler to get everyone's uConnect codes and shared them to the masses? No and No? Some people and the media need to really stop scaring people when the threat isn't even close to what reality is. I give them credit for finding a vulnerability in the system, Kudos, but to make it seem like the world is going to end is not the way to do it.

You must live by this

Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms.
Reply With Quote
  #41  
Old 07-22-2015, 01:56 PM
SnoFire's Avatar
The Negotiator
 
Join Date: Jun 2011
Location: S of GB WI
Posts: 5,212
Thanks: 76
Thanked 199 Times in 154 Posts
Rep Power: 391387
SnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond reputeSnoFire has a reputation beyond repute
Garage
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by what? View Post
You must live by this

Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms.
Doesn't Chrysler already do this to us by not letting mods happen to the system? LOL
__________________
2017 Grand Cherokee Limited Lux II Granite Metallic

2014 Jeep Grand Cherokee Limited Max Steel V6
2001 Jeep Grand Cherokee Laredo Black 4.0 I6
1997 Jeep Grand Cherokee Laredo Silver I6
Reply With Quote
  #42  
Old 07-22-2015, 02:11 PM
Member
 
Join Date: Oct 2011
Location: Chandler, AZ
Posts: 430
Thanks: 26
Thanked 36 Times in 28 Posts
Rep Power: 2985
rubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond reputerubicontrail.net has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by billt View Post
I look at it this way. I currently drive 2 vehicles. A 24 year old 1991 Ford F-150. And a 2015 Jeep Grand Cherokee. Is the Grand Cherokee as safe from hackers as the F-150 is? If it's not, then there is something to be said for being concerned as to why.
Your 2015 Grand Cherokee is not affected by this vulnerability. It was patched from the factory. The only Jeeps affected are the 2014 Cherokee and 2014 Grand Cherokee.

The only 2015 FCA models that were affected were a small number of Chrysler 200s.
__________________
2007 Jeep Commander Limited, 1998 Jeep Wrangler Sahara, 1955 Willys Jeep Pickup (Restoration Project), 2011 Subaru Outback 2.5i Limited: Photos & Specifications
Reply With Quote
  #43  
Old 07-22-2015, 03:02 PM
FStephenMasek's Avatar
Member
 
Join Date: Feb 2013
Posts: 282
Thanks: 3
Thanked 16 Times in 14 Posts
Rep Power: 1878
FStephenMasek is on a distinguished road
Re: Scary - Jeep Hacked!

Patched... Better to disable the cellular phone which is built-in. If somebody here does not provide the information, I will do it. I am super busy, so hope somebody who has thd shop manuals will post here the necessary information.
Reply With Quote
  #44  
Old 07-22-2015, 03:24 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 4,118
Thanks: 74
Thanked 297 Times in 261 Posts
Rep Power: 46571
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by padgett View Post
a) Every IP packet the car sends has its IP address.
b) Answer has always (at least this century) been digital signing and encryption

See UEFI.

Not difficult, just not done. Maybe time for professionals to become involved.
If you are proposing UEFI as the answer, you might want to check out what a certain Italian group has offered certain dark helicopter agencies as a way to install irremovable spyware/malware on a computer.

Most computers can be trivially hacked if you have a usb key and physical access.
Reply With Quote
  #45  
Old 07-22-2015, 03:31 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 4,118
Thanks: 74
Thanked 297 Times in 261 Posts
Rep Power: 46571
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by macfan View Post
Sorry for the double post but did not realize what SRTgirl did until I already posted.

I really think people are all excited about nothing. What the news is not saying because they want a sensational story is that this hack works a bit like sending a text to a cell phone. I can not send a text to thousands of people all at once unless I know the thousands of phone numbers involved where as I can easily send you a text if I know your specific phone number. People are forgetting that the so called hacker knew the specific location and the specific radio identification numbers of the Jeep used in the demonstration. The hacker did not just pick a Jeep at random and invade its radio.
The team doing the hack has been doing this for some time to demonstrate the capabilities of being able to do so--as white hat hackers who notify the vendors so a fix can typically be done before the hack is publicized.

I don't recall cellphone/tower exchanges in enough detail and too lazy to Google, but as your vehicle gets near a cell tower, my recollection is that anyone with equipment to sniff the exchange would know how to send something to the cell---knowing what to send is a bit trickier.

You'd think Uconnect [and the other vehicle vendors] would disallow a goodly portion of commands coming in over the cell interface as opposed to the touch interface.
This would preclude the extremely dangerous tactic of doing over the air upgrades without using some pretty hefty encrypted authentication methods that would require installing part of that authentication in each vehicle to avoid spoofing by anything other than a government worth of equipment.
Reply With Quote
  #46  
Old 07-22-2015, 03:41 PM
Premium Member
My Jeep: 2014 5.7L WK2
 
Join Date: May 2013
Location: Colorado
Posts: 4,118
Thanks: 74
Thanked 297 Times in 261 Posts
Rep Power: 46571
lstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond reputelstowell has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by what? View Post
You must live by this

Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms.
Unfortunately STO is also known as Ostrich Syndrome, where the basic premise is pure wishful thinking for anything connected to any kind of network, object code is available publicly, etc. etc. etc.

A bored expert could reverse engineer the Uconnect system just from the ISO image used to update it.
Reply With Quote
  #47  
Old 07-22-2015, 04:23 PM
NetworkTV's Avatar
Member
My Jeep: 2015 3.6L WK2
 
Join Date: Apr 2015
Posts: 862
Thanks: 3
Thanked 201 Times in 153 Posts
Rep Power: 12626
NetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond repute
Re: Scary - Jeep Hacked!

Quote:
Originally Posted by billt View Post
Then how is the cell phone / remote start feature going to work?
The solution to that is to lock out commands once the vehicle is running and the driver has taken control from the driver's seat (i.e., pressed the start button). At that point, the key fob and the start button take over control.

At that point, the system won't accept any remote commands, other than an authenticated throttle stop and brake command from an authenticated UConnect system message in the event of an emergency or police action, such as a carjacking or theft. The authentication would include a rolling code similar to that of a normal key fob code set, using encryption.

Even with the remote start, it should only accept a start or stop command from a device that has been previously paired with the vehicle.
__________________
2015 Jeep Grand Cherokee Limited
Deep Cherry Red Crystal Pearl Coat

Reply With Quote
  #48  
Old 07-22-2015, 04:54 PM
billt's Avatar
Senior Member
My Jeep: 2015 5.7L WK2
 
Join Date: Mar 2015
Location: Glendale, Arizona
Posts: 1,469
Thanks: 377
Thanked 323 Times in 219 Posts
Rep Power: 18273
billt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond reputebillt has a reputation beyond repute
Re: Scary - Jeep Hacked!

Patch your Chrysler vehicle before hackers kill you | Fox News


This says you can get a "patch" for 2015 Chrysler models. Then I heard the 2015 models have the "patch". Which is it?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Jeep Twitter account hacked CLowe40 Grand Cherokee - WK2 - 5 02-19-2013 09:55 PM
Scary Jeep Moment 06GCLDK Grand Cherokee - WK 11 04-25-2012 02:25 PM
Scary sounding codes, PLEASE translate and advise! Kaliber35 Grand Cherokee - WK 9 04-20-2010 07:32 PM

» Premium Vendor Showcase
Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 05:37 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.