Jeep TrackHawk Forum banner
Cancel

Jeep Hacked and Crashed

14062 Views 48 Replies 9 Participants Last post by  BlackHawk
J


Last week under the guise of “offering customers improved vehicle electronic security and communication system enhancements”, FCA quietly released a software patch for Uconnect.

This wasn't your run of the mill software update however, professional hackers Charlie Miller and Chris Valasek alerted FCA to vulnerabilities they used to exploit their Uconnect system system and worked with them to patch it.

Miller and Valasek were able to remotely take control of a bone stock 2014 Jeep Cherokee by exploiting the cellular data connection Wi-Fi hot spot equipped Uconnect (with the 8.4 inch screen) vehicles use. The duo was able to crank up the radio volume, speed up the wipers and most alarming, shut the engine off on the highway.

Later in a parking lot they took control of the Cherokee's steering, albeit only in reverse as well as killing the brakes, leaving Wired journalist Andy Greenberg helpless in a ditch.

“Under no circumstances does FCA condone or believe it’s appropriate to disclose “how-to information” that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company said in a statement.

“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems. The software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle.”

You can download the patch yourself from driveuconnect.com/software-update/ or you can contact your local dealer to schedule an appointment.

See less See more
Reply
Save
Like
1 - 20 of 49 Posts
B
Basically anyone really concerned about this should just disconnect UConnect. simple as that.

But i'm not concerned about what could go wrong.
Reply
Save
Like
G
My wife's Summit is at the dealer as I type. They are applying the u-connect patch for me, among other things. I'd rather the dealer apply it, so I don't mess something up. If it appears simple I'll do the patch myself on my SRT.
Reply
Save
Like
  • Like
Reactions: 1
B
greenlight said:
My wife's Summit is at the dealer as I type. They are applying the u-connect patch for me, among other things. I'd rather the dealer apply it, so I don't mess something up. If it appears simple I'll do the patch myself on my SRT.
Click to expand...
That's the smartest thing to do, as fun and rewarding as it is to do the work yourself, with how complicated things get these days in cars I rather leave it up to the pros. Too much to deal with if a problem needs to be diagnosed.
Reply
Save
Like
T
BlackHawk said:
That's the smartest thing to do, as fun and rewarding as it is to do the work yourself, with how complicated things get these days in cars I rather leave it up to the pros. Too much to deal with if a problem needs to be diagnosed.
Click to expand...
but theres no diag needed. we already know what the issue is and how to remedy that...
Reply
Save
Like
J
I'm sure auto companies will release patches when security risks are found. I think there was a recent issue with keys being hacked and Ford did a recall for the affected cars while BMW released a security patch.
Reply
Save
Like
R
The one where VW filed a lawsuit against the people who found the flaw in order to keep them quiet? As long those who are finding these security risks are reporting them to the relevant car manufacturers, I can't see this as being too much of an issue for the average driver.
Reply
Save
Like
B
Best thing for us owners to do is not leave valuables in our vehicles because within a matter of minutes someone can sweep the whole vehicle taking what ever is in plain sight and in the compartments.
Reply
Save
Like
J
How do you go about disconnecting UConnect in Jeeps? I assume the same method should work for the other Jeep models.
Reply
Save
Like
R
Short of disconnecting the actual UConnect module from the Jeep, I don't think there may be an actual option to do so. At least I have not found a method yet.
Reply
Save
Like
J
Quite a few Jeeps are now actually being recalled because the hacking scare.
It's currently limited to 2015 Renegade SUVs equipped with the 6.5-inch touchscreens and around 7,810 units have been recalled. Anything on the lot will be fixed and hopefully this security weakness won't occur with the TrackHawk.
Reply
Save
Like
J
But I think that the security weakness is a thing because FCA or a testing group found the flaw, not because it has actually led to any hacked car thefts. So it seems to me that this is the appropriate method of improving security over time as you lean more and more.
Reply
Save
Like
B
Best thing to do is to monitor developments that go on with a fix and that with the release of the Trackhawk, at least then you'll know what you're getting yourself into.
Reply
Save
Like
R
Let's hope Fiat Chrysler learns from Volkswagen, Audi, and Bentley. Those three companies have similar radios made by Harman International but they were isntalled with a safety system that would stop hackers. Guess FCA didn't think to do the same with their radios.
Reply
Save
Like
B
RedTail said:
Let's hope Fiat Chrysler learns from Volkswagen, Audi, and Bentley. Those three companies have similar radios made by Harman International but they were isntalled with a safety system that would stop hackers. Guess FCA didn't think to do the same with their radios.
Click to expand...
I bet it came down to cost, unlike those higher up brands they probably couldn't make the case for it. Only motivation for them is when it does get hacked and news about it goes viral.
Reply
Save
Like
R
Jeep isn't exactly the cheapest brand out there. They should have been able to afford to add the safety precaution.
Reply
Save
Like
B
Usually the case is if it's not an issue they might not be as proactive about preventing things. But that all depends on how that impacts a vehicles release. They might prefer get vehicles out and then have owners come back for the fix.
Reply
Save
Like
H
Most definitely... it's very bittersweet. It's great that we have this technology that makes vehicles "safer" and life easier but the danger it opens us up to is fatal.
Reply
Save
Like
B
From what i've seen so far with cars on the market right now that have self driving tech, Tesla being one of them, is that you have to understand the system you're working with, primarily its limitations. If you act within that then you'll be fine. It's the people who ignore all that information that get into sticky situations.

Tesla had a recent situation where it came down to driver ignorance and stupidity, NOT the tech.
Reply
Save
Like
T
I seen that. Tesla tells them and puts it out there that you can't just set it and go to sleep. Just because it's moving on it's own doesn't mean that you can just not pay attention and I mean thats something you would think is common sense
Reply
Save
Like
1 - 20 of 49 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Jeep TrackHawk Forum
A forum community dedicated to Jeep TrackHawk owners and enthusiasts. Come join the discussion about SRT performance, reviews, modifications, classifieds, troubleshooting, maintenance, and more!
Full Forum Listing
Explore Our Forums
2018+ Jeep Trackhawk General Discussion New Member Introductions Engine And Performance Discussion Jeep Trackhawk Issues And Problems Intake And Exhaust
Top