Jeep TrackHawk Forum banner

1 - 20 of 49 Posts

·
Super Moderator
Joined
·
39 Posts
Discussion Starter #1


Last week under the guise of “offering customers improved vehicle electronic security and communication system enhancements”, FCA quietly released a software patch for Uconnect.

This wasn't your run of the mill software update however, professional hackers Charlie Miller and Chris Valasek alerted FCA to vulnerabilities they used to exploit their Uconnect system system and worked with them to patch it.

Miller and Valasek were able to remotely take control of a bone stock 2014 Jeep Cherokee by exploiting the cellular data connection Wi-Fi hot spot equipped Uconnect (with the 8.4 inch screen) vehicles use. The duo was able to crank up the radio volume, speed up the wipers and most alarming, shut the engine off on the highway.

Later in a parking lot they took control of the Cherokee's steering, albeit only in reverse as well as killing the brakes, leaving Wired journalist Andy Greenberg helpless in a ditch.

“Under no circumstances does FCA condone or believe it’s appropriate to disclose “how-to information” that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company said in a statement.

“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems. The software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle.”

You can download the patch yourself from driveuconnect.com/software-update/ or you can contact your local dealer to schedule an appointment.

 

·
Registered
Joined
·
599 Posts
Basically anyone really concerned about this should just disconnect UConnect. simple as that.

But i'm not concerned about what could go wrong.
 

·
Registered
Joined
·
20 Posts
My wife's Summit is at the dealer as I type. They are applying the u-connect patch for me, among other things. I'd rather the dealer apply it, so I don't mess something up. If it appears simple I'll do the patch myself on my SRT.
 

·
Registered
Joined
·
599 Posts
My wife's Summit is at the dealer as I type. They are applying the u-connect patch for me, among other things. I'd rather the dealer apply it, so I don't mess something up. If it appears simple I'll do the patch myself on my SRT.
That's the smartest thing to do, as fun and rewarding as it is to do the work yourself, with how complicated things get these days in cars I rather leave it up to the pros. Too much to deal with if a problem needs to be diagnosed.
 

·
Registered
Joined
·
88 Posts
That's the smartest thing to do, as fun and rewarding as it is to do the work yourself, with how complicated things get these days in cars I rather leave it up to the pros. Too much to deal with if a problem needs to be diagnosed.
but theres no diag needed. we already know what the issue is and how to remedy that...
 

·
Registered
Joined
·
184 Posts
I'm sure auto companies will release patches when security risks are found. I think there was a recent issue with keys being hacked and Ford did a recall for the affected cars while BMW released a security patch.
 

·
Registered
Joined
·
135 Posts
The one where VW filed a lawsuit against the people who found the flaw in order to keep them quiet? As long those who are finding these security risks are reporting them to the relevant car manufacturers, I can't see this as being too much of an issue for the average driver.
 

·
Registered
Joined
·
599 Posts
Best thing for us owners to do is not leave valuables in our vehicles because within a matter of minutes someone can sweep the whole vehicle taking what ever is in plain sight and in the compartments.
 

·
Registered
Joined
·
135 Posts
Short of disconnecting the actual UConnect module from the Jeep, I don't think there may be an actual option to do so. At least I have not found a method yet.
 

·
Registered
Joined
·
184 Posts
Quite a few Jeeps are now actually being recalled because the hacking scare.
It's currently limited to 2015 Renegade SUVs equipped with the 6.5-inch touchscreens and around 7,810 units have been recalled. Anything on the lot will be fixed and hopefully this security weakness won't occur with the TrackHawk.
 

·
Registered
Joined
·
196 Posts
But I think that the security weakness is a thing because FCA or a testing group found the flaw, not because it has actually led to any hacked car thefts. So it seems to me that this is the appropriate method of improving security over time as you lean more and more.
 

·
Registered
Joined
·
599 Posts
Best thing to do is to monitor developments that go on with a fix and that with the release of the Trackhawk, at least then you'll know what you're getting yourself into.
 

·
Registered
Joined
·
135 Posts
Let's hope Fiat Chrysler learns from Volkswagen, Audi, and Bentley. Those three companies have similar radios made by Harman International but they were isntalled with a safety system that would stop hackers. Guess FCA didn't think to do the same with their radios.
 

·
Registered
Joined
·
599 Posts
Let's hope Fiat Chrysler learns from Volkswagen, Audi, and Bentley. Those three companies have similar radios made by Harman International but they were isntalled with a safety system that would stop hackers. Guess FCA didn't think to do the same with their radios.
I bet it came down to cost, unlike those higher up brands they probably couldn't make the case for it. Only motivation for them is when it does get hacked and news about it goes viral.
 

·
Registered
Joined
·
599 Posts
Usually the case is if it's not an issue they might not be as proactive about preventing things. But that all depends on how that impacts a vehicles release. They might prefer get vehicles out and then have owners come back for the fix.
 

·
Registered
Joined
·
134 Posts
Most definitely... it's very bittersweet. It's great that we have this technology that makes vehicles "safer" and life easier but the danger it opens us up to is fatal.
 

·
Registered
Joined
·
599 Posts
From what i've seen so far with cars on the market right now that have self driving tech, Tesla being one of them, is that you have to understand the system you're working with, primarily its limitations. If you act within that then you'll be fine. It's the people who ignore all that information that get into sticky situations.

Tesla had a recent situation where it came down to driver ignorance and stupidity, NOT the tech.
 

·
Registered
Joined
·
184 Posts
I seen that. Tesla tells them and puts it out there that you can't just set it and go to sleep. Just because it's moving on it's own doesn't mean that you can just not pay attention and I mean thats something you would think is common sense
 
1 - 20 of 49 Posts
Top