Security update from Chrysler: Go get it now
Interesting it seems Fiat wrote this software and checked nothing.
07-28-2015, 02:19 PM
#4
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
i agree with you 100% a patch? phhht... how about product replacement.. a patch isnt going to even slow down a hack... it will only make them want to hack it even more.. because thats what hackers do... jeepers hit trails...(usually) hackers hack stuff. settled science...
on the real... i am going back to wrangler, in the future if they have not destroyed the cherokee name with flaws... i may get another when said flaws are gone because they really are tough machines off road.. and comfy too... but still i prefer practical and something i can depend on..
i am also eyeballling another old XJ to build up for fun only.. who knows.. i may restore it.. but for my part.. My KL is going to be traded in.. sadly..
08-06-2015, 01:46 PM
#5
Junior Member
Join Date: Jul 2015
Location: East Central Iowa
Posts: 42
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2015 Trailhawk
Model: Cherokee
Engine: 3.2L V6
Go ahead and replace the UConnect hardware (computer/interface) with a brand new unit. If it has the same "code" in it that the current cars have, you've still got the same problem.
What's needed to find the problem is not new hardware ... it's new computer code ... AKA ... a "patch."
Every piece of computer technology you own is vulnerable from a hack. There is almost always a way to get into a system that is wired or wireless, and hack a system.
A "patch" fixes those "mistakes" that the programmer's didn't know where there until someone finds it ... either on purpose, or accidentally.
I've found code issues with Excel at work. And I reported them to Microsoft. Microsoft didn't know they existed because they didn't reproduce the issue with exactly the same set of circumstances I used.
Can you imagine trying to run a new Operating System with every computer make and model on the market, and with every different setup those computers can all have. It's an enormous task and usually, it can't be done. There are just too many variables.
So does that mean I should throw out my computer because one program doesn't work the way it was intended? Of course not.
A Microsoft programmer sets up his system to reproduce mine. And if he's lucky, he finds the same bug I found. Then, he digs deep into hundreds of lines of code to find out why it behaved the way it did, and produces new code to keep that same issue from happening again.
In most cases, a small "patch" of code ... sometimes only a line long ... sometimes a couple hundred lines long ... is all that's needed to fix a program that consists of ten of thousands of lines of code.
When I hear people say that a manufacturer needs to replace equipment due to a patch, all I can do is laugh at the mention. Most people have no clue how much of what they use every day is susceptible to hacks, or simply not working properly due to bugs that only need a simple patch to fix.
By the way, I'm not only an electronics engineering technician ... I also can program in C++, DotNet, and C#.
Any vehicle anyone buys that has any internet capabilities or cell phone or bluetooth ... you'd better stay away from them ... because there will be ways to hack them.
And good luck finding cars in the near future that DON'T connect wireless. It will be like trying to find cars with crank windows.
Personally, I'm much more concerned about hackers hacking into my bank accounts, credit accounts, Amazon info, or health information, than I am about them wanting to mess with my car.
Last edited by RFtech53; 08-06-2015 at 01:58 PM.
08-06-2015, 09:44 PM
#7
Herp Derp Jerp
Thread Starter
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Likes: 0
Received 12 Likes
on
11 Posts
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
Obviously a replacement radio is not going to solve anything. I think metalwonzero was trying to get at "an entirely different vehicle that doesn't even have something so obviously prone to abuse in the event of a security compromise". Like maybe a Model T.
Good post though!
Good post though!
Trending Topics
08-07-2015, 03:50 AM
#8
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
Let's examine the difference between a patch and a product replacement.
Go ahead and replace the UConnect hardware (computer/interface) with a brand new unit. If it has the same "code" in it that the current cars have, you've still got the same problem.
What's needed to find the problem is not new hardware ... it's new computer code ... AKA ... a "patch."
Every piece of computer technology you own is vulnerable from a hack. There is almost always a way to get into a system that is wired or wireless, and hack a system.
A "patch" fixes those "mistakes" that the programmer's didn't know where there until someone finds it ... either on purpose, or accidentally.
I've found code issues with Excel at work. And I reported them to Microsoft. Microsoft didn't know they existed because they didn't reproduce the issue with exactly the same set of circumstances I used.
Can you imagine trying to run a new Operating System with every computer make and model on the market, and with every different setup those computers can all have. It's an enormous task and usually, it can't be done. There are just too many variables.
So does that mean I should throw out my computer because one program doesn't work the way it was intended? Of course not.
A Microsoft programmer sets up his system to reproduce mine. And if he's lucky, he finds the same bug I found. Then, he digs deep into hundreds of lines of code to find out why it behaved the way it did, and produces new code to keep that same issue from happening again.
In most cases, a small "patch" of code ... sometimes only a line long ... sometimes a couple hundred lines long ... is all that's needed to fix a program that consists of ten of thousands of lines of code.
When I hear people say that a manufacturer needs to replace equipment due to a patch, all I can do is laugh at the mention. Most people have no clue how much of what they use every day is susceptible to hacks, or simply not working properly due to bugs that only need a simple patch to fix.
By the way, I'm not only an electronics engineering technician ... I also can program in C++, DotNet, and C#.
Any vehicle anyone buys that has any internet capabilities or cell phone or bluetooth ... you'd better stay away from them ... because there will be ways to hack them.
And good luck finding cars in the near future that DON'T connect wireless. It will be like trying to find cars with crank windows.
Personally, I'm much more concerned about hackers hacking into my bank accounts, credit accounts, Amazon info, or health information, than I am about them wanting to mess with my car.
Go ahead and replace the UConnect hardware (computer/interface) with a brand new unit. If it has the same "code" in it that the current cars have, you've still got the same problem.
What's needed to find the problem is not new hardware ... it's new computer code ... AKA ... a "patch."
Every piece of computer technology you own is vulnerable from a hack. There is almost always a way to get into a system that is wired or wireless, and hack a system.
A "patch" fixes those "mistakes" that the programmer's didn't know where there until someone finds it ... either on purpose, or accidentally.
I've found code issues with Excel at work. And I reported them to Microsoft. Microsoft didn't know they existed because they didn't reproduce the issue with exactly the same set of circumstances I used.
Can you imagine trying to run a new Operating System with every computer make and model on the market, and with every different setup those computers can all have. It's an enormous task and usually, it can't be done. There are just too many variables.
So does that mean I should throw out my computer because one program doesn't work the way it was intended? Of course not.
A Microsoft programmer sets up his system to reproduce mine. And if he's lucky, he finds the same bug I found. Then, he digs deep into hundreds of lines of code to find out why it behaved the way it did, and produces new code to keep that same issue from happening again.
In most cases, a small "patch" of code ... sometimes only a line long ... sometimes a couple hundred lines long ... is all that's needed to fix a program that consists of ten of thousands of lines of code.
When I hear people say that a manufacturer needs to replace equipment due to a patch, all I can do is laugh at the mention. Most people have no clue how much of what they use every day is susceptible to hacks, or simply not working properly due to bugs that only need a simple patch to fix.
By the way, I'm not only an electronics engineering technician ... I also can program in C++, DotNet, and C#.
Any vehicle anyone buys that has any internet capabilities or cell phone or bluetooth ... you'd better stay away from them ... because there will be ways to hack them.
And good luck finding cars in the near future that DON'T connect wireless. It will be like trying to find cars with crank windows.
Personally, I'm much more concerned about hackers hacking into my bank accounts, credit accounts, Amazon info, or health information, than I am about them wanting to mess with my car.
i care less what your qualifications are and what you write, i wont be driving you down the highway...
by the way a patch is in fact a band aid... its not a fix... this is why they call a a patch for a patch a hot fix... nice try guy... also... if your computer could crash and kill some family due to bad programming and blind faith in bad soft and hardware... yea.. id throw that mug out in a split second..
but hey.. what ever makes you happy... spend your money according to what makes you tick..
Last edited by metalwonzero; 08-07-2015 at 03:53 AM.
08-08-2015, 02:50 PM
#9
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
Obviously a replacement radio is not going to solve anything. I think metalwonzero was trying to get at "an entirely different vehicle that doesn't even have something so obviously prone to abuse in the event of a security compromise". Like maybe a Model T.
Good post though!
Good post though!
also.. keep in mind a replacement would take away an entry port for the hack... but is back door available through some other route?
remember a patch is a band aid, that requires constant attention such as hotfixes, and security updates... just like a bad patch on windows... the problem has been identified.. and yes.. the hardware will need to be altered to be properly encrypted in the future.. i care less what the guy above said about microsoft excel power point etc.. this is not a data base we are talking about.. its a jeep..
as stated previously the only thing the mother computer and the uconnect entertainment center/gps should share is a common power supply... at no point in time should they have combined both..
complacency kills... and when an auto maker gets complacent and releases stuff like this they should own their mistakes.. not us..
nor should anyone defend them and the mistake they made.. it will slow down progress if everyone just folds and accepts it as good enough...
08-14-2015, 12:24 PM
#10
Junior Member
Join Date: Jul 2015
Location: East Central Iowa
Posts: 42
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2015 Trailhawk
Model: Cherokee
Engine: 3.2L V6
A patch is not a "band aid". It is indeed a "fix". The reason it's a fix is because the code "fixes" the unseen problem that the original code contained.
If the code were totally rewritten as you seem to feel it needs to be, to be "fixed", it would now include the exact lines of code that are in the patch.
It wasn't a nice try ... it was the way it is.
And actually, FCA isn't having owners install a "patch".
FCA is having owners download updated code. It's not a "patch" .... it's new code. Unfortunately, the uneducated call it a "patch."
Sprint, the network over which the Uconnect service communicates, has blocked the channel of communication used by the researchers so that you can’t connect to Uconnect vehicles over the Internet.
Now to get off the all the horrors of the Kl hack, I just read that the new Chevy Corvette has been hacked by a simple text message.
https://www.yahoo.com/tech/can-your-...626255019.html
As I said previously, just because some researchers with plenty of time and money on their hands can find a way into your car, it doesn't mean it's time to get rid of the vehicle. They'll be able to find their way into any car out there with internet, cellular, or blue-tooth coverage. And that's going to be in every car in the next ten years, because that's what the majority want.
If you are scared of technology, go find a car that doesn't have any of that.
Finally, the internet is a great place for the uneducated to spew their thoughts, whether based in fact or fiction. It's fine if you don't care about my qualifications or what I wrote. To each their own. I happened to list some of what I do for a career so that readers can decide whether or not I'm worth listening to.
Peace out.
Last edited by RFtech53; 08-14-2015 at 12:26 PM.
08-14-2015, 12:55 PM
#11
Member
Join Date: Feb 2014
Location: DuPage County, Illinois
Posts: 127
Likes: 0
Received 1 Like
on
1 Post
Year: 2014
Model: Cherokee
Engine: 3.2-liter V-6
I had mine done. It was supposed to take 30 minutes; it took a full day.
I will say, though, the uConnect system responds MUCH faster, and my previous bug with it not wanting to play media off a USB drive is completely fixed.
I will say, though, the uConnect system responds MUCH faster, and my previous bug with it not wanting to play media off a USB drive is completely fixed.
08-14-2015, 03:22 PM
#12
Junior Member
Join Date: Jul 2015
Location: East Central Iowa
Posts: 42
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2015 Trailhawk
Model: Cherokee
Engine: 3.2L V6
Very strange Watchful. I did mine myself off a thumb drive, and it was about 20 minutes or so. Considering the amount of info that gets updated, it was pretty quick.
Here's the updates it does:
Installing unit 1 SYSTEM CHECK
Installing unit 2 IOC-BOOTLOADER
Installing unit 3 IOC
Installing unit 4 System
Installing unit 5 System Data
Installing unit 6 Speech
Installing unit 7 EQ
Installing unit 8 Xlets
Installing unit 9 Sierra Air Card
Installing unit 10 XM Update
Installing unit 11 HD Update
It is a pretty involved update to several systems. The Nav system gets a big update. And I think I might have mentioned in this thread that FCA told me there is another NAV update coming at the end of August (or expected to anyway). They wanted to put the NAV updates all in one package, but didn't have them all ready to go and felt the security update was too important to delay.
I wonder if the dealer just decided to keep it for the day so they could get to it when they felt like it?
Here's the updates it does:
Installing unit 1 SYSTEM CHECK
Installing unit 2 IOC-BOOTLOADER
Installing unit 3 IOC
Installing unit 4 System
Installing unit 5 System Data
Installing unit 6 Speech
Installing unit 7 EQ
Installing unit 8 Xlets
Installing unit 9 Sierra Air Card
Installing unit 10 XM Update
Installing unit 11 HD Update
It is a pretty involved update to several systems. The Nav system gets a big update. And I think I might have mentioned in this thread that FCA told me there is another NAV update coming at the end of August (or expected to anyway). They wanted to put the NAV updates all in one package, but didn't have them all ready to go and felt the security update was too important to delay.
I wonder if the dealer just decided to keep it for the day so they could get to it when they felt like it?
08-14-2015, 03:50 PM
#13
Member
Join Date: Feb 2014
Location: DuPage County, Illinois
Posts: 127
Likes: 0
Received 1 Like
on
1 Post
Year: 2014
Model: Cherokee
Engine: 3.2-liter V-6
I'm glad yours went well, and I was fascinated by your write up of what happened at each phase.
Has anyone received their FCA thumb drives yet? I was under the impression *every* affected owner was getting one, regardless, ASAP starting last week.
08-18-2015, 05:49 PM
#14
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
I personally know about 100 code writers who write software that controls GPS guided missiles and military and commercial aircraft, who would totally disagree with you.
A patch is not a "band aid". It is indeed a "fix". The reason it's a fix is because the code "fixes" the unseen problem that the original code contained.
If the code were totally rewritten as you seem to feel it needs to be, to be "fixed", it would now include the exact lines of code that are in the patch.
It wasn't a nice try ... it was the way it is.
And actually, FCA isn't having owners install a "patch".
FCA is having owners download updated code. It's not a "patch" .... it's new code. Unfortunately, the uneducated call it a "patch."
Sprint, the network over which the Uconnect service communicates, has blocked the channel of communication used by the researchers so that you can’t connect to Uconnect vehicles over the Internet.
Now to get off the all the horrors of the Kl hack, I just read that the new Chevy Corvette has been hacked by a simple text message.
https://www.yahoo.com/tech/can-your-...626255019.html
As I said previously, just because some researchers with plenty of time and money on their hands can find a way into your car, it doesn't mean it's time to get rid of the vehicle. They'll be able to find their way into any car out there with internet, cellular, or blue-tooth coverage. And that's going to be in every car in the next ten years, because that's what the majority want.
If you are scared of technology, go find a car that doesn't have any of that.
Finally, the internet is a great place for the uneducated to spew their thoughts, whether based in fact or fiction. It's fine if you don't care about my qualifications or what I wrote. To each their own. I happened to list some of what I do for a career so that readers can decide whether or not I'm worth listening to.
Peace out.
A patch is not a "band aid". It is indeed a "fix". The reason it's a fix is because the code "fixes" the unseen problem that the original code contained.
If the code were totally rewritten as you seem to feel it needs to be, to be "fixed", it would now include the exact lines of code that are in the patch.
It wasn't a nice try ... it was the way it is.
And actually, FCA isn't having owners install a "patch".
FCA is having owners download updated code. It's not a "patch" .... it's new code. Unfortunately, the uneducated call it a "patch."
Sprint, the network over which the Uconnect service communicates, has blocked the channel of communication used by the researchers so that you can’t connect to Uconnect vehicles over the Internet.
Now to get off the all the horrors of the Kl hack, I just read that the new Chevy Corvette has been hacked by a simple text message.
https://www.yahoo.com/tech/can-your-...626255019.html
As I said previously, just because some researchers with plenty of time and money on their hands can find a way into your car, it doesn't mean it's time to get rid of the vehicle. They'll be able to find their way into any car out there with internet, cellular, or blue-tooth coverage. And that's going to be in every car in the next ten years, because that's what the majority want.
If you are scared of technology, go find a car that doesn't have any of that.
Finally, the internet is a great place for the uneducated to spew their thoughts, whether based in fact or fiction. It's fine if you don't care about my qualifications or what I wrote. To each their own. I happened to list some of what I do for a career so that readers can decide whether or not I'm worth listening to.
Peace out.
08-18-2015, 07:40 PM
#15
Junior Member
Join Date: Jul 2015
Location: East Central Iowa
Posts: 42
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2015 Trailhawk
Model: Cherokee
Engine: 3.2L V6
LOL I wish, Metal. I only wish.
I'm just one of those guys who does their leg work and makes them look good.
One good thing about the FCA hacking (and now other makes which are making headlines) is that engineers should see a whole new perspective in regards to the vehicle's safety systems versus the "infotainment" systems ... and have no interaction between them ... or at the very least ... securely firewall the two from each other.
It remains to be seen how it will go.
But hey ... at least all of us KL owners have an out if we get into an accident that authorities say is our fault. We can point to these articles and scream, "Honest officer ... the car just had a mind of it's own. Someone hacked me!"
Yeah, I know. They aren't likely to buy it.
I'm just one of those guys who does their leg work and makes them look good.
One good thing about the FCA hacking (and now other makes which are making headlines) is that engineers should see a whole new perspective in regards to the vehicle's safety systems versus the "infotainment" systems ... and have no interaction between them ... or at the very least ... securely firewall the two from each other.
It remains to be seen how it will go.
But hey ... at least all of us KL owners have an out if we get into an accident that authorities say is our fault. We can point to these articles and scream, "Honest officer ... the car just had a mind of it's own. Someone hacked me!"
Yeah, I know. They aren't likely to buy it.