U Connect vulnerability
07-22-2015, 10:31 AM
#1
Newbie
Thread Starter
Join Date: Jan 2014
Location: NC
Posts: 25
Likes: 0
Received 0 Likes
on
0 Posts
Year: 1998
Model: Cherokee
Engine: 4.0
U Connect vulnerability
anyone else seen this? spooky!
Nevermind, just saw salad's post. Oops
Nevermind, just saw salad's post. Oops
Last edited by Greg98Classic; 07-22-2015 at 11:38 AM. Reason: Already a topic
07-22-2015, 06:18 PM
#2
CF Veteran
Join Date: Feb 2012
Location: Hamburg, NY
Posts: 1,258
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2001
Model: Cherokee
Ya, Not too happy bout this, hope my WK2 isn't vulnerable too.... My Grand has the U Connect system too....... Makes you think about all the High Tec Vehicles out on the road.....
07-23-2015, 01:20 PM
#3
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
this has been a prior topic, and it is getting worse, these guys originally did a inside jeep hack, but they found the wifi loophole, i cant keep this ride... as i stated a key generator is all that is needed and a smart person to take them all over at the same time..
a hack is a hack...
now the trade in value has dropped to a stupid low on my ride... i am not happy about this..
none of us KL owners should be...
a hack is a hack...
now the trade in value has dropped to a stupid low on my ride... i am not happy about this..
none of us KL owners should be...
07-24-2015, 01:41 PM
#5
CF Veteran
Join Date: Jul 2013
Location: Monett, MO.
Posts: 7,554
Likes: 0
Received 14 Likes
on
14 Posts
Year: 1999
Model: Cherokee
Engine: 4.0
It affects all the Fiat made Chrysler line the Grand's as well Dodge trucks, cars since 13 when Fiat wrote all the software for the Chrysler line being they own majority shares.
07-25-2015, 08:17 AM
#6
CF Veteran
Join Date: Feb 2012
Location: Hamburg, NY
Posts: 1,258
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2001
Model: Cherokee
Did you do the download onto a thumb drive or did you go to the Stealership? I thought about doing the download but you know how anything these days voids the warranties....
07-25-2015, 10:05 AM
#7
Junior Member
Join Date: Jul 2015
Location: East Central Iowa
Posts: 42
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2015 Trailhawk
Model: Cherokee
Engine: 3.2L V6
The download is available from the Uconnect website .... the link is near the bottom of the article listed above.
It will not void your warranty .... it's an OEM download.
If you know how to do Window's updates, then it's a simple feat.
My install didn't go "exactly" like the instructions on the Uconnect website, but I simply followed the printed instructions and the ones on the display, and I had no problem.
It's supposed to import all your files, and then reboot back into the Version number screen, according to the printed instructions. Mine simply rebooted into the typical radio screen .... or the screen you last had up before it started doing the upgrade.
You can simply go back to your version screen once it's done, to assure it installed the latest version properly.
From my understanding however, if you go to the dealership after you get the recall notice, you'll get a free thumb drive with the upgrade files on it.
So. free thumb drive !
I just didn't want to wait for that. I'd rather be protected now.
The screen in your car will show the Unit number it's working on (I believe there are 11 units or files it installs), and also the percentage of the total process. I previously said it took about 30 minutes. But now that I think about it, it might have only been about 15 minutes.
It will not void your warranty .... it's an OEM download.
If you know how to do Window's updates, then it's a simple feat.
My install didn't go "exactly" like the instructions on the Uconnect website, but I simply followed the printed instructions and the ones on the display, and I had no problem.
It's supposed to import all your files, and then reboot back into the Version number screen, according to the printed instructions. Mine simply rebooted into the typical radio screen .... or the screen you last had up before it started doing the upgrade.
You can simply go back to your version screen once it's done, to assure it installed the latest version properly.
From my understanding however, if you go to the dealership after you get the recall notice, you'll get a free thumb drive with the upgrade files on it.
So. free thumb drive !
I just didn't want to wait for that. I'd rather be protected now.
The screen in your car will show the Unit number it's working on (I believe there are 11 units or files it installs), and also the percentage of the total process. I previously said it took about 30 minutes. But now that I think about it, it might have only been about 15 minutes.
Trending Topics
07-25-2015, 03:55 PM
#8
Member
Join Date: Feb 2014
Location: DuPage County, Illinois
Posts: 127
Likes: 0
Received 1 Like
on
1 Post
Year: 2014
Model: Cherokee
Engine: 3.2-liter V-6
Just read that FCA is mailing out USB sticks to all affected owners. Save yourself some time, unless you can't wait: apparently the sticks are going in the mail any day now.
Which is great, because i could really use a 4GB stick when I'm done with this upgrade.
Which is great, because i could really use a 4GB stick when I'm done with this upgrade.
07-25-2015, 04:29 PM
#9
Junior Member
Join Date: Jul 2015
Location: East Central Iowa
Posts: 42
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2015 Trailhawk
Model: Cherokee
Engine: 3.2L V6
this has been a prior topic, and it is getting worse, these guys originally did a inside jeep hack, but they found the wifi loophole, i cant keep this ride... as i stated a key generator is all that is needed and a smart person to take them all over at the same time..
a hack is a hack...
now the trade in value has dropped to a stupid low on my ride... i am not happy about this..
none of us KL owners should be...
a hack is a hack...
now the trade in value has dropped to a stupid low on my ride... i am not happy about this..
none of us KL owners should be...
Metalwonzero ... forgive my newbie status, and this isn't a personal punch. But I've read a lot of your posts on this forum site and you seem to be really down on a lot of Jeep issues. Some of them seem really petty. It makes me wonder why you bought it, or why you hang on to it.
So the KL got hacked. I would venture to say that if hackers spent enough time and money with any other makes out there with infotainment systems, those could be hacked too. Ford is Microsoft Sync ... so you know it could be hacked.
How many of us have had to go through dozens of Window's upgrades due to vulnerabilities. It's technology.
Windows, Target, Home Depot, the CIA, the NSA, your smart phones ... they are only as secure as the programmers make them. And anyone who has the brains and money and time to find a way into a backdoor.
So we either put up with it for the sake of technological advances, or we totally go back to wired phones, punch cards and tape reels for building-sized computers, fax machines, and snail mail.
A little software update is no big deal ... to me anyway. But then ... I love my Trailhawk in the first place.
07-26-2015, 01:30 AM
#10
CF Veteran
Join Date: Jul 2012
Location: Hudson, FL
Posts: 3,683
Likes: 0
Received 2 Likes
on
2 Posts
Year: 1999
Model: Cherokee
Engine: 4.0L Inline 6
I read all about this and makes me happy I have a 4.0L. None of this cellular junk to go wrong like this.
I mean if your car can just be controlled by a hacker, what good is driving it?
And if they patch this, hackers will just find more ways in, like they do with iPhone jailbreaking, bank scams, and more.
I mean if your car can just be controlled by a hacker, what good is driving it?
And if they patch this, hackers will just find more ways in, like they do with iPhone jailbreaking, bank scams, and more.
07-26-2015, 11:17 AM
#11
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
4g thumb drive?
who gives a hoot.. i am not updating encryption on an as needed basis, its just an encryption which is most likely being broken as i am typing, these 2 guys did it.. how many more are doing it that we do not know about..?
in the event someone did gain access and cause a wreck, how could we prove it was not our fault?
i highly doubt an intrusion detection system is installed in the system..
the vehicle does not need this computer hard wired into the operational system. nor does any other vehicle..
both can operate alone and share a mutual power supply with out effecting one another or having someone hijack the vehicle from its driver in real time remotely.
it will take more than a stupid flashing of the encryption to solve this problem that will grow..
a key generator, can produce all known VINs and a simple program can with the right mind can in fact access lots of vehicles at the same time.. and send 1 command to all vehicles at that same time..
^ we all should be evolved enough to know how computers can be manipulated and reprogrammed with malicious code.. this is no different.
who gives a hoot.. i am not updating encryption on an as needed basis, its just an encryption which is most likely being broken as i am typing, these 2 guys did it.. how many more are doing it that we do not know about..?
in the event someone did gain access and cause a wreck, how could we prove it was not our fault?
i highly doubt an intrusion detection system is installed in the system..
the vehicle does not need this computer hard wired into the operational system. nor does any other vehicle..
both can operate alone and share a mutual power supply with out effecting one another or having someone hijack the vehicle from its driver in real time remotely.
it will take more than a stupid flashing of the encryption to solve this problem that will grow..
a key generator, can produce all known VINs and a simple program can with the right mind can in fact access lots of vehicles at the same time.. and send 1 command to all vehicles at that same time..
^ we all should be evolved enough to know how computers can be manipulated and reprogrammed with malicious code.. this is no different.
07-26-2015, 05:58 PM
#12
Senior Member
Join Date: Apr 2014
Location: TN
Posts: 508
Likes: 0
Received 0 Likes
on
0 Posts
Year: 2014
Model: Cherokee
Engine: 2.4 Tiger Shark
Metalwonzero ... forgive my newbie status, and this isn't a personal punch. But I've read a lot of your posts on this forum site and you seem to be really down on a lot of Jeep issues. Some of them seem really petty. It makes me wonder why you bought it, or why you hang on to it.
So the KL got hacked. I would venture to say that if hackers spent enough time and money with any other makes out there with infotainment systems, those could be hacked too. Ford is Microsoft Sync ... so you know it could be hacked.
How many of us have had to go through dozens of Window's upgrades due to vulnerabilities. It's technology.
Windows, Target, Home Depot, the CIA, the NSA, your smart phones ... they are only as secure as the programmers make them. And anyone who has the brains and money and time to find a way into a backdoor.
So we either put up with it for the sake of technological advances, or we totally go back to wired phones, punch cards and tape reels for building-sized computers, fax machines, and snail mail.
A little software update is no big deal ... to me anyway. But then ... I love my Trailhawk in the first place.
So the KL got hacked. I would venture to say that if hackers spent enough time and money with any other makes out there with infotainment systems, those could be hacked too. Ford is Microsoft Sync ... so you know it could be hacked.
How many of us have had to go through dozens of Window's upgrades due to vulnerabilities. It's technology.
Windows, Target, Home Depot, the CIA, the NSA, your smart phones ... they are only as secure as the programmers make them. And anyone who has the brains and money and time to find a way into a backdoor.
So we either put up with it for the sake of technological advances, or we totally go back to wired phones, punch cards and tape reels for building-sized computers, fax machines, and snail mail.
A little software update is no big deal ... to me anyway. But then ... I love my Trailhawk in the first place.
for my part, i love the off road ability, mpg... and how it handles,
and another thing, if you think this will fix the problem.. your dead wrong..
Do you honestly think a software patch is going to help this in the future?
i hope you dont think that... me having a background in encryption and stuff of this nature, i cant accept this.. maybe you can.. i cant drive something knowing that someone else at any given time could tamper with my vehicle..
and this is a jeep forum where we discuss things about our jeeps good or bad. furthermore, hard wiring all that crap into the system was retarded to start with, had i known about this when it came out i would have gotten a rubicon, which is on my things to get list..
07-27-2015, 10:12 AM
#14
Herp Derp Jerp
Join Date: Nov 2011
Location: Parham, ON
Posts: 18,251
Likes: 0
Received 12 Likes
on
11 Posts
Year: 1999
Model: Cherokee
Engine: 4.0L OBD-II
There's a recall, many models affected http://www.bbc.com/news/technology-33650491
What I love the most about that article:
But yet they're condemning the act and anyone who even thinks about it is a criminal.
Look, guys. Either some guys spent a zillion hours making a $40,000 RC car, or this system is exploitable remotely. Something tells me by the way they're acting scared that it's not the former.
What I love the most about that article:
Fiat Chrysler said exploiting the flaw "required ... prolonged physical access to a subject vehicle..."
Look, guys. Either some guys spent a zillion hours making a $40,000 RC car, or this system is exploitable remotely. Something tells me by the way they're acting scared that it's not the former.
Last edited by salad; 07-27-2015 at 10:18 AM.
