Ram Rebel Forum banner
Cancel

Uconnect Vulnerable to Outside Hacks

8557 Views 10 Replies 9 Participants Last post by  Maverick
R


Last week under the guise of “offering customers improved vehicle electronic security and communication system enhancements”, FCA quietly released a software patch for Uconnect.

This wasn't your run of the mill software update however, professional hackers Charlie Miller and Chris Valasek alerted FCA to vulnerabilities they used to exploit their Uconnect system system and worked with them to patch it.

Miller and Valasek were able to remotely take control of a bone stock 2014 Jeep Cherokee by exploiting the cellular data connection Wi-Fi hot spot equipped Uconnect (with the 8.4 inch screen) vehicles use. The duo was able to crank up the radio volume, speed up the wipers and most alarming, shut the engine off on the highway.

Later in a parking lot they took control of the Cherokee's steering, albeit only in reverse as well as killing the brakes, leaving Wired journalist Andy Greenberg helpless in a ditch.

“Under no circumstances does FCA condone or believe it’s appropriate to disclose “how-to information” that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company said in a statement.

“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems. The software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle.”

You can download the patch yourself from driveuconnect.com/software-update/ or you can contact your local dealer to schedule an appointment.

See less See more
Reply
Save
Like
1 - 11 of 11 Posts
M
Not really that nervous someone is going to do this to my vehicle. I mean, what have I done to make Anonymous angry lately?

Still, it is important to take steps to address this. I read that the US Senate is debating a bill to create standards for cyber security for cars.

Senate Introduces Automotive Anti-Hacking Bill - News - Car and Driver | Car and Driver Blog
Reply
Save
Like
D
Maverick said:
Not really that nervous someone is going to do this to my vehicle. I mean, what have I done to make Anonymous angry lately?

Still, it is important to take steps to address this. I read that the US Senate is debating a bill to create standards for cyber security for cars.

Senate Introduces Automotive Anti-Hacking Bill - News - Car and Driver | Car and Driver Blog
Click to expand...
hackers are pranksters. Half of what annoymous does is malicious and not motivated by justice in anyway shape or form. All it might take in a few years is a couple of connected kids with a couple of chilled beers...
Reply
Save
Like
T
I can only assume that most people are not professional hackers with the know how to do this on their own. I don't suppose we will have the option to turn off the Uconnect wi-fi? At least while I am in it.
Reply
Save
Like
S
All rebels come with Uconnect 8.4 right? patch should be installed from the factory then...
Reply
Save
Like
A
My guess is no. Likely these were built before the patch. With that said, I would expect dealer prep to take care of it before customer delivery. My truck has version 15.24.1. I can't seem to find that number when I google, and theoretically it is a higher number than version 15.17.5 listed on the update site. But I'm not sure if that's true
Reply
Save
Like
R
Aqualite75 said:
My guess is no. Likely these were built before the patch. With that said, I would expect dealer prep to take care of it before customer delivery. My truck has version 15.24.1. I can't seem to find that number when I google, and theoretically it is a higher number than version 15.17.5 listed on the update site. But I'm not sure if that's true
Click to expand...
That is my understanding, too. I confirmed with my dealer that they had applied the patch prior to accepting delivery and I also have 15.24.1. But just to make sure my dealer was being honest I went to the update site (https://www.driveuconnect.com/software-update/) to check my VIN and it told me my vehicle "qualifies for a software update". Huh? So I called the Uconnect folks and they confirmed that 15.24.1 is the latest and greatest version. Guess my dealer was telling me the truth. Trust but verify...
Reply
Save
Like
  • Like
Reactions: 2
pk78731
i bought mine at clear lake dodge just south of houston, and i had to apply the patch.....the update was simple, and the lady from uconnect verified the right version was installed....
Reply
Save
Like
K
pk78731 said:
i bought mine at clear lake dodge just south of houston, and i had to apply the patch.....the update was simple, and the lady from uconnect verified the right version was installed....
Click to expand...
How long did it take you to do the whole process?
Reply
Save
Like
pk78731
i used my mac, plug your vin into the website, and follow the directions, download the file to the usb, plug it in the arm rest console, the uconnect will recognize it, then the upgrade begins....the whole process took about 45 minutes...the download takes longer than the upgrade.....

Attachments

See less See more
Reply
Save
Like
M
This seems like stuff out of James Bond. Remember this scene?


It's just hard for me to really be afraid of this because it seems so unlikely to happen to me even if its possible. Cyber security breaches keep happening, so I know it does happen, but I think hackers would sooner hack a large data base for a trove of data instead of hacking one random person's car. And if you were to hack one person's car, why not a super luxury car instead of a Ram Rebel?
Reply
Save
Like
  • Like
Reactions: 1
1 - 11 of 11 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Ram Rebel Forum
A forum community dedicated to Ram Rebel owners and enthusiasts. Come join the discussion about modifications, classifieds, troubleshooting, maintenance, and more!
Full Forum Listing
Explore Our Forums
Ram Rebel General Discussion Tires, Wheels, and Suspension
Top