Step Away from the (Hackable) Vehicle! Part 1 of 2 - Page 3 - 2014+ Jeep Cherokee Forums
User Tag List

 28Likes
Reply
 
LinkBack Thread Tools
post #21 of 42 (permalink) Old 08-05-2015, 07:00 PM
Enthusiast Member
 
Jeep8492's Avatar
 
Join Date: May 2015
Posts: 112
This UCONNECT issue can be solved by installing a firewall (in the technical sense, not in the engine compartment sense) between the CANBUS on UCONNECT and the rest of the vehicle. All the firewall has to do is stop dangerous commands and fake data such as bleed ABS, command steering wheel servo motor, throttle position, fake rpm reports, fake speed reports, etc.

Believe it or not some people can figure out that a radio should not be broadcasting to the bus that the transmission is overheating. On the internet, your bank has probably figured out that a computer which claims to be a teller's terminal should not have access to the computer which holds everyone's passwords. So there is a box (or equivalent) to block this stuff.



Firewalls are everywhere on internet. Its time FCA started to learn about security.

Last edited by Jeep8492; 08-05-2015 at 07:15 PM.
Jeep8492 is offline  
Sponsored Links
Advertisement
 
post #22 of 42 (permalink) Old 08-05-2015, 08:21 PM
Enthusiast Member
 
Join Date: Sep 2014
Posts: 125
Quote:
Originally Posted by Jeep8492 View Post
This UCONNECT issue can be solved by installing a firewall (in the technical sense, not in the engine compartment sense) between the CANBUS on UCONNECT and the rest of the vehicle. All the firewall has to do is stop dangerous commands and fake data such as bleed ABS, command steering wheel servo motor, throttle position, fake rpm reports, fake speed reports, etc..
They had one.

I posted the details of the hack over here http://jeepcherokeeclub.com/4-2014-2...hack-done.html
blowdart is offline  
post #23 of 42 (permalink) Old 08-05-2015, 11:58 PM
Enthusiast Member
 
Jeep8492's Avatar
 
Join Date: May 2015
Posts: 112
Quote:
Originally Posted by blowdart View Post
They had one.

I posted the details of the hack over here http://jeepcherokeeclub.com/4-2014-2...hack-done.html
Im not sure what you mean by firewall chip, but if the firewall function can be reprogrammed without physical access to the vehicle, then it really is not a well-designed firewall. It is something else like a "filter".

Keep in mind that we are talking simple computers here with 1-5% of the capability of a low-end PC. So relying on encryption, authentication with security certificates and the like to preserve a chain of trust (as your bank would) is truly not practical.

To update UCONNECT firmware, it seems to me that requiring physical access to the vehicle is a good compromise until

1) someone figures out how to get a Jeep virus on a USB stick or SD Card
2) or through the USB stack which talks to Ipods or portable hard drives.

Last edited by Jeep8492; 08-06-2015 at 12:20 AM.
Jeep8492 is offline  
 
post #24 of 42 (permalink) Old 08-06-2015, 12:02 AM
Member
 
mrvwbug's Avatar
 
Join Date: Jul 2015
Location: Cheyenne, WY
Posts: 78
The patch is very easy to install. I patched mine a few days before the story broke and it took less than 30min. No reason not to do it yourself. I also suspect the victim Cherokee in that test was a fully loaded model with lane keeping assist, parking assist and auto braking, that is the only way to get solenoids powerful enough to exert that much force on the steering. The Cherokee is NOT steer by wire (the Infiniti Q50 is the only production car that has steer by wire), though the electric power steering is used to give the nudges for lane keeping assist and the steering inputs for the parking assist and might be strong enough to overpower the driver's inputs, it is also not brake by wire, though the traction and stability control has a lot of control over the brakes (basically if it did go haywire, it could not disable the brakes, but it could apply them).

As someone who does work in IT, I am really surprised that they were stupid enough to NOT air gap the critical control systems of the vehicle. Though on that same note, vehicles of the future will have to be connected in order for autonomous driving to function.
mrvwbug is offline  
post #25 of 42 (permalink) Old 08-08-2015, 10:10 AM
Enthusiast Member
 
LeCreaux's Avatar
 
Join Date: Nov 2013
Location: San Antonio, Texas
Posts: 383
The news on that "hacked" Cherokee are more than a little deceptive. The guys who "hacked" it wrote software to turn their own Cherokee into a robot and installed it via the USB port. They didn't even hack their own Cherokee over the Internet. Then the news picked it up and said Cherokee's can be hacked over the Internet.

I'm always happy to see software security improved, that that whole news story is just drama. It implied that someone could see you drive by and take control of your car for fun. That's not true at all. Even for an unpatched vehicle there's a lot conditions that would have to exist in your vehicle AND you would have to unwittingly assist with some of your own actions AND they'd have to have a lot of time with your vehicle powered on.

2014 Cherokee TrailHawk
3.2L Pentastar V6 with Tow Package
Brilliant Black Crystal Pearl Coat
Grand Canyon - Jeep Brown Leather
Comfort/Convenience
Premium Audio
Build Date: 09/13

Last edited by LeCreaux; 08-08-2015 at 10:18 AM.
LeCreaux is offline  
post #26 of 42 (permalink) Old 08-08-2015, 03:51 PM
Enthusiast Member
 
Join Date: Dec 2013
Location: Richmond VA
Posts: 360
You are confusing two Cherokee hacks several months apart by the same two security researchers. In the first hack, they needed physical access to take control of the Cherokee. Subsequently, they were able to do it remotely. The threat is not that a hacker will target your specific vehicle, but that a virus will cause some feature to malfunction simultaneously on hundreds of thousands of Chrysler vehicles.

2014 white I4 Fwd Limited with Technology package
Lil_Kee is offline  
post #27 of 42 (permalink) Old 08-09-2015, 02:29 AM
Member
 
Join Date: Aug 2015
Posts: 2
W T H! let me see if I understand. Are you saying the car I thought I wanted is not the car I should get.?
lp7p is offline  
post #28 of 42 (permalink) Old 08-09-2015, 11:47 AM
Hardcore Member
 
Ruffnredi's Avatar
 
Join Date: Jul 2015
Posts: 784
@lp7p couple of things that are important related to the hack.

1. Sprint closed the port that made this possible months ago.
2. There is a software patch that removes the vulnerability that was used for the hack

Worry more about the tranny issues than this hack.
Ruffnredi is offline  
post #29 of 42 (permalink) Old 08-09-2015, 01:59 PM
Enthusiast Member
 
Wisconsin Mike's Avatar
 
Join Date: Jul 2015
Posts: 200
I printed this out on a vinyl label maker and stuck it to an adhesive backed magnet sheet from Walmart and made my own magnetic bumper sticker.
Attached Thumbnails
Click image for larger version

Name:	Jeep Bumper Sticker.jpg
Views:	85
Size:	74.1 KB
ID:	77441  
Array, Treaty, intrepidusa and 2 others like this.
Wisconsin Mike is offline  
post #30 of 42 (permalink) Old 08-09-2015, 03:46 PM
Hardcore Member
 
Ruffnredi's Avatar
 
Join Date: Jul 2015
Posts: 784
Ruffnredi is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the 2014+ Jeep Cherokee Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



  Similar Threads
Thread Thread Starter Forum Replies Last Post
Cherokee is "most hackable" vehicle jferris33 2014+ Jeep Cherokee General Discussion 171 08-10-2015 11:23 AM
Beaver Step? WhiteHawk One Exterior 1 11-24-2014 10:13 AM
2014 Jeep Cherokee rated as "most hackable" cherokee The Car Lounge 27 11-17-2014 11:36 PM

Posting Rules  
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On