Step Away from the (Hackable) Vehicle! Part 1 of 2 - 2014+ Jeep Cherokee Forums
User Tag List

LinkBack Thread Tools
post #1 of 42 (permalink) Old 08-04-2015, 02:31 PM Thread Starter
Super Moderator
eak's Avatar
Join Date: Feb 2014
Location: Lake Orion, MI
Posts: 1,196
Step Away from the (Hackable) Vehicle! Part 1 of 2

I am in no way trying to negatively portray the Cherokee. What I am trying to communicate is that the Cherokee security issue is a MUCH bigger issue.

Step Away from the (Hackable) Vehicle! Part 1 of 2
By Bruce Kleinman, SVP, Sales & Marketing and Co-Founder at Nodal Security
July 30, 2015

Despite having a full week to digest the news of the Jeep Cherokee hack, I found it challenging to decide on a plan of attack for the article now underway. This may prove to be a watershed moment in the history of kinetic cyber-attacks, and there are simple too many angles and too much subject matter. Fasten your seatbelts (pun intended) this is gonna’ be a rough ride.

“It’s not fun to have your two-ton SUV’s brakes hacked.”
Andy Greenberg—Wired

The Wired article that broke the news is a must-read—complete with video—will very likely scare the sh*t out of you. If it doesn’t, well, you either [a] don’t understand the ramifications or [b] live on an island with no cars. Here’s the executive summary:

An attacker on the Internet—physical proximity does NOT come into the equation—takes advantage of the vehicle’s LTE modem.
The initial breach is the Uconnect infotainment system. Yup, you read that correctly: the navigation / entertainment / comfort control system. How dangerous could that be?
Fairly dangerous. Heavy metal cranked to full volume paired with an air conditioner maxed to full heat and fan makes for a fairly distracting ride. (No offence intended to Jeep owners that enjoy a good sweating while jamming to distorted Black Sabbath).
Quite unfortunately, the breach does not stop there. The attacker is able to move laterally, thanks to the fact that most everything in a modern vehicle is [a] controlled over an in-vehicle network and [b] connected to everything else in said vehicle. (We’ll get to the details of “how the f**k did that happen?!?!” in Part 2 of this article.)
In this manner, the attacker is able to control what we all can agree are safety critical functions. Cutting the accelerator, for example, and the brakes.
Boiled down to an example: while you barrel down the highway in a 4000 pound vehicle, a sophisticated hacker somewhere on the internet kills your brakes.

Networking 101, meet Highway 101.

Bad news: this exploit exists in a many Chrysler vehicles … 2013-2014 Ram 1500 Pickup, 2013-2014 Ram 3500 Cab Chassis, 2013-2014 Ram 2500 Pickup, 2013-2014 Ram 4500/5500 Cab Chassis, 2013-2014 Ram 3500 Pickup, 2014 Grand Cherokee, 2014 Durango, 2013-2014 Viper, 2014 Cherokee, and some 2015 Chrysler 200s.

Good news: you can try to memorize that list, in order to give all of these vehicles a wide berth.

Bad news: it is unclear how you’ll accurately identify the model year. You can’t exactly yell “what year is your Dodge?” at 70 MPH.

Good news: Chrysler issued a recall of all of the above vehicles in order to update their firmware.

Bad news (for Fiat Chrysler): the recall will cost roughly $100M, despite being purely a software update.

To understand how this breach happened—and understand that why we WILL see more automotive breaches—a tutorial is in order. Back in the ‘old’ days, cars were simple contraptions from an electronics standpoint. First and foremost, vehicles simply didn’t have a lot of electronics. In roughly chronological order, for illustrative purposes only, manufacturers added: radio, electronic fuel injection, anti-theft, anti-lock brakes, airbags, and navigation. Every one of these electronic systems was self-contained, only tied to their own sensors and their own actuators.

That phrase “only tied” in the previous sentence, over time, became a weighty matter. Literally. The wiring harnesses running around a vehicle became heavier, costlier, more time consuming to install, and more prone to failure. These were the motivations that led to the introduction of controller area network (CAN) in the late 1980s. While CAN may be implemented in a star topology, linear topology dominates the industry. The latter enables a single CAN bus (very few wires) to run around a vehicle connecting many different electrical systems.

Getting into a bit more detailed, vehicles quickly evolved to have multiple CAN buses: one for engine control, one for safety-critical system, one for entertainment /comfort features. As the bandwidth requirements increased, CAN was joined by new automotive networks including MOST and FlexRay.

What exactly are all these automotive networks connecting? In the context of a contemporary vehicle: almost everything. Take apart a current mid-range automobile and you’ll find some six dozen electronic control units (ECUs), each one a specialized computer implementing a different function. Some ECUs are simply sensors, others are simply actuators, and many are very complex systems. Quoting the source of all automotive knowledge, Wikipedia observes:

“ECUs include Engine Control Module (ECM), Powertrain Control Module (PCM), Transmission Control Module (TCM), Brake Control Module (BCM), Central Control Module (CCM), Central Timing Module (CTM), General Electronic Module (GEM), Body Control Module (BCM), and Suspension Control Module (SCM).”

I’ll make a VERY important observation of my own at this juncture: as all of these ECUs became networked, fewer sensors / systems / actuators were directly connected. I didn’t communicate that clearly, so let me clarify using lyrics from “Dem Bones” by James Weldon Johnson:

Toe bone connected to the foot bone
Foot bone connected to the heel bone
Heel bone connected to the ankle bone
Ankle bone connected to the shin bone

Things that you may THINK are directly connected in your car—say, [a] the brake pedal and [b] the brake calipers—are anything but directly connected. The brake pedal is connected to ECU-X and the brake calipers are connected to ECU-Y; ECU-X sends a message to the BCM, which performs braking computations, and in turn sends a message to ECU-Y. Ditto the accelerator pedal and fuel injectors / valves / air intake; separate ECUs for the former and the latter, with the ECM in between.

If you’re thinking “all of the this sounds rather complex,” you are SPOT ON. Virtually everything in a modern vehicle is controlled electronically and connected to one of multiple in-vehicle networks. And the entire tutorial—which will wrap up in just a moment—so far has been limited to “making the car move” systems. We haven’t TOUCHED on the rapidly expanding (in both number and complexity) infotainment ECUs: terrestrial and satellite radio, video, navigation … and most recently Internet access.

I hate to leave you hanging, but this is the perfect juncture—in Part 2 you’ll understand just HOW perfect—to wrap up Part 1 of this article. Before I hit the metaphorical ‘send’ button, however, let’s revisit your thought from the previous paragraph: “all of the this sounds rather complex.” What might one of the world’s most respected cyber-security experts say at this point? (No, no, don’t be silly, I am NOT going to cite Wikipedia again.)

“Complexity the worst enemy of security.”
Bruce Schneier

Until Part 2, drive safely. From Silicon Valley.

Lake Orion, MI
Granite Crystal Metallic Date ordered: 03/Jan/2014 Delivered: 4/Mar/2014
Granite Crystal Metallic TH KL •|||||||•| 3.2L V6 24V VVT | 27E | 9-Spd 948TE 4WD
TOW |Comfort Convenience | Brown Leather | Technology| Uconnect 8.4AN
Cold Weather | Black Hood Decal | 9 Amplified Speakers w/Subwoofer | CD
eak is offline  
Sponsored Links
post #2 of 42 (permalink) Old 08-04-2015, 03:24 PM
Hardcore Member
Craigman TH's Avatar
Join Date: Mar 2015
Location: Burlington, Ont.
Posts: 627
So glad I live in Canada and we don't have to worry about this. No Wifi and no UConnect app available here. Personally, I don't miss it at all.
limey-g, Einstein14, TedB and 6 others like this.

2015 TH Granite Grey, 3.2, cold weather group, tow group, Uconnect 8.4AN, WeatherTech side window deflectors, tinted front windows, dash cam, black Bully hitch step with locking pin, locking roof cross rails, Rola Vortex cargo basket, Mopar slush mats, dual pinstripe around hood decal, door, dash and shifter console piping, media port covers, Dakar grille mod, Putco 4000k halogen upgrade, 5000k led fogs and much more to come!
Build Date 2015 3/15, delivery date 2015 3/25.
Craigman TH is offline  
post #3 of 42 (permalink) Old 08-04-2015, 03:29 PM
Forum Elder
ptrudel's Avatar
Join Date: Apr 2015
Location: Northern Ontario
Posts: 1,809
Originally Posted by Craigman TH View Post
So glad I live in Canada and we don't have to worry about this. No Wifi and no UConnect app available here. Personally, I don't miss it at all.
When I got my TH I was kinda bummed we didn't get the apps, but right now, I'm ok with it lol
TedB likes this.

2015 Bright White TH, 3.2L, Cold Weather group, Tow group, 8.4AN, build date 2/15

XenonDepot 5000K kit, A-Pillar lights, aussie lift, 245/70R17 Muteki TrailHogs, roof basket.
ptrudel is offline  
post #4 of 42 (permalink) Old 08-04-2015, 03:29 PM
Forum Elder
Join Date: Jan 2015
Location: The Q.C.
Posts: 1,846
this gives me a headache...
twar and Jeep8492 like this.

2015 TH Anvil 3.2 most options
2016 Renegade TH Anvil on order
2015 Audi SQ5
'You are not Sancho"
sciond is offline  
post #5 of 42 (permalink) Old 08-04-2015, 03:50 PM
Enthusiast Member
Join Date: Dec 2013
Location: Richmond VA
Posts: 359
Remember in the good old days of Windows XP, Microsoft left some ports open for "future use"? Big hackable vector. Even bigger scandal! That's exactly what happened here. Chrysler figured nobody would notice. The recent flash closes that vector.

Now with PCs, hackers have to con users into clicking on malicious email links in order to install viruses. Don't get email on your UConnect? Relax, for now. Hackers will figure out some way to exploit the weakest link in any security system, the user.
COJeep303 likes this.

2014 white I4 Fwd Limited with Technology package
Lil_Kee is offline  
post #6 of 42 (permalink) Old 08-04-2015, 03:55 PM
Join Date: May 2014
Location: Minnesota
Posts: 26
What`s next some group of hackers shutting down my Cherokee and locking me out, until I pay a ransom!!
2010renegade is offline  
post #7 of 42 (permalink) Old 08-04-2015, 04:03 PM
Forum Elder
Mark_'s Avatar
Join Date: Jun 2015
Location: Québec, Canada
Posts: 4,141
Originally Posted by 2010renegade View Post
What`s next some group of hackers shutting down my Cherokee and locking me out, until I pay a ransom!!
That wouldn't be daring enough. They would lock you IN the vehicule, turn up the heat full blast on a really hot day and then... ask for ransom money to let you out.

Sounds like you are familiar with ransomware-type infections on PCs. Nasty..

My avatar is the Elder Predator (goes well with my forum status and overall temper )
2015 North (Canada) - V6 - AD1
Cold, Tow, 8.4A, 9 speakers with sub
Mark_ is offline  
post #8 of 42 (permalink) Old 08-04-2015, 04:28 PM
Super Moderator
SkipW's Avatar
Join Date: Dec 2013
Location: Midcoast Maine
Posts: 6,011
Originally Posted by 2010renegade View Post
What`s next some group of hackers shutting down my Cherokee and locking me out, until I pay a ransom!!

Worse, they decide to slam down on the throttle when you're on a crowded city street and disable the brakes and steering.

This is the kind of "scare the s**t out of you" moment he was talking about.

My dealership (small town rural) does not even have access to the update as of last Friday....


The best time to plant a tree was 20 years ago. The second best time is now.
SkipW is offline  
post #9 of 42 (permalink) Old 08-04-2015, 04:41 PM
Hardcore Member
TeeHawk's Avatar
Join Date: Apr 2015
Location: Midwest
Posts: 1,431
Originally Posted by ptrudel View Post
When I got my TH I was kinda bummed we didn't get the apps, but right now, I'm ok with it lol
I used it once when car was big deal and actually pain in the butt..never used it, nor want it
TeeHawk is offline  
post #10 of 42 (permalink) Old 08-04-2015, 04:46 PM
Forum Elder
Mark_'s Avatar
Join Date: Jun 2015
Location: Québec, Canada
Posts: 4,141
Originally Posted by SkipW View Post
My dealership (small town rural) does not even have access to the update as of last Friday....
There must be at least one computer savvy employee in there, capable of getting the update on a USB stick and flash it for you.
If you insist just a little, I don't see why they wouldn't consider it. Print out the procedure for them (.pdf document), and bring your own USB stick if they can't locate one. Doing it this way is just as fast as doing it with their own machine.
COJeep303 and SonicSoundKL like this.
Mark_ is offline  

Quick Reply

Register Now

In order to be able to post messages on the 2014+ Jeep Cherokee Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Please enter a password for your user account. Note that passwords are case-sensitive.


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:


Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page

  Similar Threads
Thread Thread Starter Forum Replies Last Post
Cherokee is "most hackable" vehicle jferris33 2014+ Jeep Cherokee General Discussion 171 08-10-2015 11:23 AM
Beaver Step? WhiteHawk One Exterior 1 11-24-2014 10:13 AM
2014 Jeep Cherokee rated as "most hackable" cherokee The Car Lounge 27 11-17-2014 11:36 PM

Posting Rules  
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On