8.4 uconnect hacker problem!

[Ray Morrow]

I've been reading about this hacker problem if you have a 8.4 Uconnect rad/nav in your 2014, and possibly 2015 Dodge/Jeep vehicles. I have a 2015 Dodge Journey Crossroads with this rad/nav system. Do I need to take it in for an update? Is there a list of all vehicles that are suspect?

[dhh3]

There is another thread concerning this with a link where you can enter your VIN to see if this affects your car.

[bramfrank]

I've been reading about this hacker problem if you have a 8.4 Uconnect rad/nav in your 2014, and possibly 2015 Dodge/Jeep vehicles. I have a 2015 Dodge Journey Crossroads with this rad/nav system. Do I need to take it in for an update? Is there a list of all vehicles that are suspect?

No. Period. End of story.

It does not affect the Dodge Journey because there is no data connection to the outside world - and even if it did, the likelihood of anyone attacking your vehicle in this way is darned close to absolute zero.

[dhh3]

No. Period. End of story.

It does not affect the Dodge Journey because there is no data connection to the outside world - and even if it did, the likelihood of anyone attacking your vehicle in this way is darned close to absolute zero.

Does this only work with a WiFi connection built into the radio?

[bramfrank]

No. It works over the cellular connection built into the new 'A' uconnect system that has apps. We don't get that radio.

[dhh3]

I wonder why no one thought that this might happen?

[bfurth]

I wonder why no one thought that this might happen?

As with most IT security related threats, it happened because of one of the following:

Insufficient time in testing

Insufficiently experienced programmers

Lack of imagination by the programmers for methods to attack the vehicle

My assumption is it's a combination of options 1 and 3 in this case. They likely assumed they had most things buttoned up pretty well, accounting for security within the vehicle. The entire concept of attacking a vehicle from a remote location is new. Now that it's happened, more auto makers will pay closer attention to it. FCA just happened to be the company that got hit first. Rest assured - everyone else is currently tearing their wireless systems apart looking for the same attack vectors that were just shown to be exploitable through some FCA vehicles.

Please also note - this article was not released until AFTER FCA had released a patch. Security work, by necessity, is quiet. You don't go running around shouting "I've got a locked door!!!" You simply lock the door and move on. In the case of a software update, you need only advertise it to the people affected. In the case of security research, you notify the affected vendor first, wait for their response, and (if you're not a d-bag), give them time to fix it before you publish.

[bigtsr]

I wonder if GM thought it out with their wifi connected cars?

[dhh3]

I posted an article on the other thread concerning this. The same guys did it to a Prius a few years ago. I wonder if Toyota put some kind of software where they could monitor the performance of each vehicle sold - a tracking device to monitor potential problems with the batteries?

[bfurth]

I wonder if GM thought it out with their wifi connected cars?

I promise you, if they hadn't, they are now.