Jeep uConnect Vulnerable to Remote Attack

[m3at333hp]

Today, Wired came out with an article detailing a security vulnerability in the UConnect Access feature (hotspot) that allowed the security researchers from DARPA to take control of a 2014 Grand Cherokee remotely.

The CAN bus systems in cars have been designed with no security in mind, and until serious injuries or death ensues, no proactive measures will be taken. At least in this case, Chrysler released a patch for the vulnerability.

Ref: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

[Comanche Scott]

Which models of Jeep have the Hotspot Access feature besides the Grand Cherokee?
I didn't see it in the Wrangler hand book (at least for '14). I was kind of hoping the Wrangler had this.
Sooner or later someone will come up with an app that would let us drive the JK from a smart phone, allowing us to be our own spotters... :elkgrin:

 

[hansrober]

I think my 86 m1009 just went up in value. :ylsmoke:

 

[Viggen]

It was a Cherokee but they are all open. They also hacked an Escape and a Prius.

 

[m3at333hp]

It was a Cherokee but they are all open. They also hacked an Escape and a Prius.

I stand corrected, Cherokee. It is all models with the uConnect with hotspot feature across all Chrysler, including Fiat. You can check your VIN here for updates: https://www.driveuconnect.com/software-update/

 

[lysol]

My wife's '13 Grand Cherokee and my '14 Wrangler has uConnect, but both don't have the phone app service. My wife's Grand has the older uConnect and my Wrangler doesn't even have the touch screen. I wonder if this is limited to the newer units that allow you to download an app on your phone and tie into the vehicle. I'm guessing so.

Edit - yea, we don't have the hotspot feature.

 

[m3at333hp]

My wife's '13 Grand Cherokee and my '14 Wrangler has uConnect, but both don't have the phone app service. My wife's Grand has the older uConnect and my Wrangler doesn't even have the touch screen. I wonder if this is limited to the newer units that allow you to download an app on your phone and tie into the vehicle. I'm guessing so.

Edit - yea, we don't have the hotspot feature.

Yeah, my JKU doesn't even have the Navi unit. You should be good.

The researchers will release more info at BlackHat in August detailing some more vulnerabilities:
"And thanks to one vulnerable element, which Miller and Valasek won't identify until their Black Hat talk, Uconnect's cellular connection also lets anyone who knows the car's IP address gain access from anywhere in the country. "