The driver was freaked out, even though he had signed up for the whole harrowing ordeal.
- The recalled vehicles are all equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios, this includes 2013-2015 Ram trucks. Fiat Chrysler says it has already applied security measures to block remote access to vehicle systems, all without an owner knowing about it because the changes occurred through the cellular network.
- The recalled vehicles are all equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios, this includes 2013-2015 Ram trucks. Fiat Chrysler says it has already applied security measures to block remote access to vehicle systems, all without an owner knowing about it because the changes occurred through the cellular network.
“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”
Yes, it was all an experiment aimed at shining a light on how a connected car is a vulnerable one.
An Experiment to Bring Light to Security Issues ∞
With the help of two white-hat hackers (i.e. the good guys), Wired.com wanted to show how an infotainment system could be remote accessed via the car’s cellular connection, essentially turning the car into a giant remote-controlled danger box.
For those of you who have updated your 6.5 uConnect to v17.35.41 or v18, I am still working on how to update those, FCA / Alfa changed the locks with that update! For a Full EU / NA update, if you follow my instructions fully, it will take approx. 4hours during which time your uConnect must remain powered on. Team, I have the 17.11.07 image that has been normally downloaded to the radios. Based on my info it's for North America. It is in a format that we are all previously used to. (image file using a USB drive to update, vs OTA) Today I will be testing the install on my 2016 WK2 and my 2016. Is there a way to hack the car's system to get it to display the phone's screen? (Or to activate the Nav feature without giving the dealership an arm and leg?) I've also noticed that the Jeep UConnect and iPhone don't play well together: no ability to voice-text in the vehicle (unless you just bypass UConnect and use Siri directly, but that.
That makes us crash-test dummies.
“The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I–64.”
It’s worth mentioning that the hackers did have direct contact with the vehicle before they hacked it remotely later on. So these vulnerabilities aren’t coming out of thin air … yet.
Fiat-Chrysler Upgrades the Software Following the Hack ∞
Within a few days of the Wired.com article, Fiat-Chrysler (FCA) announced they’d be sending owners a software patch update on a USB drive as part of a recall for 1.4 million vehicles. Additionally, FCA closed remote ports to block-long range access via cell networks.
The recalled vehicles are all equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios, this includes 2013-2015 Ram trucks.
Fiat Chrysler says it has already applied security measures to block remote access to vehicle systems, all without an owner knowing about it because the changes occurred through the cellular network. Chrysler says everything was done on July 23, 2015.
Customers can also get a copy of the update by visiting http://www.driveuconnect.com/software-update.
An investigation into the recall’s effectiveness ∞
A week after the recall was announced, the National Highway Traffic Safety Administration (NHTSA) opened an investigation into the recall’s effectiveness. They also opened an “equipment query” into the effected Harom Kardon radios, which meant it was not limited to just FCA vehicles.
Satisfied with their findings, the investigation was closed in January 2016.
Consumer Response ∞
While safety regulators are satisfied, not all consumers feel the same way.
In August 2015, a lawsuit said FCA knew about vulnerabilities for at least 18 months, but only acted once the Wired.com article came out.
While there’s still a settlement chance for the plaintiffs in the suit. FCA was able to get most of the lawsuit’s claims thrown out of court and stop the suit from going nationwide.
Problem Timeline
The driver was freaked out, even though he had signed up for the whole harrowing ordeal.
“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”
Yes, it was all an experiment aimed at shining a light on how a connected car is a vulnerable one.
An Experiment to Bring Light to Security Issues ∞
With the help of two white-hat hackers (i.e. the good guys), Wired.com wanted to show how an infotainment system could be remote accessed via the car’s cellular connection, essentially turning the car into a giant remote-controlled danger box.
That makes us crash-test dummies.
“The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I–64.”
It’s worth mentioning that the hackers did have direct contact with the vehicle before they hacked it remotely later on. So these vulnerabilities aren’t coming out of thin air … yet.
Fiat-Chrysler Upgrades the Software Following the Hack ∞
Within a few days of the Wired.com article, Fiat-Chrysler (FCA) announced they’d be sending owners a software patch update on a USB drive as part of a recall for 1.4 million vehicles. Additionally, FCA closed remote ports to block-long range access via cell networks.
The recalled vehicles are all equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios, this includes 2013-2015 Ram trucks.
Fiat Chrysler says it has already applied security measures to block remote access to vehicle systems, all without an owner knowing about it because the changes occurred through the cellular network. Chrysler says everything was done on July 23, 2015.
Customers can also get a copy of the update by visiting http://www.driveuconnect.com/software-update.
An investigation into the recall’s effectiveness ∞
Uconnect Ra3 Hack
A week after the recall was announced, the National Highway Traffic Safety Administration (NHTSA) opened an investigation into the recall’s effectiveness. They also opened an “equipment query” into the effected Harom Kardon radios, which meant it was not limited to just FCA vehicles.
Satisfied with their findings, the investigation was closed in January 2016.
8.4 Uconnect Hack
Consumer Response ∞
While safety regulators are satisfied, not all consumers feel the same way.
Uconnect Navigation Hack
In August 2015, a lawsuit said FCA knew about vulnerabilities for at least 18 months, but only acted once the Wired.com article came out.
While there’s still a settlement chance for the plaintiffs in the suit. FCA was able to get most of the lawsuit’s claims thrown out of court and stop the suit from going nationwide.
Uconnect 8.4 Navigation Hack
Problem Timeline