Protecting Our Truck From Hackers - 2014 Ram 1500 EcoDiesel Long-Term Road Test

Edmunds.comEdmunds.com Member, Administrator, Moderator Posts: 10,315
edited July 2015 in Ram
imageProtecting Our Truck From Hackers - 2014 Ram 1500 EcoDiesel Long-Term Road Test

After hackers found a security flaw in the UConnect system used in our 2014 Ram 1500 EcoDiesel, Chrysler issued an update to close the loophole. We did the update ourselves to check out the process.

Read the full story here


Comments

  • reminderreminder Member Posts: 383
    As per usual, humans busy themselves advancing technologies only to have bored techno-geeks, screw the whole thing up for everyone. I understand that the hack was completed by 'computer scientists', but that doesn't make me feel any better about it. There are plenty of 'non computer scientists' lurking about with nothing better to do with their time.
  • cobrysoncobryson Member Posts: 110
    Unrelated, but please tell your web team to stop with the automatic "Price Alert" dropdowns. I don't care that there are 8 BMW 2-Series that have recently dropped in price, so don't shove it in my face. Just like auto-play videos, gimmicky crap like that is bound to drive people away, not pull them in.
  • cobrysoncobryson Member Posts: 110
    On topic, I still can't believe the uConnect system truly has write access to the CAN bus, especially for all the parameters claimed. If that's truly accurate, that's some pretty wild negligence if you ask me.
  • fullctrlfullctrl Member Posts: 1
    The uConnect system can't natively write to the CAN bus. The hackers had to reflash the firmware for one of the modules which allowed them to have write permissions that they wouldn't have otherwise had. Additionally the firmware reflash details are being left out of the hackers' public release of info at BlackHat, and they indicated it took months to figure out how to reflash the firmware. Still crazy that it's even possible though...
  • cobrysoncobryson Member Posts: 110
    @fullctrl I was just coming back to update after reading a little more about it-should have researched before posting in the first place. A firmware re-flash does make it considerably more sophisticated, but you're right, still crazy. Seems like there's several issues here that should have been caught with a thorough security review/analysis.
  • allthingshondaallthingshonda Member Posts: 878
    You would have to think they tried to hack into other systems, like OnStar, but found the UConnect system the easiest to access. OnStar seems to be the one system with full access to vehicle functions. Remote start, real time diagnostics, airbag deployment notification with point of impact and severity information included and remote vehicle shutdown etc. You would think that since UConnect should only be able to communicate with the network at FCA, the system should require password access. It could use a random number generator and change passwords occasionally by periodically checking in with the FCA network, similar to an immobilizer system.
  • zoomzoomnzoomzoomn Member Posts: 143
    I did my UConnect update the other night. Numerous software fixes were included. It's the second update that I've performed since purchasing my Durango in 11/2014. It's easy enough to do, if not a bit time consuming. I'm a bit alarmed at the type of access that the hackers allegedly were able to obtain! It's kind of scary to think that this is what technology has brought us to.
  • reminderreminder Member Posts: 383
    Heck, having an FM converter installed in my 1973 Gremlin was high technology back in the day.
    Try and hack that Boyz!
Sign In or Register to comment.