Don't Dodge the question: Are you hacked off?

[dh50]

[p]We are!  Read to see if you should be and how to fix it.[/p][p]
[/p][p]http://www.detroitnews.com/story/business/autos/2015/07/24/30613567/[/p]

[ammobob]

[quote source="/post/13586/thread" timestamp="1437778644" author="@gwbushhog"][p]We are!  Read to see if you should be and how to fix it.[/p][p]
[/p][p]http://www.detroitnews.com/story/business/autos/2015/07/24/30613567/[/p][/quote]I might be ticked off if I knew more. Just because you have the system is it vulnerable as is or if you are signed up with UConnect. I did not sign up with UConnect but have the system. Not sure I am vulnerable to a cyber attack.

[pinstriper]

[quote source="/post/13590/thread" timestamp="1437785611" author="@ammobob"][quote source="/post/13586/thread" timestamp="1437778644" author="@gwbushhog"][p]We are!  Read to see if you should be and how to fix it.[/p][p]
[/p][p]http://www.detroitnews.com/story/business/autos/2015/07/24/30613567/[/p][/quote]I might be ticked off if I knew more. Just because you have the system is it vulnerable as is or if you are signed up with UConnect. I did not sign up with UConnect but have the system. Not sure I am vulnerable to a cyber attack.[/quote][p]I can clear the air for you. You are vulnerable. [/p][p]
[/p][p]Not subscribing means they disallow you the use of the features. It does not mean the vehicle stops communicating. If that were true, it would never be able to authenticate to find out if you had subscribed or not.[/p][p]
[/p]

[whoofit]

[p]I wonder how it connects. Sat, cell, WiFi?

If it's like Ford then you need to subscribe and also provide a data link via cell towers. I doubt Dodge are running sat uplinks for millions(?) of vehicles. Cell numbers? Maybe I'm wrong here and they are that crazy for a challenge...

The Fords cannot even communicate until you tie in your phone either through USB or Bluetooth whether you subscribe or not. The diagnostics info program asks you to connect your phone so it can communicate with Star Base Command to send the report and that is a subscription-less feature. I'd take an underedumacated guess that if you do not pair your Bluetooth phone that the link is severed and you are safe. Even if you subscribe to Uconnect. [/p][p]
[/p][p]If you subscribe and do not connect the phone you will get annoying errors instead and will be driven to such a point of frustration that you will purposely careen off a cliff just to make it stop. So the end result will be the same... [/p]

[pinstriper]

I would have presumed they did it like GM with the OnStar radios in every vehicle, but if it depends on using a cell then by all means don't let it connect.

[djsamuel]

The network itself was modified by Chrysler to eliminate the threat immediately, but still get the update.  Even if the patch is not applied, the researchers who managed to do this have verified that the hack is no longer possible on an unpatched vehicle.  

Now to get on my soapbox a bit.  The news has blown this WAY out of proportion in terms of the immediate threat.  The two people who did this, are researchers who were funded by the US government.  Initially, they managed to hack into a Ford and Toyota, but via a physical connection to the vehicle.  The next phase was to attempt this via the internet.  So, they used a Cherokee, worked with Chrysler and reversed engineered the system, and demoed what they can do via the controlled experiment they showed.  Chrysler already had the fix ready before it was publicized.  The purpose was to highlight the potential vulnerabilities.  The news reports that hackers can take over control of the steering.  The whole truth is that it must be in a vehicle equipped with the automatic parking system, and the takeover can only occur at very slow speeds and in reverse.  Even at that, a person can overpower the steering wheel to take control.  Also, when they cut the engine, the driver needed to shut down the car and restart to remove the hack.  

This is important since Ford and Toyota dismissed the previous efforts of these researchers, saying it wasn't a vulnerability since the computer was physically connected.  At least in this case, Chrysler worked with them, and had an immediate fix ready (on the network) as well as a permanent fix (the software update) ready to go.

Some quotes from the story:

Edmunds.com editor Ron Montoya said, "There is no real safety threat to FCA owners. This week's hack was an isolated incident that was performed on one specific vehicle and it was not something that could be replicated on a mass scale. Nevertheless, automakers recognize this as a very important issue and they're proactively working to identify flaws in their own connected systems and address whatever issues they may find."[span]    [/span]

Ken Westin, senior security analyst for Tripwire, said, "The actual possibility of this vulnerability being used in a real attack is slim. However, as the researchers in this case worked closely with Chrysler to provide detailed information regarding the vulnerability, they were able to develop a patch to fix the security vulnerability in the vehicle systems.

Fiat Chrysler said this week its cellular provider remotely closed the communications port that "removes the known risk of long-range remote hacking."

This is the whole story, not the sensationalism on the news. OK, I feel better now.

[shovelhead]

Does this mean my HDD may have porn on it? (TIC)

[dh50]

Please cover Moonshine and Bella's eyes...