The uConnect Infotainment System Was Hacked. Now What?

Posted on
Author
Scott McCracken
Tagged
#infotainment #technology #recall #lawsuit
Infotainment screen with uConnect loaded

Technology is a trade-off. Consumers want a connected vehicle with wifi, centralized controls in a fancy touchscreen infotainment system, and maybe even an app that can serve as the keys. But these technologies are vulnerable.

That’s not to say the old standards are hack-proof – keys can be copied, locks can be picked, etc. But modern technologies present a new challenge, the threat of remote access.

Cherokee Hacked in a Planned Experiment

In a planned experiment with wired.com, researchers remotely hacked a Jeep Cherokee through a cellular connection with its uConnect infotainment system as it was being driven. And things got crazy, real fast.

While the driver was aware the Jeep would be hacked, he didn’t realize the true power of the hackers until silent panic filled his mind and body.

If you watch the wired.com video, you can see how the hackers used software to monitor the vehicle’s GPS and then use software to tell the vehicle’s system to mess with the radio, take over steering, kill the engine, and even over-ride the brakes.

Image from Wired.com article of the Jeep in a ditch after the hack

They had done a similar experiment in 2013, but during that hack they were directly wired into the vehicle while sitting in the back seat. In this hack, they were on a couch far away.

Now it’s important to mention that while the Jeep wasn’t modified in any way, the hackers did have access to the vehicle ahead of time. But if automakers don’t step up, it might only be a matter of time before that’s not necessary.

FCA Patches Software in 1.4 Million Vehicles

With the bad publicity rolling in, it didn’t take long for Fiat-Chrysler (FCA) to respond. The hack was through a Harmon Kardon uConnect 8.4A or 8.4AN, so for those systems:

  1. FCA sent out an over-the-air (OTA) update to block remote access to all vehicles systems.
  2. They recalled 1.4 million vehicles with those uConnects by sending owners USB drives and instructions on how to update the system.

At the time, it seemed FCA was reluctant to issue the recall. Perhaps they had felt singled out by the wired.com article, but they were adamant there was no threat and quick to point out that no real-world hacking had happened.

FCA Sued for uConnect Vulnerabilities

FCA’s actions didn’t close the book on the problem. Not long after the recall, they were accused of not fully addressing the threat in a lawsuit.

_ The plaintiffs claim the uConnect 3G systems in the vehicles should be physically disconnected from the controller area network bus. The CAN bus links together the electronics of the vehicle, including vital functions such as the braking system and transmission._

Two and a half years later, FCA asked the case to be dismissed. The automaker reiterated no consumer had been unwillingly hacked and their recall patched the vulnerabilities.

The plaintiffs are unconvinced and say they wouldn’t have bought their cars if they knew of the threat the uConnect system posed.

Generations Where This Problem Has Been Reported

This problem has popped up in the following Jeep generations.

Most years within a generation share the same parts and manufacturing process. You can also expect them to share the same problems. So while it may not be a problem in every year yet, it's worth looking out for.

Further Reading

A timeline of stories related to this problem. We try to boil these stories down to the most important bits so you can quickly see where things stand. Interested in getting these stories in an email? Signup for free email alerts for your vehicle over at CarComplaints.com.

  5. Automakers have been swapping out mechanical parts for electronic control units, setting up in-car wifi networks, and connecting infotainment systems to cloud-based services.

    So it was only a matter of time before these technologies got hacked.

    Luckily, the hacking in this case was done by researchers in partnership with Wired.com. Their goal was to point out vulnerabilities in a Jeep Cherokee with an infotainment system.

    And things got crazy, real fast.…

    keep reading article "Researchers Hack Jeep Cherokee, Take Driver For a Wild Remote-Controlled Ride"

OK, Now What?

Maybe you've experienced this problem. Maybe you're concerned you will soon. Whatever the reason, here's a handful of things you can do to make sure it gets the attention it deserves.

  1. File Your Complaint

    CarComplaints.com is a free site dedicated to uncovering problem trends and informing owners about potential issues with their cars. Major class action law firms use this data when researching cases.

    Add a Complaint

  2. Notify CAS

    The Center for Auto Safety (CAS) is a pro-consumer organization that researches auto safety issues & often compels the US government to do the right thing through lobbying & lawsuits.

    Notify The CAS

  3. Report a Safety Concern

    The National Highway Traffic Safety Administration (NHTSA) is the US agency with the authority to conduct vehicle defect investigations & force recalls. Their focus is on safety-related issues.

    Report to NHTSA