Safety Notice

[GBBrown]

Just got it in the mail. Upgrade for uconnect so someone can't get access to vehicle systems, just how many times has this happened? It came with a USB drive and says it takes around 30 minutes to update, wondering if it's even worth it to install.

 

[Tuesdak]

I would absolutely do it, but, I don't think it goes far enough. The real problem is how little thought (ZERO) OEM's gave to security (and long term 10+ year security and software maintenance) while adding wireless and other ways to remotely connect things to a 4 ton missile. If it was mine I would have the dealer rip out and completely disable the UConnect and other ways to wirelessly connect to my vehicle.

Do you want the risk of some young punk "script kiddie" who can't be tried as an adult to take over your vehicle and cause havoc including crashes and death... Oh by the way good luck proving they did that with the likes of "Barny and Rosco P. Coltrane" investigating it. And even if they did prove your vehicle was 'hacked' tracking down who did it via wireless will be even harder all while your insurance has to take the hit. (Assuming you escape long term injury, disfigurement, or death.)

It doesn't matter how many times they did it. What matters is they can do it and will do it for some sick entertainment. Do you think their limited minds make a difference between defacing a website or turning off the brakes on a vehicle? Kids drop shopping carts on people nowadays and get off lightly. The "hacks" will be shortly all over the internet available for "script kiddies" to play with. After all they have shown how to hack airplanes...

I can see keyless entry, but, beyond that any wireless system that can connect to the brakes, engine, or steering frankly doesn't belong exposed to wireless of any kind. It simply can't be secured well enough to justify the risk. 10 years from now is FCA still going to be issuing recalls to patch an antique UConnect system? They have to frequently patch any software connected to the internet and still they don't catch all the security problems. The way OEM's have connected (exposed) all their systems and then allow OnStar, UConnect, Bluetooth, wireless, etc. to connect in any way is criminally negligent.

Don't get me wrong, I have enjoyed the extra range OnStar has provided over shorter range cell phones out west where digital cell phone coverage is a joke over the discontinued analog. However OnStar doesn't belong having any access to other systems on the vehicle like the ABS, ECM, etc. To me unlocking the doors even as a hack isn't as dangerous as disabling the brakes or steering even though car thief's kill people in high speed chases. Speaking of OnStar the original analog cell OnStar systems are obsolete and unable to be upgraded as a point of fact the vehicle is still on the road with outdated and unmaintained wireless electronics. This is where zero OEM thought to vehicles outlasting computers comes in and proof that they will not be maintained for very long unless NHTSA holds a gun to the head of the OEM. After all the old analog OnStar is still blasting out analog radio waves, that won't be answered, interfering with new devices wanting to use the radio spectrum and there is no plans to disable the obsolete transmitters.

 

[GBBrown]

Well, I just don't think it's a big deal, not where I live anyway, ten miles to the nearest small town. I read somewhere when this all started it took hackers hours sitting next to the vehicle to get into it. Maybe if you live in a big city with a hacker as your next door neighbor it would be different.

 

[mfurrh55]

Just got it in the mail. Upgrade for uconnect so someone can't get access to vehicle systems, just how many times has this happened? It came with a USB drive and says it takes around 30 minutes to update, wondering if it's even worth it to install.

Got same one, it took about 15 _ 20 min. to install, its a complete upgrade to your uconnect plus it is suppose to keep anyone from accessing it remotely, Monte

 

[EGroeneveld]

Considering I can remote start my truck with my phone I'd do it.

Note though:
My phone has a PIN #
The U connect has a PIN # for each action...
If someone really thinks my truck is the best thing to highjack and has the time....that is what insurance is for.

 

[GDTurner]

I never activated my Unconnect and I don't have remote start. If it isn't even activated, can the hack still be done? I got the update in the mail too, but I was just wondering whether I really needed it. Also, the instructions say to idle the truck for the half hour or so that it takes, which is not something I really want to do. I've seen that others had no problem doing it while driving though, so I may do it that way if I have to.

 

[jus2shy]

Well, I just don't think it's a big deal, not where I live anyway, ten miles to the nearest small town. I read somewhere when this all started it took hackers hours sitting next to the vehicle to get into it. Maybe if you live in a big city with a hacker as your next door neighbor it would be different.

You seem to misunderstand something. It depends on what version of UConnect you have. Even though you didn't activate it, it still has a signal with Cell towers and provides an IP address to the internet. So your truck may connected to the web whether your like it or not (it really depends on how the subscription service for Uconnect works). The other thing is that these hackers who exposed this loophole showed off that they can hack any Uconnect vehicle as long as they get an IP address of the vehicle off of Sprint's network. Once they have your IP address (which isn't protected), it's game over. They run their scripts to get into your Uconnect radio head and they have full access to your canbus. The hackers demonstrated the hack being 10 or 20 miles away, running scripts from their laptop as their friend got to deal with the consequences of their action. Read the article to understand the scope of this security issue Wired Article on the hackers and the hack. In the end, install the upgrade. It's 30 minutes out of your life versus your life at the hands of some malevolent hacker. If all the latest security leaks out there don't convince you (like the Ashley Madison fallout, or the credit card compromise of Target, Home Depot and a few other stores), then I don't know what will.

 

[sag2]

I never activated my Unconnect and I don't have remote start. If it isn't even activated, can the hack still be done? I got the update in the mail too, but I was just wondering whether I really needed it. Also, the instructions say to idle the truck for the half hour or so that it takes, which is not something I really want to do. I've seen that others had no problem doing it while driving though, so I may do it that way if I have to.

The reason they want you to keep it idling is to keep the battery voltage up. Not sure why you don't want to let it idle except for the waste of fuel. If you want, hook up the battery charger on 10A and do the upgrade.