Can Someone Remotely Disable the JL From Functioning? Hackers and Beyond

[Lmike6453]

SHTF, hackers, government planned invasions...you name it, plenty of events that could make us vulnerable to our vehicle functioning with remote OTA protocols that exist.

Simple question - do our vehicles have the technology that allows remote control and/or disablement while already driving, unlocking, starting up, and driving normally?

Example - the Wagoneer Connect services provide capability to remote lock/unlock/start, 4g services, location reporting 100% of the time.
Do our JLs have these "vulnerabilities" so to speak?

My window sticker shows some of the technology included but I don't know if there's omitted itemized electronics with these capabilities.

Sponsored

 

[XX4XEXX]

This has been a known fact for some ears now. Why .Gov doesn't implement in high speed chases or abduction I have no clue. But yes remote off capabilities are present. Would be better for a code writer like ECRI or Tazer to answer this.

 

[Opus]

If the software in your head-unit can be updated OTA then I would assume it's possible for someone to mess with your Jeep remotely.

 

[Shibadog]

If the software in your head-unit can be updated OTA then I would assume it's possible for someone to mess with your Jeep remotely.

This. If you’re worried excessively about this buy an old CJ. Anything newer has electronics -and the newer the more.

 

[Ratbert]

You haven't brought up the Jeep app on your phone and seen its location there?

Note that Jeeps sold in China explicitly have trackers built in.

 

[19 JLUR Bright Whit3]

Yes.
I just need your VIN. I'll try to find your Jeep by using one of the NSA satellites. Listen for a beep of the horn and a flash of your lights. LOL

Just messy. I wouldnt worry about it.

 

[jeepdabest]

Easily done with a big rock and a good arm or a high powered rifle.

 

[CaJLMetalHead]

Back in 2015, some brilliant hackers were able to remotely control a Jeep Cherokee, a fix was made available... but it also led to the development of the Secure Gateway Module our JLs have.. the idea behind the module is to isolate the Uconnect Cell data network from the critical networks that control the vehicle in order to avoid hacking via the Uconnect Cell data network.... here is a video of the hack back in 2015... also.. link to an article that discusses the Secure Gateway Module

https://www.locksmithledger.com/key...cle/21215988/opening-the-fca-security-gateway

 

[Wabujitsu]

I worry more about EMP than hackers.

 

[rcadden]

Yes, 100%.

As a rule, anything electronic can absolutely, 100% be hacked. Anything electronic with a radio of any kind (Bluetooth, WiFi, cellular, satellite, etc) can be hacked remotely without needing physical access.

These are facts.

The variables are:

1. How *easily* is it hacked?
2. How valuable would said hack be?
3. How likely are YOU to be targeted?

For a large majority of things outlined above, these variables would indicate that it's not something the majority of the population should worry about.

 

[Vinman]

How about if someone purchases a used Jeep from the dealer, does the previous owner still have access to the app?
It would suck if the PO still had access and randomly locked/unlocked the doors. Or randomly started the engine, especially if the new owner parked the Jeep inside an attached garage.

 

[TimmH]

How about if someone purchases a used Jeep from the dealer, does the previous owner still have access to the app?
It would suck if the PO still had access and randomly locked/unlocked the doors. Or randomly started the engine, especially if the new owner parked the Jeep inside an attached garage.

https://wgme.com/news/i-team/buying...ill-be-able-to-access-app-control-it-remotely

In most vehicles you can go to settings and do a "factory reset" on to clear any previous ownership.

That may not help with the app remote access, but it at least would clear all current connected devices. I believe you can contact uConnect and inform them of the transfer of ownership, not sure what proof they will require.

 

[BlueJLU32]

Newbie member, first time post, long time lurker.
I stumbled across this thread when trying to research whether anyone else has experienced what happened to me this morning.

I purchased my 2024 Rubicon X 4xe three weeks ago (upgrading from a 1999 Wrangler Sahara) and have been blown away by the technology of the vehicle. I utilize the Jeep app every day, usually when I have the vehicle on charge to see how much time is left. But also to use the digital glovebox to look things up in the manual as I am learning all the features.

Early this morning, I opened the app and found I was logged out. A random gmail address that I have never seen before was populated in the login screen. I first assumed that the app had been updated, so I cleared the gmail address and entered my email address and password. The app then told me that I had no vehicles in my garage. Again, I assumed the app had been updated and tried to enter my VIN to get my Jeep linked to me. The app would not allow me to do this and said to contact customer service. I tried uninstalling and reinstalling the app and registering using the QR code on the Jeep vehicle screen. Nothing worked.

I called customer service and they tried to tell me that the gmail address was the one I registered when I purchased the Jeep. I told the agent she was wrong. I had registered with my yahoo address and had been using the app for the 3 weeks I had owned the Jeep. I was able to get customer service to kick this random person out of the app and go through the service activation again. I can now access my Jeep again in the app and hopefully I will soon stop getting the pop up message saying that activation is in progress.

I am an engineer by trade, and can only think of two ways this could have happened. Either they have a vulnerability that is being exploited, in which this will start affecting others, or the salesman at the dealership was watching as I input my initial password during the setup process. I had created a long password with capital and lower case letters and special symbol. He would have had to be brilliant to memorize it for the few seconds he would have had to look at it.

What worries me the most is that when a bad actor takes over your Jeep in the app, they can located it on the map, unlock the doors, and start it. I have not tested whether you can drive it away without the key dongle, but intend to try this soon. Even if this is not possible, any interior contents can be stolen. It looks like after the 2015 hacking issue, they got rid of the ability to affect a lot of the systems, but there is still the "cancel engine" button. I want to know if the engine can be shut down while it is being driven. I will have to attempt this when I get time just to have peace of mind.

I am open to any other suggestions as to how this might have happened. There is nobody in the household who could have accessed my computer or phone, unless the dog has developed some computer skills without my knowledge.

Thanks,
CM

 

[Ratbert]

Newbie member, first time post, long time lurker.
I stumbled across this thread when trying to research whether anyone else has experienced what happened to me this morning.

I purchased my 2024 Rubicon X 4xe three weeks ago (upgrading from a 1999 Wrangler Sahara) and have been blown away by the technology of the vehicle. I utilize the Jeep app every day, usually when I have the vehicle on charge to see how much time is left. But also to use the digital glovebox to look things up in the manual as I am learning all the features.

Early this morning, I opened the app and found I was logged out. A random gmail address that I have never seen before was populated in the login screen. I first assumed that the app had been updated, so I cleared the gmail address and entered my email address and password. The app then told me that I had no vehicles in my garage. Again, I assumed the app had been updated and tried to enter my VIN to get my Jeep linked to me. The app would not allow me to do this and said to contact customer service. I tried uninstalling and reinstalling the app and registering using the QR code on the Jeep vehicle screen. Nothing worked.

I called customer service and they tried to tell me that the gmail address was the one I registered when I purchased the Jeep. I told the agent she was wrong. I had registered with my yahoo address and had been using the app for the 3 weeks I had owned the Jeep. I was able to get customer service to kick this random person out of the app and go through the service activation again. I can now access my Jeep again in the app and hopefully I will soon stop getting the pop up message saying that activation is in progress.

I am an engineer by trade, and can only think of two ways this could have happened. Either they have a vulnerability that is being exploited, in which this will start affecting others, or the salesman at the dealership was watching as I input my initial password during the setup process. I had created a long password with capital and lower case letters and special symbol. He would have had to be brilliant to memorize it for the few seconds he would have had to look at it.

What worries me the most is that when a bad actor takes over your Jeep in the app, they can located it on the map, unlock the doors, and start it. I have not tested whether you can drive it away without the key dongle, but intend to try this soon. Even if this is not possible, any interior contents can be stolen. It looks like after the 2015 hacking issue, they got rid of the ability to affect a lot of the systems, but there is still the "cancel engine" button. I want to know if the engine can be shut down while it is being driven. I will have to attempt this when I get time just to have peace of mind.

I am open to any other suggestions as to how this might have happened. There is nobody in the household who could have accessed my computer or phone, unless the dog has developed some computer skills without my knowledge.

Thanks,
CM

The first thing that popped into my head while reading this was the shit show from a while back when someone had two district VINs on his new Wrangler. Consider checking that the various VIN plates and stickers match what your papers say.

 

[Wbino]

Newbie member, first time post, long time lurker.
I stumbled across this thread when trying to research whether anyone else has experienced what happened to me this morning.

I purchased my 2024 Rubicon X 4xe three weeks ago (upgrading from a 1999 Wrangler Sahara) and have been blown away by the technology of the vehicle. I utilize the Jeep app every day, usually when I have the vehicle on charge to see how much time is left. But also to use the digital glovebox to look things up in the manual as I am learning all the features.

Early this morning, I opened the app and found I was logged out. A random gmail address that I have never seen before was populated in the login screen. I first assumed that the app had been updated, so I cleared the gmail address and entered my email address and password. The app then told me that I had no vehicles in my garage. Again, I assumed the app had been updated and tried to enter my VIN to get my Jeep linked to me. The app would not allow me to do this and said to contact customer service. I tried uninstalling and reinstalling the app and registering using the QR code on the Jeep vehicle screen. Nothing worked.

I called customer service and they tried to tell me that the gmail address was the one I registered when I purchased the Jeep. I told the agent she was wrong. I had registered with my yahoo address and had been using the app for the 3 weeks I had owned the Jeep. I was able to get customer service to kick this random person out of the app and go through the service activation again. I can now access my Jeep again in the app and hopefully I will soon stop getting the pop up message saying that activation is in progress.

I am an engineer by trade, and can only think of two ways this could have happened. Either they have a vulnerability that is being exploited, in which this will start affecting others, or the salesman at the dealership was watching as I input my initial password during the setup process. I had created a long password with capital and lower case letters and special symbol. He would have had to be brilliant to memorize it for the few seconds he would have had to look at it.

What worries me the most is that when a bad actor takes over your Jeep in the app, they can located it on the map, unlock the doors, and start it. I have not tested whether you can drive it away without the key dongle, but intend to try this soon. Even if this is not possible, any interior contents can be stolen. It looks like after the 2015 hacking issue, they got rid of the ability to affect a lot of the systems, but there is still the "cancel engine" button. I want to know if the engine can be shut down while it is being driven. I will have to attempt this when I get time just to have peace of mind.

I am open to any other suggestions as to how this might have happened. There is nobody in the household who could have accessed my computer or phone, unless the dog has developed some computer skills without my knowledge.

Thanks,
CM

I'm a simple man..evey vehicle has had vulnerabilities that can be exploited to steal them, I guess it all comes down to luck or local barometric pressure of car thefts.
Stolen: Horses, Motorcycles, good old screwdriver in the ignition.....now it's 2024.
Just like a house never have the nicest car in the neighborhood.

Sponsored