Hacking Uconnect?

willcasp

Well-Known Member
First Name
William
Joined
Jun 23, 2019
Messages
286
Reaction score
158
Location
Bothell, WA
Vehicle(s)
2018 JLU Sport S
Has anyone built a hardware interface to get into the Uconnect system? I want to understand the garbage that is the USB stack and see if I can fix it myself. I see various adapters to connect third party radios into the uconnect harness, so I think that may be a starting point.

If anyone questions the legality of this, FCA is making it possible by not supporting us. FCA could always do the right thing here, and make the firmware updates available for those of us who did not get factory installed units. The protection is the library of congress three year exemption on DMCA, which they published in 2018...

"The Library of Congress, as part of its three-year review of exemptions to the DMCA, approved an exemption in October 2018 that would allow for one to bypass copyright-protection mechanisms used in either land vehicles, smartphones, and home appliances for the ability to maintain ("to make it work in accordance with its original specifications and any changes to those specifications authorized for that device or system") or repair ("restoring of the device or system to the state of working in accordance with its original specifications and any changes to those specifications authorized for that device or system") the device. (83 FR 54010)[28]"
 

Flyslinger2

Well-Known Member
First Name
Mark
Joined
Jun 27, 2019
Messages
122
Reaction score
156
Location
Ft. Wash, MD
Vehicle(s)
Wrangler Sahara
Has anyone built a hardware interface to get into the Uconnect system? I want to understand the garbage that is the USB stack and see if I can fix it myself. I see various adapters to connect third party radios into the uconnect harness, so I think that may be a starting point.

If anyone questions the legality of this, FCA is making it possible by not supporting us. FCA could always do the right thing here, and make the firmware updates available for those of us who did not get factory installed units. The protection is the library of congress three year exemption on DMCA, which they published in 2018...

"The Library of Congress, as part of its three-year review of exemptions to the DMCA, approved an exemption in October 2018 that would allow for one to bypass copyright-protection mechanisms used in either land vehicles, smartphones, and home appliances for the ability to maintain ("to make it work in accordance with its original specifications and any changes to those specifications authorized for that device or system") or repair ("restoring of the device or system to the state of working in accordance with its original specifications and any changes to those specifications authorized for that device or system") the device. (83 FR 54010)[28]"
I'm in Cybersecurity and have a CISSP certification. One of my friends from church is an ethical hacker. I was very interested in having him over for a grilled steak and a beer so he could bring his bag of tricks and rummage around in the internals of MY Jeep. I built a Raspberry PI 4 with Kali Linux but I need his noggin to decipher things. I'm curious to see how secure these things are especially in rush hour traffic slogging along at 5 m.p.h. Anyone with a hyper wireless system could attempt the same as they are sitting beside you.
 
OP
willcasp

willcasp

Well-Known Member
First Name
William
Joined
Jun 23, 2019
Messages
286
Reaction score
158
Location
Bothell, WA
Vehicle(s)
2018 JLU Sport S
  • Thread starter
  • Thread Starter
  • #3
I'm in Cybersecurity and have a CISSP certification. One of my friends from church is an ethical hacker. I was very interested in having him over for a grilled steak and a beer so he could bring his bag of tricks and rummage around in the internals of MY Jeep. I built a Raspberry PI 4 with Kali Linux but I need his noggin to decipher things. I'm curious to see how secure these things are especially in rush hour traffic slogging along at 5 m.p.h. Anyone with a hyper wireless system could attempt the same as they are sitting beside you.
That may be a bit of overkill! Jeep had an issue a few years ago, I think it was on a Grand Cherokee.. but could be mistake, where someone publicly demonstrated they could hack the vehicle and control it wirelessly. I expect they should have locked that down a bit.

As this is essentially an embedded system, and I have it out of the vehicle..I am thinking of tearing into a harness kit so I can provide external power to the unit, and then seeing if there is a serial console or JTEG interface into it. These things either run Android of QNX... each of those options is typically doable. just need to figure out how to get to it.
 

Advertisement




Morris 4x4 Center
 



Advertisement
Top