Sponsored

Stolen 2020 JLUD

aldo98229

aldo98229

Well-Known Member
First Name
Aldo
Joined
Nov 16, 2019
Threads
86
Messages
11,021
Reaction score
27,694
Location
Bellingham, WA
Vehicle(s)
2023 Jeep Gladiator, 2018 Fiat 124 Spider
Occupation
Market Research
Vehicle Showcase
3
Geez!

Hope you find her soon in one piece.
 

Sponsored

JimLee

JimLee

Banned
Banned
Banned
First Name
Jim
Joined
Mar 29, 2019
Threads
12
Messages
3,465
Reaction score
16,521
Location
Too damn close to Death Valley
Vehicle(s)
'19 JLU
Tellurian said:
Does the "find my Jeep" function still work on the Uconnect app?
Click to expand...
Not on a Sport, the Sport doesn't have any Wi Fi connectivity to anything. His dealership might have a GPS tracker installed in it though, as many are finding in their rigs.
 
jeepoch

jeepoch

Well-Known Member
First Name
Jay
Joined
Nov 13, 2019
Threads
1
Messages
952
Reaction score
2,689
Location
Longmont, CO
Vehicle(s)
2019 JL Wrangler Sport S 3.6L Auto 2 door, 2.5" lift, 35s
Matt,

Just a couple of questions out of curiosity and nothing else. But take some time to think about answering this publicly. I don't want any issue to arise between you and your insurance company.

Was you Jeep locked with the fob? Did they take your fob? If not, do you have any type of programmer (such as a Tazer or some other, not to single them out) that bypasses the Security Gateway (SGW) module? And if so, do you have the UConnect 4 radio?

The primary reason I'm asking is twofold:

1. I used to work for Chrysler as a Powertrain Software Engineer working with the initial keyless entry systems back in the late 90's with the 2002-06 model year Engine Controllers. I'll expand on this more.

2. I do have a Tazer JL Lite but I don't leave it plugged in. It's 'married' but unplugged. I leave my SGW module connected, partially out of fear from tampering (including theft) but mostly just because I have a pretty good understanding of the Controller Area Network (CAN) Bus and inner workings of the engine controller. I'm just curious on how they defeated the current security system. I primarily use the Tazer to set the speedo corrections for my 35" tires.

When I was involved with implementing the software which provided the fuel shutoff during suspected ignition sequence tampering, there was a pretty big and contentious debate. One camp argued to not do anything at all other than trigger the alarms and whistles. The other side of course was to then take more aggressive steps to try and thwart the potential thief. Steps such as, but not limited to, fuel shutoff.

The reason for such a difficult debate was whether or not the casual (non-sophisticated) bad-guy would simply try, fail and give up, or then wait around for the legitimate keys to show up. A.KA. with the owner. The latter scenario puts the innocent driver into the situation, now as a victim to have their keys stolen, perhaps even violently.

So do you make the security tough enough that only true professionals will be able to steal the vehicle, or risk the opportunity of theft by convenience simply by now putting some pour soul unwillingly into a crime scene because it will become much easier to snatch the keys than the car itself?

You know the answer to this dilemma. It was decided that the general consumer was perceived to want the tighter security.

So I'm certain that the algorithms, cryptography and mechanisms to prevent engine start are even more sophisticated and challenging since I last worked with them.

So how was your Jeep stolen? If not with a key, then they were likely professional. However, it does not take a rocket scientist to puzzle out how to remote start a vehicle with the SGW bypassed. Many programmers are infact designed to gain entry into various parts of the Engine, Transmission and Body controllers via the CAN Bus in order to provide the really cool things that they do. That is after all their business niche. To gain access to various vehicle feature controls outside what the manufacturer naturally provides directly.

Unfortunately, this can also now provide an unintended side-channel interface into the control system via the infotainment radio due to the now bypassed SGW. Recall the security Gateway module is the manufacturers primary mechanism to firewall the non vehicle control entities from gaining access to the digital drive-by-wire internal vehicle control environment.

How do you believe the UConnect (On-Star) type of functionality works? They have remote but authorized (through the firewall) access to the various controllers from the internet (cell) connected UConnect radio.

Without the SGW (the firewall), the bad-guys now have the same, but unauthorized, access. Thus allowing them the ability to remote start and potentially steal the vehicle.

The good news is that not everyone disconnects the SGW so the bad-guys have no easy way of knowing which vehicles are easier targets.

If you did install a programmer (not implying you did) could you have advertised the fact that it was installed in some way? Perhaps unknowingly even through this forum perhaps? I know I worded that wrong the implication is nonetheless there, but hopefully I got my point across.

Also, a true professional thief would likely have the electrical and software engineering knowledge in how to make a pseudo-authorized (hack) and intrude into the vehicle regardless. But this would be no easy feat. The cryptography alone required to authenticate a valid user is likely near state-of-the art. So it was likely physical, rather than over-the-air remote access that he (or they) used. Pure speculation but reasonable.

Once inside, the bad guy could very easily bypass the SGW on his own. Still, he (she, or whatever) certainly would have to know what they're doing.

Again I'm just curious because of my background (but I no longer work in the automotive industry), and indeed have a programmer myself. Only interested on how much paranoia we Jeepers must now worry over.

I had a friend who sold his vintage corvette sting-ray a while back because it was continuously being broken into. Stolen on several occasions but only for joy-rides. Still he bought a boring Ford Taurus just to be able to sleep at night.

Have the bad guys found a new FCA security weakness? Or are all of us Jeep owners now in this same boat?

Jay
 
OP
OP

Salt1972

Active Member
First Name
Matt
Joined
Oct 9, 2019
Threads
9
Messages
44
Reaction score
57
Location
Knoxville, TN
Vehicle(s)
2020 JLUD + 2016 JKU
jeepoch said:
Matt,

Just a couple of questions out of curiosity and nothing else. But take some time to think about answering this publicly. I don't want any issue to arise between you and your insurance company.

Was you Jeep locked with the fob? Did they take your fob? If not, do you have any type of programmer (such as a Tazer or some other, not to single them out) that bypasses the Security Gateway (SGW) module? And if so, do you have the UConnect 4 radio?

My Jeep was not locked. The top was off. We have both key fobs. There were no programmers used / on-board (though I was looking for one to defeat the ESS). We did have the upgraded stereo, but I'm not sure if it was UConnect 4 or not. It was the highest model available on the Willys, which I believe is one down from the Rubicon. 7"?

I appreciate your thoughts and the information.



The primary reason I'm asking is twofold:

1. I used to work for Chrysler as a Powertrain Software Engineer working with the initial keyless entry systems back in the late 90's with the 2002-06 model year Engine Controllers. I'll expand on this more.

2. I do have a Tazer JL Lite but I don't leave it plugged in. It's 'married' but unplugged. I leave my SGW module connected, partially out of fear from tampering (including theft) but mostly just because I have a pretty good understanding of the Controller Area Network (CAN) Bus and inner workings of the engine controller. I'm just curious on how they defeated the current security system. I primarily use the Tazer to set the speedo corrections for my 35" tires.

When I was involved with implementing the software which provided the fuel shutoff during suspected ignition sequence tampering, there was a pretty big and contentious debate. One camp argued to not do anything at all other than trigger the alarms and whistles. The other side of course was to then take more aggressive steps to try and thwart the potential thief. Steps such as, but not limited to, fuel shutoff.

The reason for such a difficult debate was whether or not the casual (non-sophisticated) bad-guy would simply try, fail and give up, or then wait around for the legitimate keys to show up. A.KA. with the owner. The latter scenario puts the innocent driver into the situation, now as a victim to have their keys stolen, perhaps even violently.

So do you make the security tough enough that only true professionals will be able to steal the vehicle, or risk the opportunity of theft by convenience simply by now putting some pour soul unwillingly into a crime scene because it will become much easier to snatch the keys than the car itself?

You know the answer to this dilemma. It was decided that the general consumer was perceived to want the tighter security.

So I'm certain that the algorithms, cryptography and mechanisms to prevent engine start are even more sophisticated and challenging since I last worked with them.

So how was your Jeep stolen? If not with a key, then they were likely professional. However, it does not take a rocket scientist to puzzle out how to remote start a vehicle with the SGW bypassed. Many programmers are infact designed to gain entry into various parts of the Engine, Transmission and Body controllers via the CAN Bus in order to provide the really cool things that they do. That is after all their business niche. To gain access to various vehicle feature controls outside what the manufacturer naturally provides directly.

Unfortunately, this can also now provide an unintended side-channel interface into the control system via the infotainment radio due to the now bypassed SGW. Recall the security Gateway module is the manufacturers primary mechanism to firewall the non vehicle control entities from gaining access to the digital drive-by-wire internal vehicle control environment.

How do you believe the UConnect (On-Star) type of functionality works? They have remote but authorized (through the firewall) access to the various controllers from the internet (cell) connected UConnect radio.

Without the SGW (the firewall), the bad-guys now have the same, but unauthorized, access. Thus allowing them the ability to remote start and potentially steal the vehicle.

The good news is that not everyone disconnects the SGW so the bad-guys have no easy way of knowing which vehicles are easier targets.

If you did install a programmer (not implying you did) could you have advertised the fact that it was installed in some way? Perhaps unknowingly even through this forum perhaps? I know I worded that wrong the implication is nonetheless there, but hopefully I got my point across.

Also, a true professional thief would likely have the electrical and software engineering knowledge in how to make a pseudo-authorized (hack) and intrude into the vehicle regardless. But this would be no easy feat. The cryptography alone required to authenticate a valid user is likely near state-of-the art. So it was likely physical, rather than over-the-air remote access that he (or they) used. Pure speculation but reasonable.

Once inside, the bad guy could very easily bypass the SGW on his own. Still, he (she, or whatever) certainly would have to know what they're doing.

Again I'm just curious because of my background (but I no longer work in the automotive industry), and indeed have a programmer myself. Only interested on how much paranoia we Jeepers must now worry over.

I had a friend who sold his vintage corvette sting-ray a while back because it was continuously being broken into. Stolen on several occasions but only for joy-rides. Still he bought a boring Ford Taurus just to be able to sleep at night.

Have the bad guys found a new FCA security weakness? Or are all of us Jeep owners now in this same boat?

Jay
Click to expand...
 

Sponsored

roaniecowpony

roaniecowpony

Well-Known Member
Joined
Dec 4, 2018
Threads
148
Messages
7,423
Reaction score
9,677
Location
SoCal
Vehicle(s)
2018 JLUR, 14 GMC 1500 CC All TERRAIN
Occupation
Retired Engineer
jeepoch said:
...
I had a friend who sold his vintage corvette sting-ray a while back because it was continuously being broken into. Stolen on several occasions but only for joy-rides. Still he bought a boring Ford Taurus just to be able to sleep at night.
...
Jay
Click to expand...
There's a lot of peace of mind in driving a non-descript rough looking vehicle. When I used to travel from LAX for work, I'd take my older truck that had been sitting without washing for months, to the parking lots. Never had a problem.
 
Pig-Pen

Pig-Pen

Well-Known Member
First Name
Steve
Joined
May 29, 2018
Threads
81
Messages
4,051
Reaction score
6,307
Location
Eastvale, CA
Vehicle(s)
2018 JLU
Occupation
jabroni
Clubs
 
Congrats. Now you can get a rubicon!

I kid i kid. But thats what i would be hoping for with my jeep lol.

hope they find it and in good condition. Maybe just a joy ride? Or, not at all so you can get a nice new one. Sorry to hear that happened brother
Sponsored

 
You must log in or register to reply here.

Similar threads

Stolen Key ??
2
Replies
28
Views
2,647
sweet88gt
sweet88gt
  • Poll
Poll: 20 JLUD and a lift?
Replies
2
Views
137
Ratbert
Ratbert
LED headlamps stolen.
4 5 6
Replies
77
Views
18,495
Wrangler man
Wrangler man
Catalytic converter stolen?
4 5 6
Replies
83
Views
9,970
Squibbles
Squibbles
Stolen personal items
2 3
Replies
44
Views
5,783
Whaler27
Whaler27
 



Top