Stolen 2020 JLUD

[rvb]

That didn't last long. 2100 miles and 3 months. Stolen from right in front of hy home.

With all the defects and poor QC at Jeep just hope they don’t bring it back.

Sponsored

 

[Mark929]

I had a car stolen years ago that had a club locked on the steering wheel. They used bolt cutters to cut a small section out of the steering wheel to remove it. I know this because they left that piece of steering wheel in the parking space where the car was parked. The only only good news is that the club company made good on their guarantee and sent me a check. I don't recall how much it was but was around $1000-$1500.

 

[Notorious]

Unfortunately if you erase some human scum stealing anything from you, you will be the one prosecuted.

If the criminal lives, he may sue you.

Maybe I need to move to Missouri!

Come to Texas. The good guys here have good aim and itchy trigger fingers.

Remember McElroy? Info on Google is wrong. Only one gunshot professionally served. McElroy slumped over, foot on gas, engine maxxed revved for a solid 8 minutes, McElroy was gone well before the engine quit. No one saw anything.

You are quite the marksman.

 

[Wrangler man]

That didn't last long. 2100 miles and 3 months. Stolen from right in front of hy home.

It should be traceable with the XM Satellite Radio

 

[Wrangler man]

Don't even have to be complicated. The key fob can be in the house and read by one of those $11 amplifiers to enter the vehicle and drive away. Later they can replace the PCM if they want. It happened to a neighbor a couple years back who caught the thief on camera. You can see them just walk up with a little box, press a button, open the door, start the vehicle and drive away. From the link I posted earlier, it has gotten even cheaper. All of this technology is working against us.

The main thing in the only thing I miss about my 2017 JKU is the traditional no-nonsense no issue no problem key in the ignition turn to start. Every single push button to start vehicle regardless of manufacturer maker has had issues this now being the most critical incomprehensible. Here I thought the new JL worst trait was not being able to roll one foot forward or backwards in my garage when I needed. Trying to do so with the door open, are you kidding me, but when I have my doors off no problem so why would FSA make it a problem with my doors on. Why would you put this on a Wrangler keep it on the Comfort creatures of the Cherokees and Caravans not our Wranglers.

 

[toolaide4fit]

Unfortunately if you erase some human scum stealing anything from you, you will be the one prosecuted. Look at what the couple in MO are facing for just 'brandishing' a weapon when people are breaking and entering onto their property.

Not in Texas!

 

[spurly]

Matt,

Just a couple of questions out of curiosity and nothing else. But take some time to think about answering this publicly. I don't want any issue to arise between you and your insurance company.

Was you Jeep locked with the fob? Did they take your fob? If not, do you have any type of programmer (such as a Tazer or some other, not to single them out) that bypasses the Security Gateway (SGW) module? And if so, do you have the UConnect 4 radio?

The primary reason I'm asking is twofold:

1. I used to work for Chrysler as a Powertrain Software Engineer working with the initial keyless entry systems back in the late 90's with the 2002-06 model year Engine Controllers. I'll expand on this more.

2. I do have a Tazer JL Lite but I don't leave it plugged in. It's 'married' but unplugged. I leave my SGW module connected, partially out of fear from tampering (including theft) but mostly just because I have a pretty good understanding of the Controller Area Network (CAN) Bus and inner workings of the engine controller. I'm just curious on how they defeated the current security system. I primarily use the Tazer to set the speedo corrections for my 35" tires.

When I was involved with implementing the software which provided the fuel shutoff during suspected ignition sequence tampering, there was a pretty big and contentious debate. One camp argued to not do anything at all other than trigger the alarms and whistles. The other side of course was to then take more aggressive steps to try and thwart the potential thief. Steps such as, but not limited to, fuel shutoff.

The reason for such a difficult debate was whether or not the casual (non-sophisticated) bad-guy would simply try, fail and give up, or then wait around for the legitimate keys to show up. A.KA. with the owner. The latter scenario puts the innocent driver into the situation, now as a victim to have their keys stolen, perhaps even violently.

So do you make the security tough enough that only true professionals will be able to steal the vehicle, or risk the opportunity of theft by convenience simply by now putting some pour soul unwillingly into a crime scene because it will become much easier to snatch the keys than the car itself?

You know the answer to this dilemma. It was decided that the general consumer was perceived to want the tighter security.

So I'm certain that the algorithms, cryptography and mechanisms to prevent engine start are even more sophisticated and challenging since I last worked with them.

So how was your Jeep stolen? If not with a key, then they were likely professional. However, it does not take a rocket scientist to puzzle out how to remote start a vehicle with the SGW bypassed. Many programmers are infact designed to gain entry into various parts of the Engine, Transmission and Body controllers via the CAN Bus in order to provide the really cool things that they do. That is after all their business niche. To gain access to various vehicle feature controls outside what the manufacturer naturally provides directly.

Unfortunately, this can also now provide an unintended side-channel interface into the control system via the infotainment radio due to the now bypassed SGW. Recall the security Gateway module is the manufacturers primary mechanism to firewall the non vehicle control entities from gaining access to the digital drive-by-wire internal vehicle control environment.

How do you believe the UConnect (On-Star) type of functionality works? They have remote but authorized (through the firewall) access to the various controllers from the internet (cell) connected UConnect radio.

Without the SGW (the firewall), the bad-guys now have the same, but unauthorized, access. Thus allowing them the ability to remote start and potentially steal the vehicle.

The good news is that not everyone disconnects the SGW so the bad-guys have no easy way of knowing which vehicles are easier targets.

If you did install a programmer (not implying you did) could you have advertised the fact that it was installed in some way? Perhaps unknowingly even through this forum perhaps? I know I worded that wrong the implication is nonetheless there, but hopefully I got my point across.

Also, a true professional thief would likely have the electrical and software engineering knowledge in how to make a pseudo-authorized (hack) and intrude into the vehicle regardless. But this would be no easy feat. The cryptography alone required to authenticate a valid user is likely near state-of-the art. So it was likely physical, rather than over-the-air remote access that he (or they) used. Pure speculation but reasonable.

Once inside, the bad guy could very easily bypass the SGW on his own. Still, he (she, or whatever) certainly would have to know what they're doing.

Again I'm just curious because of my background (but I no longer work in the automotive industry), and indeed have a programmer myself. Only interested on how much paranoia we Jeepers must now worry over.

I had a friend who sold his vintage corvette sting-ray a while back because it was continuously being broken into. Stolen on several occasions but only for joy-rides. Still he bought a boring Ford Taurus just to be able to sleep at night.

Have the bad guys found a new FCA security weakness? Or are all of us Jeep owners now in this same boat?

Jay

Well dammit, now you got me worried. I knew the tazer bypassed the SGW but never gave much thought to what could happen now that it's disconnected. To bad Tazer can't have the same security features as the SGW.

 

[beaups]

Well dammit, now you got me worried. I knew the tazer bypassed the SGW but never gave much thought to what could happen now that it's disconnected. To bad Tazer can't have the same security features as the SGW.

There's nothing to worry about here, really. If someone has physical access to your vehicle they could remove the SGW in 5 seconds, but why would they want or need to? Having it removed via Tazer does increase the attack surface for *remote* attacks, but the attacker still needs a vulnerability and a reason to target you. There's also no reason to believe that vulnerabilities don't exist in the SGW itself.

 

[DigitalDiem]

Matt,

Just a couple of questions out of curiosity and nothing else. But take some time to think about answering this publicly. I don't want any issue to arise between you and your insurance company.

Was you Jeep locked with the fob? Did they take your fob? If not, do you have any type of programmer (such as a Tazer or some other, not to single them out) that bypasses the Security Gateway (SGW) module? And if so, do you have the UConnect 4 radio?

The primary reason I'm asking is twofold:

1. I used to work for Chrysler as a Powertrain Software Engineer working with the initial keyless entry systems back in the late 90's with the 2002-06 model year Engine Controllers. I'll expand on this more.

2. I do have a Tazer JL Lite but I don't leave it plugged in. It's 'married' but unplugged. I leave my SGW module connected, partially out of fear from tampering (including theft) but mostly just because I have a pretty good understanding of the Controller Area Network (CAN) Bus and inner workings of the engine controller. I'm just curious on how they defeated the current security system. I primarily use the Tazer to set the speedo corrections for my 35" tires.

When I was involved with implementing the software which provided the fuel shutoff during suspected ignition sequence tampering, there was a pretty big and contentious debate. One camp argued to not do anything at all other than trigger the alarms and whistles. The other side of course was to then take more aggressive steps to try and thwart the potential thief. Steps such as, but not limited to, fuel shutoff.

The reason for such a difficult debate was whether or not the casual (non-sophisticated) bad-guy would simply try, fail and give up, or then wait around for the legitimate keys to show up. A.KA. with the owner. The latter scenario puts the innocent driver into the situation, now as a victim to have their keys stolen, perhaps even violently.

So do you make the security tough enough that only true professionals will be able to steal the vehicle, or risk the opportunity of theft by convenience simply by now putting some pour soul unwillingly into a crime scene because it will become much easier to snatch the keys than the car itself?

You know the answer to this dilemma. It was decided that the general consumer was perceived to want the tighter security.

So I'm certain that the algorithms, cryptography and mechanisms to prevent engine start are even more sophisticated and challenging since I last worked with them.

So how was your Jeep stolen? If not with a key, then they were likely professional. However, it does not take a rocket scientist to puzzle out how to remote start a vehicle with the SGW bypassed. Many programmers are infact designed to gain entry into various parts of the Engine, Transmission and Body controllers via the CAN Bus in order to provide the really cool things that they do. That is after all their business niche. To gain access to various vehicle feature controls outside what the manufacturer naturally provides directly.

Unfortunately, this can also now provide an unintended side-channel interface into the control system via the infotainment radio due to the now bypassed SGW. Recall the security Gateway module is the manufacturers primary mechanism to firewall the non vehicle control entities from gaining access to the digital drive-by-wire internal vehicle control environment.

How do you believe the UConnect (On-Star) type of functionality works? They have remote but authorized (through the firewall) access to the various controllers from the internet (cell) connected UConnect radio.

Without the SGW (the firewall), the bad-guys now have the same, but unauthorized, access. Thus allowing them the ability to remote start and potentially steal the vehicle.

The good news is that not everyone disconnects the SGW so the bad-guys have no easy way of knowing which vehicles are easier targets.

If you did install a programmer (not implying you did) could you have advertised the fact that it was installed in some way? Perhaps unknowingly even through this forum perhaps? I know I worded that wrong the implication is nonetheless there, but hopefully I got my point across.

Also, a true professional thief would likely have the electrical and software engineering knowledge in how to make a pseudo-authorized (hack) and intrude into the vehicle regardless. But this would be no easy feat. The cryptography alone required to authenticate a valid user is likely near state-of-the art. So it was likely physical, rather than over-the-air remote access that he (or they) used. Pure speculation but reasonable.

Once inside, the bad guy could very easily bypass the SGW on his own. Still, he (she, or whatever) certainly would have to know what they're doing.

Again I'm just curious because of my background (but I no longer work in the automotive industry), and indeed have a programmer myself. Only interested on how much paranoia we Jeepers must now worry over.

I had a friend who sold his vintage corvette sting-ray a while back because it was continuously being broken into. Stolen on several occasions but only for joy-rides. Still he bought a boring Ford Taurus just to be able to sleep at night.

Have the bad guys found a new FCA security weakness? Or are all of us Jeep owners now in this same boat?

Jay

From Z Automotive:
Hi Carl,



Any security that we bypass is internal. So unless there's a serious breach of UConnect's security, there's nothing a hacker would get out of you having a Tazer installed.



Thanks,

Ian



Ian S

Z Automotive

 

[Rodeoflyer]

I think I'll buy some hood locks and probably a gas cap cover lock. I already have a locking gas cap but a door lock would probably be good to have as well.

The tazer jl's 'hood alarm' has saved me from theft or damage (or whatever they were trying to do.) I hear they steal batteries out of Jeeps since the hood is so easily accessed.

 

[jeepoch]

From Z Automotive:
Hi Carl,



Any security that we bypass is internal. So unless there's a serious breach of UConnect's security, there's nothing a hacker would get out of you having a Tazer installed.



Thanks,

Ian



Ian S

Z Automotive

Ian,

That's not entirely true.

Bypassing the SGW is NOT just an internal issue. With any Cellular connected UConnect-4 (or similar third party equivalent radio) with any remote internet capability, a side-channel vector now exists beyond what FCA had attempted to prevent.

I'm not advocating anything in regards to either using external programmers (or not), I'm just pointing out the potential security vulnerabilities that are now present if they are. Whether fellow Jeepers know this (or not) is all I'm trying to highlight and inform within this discussion.

Typically for those lower model Jeep trims that have the UConnect-3 radios, this is no issue at all (none, zero, ziltch). Since these radios have no built-in cellular capability, there is no remote side-channel access, so therefore no attack vector vulnerability. An attacker (or thief) would need direct physical access to these Sports.

For the record though and as a side note, I think the UConnect-3 is one of the worst radios ever installed on any vehicle ever, by far bar none. But it indeed remains blissfully unconnected to the outside world; good, bad or indifferent.

Contrarily for the higher end radios, the ones that support external apps like navigation, carplay, over-the-air updates and all the really cool bells and whistles, having the SGW then bypassed (for any reason) now introduces a pretty potentially significant security hole.

Programmer products of any type that bypass the 'Security Gateway' (SGW) Module, by design, provide even more ways to gain access into the vehicle's internal 'drive-by-wire' control system. Why do these products require that the SGW be bypassed at all?

Answer: To gain more access to the internal Controller Area Network (CAN) Bus that accesses the Engine, Transmission and Body Controller calibration data that otherwise would be blocked by the SGW.

That is indeed their [third-party] business niche and mission model. To give consumers more access to their vehicles underpinnings than what the manufacturer is willing to naturally provide. Unfortunately this comes with an unintended cost. Additional security vulnerabilities.

With an internet connected radio, no longer throttled or managed by the missing SGW, this now gives unintended (unauthorized) access to the internal control 'drive-by-wire' environment. Possibly exploiting even more access points into the vehicles control computers provided (yet unintended) by the plugged-in programmer itself.

You state that it is no issue if the radio has a serious breach. That's a cop out. Everyone introducing legitimate functionality into the vehicle has the responsibility to enhance security not coattail into blaming others for deficiencies. My response is to find a way to not bypass any current security mechanisms. Negotiate valid authorized access. My hunch is that this would be too cost prohibitive, even if the manufacturer would entertain that possibility whatsoever.

Furthermore, access to the internal 'drive-by-wire' control system, such as remote start and maintenance tracking is very much a designed in capability of these factory provided cellular connected radios. It is certainly not a serious breach. They validly authenticate their behaviors via the SGW. Now anyone (authorized or not), without the Security Gateway Module can do the exact same behaviors. The SGW is there for a reason.

In summary, it's up to each and every vehicle owner to better understand these subtle (un-advertised) risks when they use these programmer products. For the record, I personally have a 'married' Tazer JL Lite as we speak. But it is not actively plugged in. My SGW remains connected. I only use the 'non-live' features of the Tazer to recalibrate my tire size and TPMS thresholds. Something the dealership won't provide at all (at least regarding changing the TPMS settings).

So do you want to take the chance of having your Jeep stolen (or hacked) just because you don't want to have to push the Electronic Stop Start (ESS) disable button or any other 'live' feature requiring the Tazer to be actively plugged in?

That's not for me to say. Only the Jeepers that are using this (or plan to) are the ones that require this information. Better knowledge of your vehicle is never a bad thing.

Jeep owners tend to be more technically savvy than most. The technology of the JL is something that should be straight-forward and secure. Unfortunately the bad guys know this technology too. But they're even more vigilant than we are and also much more nefarious.

Do with this information what you will. I'm not saying you should or you shouldn't purchase any third-party programmer. I did. I'm hopefully just helping the community feel more informed and educated in making their own Jeep modding decisions.

Some may believe the risk is worth the benefit. Others may not. That's their call.

Jeep On (safely and securely)...
Jay

 

[Rodeoflyer]

Question Jay.. is the hood alarm an active feature? I assume that it is.

 

[beaups]

Ian,

That's not entirely true.

Bypassing the SGW is NOT just an internal issue. With any Cellular connected UConnect-4 (or similar third party equivalent radio) with any remote internet capability, a side-channel vector now exists beyond what FCA had attempted to prevent.

I'm not advocating anything in regards to either using external programmers (or not), I'm just pointing out the potential security vulnerabilities that are now present if they are. Whether fellow Jeepers know this (or not) is all I'm trying to highlight and inform within this discussion.

Typically for those lower model Jeep trims that have the UConnect-3 radios, this is no issue at all (none, zero, ziltch). Since these radios have no built-in cellular capability, there is no remote side-channel access, so therefore no attack vector vulnerability. An attacker (or thief) would need direct physical access to these Sports.

For the record though and as a side note, I think the UConnect-3 is one of the worst radios ever installed on any vehicle ever, by far bar none. But it indeed remains blissfully unconnected to the outside world; good, bad or indifferent.

Contrarily for the higher end radios, the ones that support external apps like navigation, carplay, over-the-air updates and all the really cool bells and whistles, having the SGW then bypassed (for any reason) now introduces a pretty potentially significant security hole.

Programmer products of any type that bypass the 'Security Gateway' (SGW) Module, by design, provide even more ways to gain access into the vehicle's internal 'drive-by-wire' control system. Why do these products require that the SGW be bypassed at all?

Answer: To gain more access to the internal Controller Area Network (CAN) Bus that accesses the Engine, Transmission and Body Controller calibration data that otherwise would be blocked by the SGW.

That is indeed their [third-party] business niche and mission model. To give consumers more access to their vehicles underpinnings than what the manufacturer is willing to naturally provide. Unfortunately this comes with an unintended cost. Additional security vulnerabilities.

With an internet connected radio, no longer throttled or managed by the missing SGW, this now gives unintended (unauthorized) access to the internal control 'drive-by-wire' environment. Possibly exploiting even more access points into the vehicles control computers provided (yet unintended) by the plugged-in programmer itself.

You state that it is no issue if the radio has a serious breach. That's a cop out. Everyone introducing legitimate functionality into the vehicle has the responsibility to enhance security not coattail into blaming others for deficiencies. My response is to find a way to not bypass any current security mechanisms. Negotiate valid authorized access. My hunch is that this would be too cost prohibitive, even if the manufacturer would entertain that possibility whatsoever.

Furthermore, access to the internal 'drive-by-wire' control system, such as remote start and maintenance tracking is very much a designed in capability of these factory provided cellular connected radios. It is certainly not a serious breach. They validly authenticate their behaviors via the SGW. Now anyone (authorized or not), without the Security Gateway Module can do the exact same behaviors. The SGW is there for a reason.

In summary, it's up to each and every vehicle owner to better understand these subtle (un-advertised) risks when they use these programmer products. For the record, I personally have a 'married' Tazer JL Lite as we speak. But it is not actively plugged in. My SGW remains connected. I only use the 'non-live' features of the Tazer to recalibrate my tire size and TPMS thresholds. Something the dealership won't provide at all (at least regarding changing the TPMS settings).

So do you want to take the chance of having your Jeep stolen (or hacked) just because you don't want to have to push the Electronic Stop Start (ESS) disable button or any other 'live' feature requiring the Tazer to be actively plugged in?

That's not for me to say. Only the Jeepers that are using this (or plan to) are the ones that require this information. Better knowledge of your vehicle is never a bad thing.

Jeep owners tend to be more technically savvy than most. The technology of the JL is something that should be straight-forward and secure. Unfortunately the bad guys know this technology too. But they're even more vigilant than we are and also much more nefarious.

Do with this information what you will. I'm not saying you should or you shouldn't purchase any third-party programmer. I did. I'm hopefully just helping the community feel more informed and educated in making their own Jeep modding decisions.

Some may believe the risk is worth the benefit. Others may not. That's their call.

Jeep On (safely and securely)...
Jay

This just isn't accurate on many levels. The uconnect 3 is not disconnected from the outside world. It has a Bluetooth transceiver as well as Sirius, FM, and AM receivers. It's not inconceivable to believe that an attack could be implemented, even through the one way radios, should a vulnerability exist.

To that point, removing the SGW doesnt magically make the system insecure, nor does adding it make the system secure. The attacker still needs a vulnerability to exploit (and a reason to do so) even with the SGW removed. I do agree that it potentially widens the attack surface.

 

[DigitalDiem]

Ian,

That's not entirely true.

Bypassing the SGW is NOT just an internal issue. With any Cellular connected UConnect-4 (or similar third party equivalent radio) with any remote internet capability, a side-channel vector now exists beyond what FCA had attempted to prevent.

I'm not advocating anything in regards to either using external programmers (or not), I'm just pointing out the potential security vulnerabilities that are now present if they are. Whether fellow Jeepers know this (or not) is all I'm trying to highlight and inform within this discussion.

Typically for those lower model Jeep trims that have the UConnect-3 radios, this is no issue at all (none, zero, ziltch). Since these radios have no built-in cellular capability, there is no remote side-channel access, so therefore no attack vector vulnerability. An attacker (or thief) would need direct physical access to these Sports.

For the record though and as a side note, I think the UConnect-3 is one of the worst radios ever installed on any vehicle ever, by far bar none. But it indeed remains blissfully unconnected to the outside world; good, bad or indifferent.

Contrarily for the higher end radios, the ones that support external apps like navigation, carplay, over-the-air updates and all the really cool bells and whistles, having the SGW then bypassed (for any reason) now introduces a pretty potentially significant security hole.

Programmer products of any type that bypass the 'Security Gateway' (SGW) Module, by design, provide even more ways to gain access into the vehicle's internal 'drive-by-wire' control system. Why do these products require that the SGW be bypassed at all?

Answer: To gain more access to the internal Controller Area Network (CAN) Bus that accesses the Engine, Transmission and Body Controller calibration data that otherwise would be blocked by the SGW.

That is indeed their [third-party] business niche and mission model. To give consumers more access to their vehicles underpinnings than what the manufacturer is willing to naturally provide. Unfortunately this comes with an unintended cost. Additional security vulnerabilities.

With an internet connected radio, no longer throttled or managed by the missing SGW, this now gives unintended (unauthorized) access to the internal control 'drive-by-wire' environment. Possibly exploiting even more access points into the vehicles control computers provided (yet unintended) by the plugged-in programmer itself.

You state that it is no issue if the radio has a serious breach. That's a cop out. Everyone introducing legitimate functionality into the vehicle has the responsibility to enhance security not coattail into blaming others for deficiencies. My response is to find a way to not bypass any current security mechanisms. Negotiate valid authorized access. My hunch is that this would be too cost prohibitive, even if the manufacturer would entertain that possibility whatsoever.

Furthermore, access to the internal 'drive-by-wire' control system, such as remote start and maintenance tracking is very much a designed in capability of these factory provided cellular connected radios. It is certainly not a serious breach. They validly authenticate their behaviors via the SGW. Now anyone (authorized or not), without the Security Gateway Module can do the exact same behaviors. The SGW is there for a reason.

In summary, it's up to each and every vehicle owner to better understand these subtle (un-advertised) risks when they use these programmer products. For the record, I personally have a 'married' Tazer JL Lite as we speak. But it is not actively plugged in. My SGW remains connected. I only use the 'non-live' features of the Tazer to recalibrate my tire size and TPMS thresholds. Something the dealership won't provide at all (at least regarding changing the TPMS settings).

So do you want to take the chance of having your Jeep stolen (or hacked) just because you don't want to have to push the Electronic Stop Start (ESS) disable button or any other 'live' feature requiring the Tazer to be actively plugged in?

That's not for me to say. Only the Jeepers that are using this (or plan to) are the ones that require this information. Better knowledge of your vehicle is never a bad thing.

Jeep owners tend to be more technically savvy than most. The technology of the JL is something that should be straight-forward and secure. Unfortunately the bad guys know this technology too. But they're even more vigilant than we are and also much more nefarious.

Do with this information what you will. I'm not saying you should or you shouldn't purchase any third-party programmer. I did. I'm hopefully just helping the community feel more informed and educated in making their own Jeep modding decisions.

Some may believe the risk is worth the benefit. Others may not. That's their call.

Jeep On (safely and securely)...
Jay

Which is why I reached out to Z Automotive and posted their response.

 

[jeepoch]

This just isn't accurate on many levels. The uconnect 3 is not disconnected from the outside world. It has a Bluetooth transceiver as well as Sirius, FM, and AM receivers. It's not inconceivable to believe that an attack could be implemented, even through the one way radios, should a vulnerability exist.

To that point, removing the SGW doesnt magically make the system insecure, nor does adding it make the system secure. The attacker still needs a vulnerability to exploit (and a reason to do so) even with the SGW removed. I do agree that it potentially widens the attack surface.

Sean,

Symantics. Remote to me infers that you are not near the vehicle. For thieves this is certainly not the case. Bluetooth is certainly a nearby interface with very short range. One also has to 'hack' the pairing of both transceivers which infers physical access. FM, AM and Satellite are receivers, uni-directional (one-way) only. A connected interface to me is bi-directional (two-way) and the internal cellular radio of the UConnect-4s are the only practical connection point.

Certainly if you 'hack' Bluetooth, the attacker's unit can then provide the internet connection. This would be exactly like playing Spotify in you rig with your cellphone.

However, my point while an intrusion is difficult it is certainly possible (non-zero probability) for unintended access into your vehicle's drive-by-wire control system. Much more easier however without the SGW.

Removing the SGW is clearly an enabling mechanism. It's not so much the size of the attack surface (still smaller the better), it's about a successful intrusion independent of size. It only takes one access vector, in order to either steal (remote start, door unlock) or alter any other normal operating behavior.

Jay

Sponsored