you WILL get the update, plebe!

[Kyanche]

Having worked in IT and attending RSA Conferences annually; the more real and immediate threat is the “Internet of Things” and the lack of proper safeguards build into the products.

If the jeep is not connected to the internet, then it's not really. And then the security concern becomes... well how far do you want to dig? Do you want to make the vehicle an impenetrable fortress?

Like, I hear about how on some cars you can yank the tail light off and then hotwire into the canbus and send a message to unlock the doors and maybe even start the car. OMG TERRIFYING! You know what's even faster and easier to unlock the doors? A broken piece of spark plug!

Should we really go as far as making the microcontroller in the tail light only run signed code with a shared secret married to the upstream controller so that the upstream controller ONLY accepts valid tail light inputs and lalala let's make the code 3x more complicated and the parts nearly impossible to replace because of some absurd edge case where someone might use it to steal a car.

There has to be a tradeoff between security and practicality. So far the ultimate card that keeps getting played time and time again with cars is "but safety!" like, because vehicles can be dangerous if used/maintained improperly, we should never let anyone do things the manufacturer didn't intend with them.

I refuse to install any and all IoT devices. In my home. And not just because of their critical lack of security.

This is also a tradeoff of security vs convenience, I feel. I use some wifi switches and lightbulbs from a vendor I trust. They sit on a vlan specifically for IOT devices, but heaven forbid someone got into them, they're just light switches. no big deal.

I'm more hesitant to use a wifi door lock. They are massively convenient! If you use an apple watch, there are a few wifi door locks you can hold your watch up to the door to unlock it. That's hella convenient!

But I personally feel like wifi door locks are a silly security risk. You can get a z-wave door lock and enjoy most of the same benefits (and yes you can configure them to use encryption) but without the same kinda risks. The only risk exposure surface the z-wave (or zigbee) systems have is at the gateway. But it's easier to keep a gateway up-to-date and/or replace it when it gets outdated, than it is to replace all the dang widgets.

I do feel like it gets silly sometimes though. My washing machine has wifi and you can use a specific app to get notifications when a load is finished. This sounds great at first... but the app is obnoxious so I uninstalled it and disconnected the machine. I personally hate smart TVs and wish we could go back to simple dumb ones that just turn on and accept commands immediately.

Sponsored

 

[Wulfgott]

If you wait long enough, they will stop tracking it and big brothering you on their own. Just have to wait for the technology they used/relied on to obsolete itself. They will have to pay to upgrade the systems at that point for the older cards and will not bother as the cost would be prohibitive. Worked with **star, and boom no more watchdog on the car.

It may take you 15-20 years though... until then... you can always faraday cage the head unit and accessories with aluminum foil... just make sure any unwanted antenna are also disconnected...

 

[Brad Hearing]

I refuse to install any and all IoT devices. In my home. And not just because of their critical lack of security.

well then maybe you can begin to appreciate my position here. the jeep is on that system, and its understood that that can be changed, and I would like to make that change.

Arguments made by others about how there is reason to bother since your phone tracks you too are missing the point of all of this.

 

[grimmjeeper]

well then maybe you can begin to appreciate my position here. the jeep is on that system, and its understood that that can be changed, and I would like to make that change.

Arguments made by others about how there is reason to bother since your phone tracks you too are missing the point of all of this.

I understand to a point.

However, there is a difference. I need a vehicle of some kind to get around. It's difficult to function in the modern world without a phone, email, web access, etc.

IoT devices are a convenience. I don't need to answer my door while I'm halfway around the world. I don't need to change my thermostat while I'm at work. I don't need a fridge that tells me I'm out of milk.

Given the generally poor quality of consumer electronics, and the vulnerability they bring, I avoid them when I don't need them. When I do need something to get things done in the modern world, I have to live with what's available. And I do take reasonable steps to reduce my risk.

The key word is "reasonable". While I'm cautious and cognizant of the risks, I'm not paranoid. Sure. A bunch of things are possible. But they just don't happen in the real wold.

Yes. Someone may hack my car and disable it. Or listen in on the microphone in the emergency service system. But the probability of it happening to me is miniscule. Well below the threshold of needing to worry about. And the lower your threshold is, the closer you are to being clinically paranoid.

Caution and awareness of risk is fine. Paranoia can become dangerous.

The thing you need to ask yourself is... "Why you?"

 

[Brad Hearing]

Yes. Someone may hack my car and disable it. Or listen in on the microphone in the emergency service system. But the probability of it happening to me is miniscule. Well below the threshold of needing to worry about. And the lower your threshold is, the closer you are to being clinically paranoid.

Caution and awareness of risk is fine. Paranoia can become dangerous.

The thing you need to ask yourself is... "Why you?"

And that is missing the point as well. Not everyone who wants privacy is a criminal, nor are they paranoid. It's the principle of the thing.

I think its why im getting so much pushback - theres a little part in the brain that says "if youre trying to be private than you must be hiding something" and thats simply not the case.

reminds me of the post 9/11 period where the mantra was you dont need to hide your personal info if you arent doing anything wrong. Next thing you know everyone is posting their underwear size on facebook.

the examples I gave earlier - adverts on your dashboard or being geofenced by a 15 minute city - are examples of blanket control that has nothing to do with a sense of personal persecution.

I would rather jump out of the water before it boils if I can, simple as that.

 

[rcadden]

Another one of these threads?

I guess it was about time. The last one was what, a week ago?

 

[Ratbert]

And that is missing the point as well. Not everyone who wants privacy is a criminal, nor are they paranoid. It's the principle of the thing.

I think its why im getting so much pushback - theres a little part in the brain that says "if youre trying to be private than you must be hiding something" and thats simply not the case.

reminds me of the post 9/11 period where the mantra was you dont need to hide your personal info if you arent doing anything wrong. Next thing you know everyone is posting their underwear size on facebook.

the examples I gave earlier - adverts on your dashboard or being geofenced by a 15 minute city - are examples of blanket control that has nothing to do with a sense of personal persecution.

I would rather jump out of the water before it boils if I can, simple as that.

Feel free to remove all comms. You'll just have to deal with the implications.

Arguments made by others about how there is reason to bother since your phone tracks you too are missing the point of all of this.

I'm thinking you didn't say what you think you did and possibly meant to say "no reason" instead of "reason".

 

[grimmjeeper]

And that is missing the point as well. Not everyone who wants privacy is a criminal, nor are they paranoid. It's the principle of the thing.

I think its why im getting so much pushback - theres a little part in the brain that says "if youre trying to be private than you must be hiding something" and thats simply not the case.

reminds me of the post 9/11 period where the mantra was you dont need to hide your personal info if you arent doing anything wrong. Next thing you know everyone is posting their underwear size on facebook.

the examples I gave earlier - adverts on your dashboard or being geofenced by a 15 minute city - are examples of blanket control that has nothing to do with a sense of personal persecution.

I would rather jump out of the water before it boils if I can, simple as that.

FWIW, I'm private without being paranoid.

 

[Brad Hearing]

FWIW, I'm private without being paranoid.

I never implied that you were, but it was implied of me and felt the need to clarify.

 

[grimmjeeper]

I never implied that you were, but it was implied of me and felt the need to clarify.

You have to ask yourself why your point of view is so very far removed from most people. And whether or not it's really rational.

You should also avoid rejecting answers you don't want to hear.

When you lead with "nobody else gets it and I'm the only one who does." you really need to spend some time thinking it through.

 

[Brad Hearing]

You have to ask yourself why your point of view is so very far removed from most people. And whether or not it's really rational.

You should also avoid rejecting answers you don't want to hear.

given that the answers were essentially mockery, to stop whining and to sell my jeep when all im looking for is a solution to the problem (ie how do I disable, remove, or mitigate telemetry) I have no problem rejecting answers I dont want to hear.

People don't like it when someone in the group does something different. I've seen this happen all too often in business and social circles.

This thread is a great example of that. I dont fit into the mold of being OK with being tracked, and so the group makes fun of me instead to try to get me to fit back into the mold.

All I actually want is an answer to the problem if it exists and if not then find people who can help in getting a solution.

 

[grimmjeeper]

given that the answers were essentially mockery, to stop whining and to sell my jeep when all im looking for is a solution to the problem (ie how do I disable, remove, or mitigate telemetry) I have no problem rejecting answers I dont want to hear.

People don't like it when someone in the group does something different. I've seen this happen all too often in business and social circles.

This thread is a great example of that. I dont fit into the mold of being OK with being tracked, and so the group makes fun of me instead to try to get me to fit back into the mold.

All I actually want is an answer to the problem if it exists and if not then find people who can help in getting a solution.

 

[Pape]

If the jeep is not connected to the internet, then it's not really. And then the security concern becomes... well how far do you want to dig? Do you want to make the vehicle an impenetrable fortress?

Like, I hear about how on some cars you can yank the tail light off and then hotwire into the canbus and send a message to unlock the doors and maybe even start the car. OMG TERRIFYING! You know what's even faster and easier to unlock the doors? A broken piece of spark plug!

Should we really go as far as making the microcontroller in the tail light only run signed code with a shared secret married to the upstream controller so that the upstream controller ONLY accepts valid tail light inputs and lalala let's make the code 3x more complicated and the parts nearly impossible to replace because of some absurd edge case where someone might use it to steal a car.

There has to be a tradeoff between security and practicality. So far the ultimate card that keeps getting played time and time again with cars is "but safety!" like, because vehicles can be dangerous if used/maintained improperly, we should never let anyone do things the manufacturer didn't intend with them.



This is also a tradeoff of security vs convenience, I feel. I use some wifi switches and lightbulbs from a vendor I trust. They sit on a vlan specifically for IOT devices, but heaven forbid someone got into them, they're just light switches. no big deal.

I'm more hesitant to use a wifi door lock. They are massively convenient! If you use an apple watch, there are a few wifi door locks you can hold your watch up to the door to unlock it. That's hella convenient!

But I personally feel like wifi door locks are a silly security risk. You can get a z-wave door lock and enjoy most of the same benefits (and yes you can configure them to use encryption) but without the same kinda risks. The only risk exposure surface the z-wave (or zigbee) systems have is at the gateway. But it's easier to keep a gateway up-to-date and/or replace it when it gets outdated, than it is to replace all the dang widgets.

I do feel like it gets silly sometimes though. My washing machine has wifi and you can use a specific app to get notifications when a load is finished. This sounds great at first... but the app is obnoxious so I uninstalled it and disconnected the machine. I personally hate smart TVs and wish we could go back to simple dumb ones that just turn on and accept commands immediately.

Lol a signed light bulb. Next thing you know they will store the signing certificate on a unprotected S3 bucket

The best example of all this is our key system. Not sure who design that but he/she need to get some training on security.

 

[rcadden]

given that the answers were essentially mockery, to stop whining and to sell my jeep when all im looking for is a solution to the problem (ie how do I disable, remove, or mitigate telemetry) I have no problem rejecting answers I dont want to hear.

People don't like it when someone in the group does something different. I've seen this happen all too often in business and social circles.

This thread is a great example of that. I dont fit into the mold of being OK with being tracked, and so the group makes fun of me instead to try to get me to fit back into the mold.

All I actually want is an answer to the problem if it exists and if not then find people who can help in getting a solution.

It's not so much this as it is that these threads come up on the regular in this forum, where someone buys a new vehicle in 2024 and is then somehow surprised that it's tracking them or always connected, and begins investigating how to disconnect/disable all of this.

There are already several threads that walk through disconnecting, and those threads do a pretty good job of also highlighting the things that you'll be giving up in exchange.

It's the "HOLY CRAP MY JEEP IS MONITORING ME" surprised discovery that everyone reacts to. There's not a vehicle on the market today that I'm aware of that doesn't have some level of monitoring. Your purchase alone is acceptance of this.

 

[Brad Hearing]

Your purchase alone is acceptance of this.

No it isn't. It was never an option, and the details about how its used are not disclosed before purchase. Arguments that I didnt spend enough hours in obscure websites to find out the facts beforehand are nonsense.

additionally your statement about there not being any cars out there that don't track you makes it impossible not to accept, doesnt it?

old car crapped out, bought a new one. if all new ones have a feature that you dont want then its a matter of trying to remove it after purchase. I bought a jeep in part for this reason.

I posted once when I first got it to ask about removal, I posted the second time after discovering its connected to the internet somehow without my permission or control.

They give you an app that does all this, so the direct implication is that if you dont use the app then the jeep wont have the features. turns out this is not the case.

the solution then is to find a way out by removing the affected components.

I understand your comment about this being brought up all the time, but I dare you to find any one subject about jeeps that isnt repeatedly asked on this forum and rightly so; not everyone was here at the beginning and search features in forums arent the greatest.

Theres gotta be a zillion posts about corrosion on doors. I posted about that today and got straight answers. but this subject? all you get is mockery.

Sponsored