Just How Vulnerable is the UConnect System to Hacking?
- A 2015 experiment showed that hackers can take control of a Ram vehicle through vulnerabilities in the uConnect system.
- But it's not as bad as it seems, as hackers would first need physical access to the system to do their dirty work.
- Fiat-Chrysler (FCA) did send out a software update just a few days after the story broke to close some of the software gaps.
On July 21, 2015 a report surfaced that hackers had remotely taken control of a Jeep Cherokee through its UConnect system. They turned on the A/C, cranked the volume of the radio, and even killed the transmission while the vehicle was on the highway.
The driver was freaked out, even though he had signed up for the whole harrowing ordeal.
“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”
Yes, it was all an experiment aimed at shining a light on how a connected car is a vulnerable one.
An Experiment to Bring Light to Security Issues ∞
With the help of two white-hat hackers (i.e. the good guys), Wired.com wanted to show how an infotainment system could be remote accessed via the car’s cellular connection, essentially turning the car into a giant remote-controlled danger box.
That makes us crash-test dummies.
“The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I–64.”
It’s worth mentioning that the hackers did have direct contact with the vehicle before they hacked it remotely later on. So these vulnerabilities aren’t coming out of thin air … yet.
Fiat-Chrysler Upgrades the Software Following the Hack ∞
Within a few days of the Wired.com article, Fiat-Chrysler (FCA) announced they’d be sending owners a software patch update on a USB drive as part of a recall for 1.4 million vehicles. Additionally, FCA closed remote ports to block-long range access via cell networks.
The recalled vehicles are all equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios, this includes 2013-2015 Ram trucks.
Fiat Chrysler says it has already applied security measures to block remote access to vehicle systems, all without an owner knowing about it because the changes occurred through the cellular network. Chrysler says everything was done on July 23, 2015.
Customers can also get a copy of the update by visiting http://www.driveuconnect.com/software-update.
An investigation into the recall’s effectiveness ∞
A week after the recall was announced, the National Highway Traffic Safety Administration (NHTSA) opened an investigation into the recall’s effectiveness. They also opened an “equipment query” into the effected Harom Kardon radios, which meant it was not limited to just FCA vehicles.
Satisfied with their findings, the investigation was closed in January 2016.
Consumer Response ∞
While safety regulators are satisfied, not all consumers feel the same way.
In August 2015, a lawsuit said FCA knew about vulnerabilities for at least 18 months, but only acted once the Wired.com article came out.
While there’s still a settlement chance for the plaintiffs in the suit. FCA was able to get most of the lawsuit’s claims thrown out of court and stop the suit from going nationwide.
Generations Where This Problem Has Been Reported
This problem has popped up in the following Ram generations.
Most years within a generation share the same parts and manufacturing process. You can also expect them to share the same problems. So while it may not be a problem in every year yet, it's worth looking out for.
4th Generation 1500
- Years
- 2012–2018
- Reliability
- 11th out of 11
- PainRank™
- 46.72
- Complaints
- 934
4th Generation 2500
- Years
- 2012–2018
- Reliability
- 9th out of 11
- PainRank™
- 12.07
- Complaints
- 173
4th Generation 3500
- Years
- 2012–2018
- Reliability
- 8th out of 11
- PainRank™
- 11.36
- Complaints
- 144
4th Generation 4500
- Years
- 2012–2016
- Reliability
- 3rd out of 11
- PainRank™
- 0.91
- Complaints
- 11
1st Generation ProMaster City
- Years
- 2015–2020
- Reliability
- 4th out of 11
- PainRank™
- 1.2
- Complaints
- 16
Further Reading
A timeline of stories related to this problem. We try to boil these stories down to the most important bits so you can quickly see where things stand. Interested in getting these stories in an email? Signup for free email alerts for your vehicle over at CarComplaints.com.
Fiat-Chrysler was able to get most of the claims of a 2015 lawsuit thrown out, however the case won't be completely dismissed.
Attorneys for Chrysler told the judge there is no evidence hackers have affected the vehicles since those vehicles were remedied under the recall and none of the owners say they changed their driving habits due to the hacking incident ... The judge dismissed most of the claims, three of those dismissed with prejudice, but ruled the plaintiffs do have standing to pursue damages for loss in value and overpayments for the vehicles.
It's possible those plaintiffs will receive some sort of settlement if they carry on with the case, but it's looking less likely for a nationwide compensation settlement.
keep reading article "Uconnect Lawsuit is Still Alive. Barely."It doesn't appear the National Highway Traffic Safety Administration (NHTSA) is going to do anything about Fiat-Chrysler's radio hack recall.
keep reading article "Safety Regulators Close Their Investigation Into Uconnect Hacking Vulnerabilities"NHTSA concludes Chrysler vehicles that weren't part of the recalls don't have radios with built-in cellular access or short-range wireless features, which allegedly eliminate the hacking threat. In addition, third-party testing showed potential cellular vulnerabilities were fixed by wireless carrier Sprint or repaired through updates to the Uconnect software.
…Consumers don't seem convinced that Fiat-Chrysler's (FCA) recall is doing enough to protect them against hacking.
keep reading article "Consumers Aren't Thrilled with FCA's Response to Hacked Uconnect Radios"The hack was possible because of the Harmon Kardon uConnect infotainment systems installed in the affected Jeeps and other vehicles. The plaintiffs claim the uConnect 3G systems in the vehicles should be physically disconnected from the controller area network bus. The CAN bus links together the electronics of the vehicle, including vital functions such as the braking system and transmission.
…Last week, Fiat-Chrysler (FCA) announced they'd recall 1.4 million vehicles to prevent them from being hacked.
This week, the National Highway Traffic Safety Administration (NHTSA) is investigating the recall to see if it'll actually do anything.…
keep reading article "Safety Regulators Have Questions About Harmon Kardon Radios"