Just How Vulnerable is the UConnect System to Hacking?

On July 21, 2015 a report surfaced that hackers had remotely taken control of a Jeep Cherokee through its UConnect system. They turned on the A/C, cranked the volume of the radio, and even killed the transmission while the vehicle was on the highway.

The driver was freaked out, even though he had signed up for the whole harrowing ordeal.

“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

Yes, it was all an experiment aimed at shining a light on how a connected car is a vulnerable one.

An Experiment to Bring Light to Security Issues

With the help of two white-hat hackers (i.e. the good guys), Wired.com wanted to show how an infotainment system could be remote accessed via the car’s cellular connection, essentially turning the car into a giant remote-controlled danger box.

That makes us crash-test dummies.

“The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I–64.”

It’s worth mentioning that the hackers did have direct contact with the vehicle before they hacked it remotely later on. So these vulnerabilities aren’t coming out of thin air … yet.

Fiat-Chrysler Upgrades the Software Following the Hack

Within a few days of the Wired.com article, Fiat-Chrysler (FCA) announced they’d be sending owners a software patch update on a USB drive as part of a recall for 1.4 million vehicles. Additionally, FCA closed remote ports to block-long range access via cell networks.

The recalled vehicles are all equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios, this includes 2013-2015 Ram trucks.

Fiat Chrysler says it has already applied security measures to block remote access to vehicle systems, all without an owner knowing about it because the changes occurred through the cellular network. Chrysler says everything was done on July 23, 2015.

Customers can also get a copy of the update by visiting http://www.driveuconnect.com/software-update.

An investigation into the recall’s effectiveness

A week after the recall was announced, the National Highway Traffic Safety Administration (NHTSA) opened an investigation into the recall’s effectiveness. They also opened an “equipment query” into the effected Harom Kardon radios, which meant it was not limited to just FCA vehicles.

Satisfied with their findings, the investigation was closed in January 2016.

Consumer Response

While safety regulators are satisfied, not all consumers feel the same way.

In August 2015, a lawsuit said FCA knew about vulnerabilities for at least 18 months, but only acted once the Wired.com article came out.

While there’s still a settlement chance for the plaintiffs in the suit. FCA was able to get most of the lawsuit’s claims thrown out of court and stop the suit from going nationwide.

Vehicles That Might Have This Problem

Story Timeline

Get FREE email alerts from CarComplaints.com with new information about this problem.

Learn about the news before others. Impress your friends. Be a hero.

Free Vehicle Alerts

OK, Now What?

Maybe you've experienced this problem. Maybe you're concerned you will soon. Whatever the reason, you can help make sure it gets the attention it deserves.

  1. File Your Complaint

    CarComplaints.com is a free site dedicated to uncovering problem trends and informing owners about potential issues with their cars. Major class action law firms use this data when researching cases.

    Add a Complaint

  2. Notify CAS

    The Center for Auto Safety (CAS) is a pro-consumer organization that researches auto safety issues & often compels the US government to do the right thing through lobbying & lawsuits.

    Notify the CAS

  3. Report a Safety Concern

    The National Highway Traffic Safety Administration (NHTSA) is the US agency with the authority to conduct vehicle defect investigations & force recalls. Their focus is on safety-related issues.

    Report to NHTSA

  4. Contact Ram

    Ram Support

    P.O. Box 21-8004 Auburn Hills MI 48321-8004 USA

    This site is not affiliated with Ram.