http://www.msn.com/en-us/autos/news/new-vulnerability-lets-attackers-hijack-chrysler-vehicles-over-the-web/ar-AAdhGUP

Has anyone installed the patch yet?

What the hell.

I just did the update on my 2015 SRT Jeep. Beware, It did not go smoothly! Take your car to the dealer unless you feel confident you can work through computer issues. More to follow.

The software update for my Jeep is MY15_V3__NAFTA_RA4_15_17_5.exe. There is a chance that it is the same for the Viper since it involves UConnect security. Someone else that downloads the update for a Gen V can tell us.

The online directions are pretty good assuming you are use to working with computers. I had trouble after downloading the Akamai software because I was expecting something to happen once the install was complete. Just hit "skip" in the Tutorial after it's loaded and you can download the UConnect update. You will need a 4GB (minimum) thumb drive.

I plugged the drive into the Jeep dash and powered up in ACC mode and the update started. After loading 9 of 11 units the update stalled and my center stack and dash were frozen. This really sucked as all the vehicle controls are through the touch screen. My only option was to look up the fuses that control the center stack in hopes I could do a hard reset. After trying many fuses, the only thing that worked was pulling one of the power relays.

I deleted the thumb drive file and started over in case the file was corrupted. I did not want to take any chances on another failed attempt so I hooked up a battery charger to maintain the system voltage level before inserting the thumb drive. The second try worked and the install completed. I want these two hours of my life back.:mad:

It looks like I need to do 2 of them. Where do you hook the usb cable, in any available that are used for music input? My Viper has 2 I think, not sure about my Ram 2500. Would rather do the update myself if possible and avoid the dealers.

I just applied the update to both the Viper and the wife's Grand Cherokee and had no issues with the firmware load on either. Only visual change I was able to see was a new warning screen when selecting the performance pages on the Viper (general disclaimer about using it safely while driving).

It looks like I need to do 2 of them. Where do you hook the usb cable, in any available that are used for music input? My Viper has 2 I think, not sure about my Ram 2500. Would rather do the update myself if possible and avoid the dealers.

I used the USB connection between the seats (behind where your elbow falls while driving).

Networking 101. Define a Source address policy where the updates are coming from at Chrysler. That's the first of a few steps to prevent hacking.

Does this affect the Darts as well?

2013MY and 2014MY show they need update to 15.26.1 (With NAV - 8.4AN_RA4_15.26.1_MY13_&_M14) or (Without NAV - 8.4A_RA3_15.26.1_MY13_&_M14)
2015MY shows update to 15.17.5 (8.4AN_RA4_15_17_5_MY15)

Per the dealer system...

It is painfully stupid to put a WiFi hotspot and cell connection in a car.

Anyone know if this issue applies to U-Comment systems that have not been activated? Thanks in advance.

Anyone know if this issue applies to U-Comment systems that have not been activated? Thanks in advance.

This. I never use mine and it's never been registered/online.

Anyone know if this issue applies to U-Comment systems that have not been activated? Thanks in advance.

The cell connection is still online

This is why I don't like technology integration into EVERYTHING.

http://jalopnik.com/chryslers-uconnect-vulnerable-to-remote-hacking-but-do-1719269327

Hmmm....

U-Connect

Sophisticated enough to allow hackers to cripple a car driving down the highway.

But unsophisticated enough that they can't send an auto update via this constant connection to fix it.

Now where did I put that AOL CD...

http://jalopnik.com/chryslers-uconnect-vulnerable-to-remote-hacking-but-do-1719269327

Hmmm....

"Some chronic masturbator in a basement with a vendetta against you isn’t likely to just be able to rapidly type onto his keyboard and cut off your brakes." - classy :)

I have a question….can I turn that shit off!

http://www.msn.com/en-us/autos/news/new-vulnerability-lets-attackers-hijack-chrysler-vehicles-over-the-web/ar-AAdhGUP

Thanx for the heads up apeas2!!! I thought the hacker could just turn on wipers etc. Clearly, it is much more serious than that. I just finished installing system software 8.4AN_RA4_15.26.1_MY13_&_M14 Cheers :)

Installation:

https://rsur.download.chrysler.com/1151/Software_Update_Process_final_English_French_15_26 _1.pdf?__gda__=1437596806_af856ec0aa633de9640c47b8 e0fcdd99

This is what scares me about new vehicles today and I am an electrical engineer who does Automation, Controls, SCADA and IT/OT Enterprise on Critical Industry Infrastructure (CII) clients over the past 20 years. Look it is very simple and was laid out in the 1970s Battlestar Gallactica series. Cylons were always hacking into this network or that. In the end, the concept is extremely simple. Split out your Critical Operating Systems from your infotainment systems. As in Battlestar Gallactica, "the two shall never met". I mean leave the firmware upgrades to a hardwired physical connection or make sure they run through a DMZ server first to connect. It is absolutely wreckless to just open it up to anyone via an internet connection and think you can handle the mitigating risks through managed IT. In the world of security, Managed IT is a BS Pollyanna world. Segregate the systems and if you feel you just must talk to the firmware critical operating system portions, then pay the money for nationwide licensed FCC spectrum and set up your private network operations which can not be hacked. I have that very licensed private system just waiting for you FCA, for the entire state of Colorado and most of the US through partners. It took me over 5 years to acquire and build. Problem solved, literally in an afternoon but not cheap by any stretch.

Just because you can do everything possible in technology, doesn't mean you should. However my biggest beef is someone hacked into my 1996 RT/10 and now my windows never come up! :)

Seriously though, "On-Star", "U-Connect" and all these other aspects are not for the drivers convenience. Look up your small print from the manufacturer in the user agreements (Teslas is all over the internet). In buying the vehicle, the manufacturer states they will collect all the data and has 100% right to all data that is collected for the owner of this vehicle agreed to in the purchase of the vehicle. I am not a tin foil hat guy but very leery about a new vehicle that has cellular and internet connectability. In reality, it is just not needed because you are in the car to drive.

Problem is solvable with a better solution. These patches, etc. are all band aids as it will continue to happen. Remove the entry points completely and problem is solved. How many of you 1980s modern muscle car owners have been hacked in your PCMs? That is right, absolutely zero because there is no entry point.

From past experience updating Windows operating systems and Apples IOS, I have encountered patches that have caused issues and had to be updated again to fix the previous patch that cause freezing screens, etc. I am a little reluctant for the immediate time to do the updates on 2 vehicles to see if these patches work or need to be updated. What a mess. I can't believe this is going on with cars now. Wish the world stopped in place in 1974.

From past experience updating Windows operating systems and Apples IOS, I have encountered patches that have caused issues and had to be updated again to fix the previous patch that cause freezing screens, etc. I am a little reluctant for the immediate time to do the updates on 2 vehicles to see if these patches work or need to be updated. What a mess. I can't believe this is going on with cars now. Wish the world stopped in place in 1974.

All true. I was really surprised when I read about this today, but such is the world we live in............ I love the tech in my car, but issues like this are a big wake up call for sure. Talk about a "Ghost in the Machine".

Or better yet stopped in 1999. I made a lot of money off the Y2K scare. Ha! Ha! Honestly, real high tech does not age well and what is real funny is the older I get, the less of it I actually want yet my career has been built and continues to be built on the highest bleeding edge tech there is out there. It has a place and some areas it is like the wrong tool for the job. Sometimes you just need a trustworthy old sledge hammer.

Took 20 minutes and was effortless. Stay calm.

I just did the install with no issues, also took about 20 minutes.

I just did the Viper. It had 11 units. I checked it in settings and got version 15.17.5. It seems to be ok, haven't driven it yet though. Now downloading my 2015 Ram 2500, it is a completely different file probably because it does not have NAV. I did bypass the Fuchiama Aakamai interface, that could confuse somebody if not careful.

Updated truck. Version 15.12.05. Worked differently than Viper.

I just did my update and it was super simple. I had 11 units to upload.

Installation:

https://rsur.download.chrysler.com/1151/Software_Update_Process_final_English_French_15_26 _1.pdf?__gda__=1437596806_af856ec0aa633de9640c47b8 e0fcdd99

This link doesn't work for me. Is there another one? Where do you find the download?

See my post on "center display options" thread for a detailed step by step on how to do this. It'll take you about 35-45 minutes from download to complete installation depending on your computer/Internet speed

http://media.chrysler.com/newsrelease.do;jsessionid=D3823EB1315F5A3C25BCB1B2 BA10ED05?&id=16849&mid=1

Looks like USB sticks are being sent to owners...

Looks like there is now officially a recall, at least according to the news report I just read. Make that number 3 for my car, LOL:
1.airbag
2.door switch
3. Uconnect

Not too worried, still love the car! I'll just add it to the list of things to be done when it goes in for state inspection in November.

Fiat Chrysler recalls 1.4 million vehicles to install anti-hacking software

NHTSA to assess effectiveness of fix

Larry P. Vellequette Twitter RSS feed
July 24, 2015 - 11:30 am ET -- UPDATED: 7/24/15 3:55 pm ET - adds reaction from lawmakers

DETROIT -- Fiat Chrysler will recall 1.4 million vehicles to close the software loophole that allowed hackers to remotely take control of a 2014 Jeep Cherokee.

FCA US said it “has applied network-level security measures” to block hackers from the ability to remotely access its vehicles via their Internet-ready Uconnect radios.

The recall involves a software patch that also stops the type of hack attack demonstrated by professional hackers Charlie Miller and Chris Valasek. The patch can either be installed at the dealer, or downloaded by a consumer and installed into the radio via a USB flash drive.

Previously, the automaker had only advised owners to download the software patch or take their vehicle to a dealer to have it installed. The campaign was stepped up to a formal recall and broadened today by FCA to include more vehicles, all equipped with 8.4-inch touchscreen Uconnect radios:

• 2013-15 Dodge Viper specialty vehicles

• 2013-15 Ram 1500, 2500 and 3500 pickups

• 2013-15 Ram 3500, 4500, 5500 Chassis Cabs

• 2014-15 Jeep Grand Cherokee and Cherokee SUVs

• 2014-15 Dodge Durango SUVs

• 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans

• 2015 Dodge Challenger sports coupes

The Dodge Dart and Journey, which also have 8.4-inch touchscreen Uconnect radios, are not affected, a spokesman confirmed.

To install the software patch, FCA said customers should visit a dedicated website and update and input their vehicle identification number and determine whether their vehicles are included in the recall.

The automaker said that to perform their remote takeover of the 2014 Cherokee, the hackers “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”

On Monday, Wired magazine detailed how Miller and Valasek were able to take command of an unmodified 2014 Jeep Cherokee while it was being driven on a St. Louis highway by journalist Andy Greenberg.

They did so via the SUV’s Internet-connected Uconnect radio, which receives data through the Sprint cellular network.

Working via laptop computers from home, the hackers blasted the Cherokee’s radio, turned on the wipers and a torrent of washer fluid and eventually shut off the Cherokee’s engine while it was traveling on the highway.

Later, in a parking lot, they demonstrated how they could take control of the Cherokee’s steering wheel, but only while the transmission was in reverse, and even disable the brakes, sending the SUV into a ditch.

NHTSA scrutiny

FCA has come under fire from federal regulators and could face possible fines or other penalties for its handling of recent recalls.

National Highway Traffic Safety Administration chief Mark Rosekind said in a statement Friday that the agency “encouraged” FCA to elevate the voluntary software update to a full recall. The move was needed to demonstrate the “swift and strong response” that should follow the discovery of vehicle cyber vulnerabilities, Rosekind said.

Rosekind’s comments signaled that automakers should take similar steps in the future when facing cybersecurity threats.

“NHTSA appreciates that FCA has already taken action to partially address this vulnerability by working with its cellular provider,” Rosekind said. “Launching a recall is the right step to protect Fiat Chrysler’s customers and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities.”

At the same time, the agency today opened an investigation to assess the effectiveness of FCA’s software patch as part of the recall, Rosekind said.

“Electronics and cybersecurity experts from NHTSA’s Office of Defects Investigation and the Electronic Systems Safety Research Division of the Office of Vehicle Safety Research will continue to address this and other cybersecurity threats and take action when necessary to protect public safety,” he said.

Earlier this week, Rosekind outlined the challenges as vehicle connectivity grows and the agency's latest research and priorities on the threat posed by cybersecurity.

Congress weighs in

U.S. Reps. Fred Upton, R-Mich., and Frank Pallone, Jr., D-N.J., said in a joint statement Friday that NHTSA and automakers must keep pace with the rapid evolution of vehicle connectivity to “protect drivers from these growing threats.”

In May, the House Energy and Commerce Committee launched a review of how automakers and NHTSA were handling vehicle cybersecurity, sending the top executives of 17 automakers a list of questions on their approach to the issue. Upton chairs the Energy and Commerce Committee; Pallone is its ranking member.

“We are working with leading automakers and NHTSA to ensure all stakeholders are prepared to meet these challenges of the 21st century,” the lawmakers said in a joint statement. “We have said that cars today are essentially computers on wheels, and the last thing drivers should have to worry about is some hacker along for the ride.”

U.S. Sen. Ed Markey, D-Mass., issued a statement calling on congress to pass auto cybersecurity laws and for automakers and NHTSA to root out possible vulnerabilities in other vehicles with connected systems.

On the same day Wired published its story on the Jeep hack, Markey and Sen. Richard Blumenthal, D-Conn., introduced a bill that would direct NHTSA and the Federal Trade Commission to set federal standards for automotive cybersecurity to prevent intrusion from hackers and protect consumer data.

In his statement, Markey said FCA launched the recall months after learning of the vulnerability in its UConnect system, adding “there are no assurances that these vehicles are the only ones that are this unprotected from cyberattack.”

Ryan Beene and David Phillips contributed to this report.

You can reach Larry P. Vellequette at lvellequette@crain.com.

I don't get the big deal.
Microsoft offers patches every week for software hacks as does every other software company on earth. It's the nature of the beast if you want the latest tech. If you don't stick with a car from the '90's. They addressed and fixed the issue in days. Big freaking deal.

I don't get the big deal.
Microsoft offers patches every week for software hacks as does every other software company on earth. It's the nature of the beast if you want the latest tech. If you don't stick with a car from the '90's. They addressed and fixed the issue in days. Big freaking deal.

It's amazing isn't it?

I feel pretty confident that no one will be interested in me or my car way up north here...... lol

I feel pretty confident that no one will be interested in me or my car way up north here...... lol

Haha, you never know? Maybe an old ex-girlfriend who is a computer geek? I had one once, mind you that was 20 years ago, so I hope she forgot.:newbie:

I don't think it apply to Canadian cars as we don't have the wifi hotspot and most of Uconnect features...

I went to my local dealer for an oil change and the patch. They said they wanted to hold off from doing my car due to issues the current patch is having on the radio (in-op). I'm holding for more info.

I installed the patch on my Viper a few days ago without any issues. Just downloaded it for the Ram 1500 I picked up this week and will install the patch for it tomorrow.