Sponsored

Dangerous control of my Jeep over the internet

Do you want to be able to defeat your Jeep's ability to communicate over the internet?


  • Total voters
    60
OP
OP

jlrocks

Well-Known Member
Joined
Dec 21, 2017
Threads
6
Messages
46
Reaction score
12
Location
California
Vehicle(s)
CJ6
Just added a poll. Should appear above. I expect this will demonstrate that there isn't enough demand for Jeep to implement this.
Sponsored

 

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,083
Reaction score
34,565
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
So any time there's an app update, etc. you take it to a dealer. OK - and you'll possibly get charged because the norm would be updates over the internet. Funny thing, when I asked about the issues with my radio the first month I bought the thing - and asked about an update - they said "we won't do that, it will come to you". So - you may have to pay for updates if you turn off the main way updates get to you.
But if you accept that as a possibility, ok.
 

Mr._Bill

Well-Known Member
First Name
Bill
Joined
Jul 22, 2019
Threads
29
Messages
5,149
Reaction score
5,403
Location
North Las Vegas, NV
Vehicle(s)
2020 Jeep Gladiator Overland - 2013 Nissan Leaf SV
Vehicle Showcase
1
Just added a poll. Should appear above. I expect this will demonstrate that there isn't enough demand for Jeep to implement this.
For Jeep to implement what? The vehicle does not communicate over the internet. It talks only to the SiriusXM servers using the AT&T cellular network. It cannot be directly accessed or controlled from the internet.
 

SwampNut

Well-Known Member
First Name
Carlos
Joined
Apr 20, 2020
Threads
21
Messages
1,588
Reaction score
1,567
Location
Peoria AZ
Vehicle(s)
2020 Gladiator Launch Edition
Occupation
Geek
For Jeep to implement what? The vehicle does not communicate over the internet. It talks only to the SiriusXM servers using the AT&T cellular network. It cannot be directly accessed or controlled from the internet.
You correctly point out one of the many misunderstandings throughout this thread. It's just FUD, and how people operate.

Good point above on the updates. I have two 2020 vehicles, one doesn't have such a connection (motorcycle) but does have firmware that needs updating. I still don't know the cost and time to have it done at a dealer.
 
OP
OP

jlrocks

Well-Known Member
Joined
Dec 21, 2017
Threads
6
Messages
46
Reaction score
12
Location
California
Vehicle(s)
CJ6
I'm talking about an on/off switch. Not a permanent "never going back online forever" switch.
 

Sponsored

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,083
Reaction score
34,565
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
For Jeep to implement what? The vehicle does not communicate over the internet. It talks only to the SiriusXM servers using the AT&T cellular network. It cannot be directly accessed or controlled from the internet.
Exactly. It's not connected to "the web". Still requires some sort of hands-on access.
Not having good AT&T access where I live is why I was having app troubles and update issues. It took a lot longer than usual. One dealer simply said "wait".

I am curious - maybe someone here knows - isn't it possible that said communication between JT and those servers could be done via VPN? Encrypted tunnel........If that were the case, good luck getting into that stream.
 

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,083
Reaction score
34,565
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
I'm talking about an on/off switch. Not a permanent "never going back online forever" switch.
But they are never really "online". It's not the web or internet. It's end-to-end.
My bet is it's encrypted. And no way to get to it over the "internet" as the traffic never shows up there.
 
OP
OP

jlrocks

Well-Known Member
Joined
Dec 21, 2017
Threads
6
Messages
46
Reaction score
12
Location
California
Vehicle(s)
CJ6
If you haven't audited the network it's impossible to say exactly how it does and does not work from one end to the other in every situation. Admittedly it would have been better for me to specify "with wireless transmissions" instead of "over the internet".
 

SwampNut

Well-Known Member
First Name
Carlos
Joined
Apr 20, 2020
Threads
21
Messages
1,588
Reaction score
1,567
Location
Peoria AZ
Vehicle(s)
2020 Gladiator Launch Edition
Occupation
Geek
I am curious - maybe someone here knows - isn't it possible that said communication between JT and those servers could be done via VPN? Encrypted tunnel........If that were the case, good luck getting into that stream.
It absolutely is encrypted. Also, the connection from AT&T to the servers is *probably* over private networks. That's how most machine to machine (M2M) cellular networking is done. There would be no reason to do otherwise. Your vehicle ID is also anonymized and just a number. So the potential "internet" attack surface is the Guardian servers, and they'd have to figure out a way to address your specific vehicle, and then all they could do is the basic things that are allowed. There's no conceivable attack such as "turn off the brakes."
 

MrZappo

Well-Known Member
First Name
Tom
Joined
Aug 9, 2020
Threads
13
Messages
777
Reaction score
1,855
Location
Granger, Indiana
Vehicle(s)
Gladiator Mojave
Occupation
Computer Consultant
If you haven't audited the network it's impossible to say exactly how it does and does not work from one end to the other in every situation. Admittedly it would have been better for me to specify "with wireless transmissions" instead of "over the internet".
If you are a technical person with experience in how these types of fleet control applications typically work than YES, you can (with a reasonable degree of accuracy) ...

Sure, an "audit" of the entire platform end to end would yield a better understanding but good luck doing that. There is likely a lot of proprietary stuff in there .. I cant imagine access to that would be easy to come by ...

But as I said, these things are seldom "home grown". They are likely using a platform developed for this type of thing and offered to car manufacturers as a "service platform" ... As a result, it likely undergoes rigorous automated penetration testing on an ongoing basis as part of its operations ...

Ill dispense with the normal list of my creds .... Suffice it to say, I have 35 years experience in this "stuff" and I generally know what I am talking about ... Yet, there is always someone who knows more ...

To answer the poll, NOPE, dont disconnect me from the "platform". It does not worry me in the least ...
 

Sponsored

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,083
Reaction score
34,565
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
It absolutely is encrypted. Also, the connection from AT&T to the servers is *probably* over private networks. That's how most machine to machine (M2M) cellular networking is done. There would be no reason to do otherwise. Your vehicle ID is also anonymized and just a number. So the potential "internet" attack surface is the Guardian servers, and they'd have to figure out a way to address your specific vehicle, and then all they could do is the basic things that are allowed. There's no conceivable attack such as "turn off the brakes."
That was my assumption - not too far from the networks I set up and the private isolated network we had at work between the mainframe areas that had info from SSA to the server on our end that handled the client app that used said info.

The ID on these can possibly be compared to your phone app that allows you to move your phone over the credit card terminal to make a touchless payment. Your CC info is not real - it's anonymized.

Can't wait for the future of computing where even LOOKING at a data stream will change it to the point it will trigger alarms. Quantum internet encryption. Totally unhackable.
 

kdfhuey

Well-Known Member
First Name
Keith
Joined
Mar 15, 2020
Threads
19
Messages
123
Reaction score
129
Location
Viera
Vehicle(s)
2020 Jeep Gladiator Rubicon
Vehicle Showcase
1
Good lord. What’s the worst that can happen someone opens your doors or remote starts your vehicle? This isn’t a Tesla. Think we’re getting overly paranoid here. Someone can hack your phone, computer, etc... it’s the price you pay for technology. It’s always out there as a potential.
 

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,083
Reaction score
34,565
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
Good lord. What’s the worst that can happen someone opens your doors or remote starts your vehicle? This isn’t a Tesla. Think we’re getting overly paranoid here. Someone can hack your phone, computer, etc... it’s the price you pay for technology. It’s always out there as a potential.
In some neighborhoods you should be more concerned about someone stripping the thing bare, removing wheels, doors, etc. (or entire differentials)
 

SwampNut

Well-Known Member
First Name
Carlos
Joined
Apr 20, 2020
Threads
21
Messages
1,588
Reaction score
1,567
Location
Peoria AZ
Vehicle(s)
2020 Gladiator Launch Edition
Occupation
Geek
Good lord. What’s the worst that can happen someone opens your doors or remote starts your vehicle? This isn’t a Tesla. Think we’re getting overly paranoid here. Someone can hack your phone, computer, etc... it’s the price you pay for technology. It’s always out there as a potential.
Dude, we're on like the third 20-page thread about the key fob size too. Gladiators are so perfect, people have to invent reasons to whine.
 
OP
OP

jlrocks

Well-Known Member
Joined
Dec 21, 2017
Threads
6
Messages
46
Reaction score
12
Location
California
Vehicle(s)
CJ6
Someone can hack your phone, computer, etc... it’s the price you pay for technology. It’s always out there as a potential.
Exactly right. It's easy to turn off communications on your phone and computer but not on your Jeep.
Sponsored

 
 



Top