Disable GPS Tracking?

[Mr._Bill]

" So no jeep modem but you still have your cell phone..... "

I have a flip phone with an off-button. My SO has an iPhone.

It's not all about tracking, although that is a concern.

The modem was connected to a computer that is also connected to a CAN bus and can interfere with the functioning of the car. The user does not have control over this computer, and has no way to determine which apps are running, and what they do. Neither the flip phone nor iPhone is connected to the car's CAN bus, and they come with an 'off' button.

The modem is in the head unit. It is not connected directly to the CAN bus, and cannot interfere with the function of the truck. The head unit is allowed to send requests to the computer, not commands. It has to wait for the computer to decide if it will complete the request. It communicates the response using the cellular network, not the internet. That is part of the reason why the remote functions are so slow.

Sponsored

 

[GrandCherokee2021]

The modem is in the head unit. It is not connected directly to the CAN bus, and cannot interfere with the function of the truck. The head unit is allowed to send requests to the computer, not commands. It has to wait for the computer to decide if it will complete the request. It communicates the response using the cellular network, not the internet. That is part of the reason why the remote functions are so slow.

First, a cellular modem uses the cellular network to provide an internet connection. That is its purpose. We're talking about a 4G modem from Sierra Wireless, similar to the modem in an iPhone or Android phone, or one you plug into your laptop. I've bought many 4G hotspots that use Sierra Wireless modems.

The modem is in the head unit, connected to a TI Jacinto processor, which is connected to a CAN bus. The TI processor, which might be called an 'Applications Processor', is a powerful CPU running some flavor of Android or Linux. It is not in the user's control: the software to control the modem and exchange messages with the CAN bus is provided by UConnect / Panasonic / FCA / Sirius, you cannot access the operating system and determine exactly what it is doing. One of the applications, 'Sirius XM Guardian', I believe is capable of starting the motor, locking and unlocking the doors, etc., so it is clear that the underlying head unit computer is capable of sending messages to the CAN bus. It's just a matter of software, and again, that software is not under the user's control, and is opaque to the user.

A few years ago some hackers discovered that they could upload a software patch to the head unit that allowed them to do all sorts of things to a Jeep. The FCA/Uconnect/etc. people 'fixed' this so that outside hackers could not access the necessary bits so easily. A secure system is an improvement, of course. However the people who build the software and hardware still have the keys to the kingdom, and as long as the modem is in there it is unclear how much remote control is available to the official channels.

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

There was a class-action lawsuit against FCA attempting to force the separation of the modem from the CAN bus.


https://www.tripwire.com/state-of-s...th-class-action-lawsuit-in-wake-of-jeep-hack/

The suit was dismissed

https://www.carcomplaints.com/news/2020/jeep-hacking-lawsuit-dismissed.shtml#:~:text=March 30, 2020 — A Jeep,Uconnect 8.4AN infotainment systems.&text=The class action was filed,consumer has ever been injured.

The point here isn't that a hacker might take control of your Jeep. The point is that, like a typical 'connected' vehicle, the system is designed so that someone or some service at the other end of the modem (across the internet) is able to access functions in controllers other than the head unit. By clicking 'I agree' on the UConnect / SiriusXM Guardian privacy policy agreements you are giving others permission to access data and control systems on your vehicle, but even if you don't click that button, the software is still capable of all sorts of things, none of which are documented publicly.

Call me paranoid, I don't like how the system is implemented, and unless I have control over the software on the head unit, I'm not willing to give control to anyone else either.

 

[Mr._Bill]

First, a cellular modem uses the cellular network to provide an internet connection. That is its purpose. We're talking about a 4G modem from Sierra Wireless, similar to the modem in an iPhone or Android phone, or one you plug into your laptop. I've bought many 4G hotspots that use Sierra Wireless modems.

The modem is in the head unit, connected to a TI Jacinto processor, which is connected to a CAN bus. The TI processor, which might be called an 'Applications processor', is a powerful CPU running some flavor of Android or Linux. It is not in the user's control: the software to control the modem and exchange messages with the CAN bus is provided by UConnect / Panasonic / FCA / Sirius, you cannot access the operating system and determine exactly what it is doing. One of the applications, 'Sirius XM Guardian', I believe is capable of starting the motor, locking and unlocking the doors, etc., so it is clear that the underlying head unit computer is capable of sending messages to the CAN bus. It's just a matter of software, and again, that software is not under the user's control, and is opaque to the user.

A few years ago some hackers discovered that they could upload a software patch to the head unit that allowed them to do all sorts of things to a Jeep. The FCA/Uconnect/etc. people 'fixed' this so that outside hackers could not access the necessary bits so easily. A secure system is an improvement, of course. However the people who build the software and hardware still have the keys to the kingdom, and as long as the modem is in there it is unclear how much remote control is available to the official channels.

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

There was a class-action lawsuit against FCA attempting to force the separation of the modem from the CAN bus.


https://www.tripwire.com/state-of-s...th-class-action-lawsuit-in-wake-of-jeep-hack/

The suit was dismissed

https://www.carcomplaints.com/news/2020/jeep-hacking-lawsuit-dismissed.shtml#:~:text=March 30, 2020 — A Jeep,Uconnect 8.4AN infotainment systems.&text=The class action was filed,consumer has ever been injured.

The point here isn't that a hacker might take control of your Jeep. The point is that, like a typical 'connected' vehicle, the system is designed so that someone or some service at the other end of the modem (across the internet) is able to access functions in controllers other than the head unit. By clicking 'I agree' on the UConnect / SiriusXM Guardian privacy policy agreements you are giving others permission to access data and control systems on your vehicle, but even if you don't click that button, the software is still capable of all sorts of things, none of which are documented publicly.

Call me paranoid, I don't like how the system is implemented, and unless I have control over the software on the head unit, I'm not willing to give control to anyone else either.

The cellular modem can be used to provide an internet connection, there is not an internet connection just because you have a cellular modem. The carrier has to allow the feature. If you pay for it, the Uconnect can be used as a WiFi hotspot. The remote functions communication is over the cellular network, not the internet. The system was modified, based on the results of the 2015 article you linked. The Uconnect system communicates with the truck computer, but there is no direct link that allows the modem access to the truck computer. There have been no reports of successful hacking since the security was updated. The previous efforts required prior access to the vehicle to be carried out.

 

[GrandCherokee2021]

The cellular modem can be used to provide an internet connection, there is not an internet connection just because you have a cellular modem. The carrier has to allow the feature. If you pay for it, the Uconnect can be used as a WiFi hotspot. The remote functions communication is over the cellular network, not the internet. The system was modified, based on the results of the 2015 article you linked. The Uconnect system communicates with the truck computer, but there is no direct link that allows the modem access to the truck computer. There have been no reports of successful hacking since the security was updated. The previous efforts required prior access to the vehicle to be carried out.

I understand, and I respect the official explanations. I suspect I'm talking with someone who has more documentation available than I have seen.

I'm not claiming any damages, or threatening any suits. I'm not recommending that anyone should do as I have done. The distinction between a direct cellular connection and a cellular internet connection isn't critical here. The system is designed to have connections enabled remotely.

I am familiar with embedded systems. Even if I haven't signed up for cellular internet via the embedded modem, it's entirely unclear to me whether and when the system could connect to a computer on the cellular network directly, or whether an internet service provider could enable internet connection without my taking any action. So long as the modem is attempting to connect to the cellular network (showing bars in the settings panel), it's at the discretion of the carrier whether to connect it. Once that happens, the head unit could identify itself to a remote system, and enable receiving messages that go onto the CAN bus.

But you raise an interesting question: is there another cellular device in the car, besides the head unit modem, which attempts to connect to the outside world without the user's knowledge?

 

[Mr._Bill]

I understand, and I respect the official explanations. I suspect I'm talking with someone who has more documentation available than I have seen.

I'm not claiming any damages, or threatening any suits. I'm not recommending that anyone should do as I have done. The distinction between a direct cellular connection and a cellular internet connection isn't critical here. The system is designed to have connections enabled remotely.

I am familiar with embedded systems. Even if I haven't signed up for cellular internet via the embedded modem, it's entirely unclear to me whether and when the system could connect to a computer on the cellular network directly, or whether an internet service provider could enable internet connection without my taking any action. So long as the modem is attempting to connect to the cellular network (showing bars in the settings panel), it's at the discretion of the carrier whether to connect it. Once that happens, the head unit could identify itself to a remote system, and enable receiving messages that go onto the CAN bus.

But you raise an interesting question: is there another cellular device in the car, besides the head unit modem, which attempts to connect to the outside world without the user's knowledge?

I'll just say that so far the Uconnect system has proven to be secure, and I have no worries about unauthorized access to my truck.

And, yes, many of the trucks have a device that is dealer installed and uses GPS for location and communicates over the cellular network. Look under the dash near the OBD port. I have one in mine that included a three year subscription for access. This is also a Mopar option that can be purchased and added.

 

[GrandCherokee2021]

I'll just say that so far the Uconnect system has proven to be secure, and I have no worries about unauthorized access to my truck.

And, yes, many of the trucks have a device that is dealer installed and uses GPS for location and communicates over the cellular network. Look under the dash near the OBD port. I have one in mine that included a three year subscription for access. This is also a Mopar option that can be purchased and added.

Got it. The UConnect system is probably as secure as any other connected device out there.

I doubt I have that second dealer-installed system, but if I do, I'm sure I'll come across it when I install my trailer brake controller.

To be clear, I'm not that worried about the practical aspects of security with UConnect, any more than I would worry about it with a smart phone. But I don't carry a smart phone, and I would have preferred an option configuration on this Jeep to order the things we wanted, without having to accept a modem (or any other cellular connection) lurking in the dashboard.

 

[Mr._Bill]

Got it. The UConnect system is probably as secure as any other connected device out there.

I doubt I have that second dealer-installed system, but if I do, I'm sure I'll come across it when I install my trailer brake controller.

To be clear, I'm not that worried about the practical aspects of security with UConnect, any more than I would worry about it with a smart phone. But I don't carry a smart phone, and I would have preferred an option configuration on this Jeep to order the things we wanted, without having to accept a modem (or any other cellular connection) lurking in the dashboard.

I understand your concerns. I have to have a smartphone for work, so I know that tracking is possible. I'm more concerned about what Google gets from it, and why don't I get a cut. I get an email at the beginning of every month showing all the places I've been to over the last thirty days.

 

[GrandCherokee2021]

I understand your concerns. I have to have a smartphone for work, so I know that tracking is possible. I'm more concerned about what Google gets from it, and why don't I get a cut. I get an email at the beginning of every month showing all the places I've been to over the last thirty days.

...and I'll have to keep an eye out for this new Telematics Box Module. From what I've read, that shows up only with the UConnect 5, which apparently requires the upgraded option with the 10.1 or 12-inch screen, so I probably don't have one in my 8.4-inch system. Worth checking though.

UConnect 5 offers Firmware-Over-The-Air updates. Sounds risky to me.


For some updates, FOTA will automatically load the improved software to the vehicle, seamlessly. Other services can be handled at your local dealer with a Service Scheduling feature.

Uconnect's Android operating system brings access to a broad catalog of connected features and the adaptability preps the platform for future growth. In planning for additional automated technology, the all-new Uconnect system takes autonomous driving initiatives into consideration for future products with the addition of a Telematics Box Module (TBM). The TBM assists in quickly moving large amounts of data, engineered for the fastest speeds available. The trusted and secure ecosystem provides an optimal environment for continuous improvement through a built-in cellular network.

https://www.prnewswire.com/news-rel...ized-connected-and-easy-to-use-300993133.html

This is what underlies the Fleet Telematics system as well.

https://www.fcausfleet.com/faq.html#telematics

 

[Mr._Bill]

It will be interesting to see what they come up with. Uconnect 4 does OTA updates, but only for the Uconnect system. Mine downloaded and installed the update for the Backup Camera Recall last summer. As long as they have proper protocols to ensure the download is not corrupt, it can be done safely.

 

[Higher_Ground]

I understand your concerns. I have to have a smartphone for work, so I know that tracking is possible. I'm more concerned about what Google gets from it, and why don't I get a cut. I get an email at the beginning of every month showing all the places I've been to over the last thirty days.

Have you looked into trying to get your cut? Since you're being tracked, might as well "help" improve the accuracy and get paid pennies for it.

I installed the Google Rewards app about a year ago, maybe 1 1/2 years. In that time I've earned $62.85 of credit. I think you have to spend it in the app store but it's stopped me from using any real money to play pokemon go and I'm sure you could find music or something else to spend it on if you wanted.

The app basically just asks me if I've been to a place recently, listing 4 possible options. It's clear to me that certain stores are paying for this service as I'll drive by one on my way home every day. I get asked about it but haven't been in that store in years. If you answer "no" truthfully, you get about $0.10 per question. If you answer yes, you get around $0.50. There's usually a follow up asking you to send a photo of the receipt but you can decline and still get paid. I think they may give you another $0.50 if you do send in the photo, but the surveys tend to pop up a day or two after I've thrown away the receipt.

Very rarely they will ask me opinion based questions but it's 95% location based.

I decided since they are tracking me anyway I may as well buy into it and get paid a little. Sixty bucks ain't a lot but it's more than I get from the bank.

 

[GrandCherokee2021]

A friend sent me this link, it is somewhat relevant here: https://www.vice.com/en/article/k7adn9/car-location-data-telematics-us-military-ulysses-group

 

[seven30]

I always believed data privacy is a big deal. Like phone taps of old.

The recent solarwinds hack and the fact that most of the communication chips are manufactured offshore is not reassuring either.

If that is not unsettling enough consider the data your personal vehicle shares could be covered by the HIPA act. For example, you visit medical specialist offices or make certain phone calls to medical providers. This type of information falls right into the data controlled by HIPA act and as such FCA or anyone else is exposed to potential large fines if that data is not both controlled, retained, and disposed of according to the HIPA act.

I want an unencumbered choice of opting in or out at the hardware level.

 

[CerOf]

If you are not signed up for all the cellular connection stuff, the only way a 3rd party can legally access it is by a warrant/court order.

I have obtained these and been able to trigger the systems. There is likely more than one cellular modem in modern vehicles.

As for the module in Uconnect talking to the engine computer ECM BCM TCM, it has to. How else do I get remote start and vehicle health reports?

 

[seven30]

Something about buying a $50000 vehicle only to have it snoop on me pisses me off. The data collected is not integral to the vehicles function (unlike a phone).

That's just wrong.

 

[seven30]

I wont be taking delivery of a Gladiator until next month but fuse F05 looks interesting. Anyone feel brave enough to pull it and see what happens?
F05 5amp Security Gateway

Sponsored