Apparently it was supposed to be. They have the core functions in a “can’t OTA” container, with less important functions like AV/etc in a “can OTA” model.
This update was pushed to the “can update” side and fucked the “can’t update” side, which is its own can of worms. Another can? Jeep pushed a silent, emergency update “to all Jeeps even those who have automatic updates disabled.”
So the issue is not that they have no security model, it’s that it clearly doesn’t work and they can and will push secret updates even when you decline all updates.
I just got a text from my dealership saying my oil light was on. Super pissed off about it… When I got the Jeep 2 years ago I asked Jeep to turn off ALL remote access/phone home capabilities to the vehicle. I was on the phone for a couple hours with them until I finally got someone who said they did it.
Weather alerts, contextual ads on my console, distant recording of my travels, whatever, I wanted everything off.
It has a 4G cellular module in the head unit, which connects to a separate 4G antenna via a port on the back of the head unit. Unplug the antenna from the head unit and it cannot communicate to anything. Obviously you have to remove a bunch of trim and the unit.
Now, it’s possible that during maintenance, the process might involve uploading or downloading data to/from the manufacturer. That’s hard to avoid.
Apparently it was supposed to be. They have the core functions in a “can’t OTA” container, with less important functions like AV/etc in a “can OTA” model.
This update was pushed to the “can update” side and fucked the “can’t update” side, which is its own can of worms. Another can? Jeep pushed a silent, emergency update “to all Jeeps even those who have automatic updates disabled.”
So the issue is not that they have no security model, it’s that it clearly doesn’t work and they can and will push secret updates even when you decline all updates.
https://www.reddit.com/r/Jeep/comments/194cbbj/turn_offdisconnect_remote_access_to_my_2021_gcth/
Now, it’s possible that during maintenance, the process might involve uploading or downloading data to/from the manufacturer. That’s hard to avoid.