UConnect Disable Cell Modem


Author: David Zimmer
Date: 06.21.19 - 5:53am



So the UConnect infotainment unit in my car has a built in cell modem.

I find this creepy. The vendor includes this feature for several reasons:
  • OTA - over the air updates for the unit itself (and maybe CAN device reflashing?)
  • UConnect Access subscription service which includes:
    • remote vehicle start
    • remote lock or unlock
    • locate your vehicle in a crowded parking lot
    • vehicle health report
    • driver rating
    • SOS (911) and assist buttons on rear view to dial out for help
The driver rating feature is worth including a clip from the company webpage:

"Drive Rating is a usage-based insurance program that provides eligible connected vehicle owners with an opportunity to receive feedback on their driving habits and possible car insurance discounts based on specific driving criteria. If enrolled, your driving data, such as speed, hard braking, fast acceleration and GPS coordinates are collected for 90 days."

Soo bottom line is we dont have control over our car anymore. It can be remotely controlled, located, tracked, taken (repo), and mined for diagnostic data and/or profile your driving by design.

Furthermore the cell modem will be making connections all the time to cell towers leaving a map of everywhere you drive in the cell phone tower logs similar to your cell phone, except you can not control it.

Finally, an embedded computer system in your car, with 0 tools to monitor it, which can take in remote data from the internet, and is hooked to your cars vital systems and include access to a microphone is always on in a private space where you have frank conversations with friends and family.

What could go wrong?

I find this a ridiculous feature set and nothing that I want to be a part of. I rely on this machine to operate safely without the chance of being manipulated remotely.

I do not accept having tools for spying, monitoring, remote vulnerabilities and location tracking features being built into my car. That is not what I paid for at all.

Now dont get me wrong, no one cares about me, but things like this being forced on the masses who are blind to its side effects is unacceptable and it will be abused.

Job boards for reverse engineers are full of posts looking for people who work embedded security and develop exploits for systems just like this. These car units are prime targets. Why is an iPhone exploit worth $100,000 ? because it gives select people access to your intimate details and thus power over you and your life.

This has bothered me for my last 3 vehicles, so finally I took the plunge and went inside the head unit and removed the modem.

If you are a journalist, judge, lawyer, senator, CEO limiting your exposure to un-detectable and un-auditable intrusion is just a fact of modern life. Essentially anyone who holds sensitive information which could be profited off of or who could be vulnerable to leverage should be thinking about these things these days.

In my 2018 Chrysler 300, mine was mounted within the UConnect head unit itself. You open up the back of the case and will find it mounted to the side using the case as a heat sink. It was easy to remove the antennas and ribbon cable between it and the main board without hurting anything.

The chip these use it is a Qualcomm 4G Sierra Wireless AirPrime card

Carrier: AT&T
Model: AR7552, hardware integration guide
MFG PN: 1103493
CUSTOMER PN: N5HZZ0000195
IC: 2417C-AR7552
FCC ID: N7NAR7552








If you are interested in privacy the following links will also be of interest:

Unfortunately in our current environment we have no reason to trust. Expectation of privacy has been severely eroded and in truth is almost non-existent.

"Anything viewable in public has no expectation of privacy" has been whimsically extended to justify blanked recording, and profiling of..well everyone. How is it not stalking to build an intimate map of everywhere a person goes and to know all kinds of things about them.

I havent even mentioned web tracking yet which in truth is the most intimate of them all.




Comments: (33)

On 09.26.19 - 6:49am Dave wrote:
I kind of bet the manufacturer keeps all of these cell modems paid and active for their own telematics and remote update capabilities. It would be freaking poetic to interface with these modems from your own microcontroller and have free cell service for all of your projects. )

On 12.23.19 - 9:04am Dave wrote:
So the Sierra Wireless card uses the Qualcomm MDM9615 chip same as used in the iPhone. I have not been able to find any hardware spec sheets on it yet. A youtube user has reported that cars with NAV lose GPS capabilities with the modem unplugged. This makes sense as the GPS chip looks to be embedded in the modem. Some research on these modems has been done. Check out page 25 of this pdf https//fahrplan.events.ccc.de/congress/2016/Fahrplan/system/event_attachments/attachments/000/003/151/original/Dissecting_modern_283G_4G29_cellular_modems.pdf

On 01.13.20 - 7:12pm Allen wrote:
I am very encouraged to find out that yanking the cell modem out of a youconnekt system is possible. Thank you sincerely for putting this information out there. Protecting your data these days is mindblowingly complicated. all I would like is decency, privacy, and control over the hardware I own. just wish more people shared the same sentiment. Million thanks again. This is very useful.

On 12.07.20 - 2:12am William Shaw wrote:
I have a 2019 Dodge Scatpack and receive emails from the dealer where I bought it, Nashville TN telling me how many miles are on my vehicle and when my next oil change is due, if my tire pressure is low. I paid cash for my vehicle and hate the fact they know my car is in my garage 100 miles away from Nashville! Do you know a easy way I can disable the tracking of my vehicle other that what you did I am not as savvy as you? Thanks

On 12.07.20 - 2:13am Dave wrote:
dzzie dzzie 6 minutes ago Wow that’s super intrusive ! I am kinda glad they did that though to reveal that it’s actually being used to spy on people and raise awareness. Unfortunately unplugging the antennas was not enough. I had to physically unplug the modem. If you show this video to a local stereo shop I am sure they can do it. If not just have them remove the head unit for you and bring a pc repair guy who could remove the modem. It sucks it has come to this! And this setup could be used for way more to screw us. I would not be surprised if govt used these cell modem records to track people or if they weren’t able to turn the on star microphone on remotely to listen fir high value targets. We are essentially treated like cattle by our rulers these days.

On 12.07.20 - 2:16am Dave wrote:
One of the youtube viewers found the manual for the airprime ar7558 modem

On 12.17.20 - 7:49pm Dustin wrote:
Does anyone know if all the Uconnect 8.4 systems have this cell modem in the same location? We want to upgrade to a newer Ram 3500 but are RF sensitive and can’t drive a vehicle that is constantly or intermittently transmitting.

On 02.05.21 - 3:54pm mikeSk wrote:
Great job on this. I want to disable the 4G on the 2021 Jeep I just bought. Wouldnt it have been just as effective to remove the other end of the cellular antenna, assuming its accessible? I would assume its on the roof. I dont relish the thought of digging into a brand-new dashboard on a $50k vehicle. I am starting a writeup of my experience here

On 03.17.21 - 2:43pm Dave wrote:
Cars transmit location on a near real time basis and the data is sold to data brokers who want to use it for military intel.

Ulysses can provide our clients with the ability to remotely geolocate vehicles in nearly every country except for North Korea and Cuba on a near real time basis

Currently, we can access over 15 billion vehicle locations

Aggregator companies also purchase or obtain this data, repackage it, and then sell that data

vehicle location data is transmitted on a constant and near real time basis while the vehicle is operating

Ulysses has "existing access to bulk commercial telematics data."

We believe that this one attribute will dramatically enhance military intelligence and operational capabilities

Who the fuck ever thought this would even be a little bit ok? Data transmitted on a near constant real time basis... worse than even I suspected...

On 04.01.21 - 9:25am Jim wrote:
Do you know if the GPS still worked? Or did removing the cell modem just remove the tracking and 4g?

On 04.01.21 - 12:50pm Dave wrote:
I believe users reported that they have to use their phone with Apple car play or android auto for gps now. I don’t have built in gps but phone integration still works fine. Built in maps get out of date and dealer won’t update so I ditched built in

On 05.31.21 - 1:17pm Amauri wrote:
Thanks for this info. Im also bothered by the fact that I have no choice about this intrusion into my privacy, and after searching all over the web I found this page. I have a 2018 Ram 2500 and was able to easily remove the cell modem from my UConnect 8.4 All original functions still work perfectly including XM Sirius and Android Auto. I realize that Google tracks my where abouts, but at least I have the option of turning off my phone. Thanks and best regards

On 10.03.21 - 6:32pm Alfred wrote:
This GPS is embedded into the dash of the 7 inch vehicles. At least on 2021 model vehicles of Jeep line. This is a non-gps optioned vehicle as well. No reason to have gps embedded. I did not find an LTE module though. I am sure there may be one but have not located it yet. https//www.u-blox.com/en/product/ubx-m8030-series Ill let you know how the removal process goes. Contact me and I will share pictures.

On 10.18.21 - 10:44am Avarice wrote:
I removed the chip from a 2019 scat pack charger and it worked extremely well. The modules extremely easy to separate from the head unit within. Once you remove the six bolts or screws rather from the rear of the head unit it then just separates as each circuit board just unplug from one another. extremely easy job to do.

On 12.06.21 - 12:47pm LearnedHat wrote:
I have a 2016 and was thinking of unplugging the GSM antennae and removing this modem. Are there any firmware updates that could possibly be needed that could not be installed if these are removed?

On 12.06.21 - 1:31pm Dave wrote:
I would assume the dealer can still install firmware updates via the usb port inside the car.

We are in unsupported territory with mods like this. No one knows how robust the dealer tools are or if they need a certain patch level to apply the next patch. I dont particularly care to be honest.

I dont trust them not to snoop, and I dont trust them to have rock solid software updates that done screw me. Hidden data collection can only be abused in the current corporate environment. Wholly unacceptable.

My car works fine now, I do not want any updates and I do not want any new "features" to be pushed on me. Vendors are even taking away features in updates these days on occasion.

I am actually considering disabling the data lines on my cars internal usb ports so data scrapers do not work by default. I have even considered disconnecting the port entirely and replacing it with a badusb overloader in case anyone ever tries to snoop on my car data without my permission.

Worst case you can always plug the items back in, or you can find the power line and put a switch on it.

On 07.15.22 - 10:19am Yubyub wrote:
Manual for that chip is here https//usermanual.wiki/Sierra-Wireless/AR7552/html Im guessing that one or two of those antenna connectors is for the LTE/WCDMA signal. Has anyone tried leaving the card in place and stubbing out those connectors instead?

On 09.18.22 - 12:20pm John Spartan wrote:
It appears on the Uconnnect 5 8.4inch display units in the 2022 Rams this is now a single board unit. I have mine pulled apart and there is no separate cell modem in there. It is a single board now that connects via ribbon cable to a touch screen controller on the back of the touch screen. The plugs have also changed. It is a red, white, and blue barrel type connector for what I assume is camera and antennas. The rest of the plugs are square clip type with system interface looking plugs which are brown, light blue, and green. If anyone has any info on how to disable the modem in these units I would love to know. I dont know if they moved the modem to another location or if it is integrated on the main board. The sticker on the back of the case indicates the wireless lan and bluetooth are on there, but I dont see anything that indicates the cellular modem is in there. So they may have moved it in the 2022 models. Any feedback would be awesome.

Edit: I just received this reply on the Cummins Forum.

"2022 Uconnect 5’s are completely different than previous years. The radios themselves don’t have any connectivity. It’s all run by a separate telematics box located in the dash above the upper glovebox."

On 09.25.22 - 2:41am Ramon wrote:
I need remove all tracker from GMC Sierra 2500 2020 but have Telematics module i need remove only the module or i need remove the radio anyone can help me with that i will pay for the help if any one have experience give me your contact

On 10.02.22 - 5:01pm Dave wrote:
John has a forum post on how to remove telematics module from a 2022 Ram. (Local Copy)

On 10.13.22 - 2:59pm Mitch wrote:
Can anyone confirm the telematics box module is located in the same place (dash above the upper glove box) on a 2022 Jeep Wrangler with the Uconnect 5 8.4 unit? Thank you so much for this information.

On 10.17.22 - 2:56pm Dave wrote:
Another link from John Disabling FordPass & Telematics

Step 1: Locate the telematics module. Youll have to locate the telematics module in your car, in this 2019 Escape it is under the trunk floor. In F-series trucks the modue is on the drivers side rear wall of the cab, behind the back seat.

On 07.05.23 - 12:13pm Dylan wrote:
Im not seeing where the video is that was mentioned in this post, am I just blind or was it removed for some reason? Trying to get this crap out of my 22 wrangler with 7 uconnect. SiriusXM Guardian refuses to cancel the service unless I give them my address or a copy of my vehicle title, so that leaves me with physically removing it as my only option. Thank you!

On 07.05.23 - 8:21pm Dave wrote:
Hi, yeah vid is down. Mine was inside the unconnect head unit bolted to the side using the case as a heat sink. Newer systems seem to be using standalone boxes connected right behind head unit. They are serious dicks about these things I doubt them disabling it could not be remanded remotely. Pop that puppy out of there. I had my new Nissan all apart looking for one fishing sucks. Stereo shop might help you fish if you need a hand. Feel free to post picts and report back.

On 09.27.23 - 11:27am Dustin wrote:
Has anyone who has removed the telematics from the Uconnect system tested it with an RF meter to see if it is actually disabled? We havent bought a newer Ram yet so I cant test it myself. We did try several procedures on my Dads 2019 Silverado to get rid of Onstar. Unplugging the telematics box on that made it so the truck wouldnt start. Removing the cellular card from the box did not stop it from transmitting. He finally sold the vehicle and bought a 2018 Sierra. On that one we tried removing the cellular circuit board. It still transmits from somewhere. We unplugged the whole Onstar box and that stopped it from transmitting all the time, however there is still a transmitter somewhere because it will send out a strong RF signal when starting the truck and again when shutting it off and any time the door is opened. At least it is not transmitting all the time like before. Were hesitant to buy a newer Ram and not be able to get rid of this junk.

On 09.27.23 - 12:49pm Dave wrote:
Hi, are you using an SDR to read signal transmission?

I have not done this yet myself hopefully someone will chime in. This still isnt on many peoples radars yet.

Does it have touch sensor to unlock the doors or push button start? Both of those would cause spikes I imagine. Also when the car starts up, and the engine and electronics fire up, I could imagine there is EM noise generated.

Maybe try to hack together a directional antenna to see if it you can localize it like off shark fin antenna or between key fob or something?

What frequency ranges are you seeing active? That might give you some ideas like blue tooth trying to bind to a phone, or FOB or satellite connection. Sirius XM might have some limited send capabilities. I have heard someone mention that.

It may also be possible the mfg includes a wireless interface for their diagnostic tooling that it is searching for on startup?

They are being dickwads for sure though. I got in a literal argument with my dealer when I asked in my new truck had one or not. he wouldnt even tell me. Going to have to go retro and just shun new tech. I cant even stand the logic they wired into the distance sensors in my new 2022 truck.

Software automation is giving other people power to make (/force) decisions for (/on to) you. I am coming more and more to the conclusion that computers are making our lives shittier now.

On 09.28.23 - 8:25pm Dustin wrote:
Hi, We are using an Acoustimeter that just gives the power density but doesnt tell what the frequency is. I wish it did! It covers 200 MHz to 8 GHz. It does have a sound feature where I can normally tell the difference between Bluetooth, cell data and cell towers. It sounds like a data transmission coming off the Sierra. The 2018 Sierra has a key instead of a push button start and I dont know if it has touch sensors. I will try to test it to see where the signal is coming from. The other day we tested a 2015 Toyota Tundra which doesnt have connected services but does have Bluetooth and we confirmed that turning off Bluetooth in the menu does indeed turn it off. I wish they would just stop making this stuff standard or at least give us an option to turn it all off.

On 09.28.23 - 8:35pm Dave wrote:
Thanks for the additional details.

Also some cars may have a wifi feature for in car internet over the cell connection. No idea if that broadcasts and has done level of activity even if not in use or even with cell card removed. Very possible on both.

Yeah I hear you. It reminds me of the news that garbage trucks in CA were installing license plate readers to build a database of all the cars they saw along the way. Building resources first law enforcement, bonds bailsmen, car repo companies etc.

I think one auto maker has a patent on spying on what radio you listen to. Black box recorders in cars already used in court. Passenger seat pressure sensor at 1am, gps here, door opens, no passenger returns. Patents on TV with cameras which watch you to gauge interest in Ads.

Spy tech everywhere. Hidden until it bites. Creepers are just collecting everything hoping gold nuggets fall out. Fighting to keep it hidden. This is the world we live in right now.


On 11.09.23 - 7:36am Dave wrote:
so I guess its just prudent to never connect your cell phone to your car (and especially a rental!) ever again. I am leaving blue tooth off from now on as well. Phones are a liability now.(by design?)

Court rules automakers can record and intercept owner text messages

plaintiffs in one of the five cases filed suit against Honda in 2021, arguing that beginning in at least 2014 infotainment systems in the company’s vehicles began downloading and storing a copy of all text messages on smartphones when they were connected to the system.

An Annapolis, Maryland-based company, Berla Corporation, provides the technology to some car manufacturers but does not offer it to the general public, the lawsuit said. Once messages are downloaded, Berla’s software makes it impossible for vehicle owners to access their communications and call logs but does provide law enforcement with access, the lawsuit said.

Many car manufacturers are selling car owners’ data to advertisers as a revenue boosting tactic according to earlier reporting by Recorded Future News.

Seriously there is no decency left.

On 02.09.24 - 3:48pm Michael wrote:
I read through this and then took out the head unit on my 2016 RAM 1500 Rebel and it appears that the cellular modem is a Sprint chip and is appears to be directly on the circuit board rather than a separate card. Any idea how I deal with that? There was one cable between the two circuit boards that I disconnected and the 911 / Assist feature no longer works and no connection to UConnect Store etc. However, It seems the cellular is still active.

On 02.09.24 - 5:29pm David wrote:
Interesting thanks for sharing. Weird my 2019 Chrysler was still on a seperate board on the side of the case too. Could you take some pictures? Electronics repair guys could safely remove the chip from the board and reattach if it wouldn’t work without it. They basically put flux goo all over it then heat it up with a hot air rework station and pluck it off. Kinda heavy handed though and computer might register an error results unknown could be a 2k gamble (maybe more) I might buy a second head unit from junk yard and experiment on that. I wish I had a group of guys on this but I only hear sporadic comments. Car forums might have threads on this.

On 02.12.24 - 11:36am Dave wrote:
Disable 2022 Jeep Wrangler telematics box (if they get taken down i have a copy) https//www.youtube.com/watch?vCsBGh_9dDVA

On 03.16.24 - 4:22pm Dave wrote:
Reader Michael has done some digging for the cell modem in his 2016 RAM 1500 Rebel and found it again in the head unit. His Sierra Wireless card has a Sprint carrier and is soldered directly onto the main board. He was kind enough to provide the following pictures. image1, image2

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 32 + 20 = ? followed by the letter: B 



About Me
More Blogs
Main Site
Posts: (All)
2023 ( 4 )
2022 ( 5 )
2021 ( 2 )
2020 ( 5 )
2019 (6)
     Yara WorkBench
     SafeArrayGetVartype
     vb6 API and call backs
     PrintFile
     ImpAdCallNonVirt
     UConnect Disable Cell Modem
2017 (5)
     IDA python over IPC
     dns wildcard blocking
     64bit IDA Plugins
     anterior lines
     misc news/updates
2016 (4)
     KANAL Mod
     Decoders again
     CDO.Message Breakpoints
     SysAnalyzer Updates
2015 ( 5 )
2014 ( 5 )
2013 ( 9 )
2012 ( 13 )
2011 ( 19 )
2010 ( 11 )
2009 ( 1 )