UConnect Disable Cell Modem


Author: David Zimmer
Date: 06.21.19 - 5:53am



So the UConnect infotainment unit in my car has a built in cell modem.

I find this creepy. The vendor includes this feature for several reasons:
  • OTA - over the air updates for the unit itself (and maybe CAN device reflashing?)
  • UConnect Access subscription service which includes:
    • remote vehicle start
    • remote lock or unlock
    • locate your vehicle in a crowded parking lot
    • vehicle health report
    • driver rating
    • SOS (911) and assist buttons on rear view to dial out for help
The driver rating feature is worth including a clip from the company webpage:

"Drive Rating is a usage-based insurance program that provides eligible connected vehicle owners with an opportunity to receive feedback on their driving habits and possible car insurance discounts based on specific driving criteria. If enrolled, your driving data, such as speed, hard braking, fast acceleration and GPS coordinates are collected for 90 days."

Soo bottom line is we dont have control over our car anymore. It can be remotely controlled, located, tracked, taken (repo), and mined for diagnostic data and/or profile your driving by design.

Furthermore the cell modem will be making connections all the time to cell towers leaving a map of everywhere you drive in the cell phone tower logs similar to your cell phone, except you can not control it.

Finally, an embedded computer system in your car, with 0 tools to monitor it, which can take in remote data from the internet, and is hooked to your cars vital systems and include access to a microphone is always on in a private space where you have frank conversations with friends and family.

What could go wrong?

I find this a ridiculous feature set and nothing that I want to be a part of. I rely on this machine to operate safely without the chance of being manipulated remotely.

I do not accept having tools for spying, monitoring, remote vulnerabilities and location tracking features being built into my car. That is not what I paid for at all.

Now dont get me wrong, no one cares about me, but things like this being forced on the masses who are blind to its side effects is unacceptable and it will be abused.

Job boards for reverse engineers are full of posts looking for people who work embedded security and develop exploits for systems just like this. These car units are prime targets. Why is an iPhone exploit worth $100,000 ? because it gives select people access to your intimate details and thus power over you and your life.

This has bothered me for my last 3 vehicles, so finally I took the plunge and went inside the head unit and removed the modem.

If you are a journalist, judge, lawyer, senator, CEO limiting your exposure to un-detectable and un-auditable intrusion is just a fact of modern life. Essentially anyone who holds sensitive information which could be profited off of or who could be vulnerable to leverage should be thinking about these things these days.

See video below on how to remove the cell modem built into your car





The chip these use it is a Qualcomm 4G Sierra Wireless AirPrime card

Carrier: AT&T
Model: AR7552, hardware integration guide
MFG PN: 1103493
CUSTOMER PN: N5HZZ0000195
IC: 2417C-AR7552
FCC ID: N7NAR7552








If you are interested in privacy the following links will also be of interest:

Unfortunately in our current environment we have no reason to trust. Expectation of privacy has been severely eroded and in truth is almost non-existent.

"Anything viewable in public has no expectation of privacy" has been whimsically extended to justify blanked recording, and profiling of..well everyone. How is it not stalking to build an intimate map of everywhere a person goes and to know all kinds of things about them.

I havent even mentioned web tracking yet which in truth is the most intimate of them all.




Comments: (3)

On 09.26.19 - 6:49am Dave wrote:
I kind of bet the manufacturer keeps all of these cell modems paid and active for their own telematics and remote update capabilities. It would be freaking poetic to interface with these modems from your own microcontroller and have free cell service for all of your projects. )

On 12.23.19 - 9:04am Dave wrote:
So the Sierra Wireless card uses the Qualcomm MDM9615 chip same as used in the iPhone. I have not been able to find any hardware spec sheets on it yet. A youtube user has reported that cars with NAV lose GPS capabilities with the modem unplugged. This makes sense as the GPS chip looks to be embedded in the modem. Some research on these modems has been done. Check out page 25 of this pdf https//fahrplan.events.ccc.de/congress/2016/Fahrplan/system/event_attachments/attachments/000/003/151/original/Dissecting_modern_283G_4G29_cellular_modems.pdf

On 01.13.20 - 7:12pm Allen wrote:
I am very encouraged to find out that yanking the cell modem out of a youconnekt system is possible. Thank you sincerely for putting this information out there. Protecting your data these days is mindblowingly complicated. all I would like is decency, privacy, and control over the hardware I own. just wish more people shared the same sentiment. Million thanks again. This is very useful.

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 71 + 83 = ? followed by the letter: F 



Twitter
RSS
About Me
More Blogs
Main Site
Posts: (All)
2020 ( 6 )
2019 (12)
     Yara WorkBench
     SafeArrayGetVartype
     vbdec dbg updates
     vb6 PCode NOP
     vb6 API and call backs
     how pcode works Pt1
     PrintFile
     ImpAdCallNonVirt
     Reversing PCode Args
     VB6 PCode Disassembly
     VB6 PCode Debugger
     UConnect Disable Cell Modem
2017 (5)
     IDA python over IPC
     dns wildcard blocking
     64bit IDA Plugins
     anterior lines
     misc news/updates
2016 ( 4 )
2015 ( 6 )
2014 ( 5 )
2013 ( 9 )
2012 ( 13 )
2011 ( 19 )
2010 ( 11 )
2009 ( 1 )