UConnect Disable Cell Modem

Author: David Zimmer
Date: 06.21.19 - 5:53am

So the UConnect infotainment unit in my car has a built in cell modem.

I find this creepy. The vendor includes this feature for several reasons:
  • OTA - over the air updates for the unit itself (and maybe CAN device reflashing?)
  • UConnect Access subscription service which includes:
    • remote vehicle start
    • remote lock or unlock
    • locate your vehicle in a crowded parking lot
    • vehicle health report
    • driver rating
    • SOS (911) and assist buttons on rear view to dial out for help
The driver rating feature is worth including a clip from the company webpage:

"Drive Rating is a usage-based insurance program that provides eligible connected vehicle owners with an opportunity to receive feedback on their driving habits and possible car insurance discounts based on specific driving criteria. If enrolled, your driving data, such as speed, hard braking, fast acceleration and GPS coordinates are collected for 90 days."

Soo bottom line is we dont have control over our car anymore. It can be remotely controlled, located, tracked, taken (repo), and mined for diagnostic data and/or profile your driving by design.

Furthermore the cell modem will be making connections all the time to cell towers leaving a map of everywhere you drive in the cell phone tower logs similar to your cell phone, except you can not control it.

Finally, an embedded computer system in your car, with 0 tools to monitor it, which can take in remote data from the internet, and is hooked to your cars vital systems and include access to a microphone is always on in a private space where you have frank conversations with friends and family.

What could go wrong?

I find this a ridiculous feature set and nothing that I want to be a part of. I rely on this machine to operate safely without the chance of being manipulated remotely.

I do not accept having tools for spying, monitoring, remote vulnerabilities and location tracking features being built into my car. That is not what I paid for at all.

Now dont get me wrong, no one cares about me, but things like this being forced on the masses who are blind to its side effects is unacceptable and it will be abused.

Job boards for reverse engineers are full of posts looking for people who work embedded security and develop exploits for systems just like this. These car units are prime targets. Why is an iPhone exploit worth $100,000 ? because it gives select people access to your intimate details and thus power over you and your life.

This has bothered me for my last 3 vehicles, so finally I took the plunge and went inside the head unit and removed the modem.

If you are a journalist, judge, lawyer, senator, CEO limiting your exposure to un-detectable and un-auditable intrusion is just a fact of modern life. Essentially anyone who holds sensitive information which could be profited off of or who could be vulnerable to leverage should be thinking about these things these days.

See video below on how to remove the cell modem built into your car

The chip these use it is a Qualcomm 4G Sierra Wireless AirPrime card

Carrier: AT&T
Model: AR7552, hardware integration guide
MFG PN: 1103493
IC: 2417C-AR7552

If you are interested in privacy the following links will also be of interest:

Unfortunately in our current environment we have no reason to trust. Expectation of privacy has been severely eroded and in truth is almost non-existent.

Comments: (0)

Leave Comment:
Email: (not shown)
Message: (Required)
Math Question: 36 + 37 = ? followed by the letter: T 

About Me
More Blogs
Main Site
vbdec dbg updates
vb6 PCode NOP
vb6 API and call backs
how pcode works Pt1
Reversing PCode Args
VB6 PCode Disassembly
VB6 PCode Debugger
UConnect Disable Cell Modem
IDA python over IPC
dns wildcard blocking
64bit IDA Plugins
anterior lines
misc news/updates
Decoders again
CDO.Message Breakpoints
SysAnalyzer Updates
SysAnalyzer and Site Updates
crazy decoder
ida js w/dbg
flash patching #2
JS Graphing
packet reassembly
Delphi IDA Plugin
scdbg IDA integration
API Hash Database
Winmerge plugin
IDACompare Updates
Guest Post @ hexblog
TCP Stream Reassembly
SysAnalyzer Updates
Apilogger Video
Shellcode2Exe trainer
scdbg updates
IDA Javascript w/IDE
Rop Analysis II
scdbg vrs ROP
flash patching
x64 Hooks
micro hook
jmp api+5 *2
SysAnalyzer Updates
InjDll runtime config
C# Asm/Dsm Library
Shellcode Hook Detection
Updates II
Java Hacking
Windows 8
Win7 x64
Graphing ideas
.Net Hacking
Old iDefense Releases
hll shellcode
ActionScript Tips
-patch fu
scdbg ordinal lookup
scdbg -api mode
Peb Module Lists
scdbg vrs Process Injection
GetProcAddress Scanner
scdbg fopen mode
scdbg findsc mode
scdbg MemMonitor
demo shellcodes
scdbg download
api hashs redux
Api hash gen
Retro XSS Chat Codes
Exe as DLL
Olly Plugins
Debugging Explorer
Attach to hidden process
JS Refactoring
Asm and Shellcode in CSharp
Fancy Return Address
PDF Stream Dumper
Malcode Call API by Hash
WinDbg Cheat Sheet
GPG Automation