Dodge Challenger Forum banner
Cancel

6.2 AND 6.4 ENHANCED SECURITY FEATURE

5049 Views 26 Replies 10 Participants Last post by  SKT PK 9 Man
SKT PK 9 Man
Well, I got the letter on this recently and am planning on having this software update installed. My understanding is that it "Locks" the RF-Hub so thieves cannot program a bootlegged key fob for your car. One aspect of it is that the dealer can no longer program a key fob for your car after the update. They offer you the option to have extra fobs purchased before it is done. My question is, does anyone know if, after the RF-Hub is locked, can you still receive future software updates or does it only apply to RF function? If so, does that mean that they cannot update your UConnect remotely? Just trying to wrap my head around this so there is no surprises like with the Enhanced Valet Mode update they are currently "Recalling".
Reply
Save
Like
1 - 20 of 27 Posts
R
With some electronic systems, the microprocessor, comes with a security fuse that when set prevents tampering with software in the microprocessor, and this includes reading the software out of the microprocessor. The microprocessor can be reprogrammed but a full erase is required first. This clears the "fuse" that prevents the microprocessor from being read but the microprocessor is blank so there is nothing to read out of the microprocessor.

The new image contains the fuse setting which when the microprocessor is programmed again this leaves the microprocessor locked and prevents any tampering with the software in the microprocessor.

The above is pretty common actually and I would hazard a guess the hub while locked to prevent any changes being made to add/subtract a key RFID could still be programmed with a new software image but like I said above it would have to be completely erased first. This removes the software image and also clears out any and all key RFIDs the hub has.

After the update is applied the hub would of course have to support adding key RFIDs so the ones in the owner's possession could be put back. Then the hub with the new software would be locked to prevent any further changes to the list of key RFIDs.
See less See more
Reply
Save
Like
I
just be sure they dont install more than you bargained for, im not having it done to mine this year ill wait and see how it pans out for the rest of you.

i think im just going to get a compustar pro installed like hellrasin as it comes with many features the dodge security update doesn't.

i really like the ILGA unit he also had but cannot find a local installer

besides locking the hub will not stop cloning of your key only stop the thieves if they cannot clone yours and try to program a new key....luckly for me im not in a high crime area,plus i keep a pretty close eye on it
Reply
Save
Like
  • Like
Reactions: 2
SKT PK 9 Man
"not stop cloning of your key"

Why my key is always either in the car with me or in it's Faraday box.
Reply
Save
Like
  • Like
Reactions: 2
TheOldGuy
Car thieves are going to employ the expertise of an electronics expert whom will spend lots of hours in front of a spectrum and logic analyzer and get this all figured out. Then it will be "business" as usual. I could do the same as I have the equipment. However, I am not a car thief.
-John
Reply
Save
Like
MJS73
What the RF Hub lockout does is it prevents the programming of new keys from that point forward. If you were to somehow lose all of your keys the entire RF Hub would have to be replaced, hence the offer to provide discounted additional keys. It has as much to do with the UConnect as it does the oil filter. The "enhanced valet mode" is no longer available for installation.
Reply
Save
Like
  • Like
Reactions: 4
I
SKT PK 9 Man said:
"not stop cloning of your key"

Why my key is always either in the car with me or in it's Faraday box.
Click to expand...
juat so you know if out anywhere, a thief only needs to walk near you for approximately 30-45 seconds to capture and clone your key. They are also using repeaters so one steals your rfid and another steals your car.

one way to make this more difficult is to disable your proximity unlock so they still have to break in to get into the car.

ill be adding a starter or fuel pump disable with the alarm in the spring this will also get me a tilt/ bump sensor to alarm if the car. I suggest you put the security of the car in your hands as the afterthought system dodge is pushing is just a bandaid and it appears the valet mode thing was a failure
Reply
Save
Like
SKT PK 9 Man
icecoldmn said:
juat so you know if out anywhere, a thief only needs to walk near you for approximately 30-45 seconds to capture and clone your key. They are also using repeaters so one steals your rfid and another steals your car.

one way to make this more difficult is to disable your proximity unlock so they still have to break in to get into the car.

ill be adding a starter or fuel pump disable with the alarm in the spring this will also get me a tilt/ bump sensor to alarm if the car. I suggest you put the security of the car in your hands as the afterthought system dodge is pushing is just a bandaid and it appears the valet mode thing was a failure
Click to expand...
But I never stop for more than a stop light. Is that enough, really, what are the odds they get me "on the run". I never stop and leave my car period. Except at a car show.
Reply
Save
Like
MJS73
SKT PK 9 Man said:
But I never stop for more than a stop light. Is that enough, really, what are the odds they get me "on the run". I never stop and leave my car period. Except at a car show.
Click to expand...
It's the "except" that gets you.
Reply
Save
Like
  • Wow
Reactions: 1
I
SKT PK 9 Man said:
But I never stop for more than a stop light. Is that enough, really, what are the odds they get me "on the run". I never stop and leave my car period. Except at a car show.
Click to expand...
really, you dont take it to dinner or the grocery store? what is the point of having a car if you dont drive anywhere?

mine is a garage queen but it gets driven to the lake on weekends in the summer, out to dinner to the movies with my daughter, to the grocery store and sometimes to the tavern for a cocktail... i wouldn't have it any other way, it is insured for agreed value so no real worries one way or the other
Reply
Save
Like
  • Like
Reactions: 1
SKT PK 9 Man
icecoldmn said:
really, you dont take it to dinner or the grocery store? what is the point of having a car if you dont drive anywhere?

mine is a garage queen but it gets driven to the lake on weekends in the summer, out to dinner to the movies with my daughter, to the grocery store and sometimes to the tavern for a cocktail... i wouldn't have it any other way, it is insured for agreed value so no real worries one way or the other
Click to expand...
It gets driven plenty. For fun. If I'm going anywhere specific, well, that's what my old truck is for. No worry about some soccer mom's brat slamming their door into mine. I also have cost replacement insurance and live in a very low crime area. Still I am OCD about my show/collector cars/motorcycles. It's why my 20 year old Firehawk's still look showroom new. To each their own.
Reply
Save
Like
  • Like
Reactions: 2
I
SKT PK 9 Man said:
It gets driven plenty. For fun. If I'm going anywhere specific, well, that's what my old truck is for. No worry about some soccer mom's brat slamming their door into mine. I also have cost replacement insurance and live in a very low crime area. Still I am OCD about my show/collector cars/motorcycles. It's why my 20 year old Firehawk's still look showroom new. To each their own.
Click to expand...
I get your point but life is too short to not fully enjoy the fruits of your labors. I have a 90 trans am I purchased off the showroom floor sitting on the car lift outside in my shop, 26k on the clock, supercharged to eat fire hawks.. Lol

To each their own but I get more enjoyment driving them than waxing them. My issue is the less I use them it seems the less I want to as every time they go out I have to clean them. Leads to a cycle.

enjoy them as the next owner will likely not take care of them as well as you do
Reply
Save
Like
  • Like
Reactions: 1
SKT PK 9 Man
icecoldmn said:
I get your point but life is too short to not fully enjoy the fruits of your labors. I have a 90 trans am I purchased off the showroom floor sitting on the car lift outside in my shop, 26k on the clock, supercharged to eat fire hawks.. Lol

To each their own but I get more enjoyment driving them than waxing them. My issue is the less I use them it seems the less I want to as every time they go out I have to clean them. Leads to a cycle.

enjoy them as the next owner will likely not take care of them as well as you do
Click to expand...
The next owners will be my Son's and what they do to them won't matter to me at that time! But, I'm kind of weird in that I enjoy detailing them as much as driving them so the "cycle" is something I look forward too.
Reply
Save
Like
  • Like
Reactions: 1
emichael
SKT PK 9 Man said:
...One aspect of it is that the dealer can no longer program a key fob for your car after the update...
Click to expand...
I do not understand why this is being accepted in our community as a viable solution.

In my opinion, FCA* failed to design a proper system for the vehicle to validate the device used to re-program the vehicle. The vehicle, before allowing a new key to be programmed, needs to have a mechanism for it to validate the programming request is authorized. It appears FCA tried to control this by physically limiting the re-programming devices to dealers. However, they somehow lost control of the design/devices to allow them to be reproduced for illicit activity.

What they should have designed is a system which checks in with the manufacturer for authorization before allowing a reprogramming function. "Authorized user" at "authorized dealer" retrieved a single-use reprogramming authorization on date/time which allowed this unique VIN to program a new key. Of course, this relies on FCA keeping their cryptographic private key safe so they can properly sign the authorization. If they lost control of their cryptographic private key, then they should be liable to replace any vehicle systems (like the RF-Hub) which rely on that key.

It is also possible FCA designed in a back-door programming functionality that was never supposed to be used. Working in cyber security, our company executives are required to sign 'attestations' that no back doors exist in our products. My bet is no such attestation exists for FCA's vehicle key systems. And if such back-doors exist, then FCA should be liable for their misuse.

I personally believe FCA is trying to dodge the bullet here (pun intended). They either designed a crappy security mechanism for programming new keys, or they designed a good system but failed to secure their cryptographic private key.

They know they have a problem, and this recall is functionally admission of that fact. The recall offer to burn out the RF-hub programming is a legal CYA to try and prove they did "something" to address the lack of security in their product design.

I am really surprised this hasn't been picked up by a class action suit. There is nothing special about the key systems in our SRT-class vehicles that is different from any other key-fob enabled vehicle in FCA's production line. Just because FCA is offering to permanently block the programming of new keys on our vehicles, does not mean the thieves cannot use the same technology to steal lesser targeted vehicles.

* Yes, I know FCA is gone. This system, however, was designed on their watch, thus I named them here.
See less See more
Reply
Save
Like
  • Like
Reactions: 1
SKT PK 9 Man
emichael said:
I do not understand why this is being accepted in our community as a viable solution.

In my opinion, FCA* failed to design a proper system for the vehicle to validate the device used to re-program the vehicle. The vehicle, before allowing a new key to be programmed, needs to have a mechanism for it to validate the programming request is authorized. It appears FCA tried to control this by physically limiting the re-programming devices to dealers. However, they somehow lost control of the design/devices to allow them to be reproduced for illicit activity.

What they should have designed is a system which checks in with the manufacturer for authorization before allowing a reprogramming function. "Authorized user" at "authorized dealer" retrieved a single-use reprogramming authorization on date/time which allowed this unique VIN to program a new key. Of course, this relies on FCA keeping their cryptographic private key safe so they can properly sign the authorization. If they lost control of their cryptographic private key, then they should be liable to replace any vehicle systems (like the RF-Hub) which rely on that key.

It is also possible FCA designed in a back-door programming functionality that was never supposed to be used. Working in cyber security, our company executives are required to sign 'attestations' that no back doors exist in our products. My bet is no such attestation exists for FCA's vehicle key systems. And if such back-doors exist, then FCA should be liable for their misuse.

I personally believe FCA is trying to dodge the bullet here (pun intended). They either designed a crappy security mechanism for programming new keys, or they designed a good system but failed to secure their cryptographic private key.

They know they have a problem, and this recall is functionally admission of that fact. The recall offer to burn out the RF-hub programming is a legal CYA to try and prove they did "something" to address the lack of security in their product design.

I am really surprised this hasn't been picked up by a class action suit. There is nothing special about the key systems in our SRT-class vehicles that is different from any other key-fob enabled vehicle in FCA's production line. Just because FCA is offering to permanently block the programming of new keys on our vehicles, does not mean the thieves cannot use the same technology to steal lesser targeted vehicles.

* Yes, I know FCA is gone. This system, however, was designed on their watch, thus I named them here.
Click to expand...
No argument here. It's 2022 for God's sake. And the only answer to this problem is to permanently blind the RF-Hub. Really? :rolleyes:
Reply
Save
Like
  • Like
Reactions: 1
MJS73
emichael said:
I do not understand why this is being accepted in our community as a viable solution.

In my opinion, FCA* failed to design a proper system for the vehicle to validate the device used to re-program the vehicle. The vehicle, before allowing a new key to be programmed, needs to have a mechanism for it to validate the programming request is authorized. It appears FCA tried to control this by physically limiting the re-programming devices to dealers. However, they somehow lost control of the design/devices to allow them to be reproduced for illicit activity.

What they should have designed is a system which checks in with the manufacturer for authorization before allowing a reprogramming function. "Authorized user" at "authorized dealer" retrieved a single-use reprogramming authorization on date/time which allowed this unique VIN to program a new key. Of course, this relies on FCA keeping their cryptographic private key safe so they can properly sign the authorization. If they lost control of their cryptographic private key, then they should be liable to replace any vehicle systems (like the RF-Hub) which rely on that key.

It is also possible FCA designed in a back-door programming functionality that was never supposed to be used. Working in cyber security, our company executives are required to sign 'attestations' that no back doors exist in our products. My bet is no such attestation exists for FCA's vehicle key systems. And if such back-doors exist, then FCA should be liable for their misuse.

I personally believe FCA is trying to dodge the bullet here (pun intended). They either designed a crappy security mechanism for programming new keys, or they designed a good system but failed to secure their cryptographic private key.

They know they have a problem, and this recall is functionally admission of that fact. The recall offer to burn out the RF-hub programming is a legal CYA to try and prove they did "something" to address the lack of security in their product design.

I am really surprised this hasn't been picked up by a class action suit. There is nothing special about the key systems in our SRT-class vehicles that is different from any other key-fob enabled vehicle in FCA's production line. Just because FCA is offering to permanently block the programming of new keys on our vehicles, does not mean the thieves cannot use the same technology to steal lesser targeted vehicles.

* Yes, I know FCA is gone. This system, however, was designed on their watch, thus I named them here.
Click to expand...
It’s not just Dodge that this affects, every automaker faces the same situation with the same technology. Technology can and will be hacked. The only things that differentiate Dodge from the others is that no one is trying to steal other cars like these and that Dodge is actually doing something about it.

It’s not a recall, recalls are only for safety issues, but it’s an optional workaround to protect against hacking, somerthing Microsoft and Apple and Google do on a monthly basis but no one seems to give them any grief about it. People just get a security update notification on their phone and they press OK without a second thought.

Dodge is trying to help. Get off your class action lawsuit high horse and come back down to reality.
Reply
Save
Like
  • Wow
Reactions: 1
I
The issue is the band aid is BS first they change valet mode and that appears to be a failure, especially for those who want valet mode as it currently exsists. now they are going to lock down your key module so it will not accept future keys, still will not stop a cloned key...all it will do is cost the end consumer money later down the road.

Im not buying in ill go aftermarket for security there are way better options out there that have more features and better performance. But im certainly not impressed with Dodge.and their FIXES
Reply
Save
Like
  • Like
Reactions: 1
emichael
MJS73 said:
It’s not just Dodge that this affects, every automaker faces the same situation with the same technology....
Click to expand...
So because all manufacturers suck consumers should just accept it?

MJS73 said:
.... but it’s an optional workaround to protect against hacking, somerthing Microsoft and Apple and Google do on a monthly basis but no one seems to give them any grief about it. People just get a security update notification on their phone and they press OK without a second thought....
Click to expand...
True, it is optional. That doesn't mean I don't want a better option.

True Microsoft, Apple, Google, etc all issue security patches on a regular basis. Those all fix vulnerabilities uncovered in their products. However, it is very rare for the security fix to be a reduction in feature functionality.

Imagine if Apple said, "To fix a design problem in the iPhone this security fix will lock in your current password forever. If you ever need to change your password you will need to buy a new phone." This is essentially what Dodge is presenting as an acceptable solution.

MJS73 said:
...Dodge is trying to help. Get off your class action lawsuit high horse and come back down to reality.
Click to expand...
I respectfully disagree. I believe Dodge is trying to cover their butt by claiming to have done something, an "optional workaround" as you put it. "Sorry your car was stolen because we designed a crappy security system. Too bad you didn't take advantage of our optional workaround."

No "high horse" on my part, and carefully reviewing my previous post I did not suggest a lawsuit as a call to action. To explain, there are lawyers who thrive on this sort of opportunity to financially exploit every little problem a consumer may experience. And whether we like it or not, that is the unfortunate "reality" of our legal system at this time. I simply stated I am surprised no law firm has picked up on this.

In my opinion disabling the RF-hub or accepting a weak security system is a false dichotomy. Permanently limiting the ability to add new keys is a cheap band-aid to cover their butt legally. This protects Dodge / FCA / Stelantis / whoever. It does not solve the problem from a valued customer standpoint. If we ever need a new key (and most of us will at some time), it shifts the costs of replacing the RF-hub to the vehicle owner.

As consumers, fans, and advocates of this product line we should demand a better resolution.
See less See more
Reply
Save
Like
MJS73
emichael said:
So because all manufacturers suck consumers should just accept it?


True, it is optional. That doesn't mean I don't want a better option.

True Microsoft, Apple, Google, etc all issue security patches on a regular basis. Those all fix vulnerabilities uncovered in their products. However, it is very rare for the security fix to be a reduction in feature functionality.

Imagine if Apple said, "To fix a design problem in the iPhone this security fix will lock in your current password forever. If you ever need to change your password you will need to buy a new phone." This is essentially what Dodge is presenting as an acceptable solution.


I respectfully disagree. I believe Dodge is trying to cover their butt by claiming to have done something, an "optional workaround" as you put it. "Sorry your car was stolen because we designed a crappy security system. Too bad you didn't take advantage of our optional workaround."

No "high horse" on my part, and carefully reviewing my previous post I did not suggest a lawsuit as a call to action. To explain, there are lawyers who thrive on this sort of opportunity to financially exploit every little problem a consumer may experience. And whether we like it or not, that is the unfortunate "reality" of our legal system at this time. I simply stated I am surprised no law firm has picked up on this.

In my opinion disabling the RF-hub or accepting a weak security system is a false dichotomy. Permanently limiting the ability to add new keys is a cheap band-aid to cover their butt legally. This protects Dodge / FCA / Stelantis / whoever. It does not solve the problem from a valued customer standpoint. If we ever need a new key (and most of us will at some time), it shifts the costs of replacing the RF-hub to the vehicle owner.

As consumers, fans, and advocates of this product line we should demand a better resolution.
Click to expand...
Every one of your arguments is specious (at best). Every car manufacturer that uses a key fob (i.e. every car manufacturer) uses the same system and faces the same problems. Corvettes are stolen all the time, where is your outrage against Chevy? Mustangsare stolen all the time, where is your outrage against Ford? iPhones are stolen all the time, where is your outrage against Apple? So Dodge comes along with an optional improvement to help you, one that takes away the RF hijack (which is the same problem that every car manufacturer faces, remember) and your response is that that's not good enough for you? Sorry, I didn't mean any disrespect, I didn't realize I was talking to the superior you. That Dodge doesn't run every decision past you and your common sense is an outrage.

Your analogy about the phones is ridiculous. "If you ever need to change your password you will need to buy a new phone." First of all, no one ever said that if you lose all of your keys (which is something you say everyone will do eventually, but I'd appreciate you leaving me out of your "everyone") you'll have to buy a new car. Second, if you do forget the password on your iPhone you'll have to enter recovery mode and erase the phone back to factory original settings, losing all your current data, apps, media files and settings.

No good deed goes unpunished, I guess, and I am sincerely glad that I am not of a generation where I am the arbiter of satisfaction, where everything is always someone else's fault and losing all of your keys should come with no repercussions to you. Go ahead, call a lawyer and file a class action suit (you can leave me out of the suit). And when the resolution is that the lawyer makes millions of dollars and you end up with a $5 coupon toward a new car you can post about your great success. But the fact that no lawyer has taken up your "cause" should tell you what a meritless suit it would be.
See less See more
Reply
Save
Like
  • Like
Reactions: 1
Destroyer Gray T/A
I came across this seemingly new kill switch on YouTube. No affiliation or anything just wondering if anyone else heard of this or tried it?
https://carcatcreations.com/
Reply
Save
Like
  • Like
Reactions: 1
1 - 20 of 27 Posts
Dodge Challenger Forum
A forum community dedicated to all Dodge Challenger owners and enthusiasts. Come join the discussion about performance, modifications, troubleshooting, Hemi Mopar power, power-adders, and more!
Full Forum Listing
Explore Our Forums
Newbie Check In! Dodge Challenger General Discussion Challenger Performance Mods - Engine - 5.7L HEMI Custom Challenger Exterior Mods - Body Dodge Challenger Scat Pack Forum
Top