RichSNJ
Well-known member
So, I watched a video the other day that revealed that one of the most popular cars to steal in Canada right now are Ram 1500's. Apparently they're very popular overseas. So they were talking about how they are stolen and it basically revolves around using a high end OBD tool and then programming it to be a key for the car in some way. There was even a guy with a WK2 who posted a video of them stealing his Jeep...
Now, this is an industry wide problem, not necessarily a FCA / Stellantis problem, because you can pretty much do it with any car.
I figured I would be proactive and figure out a way to disable my OBD port, and I decided I would put a switch on the power line somewhere up in the dash so that the switch would have to be on before the port would get any power. No biggie if the OBD port wasn't powered under normal circumstances, so I figured that would work pretty well.
But - it did occur to me that we're supposed to have the nifty Secure Gateway Module which is supposed to protect us from this kind of attack. This is where this becomes a FCA / Stellantis problem....
So I knew about this bypass cable you could get, but I wasn't really sure about what it was doing until I researched this. Turns out there are two connectors that plug in under the passenger footwell into the SGM, and if you want to use an OBD tool, you simply get a 15 dollar cable and unplug those two connectors and plug it in to your cable and you're good to go. Apparently the thieves know all about this and go right for the passenger side when they're stealing Jeeps.
So here's my question... I plan on asking this next week to the service department at my dealer, but I'm expecting a blank stare in return...
Does anybody know what the ramifications are of disabling the power connectors to the SGM? Disabling the power line to the OBD is no big deal as it's a dead end, but I assume that the SGM does something that might be important / missed when it's unplugged?
So while it would have been pretty easy to disable the OBD port, it may not be easy or possible to disable the SGM.
I'm really not all that concerned about my Jeep getting stolen in this manner as I don't live in a high crime area and it's in a garage, but on the other hand, why have an easily exploitable vulnerability enabled when there's no reason to.
Now, this is an industry wide problem, not necessarily a FCA / Stellantis problem, because you can pretty much do it with any car.
I figured I would be proactive and figure out a way to disable my OBD port, and I decided I would put a switch on the power line somewhere up in the dash so that the switch would have to be on before the port would get any power. No biggie if the OBD port wasn't powered under normal circumstances, so I figured that would work pretty well.
But - it did occur to me that we're supposed to have the nifty Secure Gateway Module which is supposed to protect us from this kind of attack. This is where this becomes a FCA / Stellantis problem....
So I knew about this bypass cable you could get, but I wasn't really sure about what it was doing until I researched this. Turns out there are two connectors that plug in under the passenger footwell into the SGM, and if you want to use an OBD tool, you simply get a 15 dollar cable and unplug those two connectors and plug it in to your cable and you're good to go. Apparently the thieves know all about this and go right for the passenger side when they're stealing Jeeps.
So here's my question... I plan on asking this next week to the service department at my dealer, but I'm expecting a blank stare in return...
Does anybody know what the ramifications are of disabling the power connectors to the SGM? Disabling the power line to the OBD is no big deal as it's a dead end, but I assume that the SGM does something that might be important / missed when it's unplugged?
So while it would have been pretty easy to disable the OBD port, it may not be easy or possible to disable the SGM.
I'm really not all that concerned about my Jeep getting stolen in this manner as I don't live in a high crime area and it's in a garage, but on the other hand, why have an easily exploitable vulnerability enabled when there's no reason to.