Will Chrysler's UConnect Web Offer USecurity?
In an effort to one-up Ford's Sync, Chrysler recently announced that it would be adding mobile wi-fi to its 2009 models through a dealer-installed add-on called UConnect Web. Should you drop $500 into it with confidence, or is this another way for someone to hack you?
UConnect Web will essentially be a cellular EVDO modem paired with a wifi hotspot. The hotspot is supposed to reach 50 feet away from your car in all directions, so you could theoretically use it to surf the web while driving (presumably the passengers, not the driver, would be doing this), tailgating, waiting for your kid's soccer practice to end, or even sitting in your tent. (If you're not too far away from EVDO service, that is.)
I'm not going to comment on the merits of such a system; some people will like it, others will say it's a sign of the decline of our civilization. But I am going to comment on the security of this setup. Not much was mentioned about it, but what struck me was that the system encrypts its signal with WEP. WEP? Really? Is that such a good idea in 2008? Hasn't WPA been around for a few years now?
So, given that they're using an old, easily hackable encryption protocol, can I trust that they're using better safeguards elsewhere? I mean, if someone could sniff my credit card number out of the air while I'm doing some shopping at a rest stop, can I be confident that those same hackers can't, I don't know, wipe the memory of my car's engine management computer?
Sure, it's unlikely that this system is that tied-in with the car's main electronics, but can I at least buy my own mobile router and hook it up instead?