The future is going great, guys. How much do these things retail for new, again? $53k-$72k? Cool. Coolcoolcool. And we just lost incentive subsidies on this type of vehicle, right?

We're going to have to start up new car companies, aren't we?

It's not just a funny "pushed to prod on a Friday" story; there's an infosec angle in there too.

The "Atlantis" architecture in these Jeeps has a "security gateway" (called the "SGW") between the online network-connected devices and the actual functional components; over the air updates are only supposed to be for things on the insecure side; secure-side updates are supposed to only be installed at a dealership.

This update was for the telematics module (" TBM"), which has the cell modems and connectivity hardware in it. The TBM _should_ therefore be on the insecure side of the SGW, and not be capable of interfering with secure-side systems.

But a bad TBM update is now known to be able to make the hybrid control processor go offline, which is what's causing the failures according to the codes the vehicle logs when it happens.

So there's a security zone violation happening in there somewhere.

Oh, Jeep's rep on 4xeforums also said the fix update would be going out silently, with no notification or action necessary even for folks with automatic updates disabled, which means Jeep has the ability to push a silent update that bypasses a user setting.

Which is not good either.

@briankrebs