Making sense of Chrysler's Secure Gateway Module

May 1, 2019
Chrysler's Secure Gateway Module will change aftermarket access. Here’s what you need to know about the SGW.

You may have heard about Chrysler’s Secure Gateway Module (SGW) but in case you haven’t, it is going to change some things as far as aftermarket diagnostics is concerned. I put together a comprehensive write up on the SGW to help technicians understand how it works, why it is necessary, and how to prepare for service on SGW equipped vehicles. It contains some opinion in addition to information from Chrysler factory training as well as service info pulled from TechAuthority.

What is the SGW?

Let’s start by talking about what the Security Gateway Module is and its purpose. The SGW was implemented in some models in the 2018 model year and all models 2019 going forward. The SGW in short is a module whose function is to keep the communication networks secure. The SGW protects the vehicle networks from being exploited by creating a firewall between two portions of the network with the most vulnerability. These are the telematics/radio unit and the DLC.

So how does the SGW work? It separates the vehicle network into private and public sectors. The public sector includes the telematics unit and the DLC. Everything else on the network is considered private. Access to the private sector of the network is limited without authentication. As of now, authentication is limited to Chrysler licensed devices. I'll get into this in a moment.

(Image courtesy of FCA) The SGW is not a gateway in the sense that you are used to. It's more like a fence, blocking most of the modules from public access.

As for the physical structure of the network, the DLC connects directly to the SGW via a Diagnostic CAN C and a Diagnostic CAN IHS bus. The term diagnostic is used to describe the bus from the SGW to the DLC only. The SGW is also connected to the CAN C and CAN IHS busses on the private side of the network but is often not directly connected to the LIN bus. It is connected directly to the radio via a CAN IHS and sometimes an additional CAN C bus. These are also on the public side of the network. This is important to a diagnostician because although they are not identified as separate networks on the wiring diagram, the signals on the public networks may not mirror the private side of the network. The SGW wiring diagram may make it look like the SGW functions as a central gateway, but it is important to note that it is not used to communicate signals among modules on the private side of the network. It serves as a frame gateway and does not provide signal gateway functionality. The SGW does not contain any drivers and does not directly operate or control any vehicle components but rather allows only authenticated messages on to the private networks.

What is authentication?

The SGW authentication process takes place in the Chrysler servers. As of now, there are two tools that will allow authentication through wiTECH 2.0. The Micropod II and a J2534 device. I asked Joey Hendrich at AE Tools to help explain the advantages/disadvantages of these two options.

When using a J2534 device, the wiTECH subscription is registered to the software, essentially locking it to the computer. With the Micropod II, the wiTECH subscription is locked to the tool allowing it to be used on any computer, tablet, or even cellphone as long as a connection to the internet is available.

When working with the Micropod II, the vehicle communicates through the Micropod II directly with the Chrysler servers via WiFi. The browser of said laptop/tablet/cellphone logs into wiTECH to access vehicle communication. Given the path the data is traveling, you would think wiTECH would operate slowly and data would not refresh as quick but it is surprisingly as fast if not faster than most other tools on the market.

The operation through a J2534 device is a little different. A J2534 device works with drivers and downloaded software which is ported to the wiTECH cloud instead of using an internet browser.

With both of these systems an internet connection must be available at all times including during test drives. Most smartphones now have WiFi hotspot capabilities. Using a Micropod II, the WiFi must be registered on the pod as well as the laptop whereas when using J2534 device which communicates via USB, the WiFi must be registered to the computer only. This can make the pod less desirable for use when test driving.

It is important to note that the J2534 wiTECH software only offers coverage from MY 2010 forward. The Micropod II coverage goes back to 2004 on CAN vehicles and covers all models 2009 forward. Chrysler is also using MEGA CAN which is only supported by J2534-3 devices. While a J2534-2 device will work with wiTECH it may have limited functionality on some of the MEGA CAN vehicles. MEGA CAN is used on everything 2018 up but can also be found in the Renegade and Fiat 500 going back to 2015 as well as the Compass, Alfa Romeo Giulia, and Fiat Spyder in 2017.

What does all this mean for us?

Unauthorized devices will be allowed read-only or, what Chrysler calls, passive access to the private network. Passive means the ability to read codes and data but does not include the ability to clear DTCs, perform, actuator tests, special functions, ECU configuration, flashing, or module resets on the private side of the network.

As a mobile tech I have already had a few calls for code clearing, and I foresee that demand growing until the aftermarket comes up with a viable solution. There is, however, a ray of sunshine for repair shops not yet ready to invest in tooling right away, in that Mode $04 on the generic side of a scan tool will still allow codes to be cleared in the PCM only. When dealing with the engine controller, a sub $100 scan tool from the parts store can have nearly the same capabilities on these vehicles as a five-figure aftermarket tool with the latest updates. It is important to note that many generic code scanners will often show cleared codes as permanent codes whereas the wiTECH will not display permanent codes. This can be important when pre/post scanning.

(Image courtesy of AES Wave) Autel is one company that is offering a bypass cable to circumvent the SWG. It requires accessing and unplugging the SWG module.

FCA opened up access to aftermarket companies in November of 2018. Snap-on, Bosch, Autel and G-scan are all working with Chrysler toward a solution, but there will likely be some challenges getting a tool to work with the FCA servers and integrating a solution to the need for constant WiFi. I myself am curious to see if this will look like a normal scan tool operation or use the aftermarket tools as a pass through with the J2534 interface.

I have always said that many of the aftermarket tools are much more user friendly and often offer much better data display and recording features than the OEM tools. I have been overall impressed with the wiTECH software except the data graphing and record functions. These functions might end up being more user friendly on an aftermarket interface.

If you’re on the AESwave email list (if you’re not, you should be!) than you have probably seen the 12+8 adapter Autel has released. This cable essentially goes in place of the SGW. It will require removal or access of the unit which is typically located either under the driver’s side of the dash or behind the infotainment unit (the torque spec for the SGW bolts is 44 in-lbs. in case you were wondering). Removing the infotainment unit may not be ideal but since the SGW does not serve any function beyond securing the network it would seem like this should be a viable solution and would provide full network capability. Furthermore, this solution may be useful in diagnosing faults with the SGW as faults in the SGW may mimic faults in other modules. It is also notable that “no communication with SGW” codes do not exist. When using this cable. I might still expect to see communication codes associated between the radio and modules that communicate with it as the circuits will be interrupted.

Why the SGW?

Before you begin to think Chrysler is intentionally attempting to lock out the aftermarket using the SGW, let’s first talk about the security vulnerabilities vehicle owners face across all car lines, how Chrysler has addressed them, and how we may see other manufacturers jump on board with similar systems going forward.

In 2015, hackers were able to remotely take control of a 2014 Cherokee and manipulate many vehicle features including the steering and braking. This certainly wasn’t the first instance of vehicle hacking but it gained the most attention, much of which revolved around a well-documented video of the attack posted on YouTube. The video goes into detail about how the hackers studied potential weaknesses in the system and were able to manipulate them even going so far as to talk about the potential to target specific VINs and control them remotely using the cell networks, without ever needing to make physical contact with the vehicle. This led to a recall being issued on these vehicles and ultimately, played a role in the development and implementation of the SGW.

While the hackers in that particular instance focused on the telematics units, that is not the only weakness in modern vehicles. You will notice that the SGW also isolates the DLC which is what we, in aftermarket repair, are concerned about. Consider how many cheap Chinese dongles I am sure many of you have removed from your customers vehicles in order to connect your scan tool. I would say at least 25% of the vehicles I see daily have a dongle from either an insurance company, a DLC to cellphone code reading device or fleet/mileage tracker. All of these units work wirelessly and many of them transfer data directly through wireless or Wifi networks. It stands to reason that if hackers can hack a factory Chrysler radio/telematics unit, that getting into one of these networks would be less of a challenge. Hopefully I have painted a picture of why this type of technology is necessary and likely to become standard with other vehicle manufacturer.

I am told that other manufacturers like Ford, Nissan, and Subaru are following suit and that they may even be rolling them out in 2019-2020 models. I don’t necessarily think this will make the aftermarket scan tools obsolete however, I do see many changes on the horizon. Maybe the aftermarket tools are able to integrate with the OEM systems which would likely give them OEM capabilities like programming. At the same time, I could see this driving the cost of the aftermarket tools sky high. Either way, changes are coming, and it is up to us to be prepared.

About the Author

Mike Reynolds

Mike is the owner of Mobile Automotive Service Solutions in Charleston, SC as well as an automotive technology instructor at Trident Technical College. He holds certifications as an ASE Master Technician (A1—A9, X1), and is an Advanced Level Specialist in engine performance (L1), and Hybrid/Electric vehicles (L3). Mike’s passion for challenging diagnostics and desire to promote the aftermarket repair industry led him to take his career on the road. MASS incorporates vehicle programming and diagnostics with training allowing him to help upcoming and fellow technicians from “in the trenches.”

Sponsored Recommendations

Best Body Shop and the 360-Degree-Concept

Spanesi ‘360-Degree-Concept’ Enables Kansas Body Shop to Complete High-Quality Repairs

How Fender Bender Operator of the Year, Morrow Collision Center, Achieves Their Spot-On Measurements

Learn how Fender Bender Operator of the Year, Morrison Collision Center, equipped their new collision facility with “sleek and modern” equipment and tools from Spanesi Americas...

ADAS Applications: What They Are & What They Do

Learn how ADAS utilizes sensors such as radar, sonar, lidar and cameras to perceive the world around the vehicle, and either provide critical information to the driver or take...

Banking on Bigger Profits with a Heavy-Duty Truck Paint Booth

The addition of a heavy-duty paint booth for oversized trucks & vehicles can open the door to new or expanded service opportunities.