On the Evoque and siblings they were drilling a hole in the floor beneath the OBD connection and inserting a connector on a stick and powering/programming the car.

I guess that's factored into the insurance premium for the LR RR products.......desirability

Then they just hacksaw through the thin metal of the steering wheel and toss the intact chain aside.

 

I work with canbus systems and the utter lack of interest in security from manufacturers is shocking to say the least. If it was any other system that people's lives depend on, they would never be certified for production.

If they're that well prepared as to have a hacksaw tucked in their jacket, along with the hammer to break in, then probably nothing will stop them anyway, no matter what you do.

 

Better suggestions always welcome.

If they're that well prepared as to have a hacksaw tucked in their jacket, along with the hammer to break in, then probably nothing will stop them anyway, no matter what you do.

 

Better suggestions always welcome.

 

True but at least additional measures may make them walk by and try elsewhere...

http://www.birmingham.ac.uk/news/latest/2016/08/Millions-of-cars-at-risk-of-theft-due-to-flaw-in-the-development-of-keyless-entry-systems.aspx

 

The team, from the School of Computer Science at the University of Birmingham, found that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. ...

Dr David Oswald explained, “You only need to eavesdrop once. From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want. Manufacturers really need to take heed and review their security systems.”

I take it the 'rolling code' can't stop instant access, only subsequent?.

I think they managed to recover the keys used to create the rolling code. Though at least it says that up to 8 rolling codes are needed. I don't know whether that means 8 lock or unlocks.

 

"The researchers devised a correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop.

Dr David Oswald explained, “You only need to eavesdrop once. From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want. Manufacturers really need to take heed and review their security systems.”

Dr Flavio Garcia added, “It’s a bit worrying to see security techniques from the 1990s used in new vehicles. If we want to have secure, autonomous, interconnected vehicles, that has to change. Unfortunately the fix won’t be easy, as there is quite a slow software development cycle, new designs will be quite a long time in the making.”

The researchers suggest that car owners with affected vehicles avoid leaving any valuables in their car, and consider giving up on wireless key fobs altogether and open and lock their car doors the ‘old-fashioned’, mechanical way."

These are getting popular again -

 

 

Quite hard to take off with a laptop

To protect new, you'll have to go old school.

 

Plastic film over the glass vulnerable area on the inside, disclock as above, gear lock... if they fail and the alarm is useless, then disco the battery.... shame you can't swap dizzy leads anymore.

 

There was a map program back in the 2000's that could trick the ecu into valet mode. I'm sure you could get a map to do the same that needs a sequence to start or limit it to 2k. Enter the right sequence via cruise control stick etc to unlock, well switch

 

Personally, it's a nice problem to have, a disclock in the boot works, sort of.

True but at least additional measures may make them walk by and try elsewhere...

Agreed. That is why I suggested the chain around the steering wheel.

 

I think it unlikely someone is going to walk around with a hacksaw in their pocket. A screwdriver, maybe.

 

I think when they see the chain and padlock they would probably move onto the next, but this option is so much quicker to fit, and undo, and store than a Disclok.

http://www.birmingham.ac.uk/news/latest/2016/08/Millions-of-cars-at-risk-of-theft-due-to-flaw-in-the-development-of-keyless-entry-systems.aspx

 

The team, from the School of Computer Science at the University of Birmingham, found that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. ...

Dr David Oswald explained, “You only need to eavesdrop once. From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want. Manufacturers really need to take heed and review their security systems.”

 

 

I take it the 'rolling code' can't stop instant access, only subsequent?.

I would suspect that once you have the global master key and you sniff a code, you can pop it into a bit of code and know what the next valid key code will be.

At that point it's easy.

 

Still got the disklock and they are still quite serious bits of kit, although I'm sure you can get past them with the right tools.

Edited 15 September, 20169 yr by cheezemonkhai

 

Still got the disklock and they are still quite serious bits of kit, although I'm sure you can get past them with the right tools.

 

Like anything they just have to be good enough to get them to move on to the next target.

I'm surprised OBD ports aren't disabled with the ignition off.

Push button start vulnerability

http://www.thecarconnection.com/news/1107710_own-a-car-with-push-button-ignition-thieves-might-be-able-to-nab-it-with-this-gadget-video#src=10065

Push button start vulnerability

http://www.thecarconnection.com/news/1107710_own-a-car-with-push-button-ignition-thieves-might-be-able-to-nab-it-with-this-gadget-video#src=10065

 

That's why if your car is a target you shouldn't just rely on electronic security.

 

You need to invest in physical security as well.

 

Defense in depth, it's an old and well established principle.