Big Car Club - MPV and SUV Forums
General Forums: => General Boards => Topic started by: gregers on December 02, 2014, 10:16:35 PM
just been reading up on various car thefts with keyless entry.
turns out its to do with the obd port,and a lot of peeps are either removing and positioning it elsewhere or installing a switch either to the fuel line or to the port itself.
worrying times for new cars/owners me thinks.
I've done a lot of work in this field and its actually been a security concern for a while, ever since the intro of canbus tbh. Since canbus is basically just a data network, its subject to attack just like any other and given that its classed as a private network (ie not subject to external influence) its unencryped.
The saving grace was that to gain access to the car would mean you had to break in somehow and subsequently, typically, the network was 'off' as you have no ignition. With the arrival of keyless entry the network is on and therefore code can be injected onto the network.
A few years back I had some software that basically showed all the commands bouncing around on the canbus, it was as simple as cut and paste the 'start' command to fire the engine bypassing the immobiliser entirely. I assume things have moved on a little but the crux is that stability and reliability of the network is more important then security.
It is a worry, surely the designers or people responsible for implementing this technology must be able to see the potential risks and vulnerability to manipulation? Sometimes it makes you think that these things haven't been fully thought through before they get beta tested on joe public! Of course there will always be ways to get around security but what you describe here does sound like a fairly glaring oversight if you can effectively bypass an immobiliser!
Yes and no, as at the bottom of that post the stability of the system is paramount - you can't have the car needed a restart because the ABS controller has crashed for example lol.
A network that is classed as private and with no external influence (ie, no way for an attacker to gain entry (ie, wireless data)) security of the system is significantly less important.