Discussion on Anti-theft Hacking and Suggestions
#1
Discussion on Anti-theft Hacking and Suggestions
Hey Guys,
I wanted to open a discussion on preventing and thwarting theft, hacks, and break ins. As well as share some info on what I found during my research and what I plan on doing to ensure my new Superduty stays safe.
So this post was prompted by a few national news stories, as well as a couple of local stories that I saw on the news lately that got me really thinking about what I can do to keep my truck safe.
So unfortunately for me, like many others I am unable to park my new truck in my garage because its just too big, so now it must sit on my drive way which concerns me a bit. There has been a rash or people breaking into cars in neighborhoods near mine and they are using high tech methods to unlock the cars and steal what they want. They never set off an alarm, or break a window they just walk up and unlock and go.
I also saw news stories and articles showing how criminals can gain access to your vehicle and then use a programmer and your OBD-II port to program a blank key to steal your car.
So the threats I have identified and the solutions I will try are below but I would love to hear what you guys think and what you are doing to keep your truck safe.
1.) Old fashioned smash and grab. Not much we can do to prevent this other than adding deterrents such as bright exterior lighting, security cameras, leaving your truck locked or in a garage and having good insurance. This threat does not concern me as much because I believe these kinds of attacks are becoming increasingly rare and the criminals that are performing these kinds of attacks are easily deterrent usually by the the above methods. They are opportunistic criminals and will always look for the easiest targets. Also the factory vehicle alarms have come a long way, for example the motion alarms in our trucks would trip and the alarms will be blaring and they won't get very far with this kind of attack. I plan on employing some or all of the above ideas to make my truck less appealing.
2.) Using a mystery device to gain entry to the vehicle without tripping the alarm or breaking a window. From my research I have seen two theories as to how criminals pull off this attack. They both utilize your key fob and vehicle easy entry system to gain access quietly.
The first method involves a signal amplifier device. Your vehicle sends out a signal that is good for about three feet and if it detects your key the doors unlock and you can drive your vehicle. The criminals use a signal amplifier that amplifies this signal from a few feet to a few hundred feet and your key which is in your house responds and the doors unlock. I think these are the attacks that are happening near me. There is a cheap and easy fix for this attack. Store your key fob in some kind of metal box in your house. Your key will be unable to send the necessary signals while inside the metal box. Literally, this can be a cardboard box wrapped in aluminum foil, or a safe or your refrigerator. You can test the box by placing your key in this box and walking up to your truck if it stays locked your good to go. Also don't forget your spare key too. In addition to this you could add an aftermarket alarm, or a power kill switch to you vehicle.
The second method criminals can use to perform this kind of attack is using a device that they place on your vehicle to record your fob codes. Your key fobs and vehicle use a rolling code that is only used once but a criminal can by pass that with this device. What this device does is when you walk up to the truck and use your fob to unlock it. It receives, then jams and records the code. Your vehicle does not unlock because the signal was intercepted. You don't think anything of it and then press the button again and your vehicle unlocks are you go about your business. The criminal removes the device later and uses the saved code to unlock your vehicle. This is an elaborate attack but also easily preventable. All you have to do is get in the habit of not using your fob to lock and unlock the truck. Use the keyless entry system, or the keypad to unlock your truck and the lock buttons on the doors or handles or keypad to lock it. If you never transmit a single from your fob there is nothing to record. I think this kind of attack is very rare but possible with very cheap computer equipment. I also think you are only really vulnerable to this kind of attack at your home if your truck is parked in the same place every day. I doubt anyone is walking around the grocery store parking lots with this kind of equipment.
3.) The last attack is the most troubling because it actually involves stealing your truck. Criminals use one of the above methods or another method to gain access to your truck then use a hacked scantool to access the onboard computer through the OBD-II port and then reprogram a blank key to start your truck. I think this is less common then the above attacks but it is happening and the scantools are available on ebay and getting cheaper everyday.
There is not much we can do to prevent this kind of attack but there are a few things we can do. First any deterrents from item one of this list will help. Second, I have seen videos of people physically relocating their OBD-II port. They will tie wrap it up into the dash or add on OBD-II extension cable and run it to another area of the truck. The name of the game here is to frustrate the criminal enough to move on when he realizes it will take more time then usual to steal this truck. Also I have seen a couple of locks you can buy online that you can place on your OBD-II port that have a key. When not in use you simply plug in the lock and lock it with the key. I am not sure how effective this is because the port is plastic but its better then nothing I placed a link below to one website. Lastly, you could add an after market alarm with additional kill switches that overrides the factory alarm.
AutoCyb ? AUTOCYB: Driving Freedom
I plan adopting some of these practices and techniques to keep my truck safe. Many of these suggestions can be applied to any car not just Ford trucks. That being said I am not a Ford tech or a security guru, just another guy with a computer and a new truck so don't take what I have said above as law. I was just hoping I could spread the word on what I have found in my research and raise awareness. I would love to hear your guys thoughts, suggestions, perspectives on the subject. Thx
I wanted to open a discussion on preventing and thwarting theft, hacks, and break ins. As well as share some info on what I found during my research and what I plan on doing to ensure my new Superduty stays safe.
So this post was prompted by a few national news stories, as well as a couple of local stories that I saw on the news lately that got me really thinking about what I can do to keep my truck safe.
So unfortunately for me, like many others I am unable to park my new truck in my garage because its just too big, so now it must sit on my drive way which concerns me a bit. There has been a rash or people breaking into cars in neighborhoods near mine and they are using high tech methods to unlock the cars and steal what they want. They never set off an alarm, or break a window they just walk up and unlock and go.
I also saw news stories and articles showing how criminals can gain access to your vehicle and then use a programmer and your OBD-II port to program a blank key to steal your car.
So the threats I have identified and the solutions I will try are below but I would love to hear what you guys think and what you are doing to keep your truck safe.
1.) Old fashioned smash and grab. Not much we can do to prevent this other than adding deterrents such as bright exterior lighting, security cameras, leaving your truck locked or in a garage and having good insurance. This threat does not concern me as much because I believe these kinds of attacks are becoming increasingly rare and the criminals that are performing these kinds of attacks are easily deterrent usually by the the above methods. They are opportunistic criminals and will always look for the easiest targets. Also the factory vehicle alarms have come a long way, for example the motion alarms in our trucks would trip and the alarms will be blaring and they won't get very far with this kind of attack. I plan on employing some or all of the above ideas to make my truck less appealing.
2.) Using a mystery device to gain entry to the vehicle without tripping the alarm or breaking a window. From my research I have seen two theories as to how criminals pull off this attack. They both utilize your key fob and vehicle easy entry system to gain access quietly.
The first method involves a signal amplifier device. Your vehicle sends out a signal that is good for about three feet and if it detects your key the doors unlock and you can drive your vehicle. The criminals use a signal amplifier that amplifies this signal from a few feet to a few hundred feet and your key which is in your house responds and the doors unlock. I think these are the attacks that are happening near me. There is a cheap and easy fix for this attack. Store your key fob in some kind of metal box in your house. Your key will be unable to send the necessary signals while inside the metal box. Literally, this can be a cardboard box wrapped in aluminum foil, or a safe or your refrigerator. You can test the box by placing your key in this box and walking up to your truck if it stays locked your good to go. Also don't forget your spare key too. In addition to this you could add an aftermarket alarm, or a power kill switch to you vehicle.
The second method criminals can use to perform this kind of attack is using a device that they place on your vehicle to record your fob codes. Your key fobs and vehicle use a rolling code that is only used once but a criminal can by pass that with this device. What this device does is when you walk up to the truck and use your fob to unlock it. It receives, then jams and records the code. Your vehicle does not unlock because the signal was intercepted. You don't think anything of it and then press the button again and your vehicle unlocks are you go about your business. The criminal removes the device later and uses the saved code to unlock your vehicle. This is an elaborate attack but also easily preventable. All you have to do is get in the habit of not using your fob to lock and unlock the truck. Use the keyless entry system, or the keypad to unlock your truck and the lock buttons on the doors or handles or keypad to lock it. If you never transmit a single from your fob there is nothing to record. I think this kind of attack is very rare but possible with very cheap computer equipment. I also think you are only really vulnerable to this kind of attack at your home if your truck is parked in the same place every day. I doubt anyone is walking around the grocery store parking lots with this kind of equipment.
3.) The last attack is the most troubling because it actually involves stealing your truck. Criminals use one of the above methods or another method to gain access to your truck then use a hacked scantool to access the onboard computer through the OBD-II port and then reprogram a blank key to start your truck. I think this is less common then the above attacks but it is happening and the scantools are available on ebay and getting cheaper everyday.
There is not much we can do to prevent this kind of attack but there are a few things we can do. First any deterrents from item one of this list will help. Second, I have seen videos of people physically relocating their OBD-II port. They will tie wrap it up into the dash or add on OBD-II extension cable and run it to another area of the truck. The name of the game here is to frustrate the criminal enough to move on when he realizes it will take more time then usual to steal this truck. Also I have seen a couple of locks you can buy online that you can place on your OBD-II port that have a key. When not in use you simply plug in the lock and lock it with the key. I am not sure how effective this is because the port is plastic but its better then nothing I placed a link below to one website. Lastly, you could add an after market alarm with additional kill switches that overrides the factory alarm.
AutoCyb ? AUTOCYB: Driving Freedom
I plan adopting some of these practices and techniques to keep my truck safe. Many of these suggestions can be applied to any car not just Ford trucks. That being said I am not a Ford tech or a security guru, just another guy with a computer and a new truck so don't take what I have said above as law. I was just hoping I could spread the word on what I have found in my research and raise awareness. I would love to hear your guys thoughts, suggestions, perspectives on the subject. Thx
#3
Join Date: Sep 2016
Location: Edmonton Alberta Canada
Posts: 781
Likes: 0
Received 3 Likes
on
2 Posts
I a man not sure I understand how being able to communicate with your key fob would allow some one to gain access or codes. In case you mention of an amp.
Your key fob does not check the truck if it's locked just sends a signal. Although it will tell you if the signal is received in the case of the remote starter. Maybe they are xploiting this relationship.
By far the best solution I have had is a long range two way aftermarket alarm. It simply alarms the truck and sends you a very clear message so you can run out. It adds a human into the mix of the alarm and because it's aftermarket bypassing the OEM alarm is not enough. Now need to go through two hoops.
My greatest concern is the wireless home network updates that are allowed through the truck. A person could observe the relationship between the truck and the network when updating. Get a copy of the actual system update. And in theory spoof a server and network then upload their own modded software giving them full control of everything.
While figuring out the process would take some time I am pretty sure a person could take what they learn and apply it to any truck. Server spoofing and packet intercepting has been around for ages and encryption protocols are fairly easily hacked now.
Upload your own software that puts the truck back to factory reset where i would assume the truck will be awaiting key sync command if not fully unlock the truck and allow starting. Sky is the limit. Look at forescan users, vast majority are not hard core programmers and figuring it out as they go.
Your key fob does not check the truck if it's locked just sends a signal. Although it will tell you if the signal is received in the case of the remote starter. Maybe they are xploiting this relationship.
By far the best solution I have had is a long range two way aftermarket alarm. It simply alarms the truck and sends you a very clear message so you can run out. It adds a human into the mix of the alarm and because it's aftermarket bypassing the OEM alarm is not enough. Now need to go through two hoops.
My greatest concern is the wireless home network updates that are allowed through the truck. A person could observe the relationship between the truck and the network when updating. Get a copy of the actual system update. And in theory spoof a server and network then upload their own modded software giving them full control of everything.
While figuring out the process would take some time I am pretty sure a person could take what they learn and apply it to any truck. Server spoofing and packet intercepting has been around for ages and encryption protocols are fairly easily hacked now.
Upload your own software that puts the truck back to factory reset where i would assume the truck will be awaiting key sync command if not fully unlock the truck and allow starting. Sky is the limit. Look at forescan users, vast majority are not hard core programmers and figuring it out as they go.
#4
Interesting.
Here is what I have been told.
Your vehicle arms when the Ingnition is turned off, doors are locked.
When you get out of your vehicle, lock the doors by the door panel switch. This way no wireless communication takes place.
When unlocking your doors, use the key pad on the door or the key lock on the door (if you have one).
We need someone with some communication expertise to help out here, or someone from Ford.
Here is what I have been told.
Your vehicle arms when the Ingnition is turned off, doors are locked.
When you get out of your vehicle, lock the doors by the door panel switch. This way no wireless communication takes place.
When unlocking your doors, use the key pad on the door or the key lock on the door (if you have one).
We need someone with some communication expertise to help out here, or someone from Ford.
#5
Join Date: Sep 2016
Location: Edmonton Alberta Canada
Posts: 781
Likes: 0
Received 3 Likes
on
2 Posts
Beasley,
The truck will always be searching for signal. If you use the key pad or the lock button no signal will be transmitted. Is how it should be but only a Ford tech would know 100% and details like this would be highly guarded.
What makes me think is that remote starting the remote notifies you if the command made it through. So there has to be some level of two way communication but why it's not two way for alarm and locking is beyond me. It's like making a bike that can only do left turns because well why not. Who needs to turn right when can just keep turning left...
I am sure there is a reason and it's likely due to added complexity of the system that they did not wish to add.
Overall the likely hood of being a target is low. The skill level of this would be at the gone in 60 seconds range.
The truck will always be searching for signal. If you use the key pad or the lock button no signal will be transmitted. Is how it should be but only a Ford tech would know 100% and details like this would be highly guarded.
What makes me think is that remote starting the remote notifies you if the command made it through. So there has to be some level of two way communication but why it's not two way for alarm and locking is beyond me. It's like making a bike that can only do left turns because well why not. Who needs to turn right when can just keep turning left...
I am sure there is a reason and it's likely due to added complexity of the system that they did not wish to add.
Overall the likely hood of being a target is low. The skill level of this would be at the gone in 60 seconds range.
#6
#7
Join Date: Sep 2016
Location: Edmonton Alberta Canada
Posts: 781
Likes: 0
Received 3 Likes
on
2 Posts
That's great data, but I couldn't sleep at night if I worried this much. I have insurance. I'll do my part and make sure any valuables are removed, lock it and leave it. After all...at the end of the day, it's just a "thing" that is fixable and replaceable. Maybe Lojack to track it?
Trending Topics
#8
Thinking out loud: If the initial intent is to discourage the thief to move on, why not a simple car cover that has one of those locking cables that runs under the truck. It would only take a minute or two to put on/take off. Thieves driving by really don't know exactly what is under it. Plus, they would have to cut through the cover to access the door/interior.
Would be a simple and cheap first line of defense, not to mention keeping the neighbor's cat paw prints off the hood.
Would be a simple and cheap first line of defense, not to mention keeping the neighbor's cat paw prints off the hood.
#10
You would think in the technology's today, the OEM's could come up with a better way to help protect a vehicle's.
I have a friend who has a Navigator. On vacation at TGiving, went into a store, came out 20 minutes later, vehicle was broke into. Alarm did not go off. This was at 1:00pm.
Took the vehicle to Ford, nothing wrong with the system.
So, is this more on a vehicle with a push button start vs a key ignition or doesn't that matter?
It comes down to, if they want in, they will get in.
I have a friend who has a Navigator. On vacation at TGiving, went into a store, came out 20 minutes later, vehicle was broke into. Alarm did not go off. This was at 1:00pm.
Took the vehicle to Ford, nothing wrong with the system.
So, is this more on a vehicle with a push button start vs a key ignition or doesn't that matter?
It comes down to, if they want in, they will get in.
#11
One of our dealers is located in a not too savory neighborhood. Every car and truck on their lot has an ignition interlock system installed. Even with the key you need to know the code just like the door keypad. Since doing this they haven't had any cars stolen. They leave the system on the car at a nominal cost to the buyer who then can program their personal code. Our insurance carrier also gave us a discount for having the device. You won't stop the pros but you can stop the casual thieves. You can also program it for valet parking.
#13
#15
Join Date: Oct 2015
Location: Somewhere south of Denver
Posts: 18,775
Received 6,677 Likes
on
2,745 Posts
Thread
Thread Starter
Forum
Replies
Last Post
gimbel123
1999 to 2016 Super Duty
12
05-13-2018 02:10 PM