• The Forums are now open to new registrations, adverts are also being de-tuned.

OBD Dongles - Secure?

Bellow

Bellow

Hardcore MB Enthusiast
Joined
Apr 26, 2010
Messages
10,664
Location
Ecosse.
Car
C2500 350, 450
As per the title, dongles that plug into the car's OBD port that employ either WiFi or Bluetooth to communicate to a tablet or smartphone.

I'm considering one to run the Torque app, but I cannot get my head around the notion that I will be driving around in a car whose ECU is connectable by signals over which I have no knowledge or control, allied to the recent thefts of cars using their OBD port for access.

Surely in the latter case enabling external access worsens the security - or would the ignition have to be switched on?
In the former case, what if a stray signal caused the engine to quit (or accelerate), or the gearchanging (AMT) to go haywire? In traffic or overtaking this could be fatal. What risk of a stray signal from aviation, or worse military? (low flying fighters around these parts is commonplace). And what would the insurance position be on either case (I've yet to hear of anyone 'declaring' a dongle).
Any ideas?
 
Bellow said:
As per the title, dongles that plug into the car's OBD port that employ either WiFi or Bluetooth to communicate to a tablet or smartphone.

I'm considering one to run the Torque app, but I cannot get my head around the notion that I will be driving around in a car whose ECU is connectable by signals over which I have no knowledge or control, allied to the recent thefts of cars using their OBD port for access.

Surely in the latter case enabling external access worsens the security - or would the ignition have to be switched on?
In the former case, what if a stray signal caused the engine to quit (or accelerate), or the gearchanging (AMT) to go haywire? In traffic or overtaking this could be fatal. What risk of a stray signal from aviation, or worse military? (low flying fighters around these parts is commonplace). And what would the insurance position be on either case (I've yet to hear of anyone 'declaring' a dongle).
Any ideas?
Click to expand...

When ignition is off, the bus is silent, so i assume the ECU:s are not listening to signals either. Regarding stray signals, i very much doubt the OBD port is wired directly to the main bus - in other applications i've seen, the diagnose bus is connected to only one of the ECU:s, and that ECU relays the signals to the other units (if the signals are legit).
Aviation and military do not afaik use bluetooth and wifi externally, and they would certainly not associate or "pair" with any old device and start communicating with it. Jamming the frequency maybe, but reprogram your ECU? I doubt it.
Regarding theft, when you are not in the car, why leave the dongle plugged in? I don't have it plugged when i am not using it, it uses a small amount of power always, to keep the bluetooth chip running.
 
Last edited:
tor_ake said:
When ignition is off, the bus is silent, so i assume the ECU:s are not listening to signals either.


Besides, when you are not in the car, why leave the dongle plugged in? I don't have it plugged in when i am not using it
Click to expand...

OK, that covers the theft while parked. Re unplugging - I'll forget to!

tor_ake said:
Regarding stray signals, i very much doubt the OBD port is wired directly to the main bus - in other applications i've seen, the diagnose bus is connected to only one of the ECU:s, and that ECU relays the signals to the other units (if the signals are legit).
.
Click to expand...

One ECU on my car and it controls everything (related to driving) and certain fetures are alterable via the OBD port, eg, by connecting two pins all safety electronics are disabled ie ESP, TC, ABS, Brake Assist, Hill Start Assist, etc. Apparently, random cross connection of pins can cause the ECU to go haywire.
 
Bellow said:
OK, that covers the theft while parked. Re unplugging - I'll forget to!



One ECU on my car and it controls everything (related to driving) and certain fetures are alterable via the OBD port, eg, by connecting two pins all safety electronics are disabled ie ESP, TC, ABS, Brake Assist, Hill Start Assist, etc. Apparently, random cross connection of pins can cause the ECU to go haywire.
Click to expand...

Ok, that would indicate that you can shutdown the communication between engine ecu and ABS/ESP by shorting the bus. Thats not good. Any other functions disappear?

Your car is equipped with at least 7 ecus, divided on different buses, with different speeds and importance. I would expect the obd connection wire into a less important one, but apparently not.
 
Just found out that security (immoboliser, central locking) is controlled by a seperate ECU (SAM) and does not connect with the OBD port.

Another thought ocurred though - wont the communication be one-way? The dongle a transmitter but not a reciever? Or is two-way communication required? I think, though may well be wrong, the data on the OBD I want from it cycles or scrolls through each item/parameter and is there for the taking without it being requested. Does that make sense?

The very fact that TC can be interfered with via the OBD port worries me a little. When TC is activated - all engine power is cut....
 
tor_ake said:
Ok, that would indicate that you can shutdown the communication between engine ecu and ABS/ESP by shorting the bus. Thats not good. Any other functions disappear?

.
Click to expand...

I don't know. Bridging two particular pins to disable the electronic safety aids is known, and is done to disable the TC in snow and for dyno testing, and by some who do track days.
 
Once a bluetooth device is paired and connected it cannot connect to another device as well (well some can but not the oBD tools). During pairing you normally have to provide an authorisation code so unless your phone wasnt connected and someone knew the code then they couldnt connect.

I would suggest that these questions would be better aimed at the manufacturer of said devices and that if you are this concerned about the safety of using one tthen simply dont do it.
 
MattDC said:
Once a bluetooth device is paired and connected it cannot connect to another device as well (well some can but not the oBD tools). During pairing you normally have to provide an authorisation code so unless your phone wasnt connected and someone knew the code then they couldnt connect.
Click to expand...

Is the above true also for WiFi?


MattDC said:
I would suggest that these questions would be better aimed at the manufacturer of said devices and that if you are this concerned about the safety of using one tthen simply dont do it.
Click to expand...

If only it were that easy! Chinese goods on ebay - enough said...
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Similar threads

D
Enabling CarPlay/Android Auto
Replies
4
Views
585
Alfie
Alfie
Jimmcb
Western Mercedes Edinburgh and MBUK
Replies
19
Views
2K
Fastcar155
F
garycat
[SOLD] iCarSoft MB v2
Replies
0
Views
2K
garycat
garycat
S
Viano grey smoke saga
Replies
10
Views
2K
Steeelyglint
S
A
C180 Coupe w203 54 plate Fast Idle - £1000 to fix
Replies
2
Views
383
ashenfie
A
Back
Top Bottom