Resources for protecting your car from attacks

[gr1nch]

Having one's car attacked can be devastating or, at best, merely inconvenient. Attacks include:
* theft of the car
* its contents
* damage (mindless vandalism, also forcing to gain advantage, e.g. window, ODBII port, dash,
* malicious (e.g. to cause an accident)

For privately owned vehicles, often it's immensely upsetting, hugely inconvenient and costly. If someone wants to protect their car efficiently and comprehensively, then knowing what the attacks are is essential.

Before I list what I've found out so far, a word about cost as I've seen posts along the lines of "your car is insured, so get over it". Yes, a stolen car may get you a full insurance payout, but even if adequately replacing one's pride and joy turned out feasible, then there's the excess to shoulder and a likely increase in insurance premiums. Alternatively, if something is stolen from your car, with no provable sign of entry, then it's hard to convince an insurance company it actually happened.

# list of known Attacks
The are a number of known attacks on modern cars with electronic keys:

* Keycode. car access. e.g. Rolljam which jams your 1st key press to car, saves code, jams 2nd key press, sends 1st code, saves 2nd for later malicious use. Driver mistakenly thinks the 1st key press simply didn't work and was discarded, but the 2nd worked. Result: car entry after you walk away.

* Keyless Go car access and theft. Involves amplifying the signals between key and car, into tricking the car that your key is within physical range. Inside the car one thief presses down on the brake with a stick, usually telescopic, ingenious b******s. At least two posts on this (new C- and S-Class) here.
Defenses:
- turn off Keyless Go, or if not
- outside car, keep keys in a jamming pouch
- to help avoid personal attacks at home, some owners prefer to keep their keys easily accessible to intruders, e.g. on the stairs.

* Key creation car theft. Access to the car's OBDII port to program a blank key into a working one.
Defenses:
- OBD port lock and key
- Disable port via COMAND?

* Phone app. Attack vectors primarily any of:
- stealing the phone
- conning the user into installing a Trojan horse app that appears to behave as the genuine app
- copying authentication data fool app config files (by physical access to phone or remotely via malicious app)
- man-in-the-middle over the network attack between app-server-car intercepting genuine commands and issuing bad guy ones
Defences:
- either do not enable or disable app access, or if not
- don't have a rooted phone
- install the app only from on an official supplier on the Android or Apple app stores, not a 3rd party website
- check the app stores your credentials on the phone are encrypted strongly (at least makes the bad guys try brute force, though that would be automated too)

* Immobilisers
The are one's, e.g. Ghost, which disable the car either to prevent 1st start or to permit first start but then immobilise after N minutes or km. This allows you the ability to get away from hijackers but then recover your * Immobilisers later.

* Steering Locksq
Any good ones used ?

Not an exhaustive list, but intended as a start, for other to post their tips and knowledge...

Resources:
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
9 manufacturer mobile apps which were, at publishing, exploitable.

http://www.mbclub.co.uk/forums/gene...brand-new-c-class-stolen-2-minutes-drive.html

Securing your car with the ?OBD Saver? ? Lock Technology News



Sent from my XT1032 using Tapatalk

 

[neilrr]

https://www.amazon.com/dp/B01I497JAM/

 

[camerafodder]

[YOUTUBE]Rx6WB5YJia8[/YOUTUBE]

 

[Monkeylegend]

I have 2 attack cats, one for each car.

I also live in a very low crime area, so it could be something to do with that and not the cats

 

[moonloops]

Option 3 - move to a nicer neighbourhood

 

[190]

Option 3 - move to a nicer neighbourhood

That's the smartest move. Insurance is lower and the peace of mind is priceless.

 

[gr1nch]

And the wife and I are looking to do just that. Back next week in Lincolnshire to visit houses..

Sent from my XT1032 using Tapatalk

 

[moonloops]

Back next week in Lincolnshire to visit houses..

Sent from my XT1032 using Tapatalk

Are you hiring 1940's outfits so that you blend in?

 

[E55BOF]

Or maybe buy some 'essence of rotting veg' to do the same thing...

 

[190]

I have lived in the same house for 24 years and I have zero fear of my car being vandalised or stolen. What I do find interesting about this thread though is awareness of the high tech techniques like rolljam that might be encountered at a motorway service station. Keyless Go is a ridiculous gimmick and I wouldn't have as an option for free but probably won't have a choice next time. Lets hope they fix it by then. Key creation with a laptop is a real puzzle. How come the MB dealer can't do that for you in 10 mins when you need a spare key or why haven't enterprising outfits been set up to do it at a fraction of the cost MB charge.

 

[UrBusted]

Option 3 - move to a nicer neighbourhood

My neighbourhood is meant to be safe as it is a gated community with concierge service, yet at least 5 cars including mine have been broken into. I guess if they want something, not much will stop them from taking it.

 

[Teflonso]

My neighbourhood is meant to be safe as it is a gated community with concierge service, yet at least 5 cars including mine have been broken into. I guess if they want something, not much will stop them from taking it.

Moonloops suggested a nicer neighbourhood, not one where the presecence of nickable stuff is advertised with gates and a concierge. It's not your neighbours that's the problem, scroats are willing to travel if you give them a heads up.

You'd be better off slightly downmarket, just don't move all the way to Scumsville.


.

 

[UrBusted]

Moonloops suggested a nicer neighbourhood, not one where the presecence of nickable stuff is advertised with gates and a concierge. It's not your neighbours that's the problem, scroats are willing to travel if you give them a heads up.

You'd be better off slightly downmarket, just don't move all the way to Scumsville.


.

They don't appear to be deterred by anything, looking at solutions of preventing them from coming even near to the house but not even CCTV stops them

 

[kid-jensen]

They're not deterred because of the lack of any kind of punishment..

Back on the streets in hours, after a waved finger and a stern look form the plod, then return to their "day job"..

The coppers in those Police Stop-type programs amaze me......all that chasing about and wrestling with low-life, just for the judge to let them off with barely more than a caution.. I don't know how they keep on keeping on.

Or maybe only the ones on TV do?

 

[gr1nch]

Nice to see the guardian monkey is still the default image - brings a smile every time it flashes by

Sent from my XT1032 using Tapatalk

 

[gr1nch]

Reading through the car manual a thought occurred to me about protecting against rolljam, for cars vulnerable to this attack.

Since the last code the thief collects is useless if the car accepts a newer code, it makes sense to make this happen, for example, by shielding the key, holding it close to the car etc. Tough because these are radio waves.

Maybe manufactures should have made them context keys where at least you have to touch the car with it - rather than be 50ft away.

Sent from my XT1032 using Tapatalk

 

[Wigglesworth]

This I found to be a very effective method of protecting the hood star when you live in an E* postcode like we do!

Right up until the point that someone complained about it and sent the police to get me to take it off the car

Apparently it's illegal to firmly affix size 12 whisker barb hooks that have been cut down to you're hood star. The explanation was that I may seriously hurt someone if they tried to pull it off!
They didn't seem too amused when I told them that was the whole plan!!

I now remove my genuine hood star when I park up at home (stupid but it stops theft).

The law has gone crazy in this country, when did it become an offence to protect ones property?

 

[dejongj]

To me it makes no sense, if the want it they will get it. You get no discounts on insurance for doing them a favour anyway. Techniques constantly change. It isn't actually a deterrent, damage will still be done. Unless it is rare and irreplaceable it is just a great way to spend money in my opinion.

 

[219]

This I found to be a very effective method of protecting the hood star when you live in an E* postcode like we do!

Right up until the point that someone complained about it and sent the police to get me to take it off the car

Apparently it's illegal to firmly affix size 12 whisker barb hooks that have been cut down to you're hood star. The explanation was that I may seriously hurt someone if they tried to pull it off!
They didn't seem too amused when I told them that was the whole plan!!

I now remove my genuine hood star when I park up at home (stupid but it stops theft).

The law has gone crazy in this country, when did it become an offence to protect ones property?

No : YOU wouldn't hurt anyone ; the would be thieves would be the ones hurting THEMSELVES in the commission of an unlawful act .

There have been other ideas - such as electrically isolating the star and connecting a large , high voltage capacitor to it , or my favourite - using
a Dremel or similar to sharpen the edges of the star to razor sharpness

 

[Deleted128943]

Use a Disklock and always leave your car wheels turned and locked. I used these methods for years when parking at airports for two weeks of every month, other cars were attacked but not mine. Without the key a Disklock is impossible to remove without using a grinder and locking the wheels tuned makes it difficult to drag your car onto a low loader.