IP-based engine remote enable switch

remote_enable_switch

[Mariano] owns a late 90’s Jeep Wrangler, and had no idea just how easy it was to steal. Unfortunately for him, the guy who made off with his Jeep was well aware of the car’s vulnerabilities. The problem lies in the ignition – it can be broken out with a screwdriver, after which, the car can be started with a single finger. How’s that for security?

[Mariano] decided that he would take matters into his own hands and add a remote-controlled switch to his car in order to encourage the next would-be thief to move on to an easier target. He describes his creation as a “remote kill” switch, though it’s more of a “remote enable” switch, enabling the engine when he wants to start the car rather than killing it on command.

The switch system is made up of two pieces – a server inside the car’s engine bay, and a remote key fob. The server and the fob speak to one another using IPv6 over 802.15.4 (the same standard used by ZigBee modules). Once the server receives a GET request from the key fob, it authenticates the user with a 128-bit AES challenge/response session, allowing the car to be started.

It is not the simplest way of adding a remote-kill switch to a car, but we like it. Unless the next potential car thief digs under the hood for a while, we’re pretty sure [Mariano’s] car will be safe for quite some time.

Comments

  1. Hackius says:

    Such encrypted equipment should come as a manufacturer option.

  2. Gray Simpson says:

    Actually, I’d rather it came as standard. Car manufacturers just don’t want to be liable when it fails. Can you imagine a proprietary system like this? It’d probably be based on SecurID.

  3. a rabid rabbit says:

    The title, my brain hurts :(

  4. mike bradley says:

    Seriously , would not tgif be easier simpler?

  5. mike bradley says:

    So sorry. From my cell auto text correct. Would not RFID be simpler?

  6. mik says:

    I imagine a simple RFID tag would be enough to protect this vehicle. Only high tech thieves would bother trying to defeat such a system (and I’m sure that the type of thief that wants the Jeep won’t even understand why it won’t start after the ignition is broken out)

  7. infrared says:

    Car thieves would still make the attempt before moving on……

  8. Stanson says:

    I did something like that, but use bluetooth module in car and mobile phone with software as a key.
    I get simple car alarm with central lock (lock it’s the only functionality I use), take out PIC16F72 and replace it with a pin-to-pin simulation made from PCB with BT module. It’s possible to write your own program and reflash nearly any bluetooth module with CSR BlueCore Flash(or External) chip on board using BlueLab software. So, I write a simple program for bluetooth module to emulate PIC16F72 pins using PIO of BT module to drive all that relays in alarm. And a small BT utility for the phone to open and close the car. Works great over the year.

  9. Mar says:

    @mike

    I considered RFID as well (I do RFID dev. also — I have a OSHW board based on the trf796x that I will be releasing soon. Code for it is already available here: http://git.devl.org/?p=malvira/trf796x.git;a=summary )

    Anyway, there are a few complications with RFID. The first question is were does the antenna go? The most convenient place would be to put a reader in the passenger compartment. This would require running wires from there into the engine — which is a giant pain. Secondly, it’s not as good since you still have wires an attacker could mess with. You could do a secure digital link, but you still have the wires to run…

    So I ended up with the solution most people have which is just a key fob you carry around.

    -Mar.

  10. Eddie says:

    Pull the fuse for the fuel pump and the car won’t run. Put in a switch, in an inconspicuous location to control the power going to the fuel pump as a permanent solution.

  11. opihimom says:

    One of the beauties of @Mariano’s Jeep is that (like all soft tops) there’s really no point in locking the doors. Therefore, unless the next potential thief is on autopilot, he won’t have to add a new window to his repair bill.

    If he’s using a hard top in the winter, then never mind.

  12. Mar says:

    @Eddie

    I wanted to avoid running wires from the engine into the passenger compartment as it’s a giant pain (esp. when you have all of these wireless microcontrollers lying around).

    I also wanted something “somewhat” secure as opposed to just hidden.

    -Mar.

  13. Mar says:

    @opihimom

    Yeah, I have a soft-top, but my thief was on autopilot: he forced the driver side lock open.

    -Mar.

  14. raidscsi says:

    When I had my convertible I never locked the doors and never left anything important in the car. One razor blade is all it takes to ruin the top, so he can steal my fast food change…

    Sisters car was broken into to steal a empty back pack. Shattered the passenger side window. Door locks serve no purpose other than to lull the minds of the users into thinking their car is safe.

    Biometric authentication is the way to go.

  15. raidscsi says:

    Also @ Eddie, hidden kill switch on fuel pump is the KISS idea of the day.

    Old truck had leaky fuel injectors so before you stop the engine you turn of the fuel pump and let the injectors run dry to prevent flooding the cylinders. And provided a extra security level since the doors had no locks.

    Old hard drive magnet on a keychain, hidden reed switch inside dashboard. Use a 12v relay in series with the starter solenoid fuse.

  16. fartface says:

    A single toggle switch cutting power to the fuel pump will do the same thing. Hide the $0.59 switch in a location that is not obvious and the thief will be foiled.

    Contrary to belief, thieves will not take hours looking for things in your car, IF they can not do what they want in seconds, they take off.

  17. Drake says:

    Another solution. Place a 100 ohm resistor switched in parallel with the coolant temperature sensor. With the engine cool and the sensor reading below 100 ohms the ecu will think the engine is hot and try to start it with a leaner mixture. Trust me it will not start that way.

    Bonus points: While you are in there you can add a 1k ohm resistor switched in series with the sensor. When you flip the switch the ecu reads the engine as cold and runs a richer mixture. Awesome when your crawling.

    Another security flaw is that the engine can be started without damaging any components either. Bypass the ignition relay, unscrew the starter wire from the distribution point and touch it to the battery. Veroom. Had to start my XJ that way once. Make sure it isn’t in gear first!

  18. James says:

    At the end of the day if a theif wants to steal the a specific vehicle, they will know the wiring and electronics. The ONLY way you can make this reasonably secure is if you drop the standard wiring and put the security code in the ECU software itself – without that it’s just a matter of time to find the correct wires to bridge/remove. there’s no point having an ultra-secure switch, it still has 2 wires going to the /insert chosen items/ and so is easily defeated.

  19. James says:

    “Contrary to belief, thieves will not take hours looking for things in your car, IF they can not do what they want in seconds, they take off.”

    Not true, if your car isn’t a rot box they will actually invest some time in the process. I know of at least one car who had most of the ignition and fuel pump circuits re-wired to defeat the security.

  20. Mar says:

    @Drake this is why you need the good hood lock too!

    -Mar.

  21. Frank says:

    What?

    The screwdriver trick is THE hack. That’s how you start your car when your 1987 Cherokee chief car keys break. I used a pair of plyers…..

    I’m sorry, but unless its a really important car for you that is top shape, no rust after 25 years then by all means go for the anti-steal hacks.

    Other than that, if a guy stole your car – he probably needed it more than you:)

    Anyways, just leave little gas in the tank, have problems like the need to double-clutch every speed and general car trouble will keep any thief within a 10 mile radius. You’ll get it back.

    Only problem with the no car key ignition – true story – just make sure no damn cop fool pulls up to your right side, looks inside, sees no keys, calls backup, follows you while waiting for backup and then BAMM they strike…

  22. @frank

    “I’m sorry, but unless its a really important car for you that is top shape, no rust after 25 years then by all means go for the anti-steal hacks.”

    actually what is important to me is that my car is there and ready to drive when I wake up in the morning to go to work.

    It was a huge pain in the ass to have it stolen.

    Other then the bother of the whole thing, I have a custom rack I made for it which I was sad about losing. Buying a car is also a giant pain and I wasn’t looking forward to it.

    I held your opinion for 8 years — going through the hassle of having it _actually_ stolen changed my mind.

    I’m not sure I understand the readership of this site either. Really, the screwdriver is the hack? You would have rather read a blog post that said “look how easy I can break stuff with a screwdriver?” and then a bunch of pictures of me breaking things with a screwdriver?

    Well, breakstuffwithascrewdriver.com might be a fun site after all, but I didn’t think it qualified for hackaday

    Similar with all the “just wire a switch” suggestions. That’s what you come to this site to read? Wow. Ok. Maybe next time I’ll blink and led or something.

    -Mar.

  23. Timmah says:

    I would never mess with the wiring of my car because I’m not very good, but if I could, I’d love to have an ignition system that was simply a scale embedded in the driver’s seat that sensed my precise weight and knew it was me. Then I wouldn’t need to do anything beyond “sit down in the car” and have it start. The theif would have to be exactly my weight to take it, and I could recalibrate it after I gained / lost lbs.

  24. Daniel says:

    Mariano, I would just like to say thanks – you’ve made me aware of a technology I was unaware of – Contiki. I’ll have to do some more research.

    Also, Stanson – More info please!

  25. Eddie says:

    More on the fuel pump fuse…

    Pulling the fuse works on any car that has an electric fuel pump. Even a rental. On my last car, a VW Golf, the fuse panel was in the passenger compartment, near my left knee. I understand that some cars have the fuse panel under the hood, or some hard to reach location.

    The VW Golf used a relay that on one side was low current, the relay controlled the high current (4 Amps?) that powered the fuel pump. So ideally you would add 1 or more switches (AND) to control power going to the fuel pump relay. I never put a switch in my car, I just pulled the 4A fuse going to the fuel pump. I also thought of using a magnet to control a reed switch that would switch power going to the fuel pump relay.

    You can use any higher tech RFID/encryption to control the fuel pump relay.

    I also like the idea of messing with the coolant temperature sensor.

    How about using a cellphone to remotely control the fuel pump or some other basic function (Mass Air Sensor). I think some cellphones have GPS. Use a cellphone to disable a card, have it call home with the GPS of the stolen car.

    I also thought of adding an audio recorder, video camera to record the thief, so it can be arrested, add some timer so the car runs for 30 seconds and then stalls out in the street – 555 timer – but if the theif abandons the car, will it roll into another parked car, person???

    Car theives must DIE!

  26. Robb Satten says:

    I am looking to buy a device like this for my 2008 Honda Civic. Are you selling these or know where I can get one? Can you email me direct?
    IP-based engine remote enable switch

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,764 other followers