As the old saying goes, there’s no such thing as a lock that can’t be picked. However, it seems like there are plenty of examples of car manufacturers that refuse to add these metaphorical locks to their cars at all — especially when it comes to securing the electronic systems of vehicles. Plenty of modern cars are essentially begging to be attacked as a result of such poor practices as unencrypted CAN busses and easily spoofed wireless keyfobs. But even if your car comes from a manufacturer that takes basic security precautions, you still might want to check out this project from the University of Michigan that is attempting to add another layer of security to cars.
The security system works like many others, by waiting for the user to input a code. The main innovation here is that the code is actually a series of voltage fluctuations that are caused by doing things like turning on the headlights or activating the windshield wipers. This is actually the secondary input method, though; there is also a control pad that can mimic these voltage fluctuations as well without having to perform obvious inputs to the vehicle’s electrical system. But, if the control pad isn’t available then turning on switches and lights to input the code is still available for the driver. The control unit for this device is hidden away, and disables things like the starter motor until it sees these voltage fluctuations.
One of the major selling points for a system like this is the fact that it doesn’t require anything more complicated than access to the vehicle’s 12 volt electrical system to function. While there are some flaws with the design, it’s an innovative approach to car security that, when paired with a common-sense approach to securing modern car technology, could add some valuable peace-of-mind to vehicle ownership in areas prone to car theft. It could even alleviate the problem of cars being stolen via their headlights.
This makes me think of stories my dad told be about wiring stuff up so you have to have say an annoying back blower (that had a rear HVAC thing) on to start the van, as a security measure, since a random thief would have no idea. Or having specific lights on to be able to start it.
My dad had a slow blow fuse on the igntion system, reated so it would blow after about a minute. This was bypassed by a audio jack in the glove box. So if you did not know about the bypass and hotwired the car, it would run just long enough for you to get out of the parking space than die.
As awesome of a hack as this is, it’s frustrating that the US is a country where this is considered a good use of research funding compared to how much of an uphill battle it is to push to get car computing more open and secure.
Or figure out why when I was a kid everyone just left their keys in their car and it was fine, but for some reason this changed
Were they all manual transmission cars? Cause that’s the best theft deterrent there is in the US anyway. Man I miss rowing gears…
Appreciate the logic but last I heard people in some places leave the doors open and windows down just to try and keep people from breaking windows to steal what’s inside.
I don’t leave my windows down, but I learned years ago to leave the doors unlocked and to leave nothing more valuable than pocket change and a phone charger in the car. Last week I lost the phone chargers out of all my cars, but at least I didn’tr have to replace any windows…
mythoughts62, I can’t imagine accepting that sort of thing. It’d be like never having a watch, phone, or wallet because I expected to be mugged every few weeks. I’d rather be broke in the woods eating berries, because that sounds like anarchy.
It’s very good advice for convertible owners.
Broken windows are cheap, cutting the top is much more discrete.
Saying an unencrypted CAN bus is a problem is a bit disingenuous; your basic TCP/IP link isn’t encrypted either, any encryption is on a higher protocol layer.
The vast majority of data on a vehicle CAN bus doesn’t need to be encrypted, but anything related to vehicle security should be, on a higher level. It’s perfectly possible to have a challenge-response system on an otherwise unencrypted bus.
Part of the problem is that automotive OEMs seem to be complete idiots sometimes; in some cases, the main ECU will give you the code to make a keyfob when requested *while the car is locked*. That doesn’t mean the CAN bus is to blame, the same would happen if the same braindead software would communicate over any other bus.
The major advantage of CAN over anything Ethernet based is that it’s a shared bus, with very simple wiring, without a need for packet switches. It’s also very easy to implement in small and cheap microcontrollers.
Sure, ethernet is being used in automotive for infotainment systems, but anyone saying ethernet will replace CAN for the whole vehicle doesn’t know a whole lot about automotive electronics.
+9999
Absolutely. Do you remember this Chrysler “hack”? When some guys found a vulnerability in a entertainment headunit (in former times called “radio”) and then could insert ESP messages into the CAN bus.
This incident brought us all even more crazy processes that only helps the guys working in assessment companies and consultants, without adding anything (not even security) to the product.
In my eyes this wasnt even a security issue, it was a fault of the car’s communication architect. Why was the headunit able to communicate on this specific bussystem and was not isolated on a non-safety entertainment bus by the gateway?
But this is the automotive industry: You always not even do barely enough to reach your technical goals. If you add one resistor to the product, no one even asks for the benefit. Sticking to practices known to be insecure for decades is also very popular. (not limited to wireless keyfobs)
And now ISO21434 will make so many consultants rich as f$$$ And the industry will continue with mindless process-fulfillment. And the products will still have vulnerabilities and they will never get fixed.
I can attest first hand to the idiocy.
I once worked on a security module that, per specification, stored it’s key in another module in the car. (This was to allow replacing “my” module. The replacement would query the “companion” module to learn the key.) Since the spec didn’t include encryption (and mentioned the companion module would be on a protected bus), I was instructed to not encrypt the key as it would be unnecessary complexity.
While the OEM’s specification for my module had lots of security requirements, the other module’s spec did not. And this was something that I discovered by chance. While working on a prototype of the new car, I had to wait for another developer who accessing a module on the same CAN bus as my module’s companion. The guy, noticing I was waiting, helpfully took a few seconds to read out the key from the companion module and tell me what it was. When I asked why he knew the security key for that module, he replied that the module had no security key as it was on a “protected” bus. (The guy had a Y-cable connected between his module and the bus to allow him to monitor messages to/from his module.)
Knowing there was nothing I could do about the companion module’s lack of security, I took advantage of the fact I already had AES in my module (to allow assembly line configuration from encrypted datamatrix bar code) to encrypt its key before sending a copy to the companion module.
Yes, I defied instructions, but I wasn’t going to not do something I knew I could do to make accessing the key less easy. My manager was concerned, but agreed as since the AES code was already present, this change would be practically invisible to the OEM.
(The encrypted datamatrix bar code and associated AES implementation was also my idea. It was to solve an issue raised by the assembly plant’s chief engineer. Since line workers were already scanning bar codes on parts as they installed, it was easy enough for the workers to scan an extra code on certain parts. This was considered a “great solution” and well worth the extra complexity.)
I’ve done shit like this in software dev, where what I was told to do was so stupid I basically opted to (potentially) ask for forgiveness rather than permission. It rarely came back to bite me because if the bosses were able to understand what I’d done, they’d also understand why I did it. They just had a tendency to refuse suggestions they didn’t understand rather than trusting the expertise of the dev they hired.
> The major advantage of CAN over anything Ethernet based is that it’s a shared bus
Ethernet is also a shared bus, at least before we had switches ;)
Indeed, and newer standards like 10BaseT1s also allow multidrop ethernet links, having a shared bus without switches between all devices
> The major advantage of CAN over anything Ethernet based is that it’s a shared bus,
> with very simple wiring, without a need for packet switches.
I assume you’ve never heard of 10BASE-T1S?
I started with 10BASE5 and a drill! Ahh, the vampire tap.
Encrypting can bus – make it even harder for legal OWNERS of the car to get useful information out of the computer system. $300 + “keys” for cars is sure not consumer friendly especially when there is probably $10 of cost in them.
I think encryption is not required, just authentication, and only in systems related with starting the car.
Wasn’t there a major tussle just to get car manufacturers to stop using encrypted CANBus networks and go to a standard (OBD and OBD2)? The solution is not “encrypt everything”. Products need to be accessible, especially when they are needed to diagnose and repair an item.
Anything that makes your car starting procedure “non-standard” is probably an improvement from an antitheft point of view, as thieves are on a time limit and probably not prone to troubleshooting. That said, if this becomes “standard”, it is kind of pointless, unless it’s embedded deeply in the car’s electronic brain. The easiest part of breaking into a car is getting inside (google “slim-jim”). Once you’re inside the cab, you can pop the hood. If you don’t care about damage, you can do it even faster with a crowbar. Once you’re under the hood, it would be trivial to jumper past this obvious electronic transplant that is sitting next to the battery.
Yeah, it’s easier to be discreet when you’re inhibiting ignition instead of the starter. Or maybe the injectors, or shift solenoids, electric parking brake, etc. Or any convenient fused circuits or anything else the ECU requires in order to run; I think there’s remote switchable fuses although it’s more discreet if you do it somewhere inline IF someone’s determined enough to troubleshoot your car.
Good idea until you use an aftermarket light bulb that draws more or less current than the OEM, or you cat just ages and things like the heater motor or window motors want a bunch more current to turn. Or even just in the winter when they have to run in sub zero temps. Now you might need to pull your window closed both to get it all the way closed and to make your cat start? At least the window motors are where they are easy to assist.
The main problem is car manufactures have an incentive NOT to make their cars secure – as you’ll go out an buy another one, or pay $$ for repairs..
It would be relatively straight forward to make a car secure, they just don’t want to.
Now THAT I agree with!
For a period of time in UK cars were secure because of so much TWOC’ing (taken without owners consent) going on and joy riding that insurance would not let you buy the car unless it was fitted with thatcham cat 5 alarm, while the alarm became well known there were so many people installing them that is was not easy to track down where the main unit was, you knew it was there but “where ?’ , this made any car fitted with a insurance forced alarm to be ignored over someone who did not have one.
Installer were encouraged to be creative in hiding the units.
In southern africa during late 90’s early 2000’s there was so much hijacking going on that Alarm makers and vehicle makers in SA go together and produced factory anti hijack alarms, they were fitted to all cars with Conlog/ Autowatch alarms and most people didnt even know it.
A ’73 rotted out satellite wagon came to me in the early 80s with the perfect antitheft system. Ran into a guy that had gotten slightly beaten up a few nights previously at a bar. He has been a jerk, and ran to the car to escape but it wouldn’t start. Bought it for $50 and it came with 2 pieces of heavy scrap sheetmetal to replace the missing rear floor pans. Found you needed to click the AM radio on or the car wouldn’t start (and no one my age thought of listening to am at the time here). Left it that way. Ran great! A Beast! but if you drove it in the rain your left leg got wet from the tire spray….
My old Rover P6 3500S wouldn’t start unless you cranked it first for 2 revs with full throttle.
Perfect antitheft device.
Mad Max is nigh…
Flicking your switches in the correct sequence to get your vehicle going.
A clever man might have a knife hidden under there…
Furiosa and the War Rig. Hauling Mothers milk. And the Knife is part of the gear shift knob.
There are form 1c automotive Bluetooth drop in relays for the fuel pump; no guzzoline : no run. Within 4weeks, thieves in Asia started to pop the hood to inspect the engine fuse box. A colleague in Shanghai has two incidents of theft attempts of his prized MercSUV captured on door security cams, both attempts abandoned and he suspects it’s the same group.
The best diy I had helped to install was a hidden microswitch under the handbrake which required a pattern to start else latch the dual airhorns for 100seconds. Based on attiny85 and two relay modules and a roller arm spdt microswitch. Car was a Bricklin and rolled and totalled years back.
Fine. But auto security is all theater anyway. Actually stealing the car itself is much harder but anyone thinking that a thief will stop and think for a second before smashing a window to grab something, anything, spare change, is deluding themselves.
It’s still kinda bananas in abstraction that we take potentially tens-of-thousands of dollars worth of property and just let it hang out there unsupervised amongst the public.
The idea that we shouldn’t try to stop people from smashing windows is what’s absurd. There’s a reason people are scared to go anywhere that there’s bars on windows.
My old mazda in 2001 required me to raise the rear left passenger window before being able to start the car. My current toyota requires me to hold the brake whole turning it on. There is no innovation here.
Key broke in my old Saab one winter, and before I got a replacement part, I needed to drive it. Turned what was left of the cylinder to “run” with a screwdriver and mounted a home light switch under the hood on the starter. That’s security!
I would have loved to see the face of someone trying to hot-wire the car, and finding out that their work was already done for them. In possibly the most horrendous of ways.
I didn’t drive often, and I eventually got the key/cylinder replaced. But for a while, it was awesome.
Security through obscurity, the most underrated kind of security.
Underrated or overrated? ;)
A freind of mine lived in a small city in Iowa, he had an old jeep that was basically AWOL from a scrap yard. One day he heard a commotion outside his home then his jeep start and drive away, as he went outside the police were right there , some folks robbed a grocery store a few blocks away and chose his jeep to escape in, poor choice! The police were upset that the crooks got away because my friend left his key in the jeep, my freind was like no worries and laughed a little then walked the cops to the next corner to find a couple very shocked looking thieves and his jeep in a near by driveway and were walking back to the police!?? Well you had to know the jeep had steering issues and you had to hold a pin in when making left turns or the wheel camee off in your hand and if you shifted the gears on the 5 speed without holding the shifter “up” the bent nail would fall out and the shifter came off the transmission as well , oh there was some issue with the fuel system sharp bumps caused the pump to shut off, there was a perfect bump just around the corner . Security or hazzard to others?? security can only go so far before its a problem for even the owner.
I would not call that “security induced hazard”, but “security by hazard”.
Not only does it disable the starter motor, it also forces the steam valve open so the kettle can’t built up enough pressure for locomotion..
It’s always good to add another possible point of failure (and perhaps another opening for a security breach) to a complex system…
Plenty of auto electricians in the 1990s made plenty of money from cars with half-baked “immobiliser” or “kill switch” mods. Car electrics are a very hostile environment and wiring fails often enough even when left the hell alone. I’m with the posters above, leave the doors unlocked, it’s cheaper than having some shithead smash a window or two just to check for coins in your ashtray.
Seems to me a number of things can happen in a car’s electrical system that change ‘tiny fluctuation’ and then the whole thing comes crashing down.
I don’t think the car environment is one where you should go for ‘tiny fluctuations’ to be honest.