Reply to post:

Sons of IoT: Bikers hack Jeeps in auto theft spree


>> Seriously, where do you think the battery is, does that need another door to protect that?

It can go pretty much anywhere. And the article was not talking about unhooking the battery (which proper brands defend against by powering the alarm circuits with a small emergency power source NOT accessible from engine bay), but unhooking the alarm system. Because with the battery cut off you can't very well use the diagnostic port to register the duplicate key, can you, genius?

>> What if the alarm system box is in the cabin? What then? Is there a place on a car, or a device that will thwart someone armed with manufacturer knowledge and devices, AND a properly fitted key?

No, which is exactly my point, yound padawan. With a fitted key all bets are off anyway and it makes no sense that someone (allegedly) had to disarm some alarm system. So either there is shoddy reporting on the side of the DoJ that describe modus operandi wrong or some serious engineering idiocy.

>> All they needed to do was disable the primary alarm,

>> yes they needed to disable the alarm, THEN they needed to pwn the engine electronics security.

No, they SHOULD not need to do that. With a proper key the alarm should not go off. If your keyfob is out of juice or defective, opening the door mechanically with the cut key should not set off an alarm.

>> And so what. What if they just smashed and grabbed the car and hot wired it? Same thing,

Not really. That should set off the alarm. Just like tilting / rocking the car (think pulling/lifting onto trailer).

>> I say they did a fair job and a novel process. And nothing of value was lost!

I don't disagree, especially with "nothing of value" part. Because if the car is really engineered to bother it's customers with the alarm just because they dare to use a properly cut mechanical key I'd say good riddance. But, in reality, probably not even Mexicans would take possession of such shoddy lunacy, except for disassembling... oh wait, there you go.

>> Take the most advanced car and security; it can be thwarted with knowledge of the system, and that you can get to the vehicle and physically pwn it.

Without a doubt. But in this particular case, the not so uncommon case of a dead/defective keyfob would supposedly trigger the alarm even for the legitimate user. I mean, by including the cut key with the keyfob the manufacturer basically allows for this case. He says, well if you drop in a puddle, accidentally fire it from a spud gun or whatever, use the mech key, the transponder will disable the immobilizer even without power, well you're good to go. But if the DoJ is right Jeep thought differently, and I want to know who's the idiot here.

>> Duh. I've yet to see a car that can't be broken into. Do let Detroit know of your special knowledge, I'm sure they will hire you straight away! :P

Broken into will always work on a metal can with a huge amount of surface glass. And unfortunately driving away is also easy, even with high end brands. Because those idiots do not use proper protocols. It would be easy enough to thwart the "open the can and use diag interface to register new key then driva away" approach.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019