[tsk1979]

Quote:

Originally Posted by longhorn

That clears the air. So if you have a key copied, you can just walk in, enter the default code and drive away. Child's play for any car thief worth his name.Therein lies the beauty of the iCATS. You cannot start your car even if a thief makes an exact copy of your key onto a blank new key. You car can only be started with the key that comes from the factory..

All cars do not have the same default code(unlike scorpio where 0000 is the code).
So the thief also has to get a copy of your user manual which has the key printed.

[thedreamcatcher]

Sorry to hear this. DId this happen to your car or someone else who owns the car and was parked in front of your house?

[anujmishra]

One of fellow TeamBHP member and Safari owner using clutch-steering lock with manual locks (Godrej, Link etc). He had gear lock installed but removed it as it was rattling and parking on incline was issue.
I think this crude way of locking is more effective for LX as we do not have any other option.
I think it is safe to have such deterrent. Immobilizer is nice to have but we are clueless how thiefs actually decoded it and stole Safari.

[nitrous]

I'm sorry for the loss, bro.
And I think it's an inside job.

[NetfreakBombay]

Quote:

Originally Posted by vidyasagar

Further, The EDC15x, EDC16X series of ECUs from Bosch are good 10 to 12 years old. cracking the security codes of these systems may be possible as the key length and algorithm complexity in these systems is long outdated. The latest generation EMS systems are Mighty. Forget the Automan v.5.11, Even Alibaba himself will not be able to do it.

It does not matter how strong Authentication / key mechanism is. For example you need not crack complex SSL (based on problic private key) algorithms to hack a site. You take sown a site by much simpler tools like XSS and SQL Injection (E.g. bug that allowed anyone to read anyone else's contact list in Gmail).

Similarly, even if Challenge->Response from ECU to Key (and vice verse) is impossible to crack, car might be vulnerable to other attacks.

Excerpts from article mentioned earlier in thread:

Quote:

Castles built on sand

Karsten Nohl's assessment of dozens of car makes and models found weaknesses in the way immobilisers are integrated with the rest of the car's electronics.

The immobiliser unit should be connected securely to the vehicle's electronic engine control unit, using the car's internal data network. But these networks often use weaker encryption than the immobiliser itself, making them easier to crack.

What's more, one manufacturer was even found to use the vehicle ID number as the supposedly secret key for this internal network. The VIN, a unique serial number used to identify individual vehicles, is usually printed on the car. "It doesn't get any weaker than that," Nohl says.

[amitk26]

Quote:

Originally Posted by NetfreakBombay

It does not matter how strong Authentication / key mechanism is. For example you need not crack complex SSL (based on problic private key) algorithms to hack a site. You take sown a site by much simpler tools like XSS and SQL Injection (E.g. bug that allowed anyone to read anyone else's contact list in Gmail).

Similarly, even if Challenge->Response from ECU to Key (and vice verse) is impossible to crack, car might be vulnerable to other attacks.

Excerpts from article mentioned earlier in thread:

Exactly netfreak that's what I was explaining a the whole concept of Challange -> response using a public and private key pair is based on a premise that private key will never be shared.
Moment a car physical key is handed over to some one t is vulnerable if the person has data reader device.

UMTS SIM uses one of the most secure challenge -> response but still the SIM can be cloned if it is physically handed over to someone who uses a reader and writer.

Similarly I see no reason why a Car key can not be cloned, There is no need for thief to crack the authentication ,Cloning the whole data on an identical device would make the pvt key available.

[razorBlades]

feel sorry for the theft! I hope you get your car back soon!

Sometime back I read on the news that there is a GPS assisted theft alarm systems, if it is installed in the car, how easy is it for the thief to find and remove it? is it worth having it in the car?

[getsurya]

Sorry to hear about the loss! These days it has become extremely difficult to protect good cars in certain parts of our country!

Pray that you get your car back soon...in good shape.

[NetfreakBombay]

Quote:

Originally Posted by amitk26

Exactly netfreak that's what I was explaining a the whole concept of Challange -> response using a public and private key pair is based on a premise that private key will never be shared.
Moment a car physical key is handed over to some one t is vulnerable if the person has data reader device.

Actually its slightly different. This attack does not rely on duplicating the Key.

Instead of attacking Key<->ECU auth, it attacks communication on car's internal network.

If that is successful, there is no need of duplicating the key.

[nijelj]

My father had recently got into a scrap with a safari 2.2, after which the safari guy attempted to run. dad reached for the key,pulled with all he had and got the remote in his hand. the key was still in the ignition. the safari was not able to start after that. also my BIL bought a safari recently and I saw that the key itself is a normal mechanical one. link to the immo is on the remote.
So it seems that there are different strategies used by OEMs.

[ghodlur]

Would it be a possibility that the Safari when it was stolen was not armed at all by the Immobilizer, reasons being faulty battery on the key fob. Does Safari immobilizer arms itself after certain period of time.

Does this issue means that the immobilizers in most cars are prone to theft? In that case what are the precautions which need to be taken.

[amitk26]

Just to clarify the Key which I and net-freak spoke off is the code in normal terminology and not the mechanical key.

The below passage does not apply to Safari as the immobilizer is based on fixed key and not AKA.

Dear netfreak when the paper you cited says that the protocols are not secure it also includes any breach of security if private key is let out of the device by any means in broader terms.

There are several possibilities for breaching AKA

1. Any RF of wired connection to the ECU is hacked ( breach of protocol) this will lead to man in middle kind of attack but this attack can be successful only if the man in middle has private key.

2. Breach of protocol security which leads to sharing of private key.

Dear Ghodlur : I am seeing this more as an insider attack or maybe owner left the user manual with code in it inside the glove compartment.
If remote battery is dead the vehicle will not start.

Just to clarify the Key which I and net-freak spoke off is the code in normal terminology and not the mechanical key.

The below passage does not apply to Safari as the immobilizer is based on fixed key and not AKA.

Dear netfreak when the paper you cited says that the protocols are not secure it also includes any breach of security if private key is let out of the device by any means in broader terms.

There are several possibilities for breaching AKA

1. Any RF of wired connection to the ECU is hacked ( breach of protocol) this will lead to man in middle kind of attack but this attack can be successful only if the man in middle has private key.

2. Breach of protocol security which leads to sharing of private key.

[verditer]

Quote:

Originally Posted by ghodlur

Would it be a possibility that the Safari when it was stolen was not armed at all by the Immobilizer, reasons being faulty battery on the key fob. Does Safari immobilizer arms itself after certain period of time.

Yes, in my Safari EX, the immobiliser becomes active after a certain period of time (few minutes of inactivity). But I think it doesnt get active if key is still present in the keyslot.

[dadu]

Quote:

Originally Posted by ghodlur

Would it be a possibility that the Safari when it was stolen was not armed at all by the Immobilizer, reasons being faulty battery on the key fob. Does Safari immobilizer arms itself after certain period of time.

Does this issue means that the immobilizers in most cars are prone to theft? In that case what are the precautions which need to be taken.

Quote:

Originally Posted by verditer

Yes, in my Safari EX, the immobiliser becomes active after a certain period of time (few minutes of inactivity). But I think it doesnt get active if key is still present in the keyslot.

The Security ECU detects the Door opening and then locks the Ignition after few minutes, if you forget to lock the Safari with the remote, but doors etc all remain open, only immobilizer is activated.

If you remove the battery, the immobilizer still remembers its last active state and returns to that after the battery is connected, therefore in all probability his Safari was towed not broken into.

[condor]

Quote:

Originally Posted by dadu

The Security ECU detects the Door opening and then locks the Ignition after few minutes,

Which type ? Physically opening the door, or just using the remote to un-lock the doors ?

FYI, my Sumo has a factory fitted remote + engine immoblizer. Immobilizer kicks in after a preset period of using the remote to unlock the doors. The door itself does not have to be opened physcially. The remote does not automatically lock the doors (in situations where the doors are unlocked but the doors are not opened).