Car Thieves Arrested After Using Laptop and Malware To Steal More Than 30 Jeeps

New submitter altnuc writes: Two thieves in Houston stole more than 30 Jeeps by using a laptop and a stolen database. The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked! The Wall Street Journal issued a report in July with more details about how hackers are able to steal cars with a laptop. The whole process takes roughly 6 minutes. CrimeStopHouston has posted a video on YouTube of one of the thieves in action.

I'm not a car guy

[rsilvergun]

but is there a reason it's so easy to reprogram the key fobs to start a car? I mean, my bloody credit card has a chip in it for Pete's sake and I got it free with my account. Heck my crummy bank card has one.

Re:I'm not a car guy

[Barny]

And those are probably just as easy to skim and duplicate.

Also, wasn't this done in an NCIS episode about 5 years ago? I mean, come on Jeep!

Re:I'm not a car guy

Incompetence. More secure systems program the car to the fob, not the other way around. Subaru for instance. The fobs are not re-programmable - the cars are.

Re:I'm not a car guy

Me & my wife are still practicing efficient typing on one keyboard. Maybe one day...

Re:I'm not a car guy

[flyingfsck]

When key broke, it took the dealer a week to update their Windows PC, get the proper software and program a new key, so I guess a thief could really do it in about 5 seconds...

Re:I'm not a car guy

[ArchieBunker]

Neither of you have a clue what you're talking about. They started doing rolling codes now but the list isn't that great so you can still brute force things with an HackRF. And no those keyfobs aren't easy to program or clone. Do you know the most popular stolen car is still 90s Hondas? Rarely do newer cars get stolen anymore. Now its all about factory wheels that cost $2k each to replace.

Re:I'm not a car guy

The chip in the card is very hard to "skim" actually. There is no direct access to the memory so you can't just grab an image from the chip to play with off-line. At least, not without some tricky hardware hacking.

That's why they're more secure than the old magnetic strip.

Re:I'm not a car guy

Probably easier to kidnap a person and hold them for ransom (maybe take them to an ATM) than it is to duplicate a credit card's chip.

Of course right now you don't need the chip to do online purchases, and only half of stores appear to be using the chips. And it's probably pretty easy for a thief to convince a credit card company to send a replacement in the mail, then come back and grab and activate the replacement. (you are using your victim's wifi network anyway, aren't you?)

Re:I'm not a car guy

[lucm]

It's called Peer Firewalling, it's the latest trend in cybersecurity. One adds the firewall rules, the other handles the "firewall-cmd --reload" calls.

Re:I'm not a car guy

Of course right now you don't need the chip to do online purchases...

Hello! You have a shitty bank in a shitty country full of shitty banks, shitty CC firms, and shitty merchants.

It would be extremely difficult if not impossible for any charges to be made to my Nordea bank card without the use of the actual card. *And* a card reader--either that of the merchant (instore), or mine (online). Chip & PIN *all the way*, baby.

I guess someone looking like me, having my ID, and knowing things not on the ID but which the bank has on record like my address and phone number might be able to go to the bank (I think they've still a physical office or two) and make a withdrawal without it, but that's a long shot that I guess I'm willing to live with.

Re:I'm not a car guy

[mjwx]

but is there a reason it's so easy to reprogram the key fobs to start a car? I mean, my bloody credit card has a chip in it for Pete's sake and I got it free with my account. Heck my crummy bank card has one.

Usually they aren't. What they're doing here is essentially cloning key fob's from a master.

If you lose all your keys, the only way to replace them is to replace the entire locking system as you cant clone keys from the system in the car. It's a bit like PKI, the car contains the public key, the fob contains the private key.

Of course this is Fiat-Chrysler we're talking about here, so the security is likely to be designed by drunken monkeys.

Re:I'm not a car guy

[pcjabber]

The fobs are not re-programmable - the cars are.

The factory-supplied fobs aren't reprogrammable, but that doesn't mean you can't buy other types of RFID fobs that could be cloned from the official manufacturer fob.

In general, if it communicates wirelessly, there is ALWAYS a way to eavesdrop/snoop & then clone or spoof the transmissions. (Might take more time than it's worth, depending on encryption (etc), but it is theoretically possible.)

Re: I'm not a car guy

Just like ssl connections...

Secure key fobs have a private key and the car has the public key. The key fob transmits signed messages only and the private key can't be retrieved from the fob.

Re: I'm not a car guy

Thank you for posting your insights about our banks in reply. Such knowledge has already made US banking completely secure and it will only improve above 100% with more time!

If only any single one of us Americans had any clue before your posting today, why our money situation would have been as perfect as unicorns and week long orgasms!

Oh wait, no, your needless and pointless insults towards people with no control over how our banks act haven't helped a damn bit.
My mistake, and it is of course I who apologize for spilling that bottle of sarcasm all over the forums.

Re: I'm not a car guy

Last I heard the US was still a democracy, so in the end you all have control, if only indirect and not individually...
Also people don't seem to complain much to their banks.
I think I give you the pointless insults on the "shitty country" party, but I think the "shitty banks" seems like a fairly accurate description of the situation in the US (and that from a country where paying online is definitely not chip & pin).

Re:I'm not a car guy

[maeka]

Do you know the most popular stolen car is still 90s Hondas? Rarely do newer cars get stolen anymore.

90's Hondas weren't the most popular car to steal in the 90's. You're confusing the stolen car market (parts) with ease of theft. New cars aren't stolen at the same rate as older cars not because they are harder to steal, but because there demand isn't there for their parts.

Honda always tops the list not because Hondas are easier to steal, but because they are ubiquitous (thus probability is in their favor when it comes to the joyride market) and because the black market for parts (organized theft) needs more Honda parts than Mercedes.

Re: I'm not a car guy

And like any other database, you encrypt/salt the keys in the database. The screwup here is that someone leaked the database that contained unencrypted sensitive data.

Re:I'm not a car guy

[ChumpusRex2003]

I don't know what the current auto security tech is, but proper PKI was shunned for a long time. Possibly for reasons of key battery life, or silicon IP costs.

I wouldn't be surprised if current systems are using techniques like HMAC, where both the car and the key use a pre-shared key. In this case, the factory keeps a copy of the database matching VINs to private keys. This allows a dealer or authorized locksmith to either order a new pre-programmed key from the factory, or possibly request the key for field programming a new key. Of course, if that database gets compromised....

If a proper PKI system was used, then it would be possible to program the car to a new fob, by having the fob transmit its public key to the car, and having the car add it to the authorization database.

Re:I'm not a car guy

[Lumpy]

To make dealerships more money.

BMW makes 10 keys for your car when it's made. when you lose all 10 keys, the dealership is required to point and laugh at you while live streaming to youtube.

It takes a few days for the key to arrive for your car, It's part of the punishment for being a dimwit and losing all your sets of keys.... because your car was sold with 3 freaking sets.

Note: if you buy a used bmw and they dont hand you all 3 sets, the previous owners are scumbags, or the dealership is a scumbag. They "found" my extra 2 sets when I said.. "nope, no deal. I dont want to buy a car that someone else has a key to."

Suddenly the dealer found the other set and the valet key.

Re:I'm not a car guy

[Bing+Tsher+E]

Now its all about factory wheels that cost $2k each to replace.

Car culture sucks.

Re:I'm not a car guy

I thought everybody associated with BMWs was a scumbag.

Re: I'm not a car guy

The above ac seems to be from Sweden. Compared to Sweden, the US really is a surprisingly shitty country.

Re:I'm not a car guy

Why did you put an unnecessary apostrophe in the word 'fobs'?

Because you're AMERICAN, that's why.

Re:I'm not a car guy

[Registered+Coward+v2]

but is there a reason it's so easy to reprogram the key fobs to start a car?

People lose keys, keys break, and non-replaceable batteries die.

Re: I'm not a car guy

No different than the key cut code database they maintain, and what allows you to say walk into a Nissan dealership with a VIN, proof of ownership, and proof of identity to obtain a new key for your say 2003 Nissan Xterra when the only copy you have around it lost or stolen.

Re:I'm not a car guy

[drinkypoo]

90's Hondas weren't the most popular car to steal in the 90's.

Earlier Hondas have always been popular targets for theft, and yes, they are easy to steal. They don't have immobilizers or really any other anti-theft equipment and they're very easy to get into physically.

Re:I'm not a car guy

[gweihir]

Yes, there is a reason: It costs money to make them more secure! And since management bonuses are more important than having a good product, you can imagine how that decision went. It is something you run into time and again in the security-space: Management deciding on cheaper-than-possible solutions that do not get the job done anymore in order to safe money that then goes to them. Just think of the Takata Airbag Recalls, the problems with car doors opening, the problems with borked ignition, etc. All of these are minor savings, but the non-engineer idiots in charge want these as they improve the quarterly results.

Unless we get personal civil and criminal accountability for such bad management decisions, nothing is going to change. Of course, a small part of these decisions are honest mistakes. In this case it is necessary to establish whether due diligence was followed (e.g. were independent experts consulted if the situation was not clear and the item was obviously safety/security-critical). But most will be due to decisions made to save a penny where it was pretty obviously not a good idea to do so or cases were non-expert management made a technical decision that should have been made by an expert.

Re:I'm not a car guy

[maeka]

If you'll kindly notice, from your own link, the model years being stolen always lag by a decade or more what' current. Exactly as I said.

Re:I'm not a car guy

[sudon't]

The reason it's easy, is that they make it easy for dealers and service technicians to reprogram the fobs. Had you RTFA, you wouldn't have had to ask.

Re:I'm not a car guy

[BarbaraHudson]

This is neither new, nor restricted to jeeps. Even premium brands such as BMW are just as vulnerable.

Re: I'm not a car guy

[dgatwood]

It's actually very different. Most car thieves can't physically carry around the $10k+ worth of specialized equipment needed to cut a mechanical key (and I'm assuming that it is even possible to get a single cutter that will cut them all, such that you don't need one of those $10k cutters plus five or six different kinds of $5k cutters).

Re: I'm not a car guy

By what metric? Sweden is currently circling the drain due to the "social democractic" governments they've had in power. If you guys don't do something about them, you'll wind up like Venezuela.

Also, you're comparing a small country like Sweden to a large, very diverse country like the USA. A more accurate comparison would be Sweden to a particular state of the US, rather than the country as a whole. Sweden better than Illinois? Sure. Better than Montana? Nah.

Re:I'm not a car guy

[dgatwood]

The reality is that people rarely have zero sets of keys. Usually, they lose one and need to replace that one set. As a result, in the more common case, the design where you add the set of keys to the car is much simpler for dealers than one that involves reprogramming the keys with specialized hardware. The process is something like: put the old key in, turn the car on with it, push a button on the new fob, turn it back off and back on, push a button on the new fob, repeat n times. No hardware needed, no knowledge of how to program the key, no special database. The fobs are just standard, off-the-shelf devices, and any random person in the garage can do the work with five minutes of training and no need for any sort of security clearance.

That's why most systems that are designed by sane people work the other way. The fob has a fixed digital key, and you turn the physical key several times in a row to put the ECU in a programming mode, after which time it will accept codes from the next fob that tries to talk to it. To steal those cars, you would have to have a key cutter and know how to put the ECU into programming mode (and on newer vehicles, you would also need one functioning fob to put it into reprogramming mode, without which the car would fail to detect the chip in the key and would either refuse to start the car or would refuse to put the ECU into programming mode even if it did decide to start and run for a short period of time).

Granted, with those designs, in the rare situation where you have no keys, you usually have to physically replace the ECU, though in some cases it is possible to force the ECU into programming mode using vehicle-specific OBD-II magic. Either way, this is the right approach, because it minimizes the risk of theft, is easier to reprogram in the common case, and is only marginally more painful in one rare edge case.

Re: I'm not a car guy

[Hylandr]

Mocking valid points will not alter the reality of America's almost third-world status of it's infrastructure.

We lag in bandwidth, repair of our roads, bridges, rail systems, water management, most of our ISP's have data caps now despite 'net neutrality' etc.

Though we do lead the world in military spending and the number of people in jail by several orders of magnitude.

The real shitter? We have the power to change it, but instead allow ourselves to be distracted and led around by the entertainment industry.

Re: I'm not a car guy

Key cutters are cheap. 60 bucks can get one that can handle the majority of models on US roads. There are a few models that are essentially very specialized cnc mills that can cut nearly any kind of key for a few thousand.

Programmers for the fobs go for about 2k or more per manufacturer. That is where the expense that you are talking about is.

Re:I'm not a car guy

[sjames]

They just have it back to front. The thieves are reprogramming the car to accept the fob they have, not the other way around.

Re:I'm not a car guy

[Lumpy]

That's AUDI .. Your thinking is from the 1990's. This is the 2010's and this decade it's Audi.

Re:I'm not a car guy

[ls671]

Of course this is Fiat-Chrysler we're talking about here, so the security is likely to be designed by drunken monkeys.

Are they related to the 12 monkeys?

Re:I'm not a car guy

[mjwx]

Because you're AMERICAN, that's why.

Actually I'm Australian.

And I did it because I like antagonising Grammar Nazi's.

Re:I'm not a car guy

[mjwx]

If a proper PKI system was used, then it would be possible to program the car to a new fob, by having the fob transmit its public key to the car, and having the car add it to the authorization database.

The locks in the car are read only for obvious reasons. Its not exactly like PKI, it's just the best analogy. All the security is in the key, not the car. Keys are actually pretty easy to clone if you've got the original, however the equipment needed to do this is heavy (starting with a workbench and a vice) as well as the fact that if a thief gets their hands on the original key, why not just use that to steal the car?

Re:I'm not a car guy

Does your card reader work on Linux?

Re: I'm not a car guy

Why wouldn't the thieves just steal the $10k of equipment? You know, since they're thieves and all...

Re:I'm not a car guy

There was a spate of range rovers stolen in London a couple of years back. It got to the point where insurance companies would not pay out if the vehicles were not securely garaged - which is awkward in London as there's very little off-street parking for most housing.

Re:I'm not a car guy

[drinkypoo]

If you'll kindly notice, from your own link, the model years being stolen always lag by a decade or more what' current. Exactly as I said.

That's not the point. The point is that parts for many other vehicles are even more valuable, but Hondas are stolen more because it's easier.

Re:I'm not a car guy

Value != Demand.

You could jack Beamers and H3s but the kind of people that drive those car's don't take them to "Sal's Trusty Autoshop" to be repaired out of warranty with "refurb" parts. So Sal doesn't want those parts, regardless of their relative "value"

Re:I'm not a car guy

[drinkypoo]

You could jack Beamers and H3s but the kind of people that drive those car's don't take them to "Sal's Trusty Autoshop" to be repaired out of warranty with "refurb" parts.

You are wrong, and I have the complete service history on an Audi A8 Quattro with four and a half thousand dollars' worth of optional extras to prove it. The prior owner repeatedly sourced his own parts on eBay and took them in to shops to have them installed. If only you had some idea of what you were talking about, you might have something worth logging in and posting.

Re: I'm not a car guy

Their is no ' in Nazis

Why lock the car?

[Snotnose]

The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked!

They're duplicating the key fob. If it's good enough to start the car it's good enough to unlock the damned thing.
Even better, the VIN is easily readable from outside the car. This whole thing smacks of TSA level security. That is, look like you're doing something while creating a bottleneck, when in reality all you're doing is creating a bottleneck.

Re:Why lock the car?

[invictusvoyd]

Back to the good old chain and padlock .

Re:Why lock the car?

[Yvan256]

https://www.youtube.com/watch?...

Re:Why lock the car?

[PPH]

Even better, the VIN is easily readable from outside the car.

Damned if I don't 'accidentally' always throw a roadmap* up on the dashboard, right on top of the VIN plate.

*Get off my lawn!

Re:Why lock the car?

[Joe_Dragon]

the club

Re:Why lock the car?

I love the club. It's like a free prybar to crack the wheel lock. 5 seconds with a junior hacksaw and you're through the wheel. Throw away the club, hotwire/screwdriver the ignition, and drive off.

Well, that's what the thieves tell me, anyways.

Re:Why lock the car?

[the_Bionic_lemming]

You are aware that's not the only place the vin is right?

Re:Why lock the car?

[SirSlud]

If it's good enough to start the car it's good enough to unlock the damned thing.

I'm glad your two seconds of thinking found such an obvious point, instead of making the rational realization that the recommendation to lock the car is because it's not actually operated by the fob ya dumbass.

Re:Why lock the car?

[flyingfsck]

A chain also has other uses, apart from properly securing the steering wheel to the seat of a car. I once chased off five youths with it. The improbable sight of a big bearded guy in a black leather jacket getting out of his car with a heavy chain in his hand, made them change their minds very swiftly.

Re:Why lock the car?

[flyingfsck]

Good idea, but who these days has a road map?

Re: Why lock the car?

Ugh, my car has the damn vin laser engraved into each window. Wtf is that all about?

Re:Why lock the car?

[Cigamit]

My 2015 Jeep Renegade is completely operated by the FOB. You just walk up to the door with the FOB in your pocket, put your hand on the door handle (there is a tiny button there) and it unlocks.

One thing to note, it makes it impossible to lock your key in the car, since it will sense it nearby and allow you to unlock it just by pressing that button again.

Re: Why lock the car?

[Frosty+Piss]

Visible from the OUTSIDE? Or are you suggesting car thieves will get underneath and find the VIN on the rear axle?

Re: Why lock the car?

[OrangeTide]

oops, I dropped my wallet, I'll just be a second down here to pick it up. *wink*

Re:Why lock the car?

[lucm]

the purpose of the club is not to prevent theft, it's to make other cars that have no clubs more enticing for potential joyride-type thieves. Ot's like having a rottweiler in your backyard; people who badly want your Faberge eggs collection will deal with it, but junkies looking for pawnable items will skip your house.

Re:Why lock the car?

[lucm]

The improbable sight of a big bearded guy in a black leather jacket getting out of his car with a heavy chain in his hand, made them change their minds very swiftly.

I guess they were not into the bear and cub thing

Re: Why lock the car?

Visible from the OUTSIDE? Or are you suggesting car thieves will get underneath and find the VIN on the rear axle?

No, I'm pretty sure it was a reference to the international standard of having the VIN etched beneath the windscreen, which has been in every single car in the entire world for the last 10+ years?

Re: Why lock the car?

[LanceMcGrath]

I've got a 2011 Audi, and the feature that prevents you from locking the key inside is slightly better than that - it won't lock in the first place, because it knows the key is inside the vehicle.

Re:Why lock the car?

[Zontar+The+Mindless]

The last time I was in the States, I bought a Rand McNally road atlas for $15.

Out on America's glorious Interstate Highways, it can be a long way between cheap coffee/free wifi stations (I think you lot call them "McDonalds", yes?), and when you're hiring a car those on-dash GPS things cost extra--about $15/day.

Re: Why lock the car?

[Mashiki]

Visible from the OUTSIDE? Or are you suggesting car thieves will get underneath and find the VIN on the rear axle?

What? Guess you're new to this. Since ~2005 the vehicles VIN is on everything from windows to door panels to rims and rocker panels. Some of them even have the vin on taillights and headlamp housings. If you know the vehicle you can etch the vin out in 5 seconds using paper and a chunk of charcoal and no one would be the wiser.

Re:Why lock the car?

"Feed On Bagels"?

("Fob" is not an acronym, lackwit.)

Re: Why lock the car?

[gnasher719]

Heard a story of a friend of a friend who borrowed his car to a friend, who drove off without the key (the guy with the key in his pocket stood right besides the car); 100 miles later he filled the borrowed car up at petrol station and couldn't start the car again because he didn't have the key...

Re: Why lock the car?

Actually we are suggesting that most all car thieves won't have a stolen database with which to lookup the vin in to get the needed fob rolling code seed.

The vin alone isn't going to help you at all.

Re: Why lock the car?

Rawr, baby! hit me harder, oh yes, more, faster, harder, yes, yes, yes, I'm so close!

Re:Why lock the car?

Of course that only happened in your imagination.

As as far as the beard, there's probably a fine orange coating of cheeto dust there.

Re: Why lock the car?

A few days worth of rental fees on a GPS is more expensive than just purchasing a new Garmin/TomTom yourself.

Re:Why lock the car?

[SimonInOz]

But once they have stolen it they then have - a Jeep.

What are they going to do with it? Surely nobody sane actually buys those things?

No, wait. There are apparently people in that country that actually plan to vote for a orange flavoured lunatic.
Forget what I said.

Re:Why lock the car?

[Duhavid]

In the days of my youth, I bought a club and used it on my pickup.
I went to a friend's house, the friend had some friends of, shall we say, ill repute.
My friend told me not to bother with the club, it was not effective.  I disputed, he said, "Ok...".
We went into the house, then back out a short time later.  My friend "I told you so...".
There was the club, sitting on the seat, no damage to the steering wheel, none to the club.
The club was still locked, and, as far as I could tell, just as it was when I put it on while discussing it's goodness.

Re:Why lock the car?

[Ol+Olsoc]

But once they have stolen it they then have - a Jeep.

I didn't know that Slashdot has the Ferd vs Chivvy crowd!

What are they going to do with it? Surely nobody sane actually buys those things?

Only in my area. Seems that Jeeps are maybe 1 out of every 4 vehicles. There's a reason for that. They have a marked tendency to simply go. Our weather is unpredictable, and as the typical weather changes, we have gone from snowstorms to ice storms. They are sure footed enough that they even got my wife to drive in the nasty weather, when at one time a threat of snow got me called out to pick her up. If you don't like one, don't buy one. I'm on my third, and put a couple hundred thousand miles on them before getting rid of them.

No, wait. There are apparently people in that country that actually plan to vote for a orange flavoured lunatic.

You're a touch smug aren't you? Well, your conflating Jeep ownership with being a Trump supporter only shows you are operating with the same sort of pre-judgement of people as BillyBob Smith putting on his Grand Dragon robe, gonna burn a cross tonight outlook.

Forget what I said.

Forgotten, just like a fart in a pigsty.

Re:Why lock the car?

[BarbaraHudson]

The club only seems to work as a deterrent because only people driving shitboxes use them. Nobody wants to steal you Chrysler Omni or AMC Pacer.

Re:Why lock the car?

[mysidia]

Even better, the VIN is easily readable from outside the car.

So lock your car, put a piece of paper on top of the dash so it covers the VIN completely, paint/tape over VIN number on underside,
and conceal VIN number in all locations where it's visible without opening the car first.

Put in LoJack and a car alarm with a long-distance notification and control features.

Re:Why lock the car?

[mysidia]

If you REALLY want an effective deterrent, then get a lockable wheel clamp that you install on the front right or front left tire (Or Both), and stops the vehicle from being driven.

Also, if a thief is trying to defeat your wheel clamp, they will be in plain sight in the parking lot or public street....

Re: Why lock the car?

To make the car less desirable for chop-shop purposes. If they resell your windows to someone else, they can be traced, or something like that.

Re:Why lock the car?

I was told that if I'd ever lost all of my 'smart' key fobs, that they dealerships or key smiths can still create a new spares... using their 'secured' database using just my car's VIN.

Re:Why lock the car?

[Archfeld]

The steering wheel is by design not a secure location to attach to, it is by intent supposed to fold so you don't die by getting impaled. A better security point is the break petal. It is by design supposed to stand up to a severe crash.

Re:Why lock the car?

[lucm]

Old shit cars get stolen all the time. Not because the thieves wil get a fortune out of it or because they're on special order from foreign billionaires. They get stolen because they're easy to steal and/or can be useful in the commission of other crimes.

There's this guy who specializes in insurance scams. Lets say you're stuck with a lease on a Prius that you'd love to get rid of, and you just can't find a moron to take it. For $250 that guy will steal an old Pontiac Sunbird or some other piece of garbage, and will ram it in your Prius in a way that ensures it's totaled. Problem solved. If there's two Sunbirds side by side, and one of them has a club, guess which one he's going to steal.

Re:Why lock the car?

[stephanruby]

Chrysler/Jeep owners should always make sure their vehicles are locked!

This sounds like the response of first level support person.

"Hello, my car was stolen. It looks like they had the key to get in and start the car."

"I'm so sorry to hear that. In the future, Chrysler recommends that you lock your car."

"But my car was locked, that's my point! I am not the only one. You guys need to do a recall to fix this security issue. Or reimburse the cost of people's car. "

"I understand you're upset. But Chrysler/Jeep can not be responsible when owners don't lock up their car."

Re:Why lock the car?

[stephanruby]

Damned if I don't 'accidentally' always throw a roadmap* up on the dashboard, right on top of the VIN plate.

*Get off my lawn!

Cool! Another idiot tourist! Tourists always leave valuables in their car. Let's break the window.

Re: Why lock the car?

Sure it is. Stands for "freight on board"

Re: Why lock the car?

My vin plate cant be covered. It is below the top of the dash in a lil window in the black frame that surrounds the windshield.

Re:Why lock the car?

[SimonInOz]

What? You have a special pigsty to fart in? - Americans think of everything, I'm impressed.

Re:Why lock the car?

[ls671]

Which are the other spots readable by silent helicopters (and sat...)?

Re:Why lock the car?

[Ol+Olsoc]

What? You have a special pigsty to fart in? - Americans think of everything, I'm impressed.

You really need to try harder. The only thing worse than being witty is not being witty.

Re:Why lock the car?

[SimonInOz]

If you are going to quote great people from my (ex)home country, please get it right ...

"There is only one thing in life worse than being talked about, and that is not being talked about." Oscar Wilde

Maybe this is what our non-friend Trump, serial liar, murderer of language, is going for. He is certainly getting talked about. It saddens me that the great country of USA, 350 million people or so, can only come up with Trump and Hillary. I mean really, is that the best you can do?

You have astonishing folk - Elon Musk, Bernie Sanders even, Bill Gates (maybe), Steve Jobs,Susan B. Anthony, Washington, Nader, Fermi - the list is long and impressive (ok, I admit most of those are dead, history is a bit like that).

America, you need to do better!

Re: Why lock the car?

[stoatwblr]

No FOAF here. It happened to a close friend of mine - for some reason her daughter had the fob when dropped off at school.

Shortly after this event (her husband was a marketing VP at Renault), Renault cars acquired a dashboard telltale warning of the fob moving out of the vehicle whilst running.

Re:Why lock the car?

[stoatwblr]

My experience of jeeps is that they're usually the cars beached or rolled on the side of the road during snowstorms, or stranded at the side of the road on steep hills whilst I drive past in my lightweight french FWD rustbucket with chains fitted.

People seem to think that 4WD means that the steering or braking works better than other cars.

Re:Why lock the car?

The VIN is under the windshield glass below the edge of the dash. You actually cant cover it with anything from inside the car.

Re:Why lock the car?

What the fuck is your problem with Sunbirds? 1980 model I had was fun 4 speed V6 for burning tires back in the day!!!

Re:Why lock the car?

America, you need to do better!

No, they can't. That's why I left the US 15 years ago and haven't looked back.

Welcome to the future

[suso]

Next year, the thieves will start up the car and drive it by remote and autonomous drive from their laptop. Good thing its a bit trickier to remotely refuel.

Re:Welcome to the future

[flyingfsck]

Tesla already has an auto plug in charger, so your future has arrived already.

Re:Welcome to the future

[Required+Snark]

When IoT fully arrives not only will you loose your car, all the belongings in your house will be up for grabs.

There will be no way to avoid this by sticking with "real hardware" technology like mechanical locks and keys. In the same way that that all credit cards will be chipped along with all passports, you will ultimately be required to have your house/apartment hooked to the internet to get insurance. This will be justified due to fire sensors that automatically call the fire department. Part of the installation will also unlock all doors and windows to insure that anyone trapped inside will be able to escape.

It sounds reasonable up to a point, but it's obvious that the police and government are already drooling over the possibility that no one will be able to secure their physical space. It will be justified in terms of "terrorists" and "home invasion", but the real motivation is so they can infiltrate anybody at any time. The lack of constitutional protections for communications will be extended into real life.

When Orwell wrote 1984 he was being optimistic.

Black Ops by TMBG

Black ops, Black ops

A holiday for secret cops

Black ops, Black ops

Dropping presents from the helicopter

It's been a long year

We've been so far from home

Too many people here

Here come the drones

We take the best of it

And make a mess of it

Ripping up some lawn

And then we're gone

Re:Welcome to the future

[93+Escort+Wagon]

Next year, the thieves will start up the car and drive it by remote and autonomous drive from their laptop.

Just park it near a white semi trailer - the car will never make it to the thieves.

Re: Welcome to the future

"When IoT fully arrives not only will you loose your car, all the belongings in your house will be up for grabs."

Couldn't you just tighten up your car and house? It sounds like that may solve your problem with loose cars.

Re: Welcome to the future

How does one loose a car?

How will locking the car help?

[Streetlight]

I'm not sure locking the car will make any difference. My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

Re:How will locking the car help?

[Feral+Nerd]

I'm not sure locking the car will make any difference. My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

I'm still looking forward to the day when I'll be able to pull this prank:

http://xkcd.com/1559/

With self driving cars one would not have to hack the ignition or even need a rock. If you can hack the autopilot in these things you don't even have to drive the car to the chop shop or even come close enough to drop a rock in the driver's seat. You just have to hack the car's autopilot from a safe distance, disable the trackers and tell the thing where to go. I'm sure there will be a complete malware package for this compete with side-loaded Android app. Joining the classic car club and buying an old completely analog car is beginning to have a certain appeal.

Re:How will locking the car help?

[AntronArgaiv]

I'm not sure locking the car will make any difference. My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

Sure as heck won't make a bit of difference with my soft top JK Wrangler.

Re:How will locking the car help?

[NormalVisual]

My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

And if not, there aren't many cars that a brick won't unlock.

Re:How will locking the car help?

[Streetlight]

You mentioned chop shop. I was wondering if the parts of a new Jeep would be saleable soon after stealing unless they work on old Jeeps because new ones shouldn't need new parts. Then again, these are Jeeps. Someone once said that you need two Jeeps: one to drive while the other is in the shop for repairs. Of course the stolen cars could be shipped whole to someplace like Cuba where VINs are not too important.

The obvious flaw in their plan

[the_other_one]

Trying to make a getaway driving 15 cars each.

I have a VW and I'm not worried

The fucking thing won't run long enough for them to escape. Seriously. Paid over $25,000 and the thing is a total turkey. Every couple of months it takes another 1000 dollars to keep it going. Piece of Krout shit. Never again.

Is that link a honeypot BurEAU HD? FBI head?!

I am not clicking wwmt.com to find out somebody is stealing databases and jeeps. Slashdot is FBI. This whole place is a bust.

See this post.
https://yro.slashdot.org/story/16/08/05/2154216/1000-us-spies-are-protecting-rio-olympics-says-report

And read all the comments in this thread.
https://yro.slashdot.org/story/16/08/05/0329246/popular-bittorrent-search-engine-site-torrentzeu-mysteriously-disappears

No wonder every day it is Microsoft Apple and Google on Slashdot all day now. No wonder so many stories about the FBI and the iPhone security.

SLASHDOT IS THE MOTHER FUCKIN FBI

Re:Is that link a honeypot BurEAU HD? FBI head?!

!!Mod parent up

Re:Is that link a honeypot BurEAU HD? FBI head?!

[Yvan256]

Slashdot is the mother fuckin FBI

Is it really?

Smart key for ignition, not access.

[Archfeld]

The programming on the key has nothing to do with the door locks, but everything to do with starting the car. You have to insert the key into the door to unlock it, while mere possession of the smart key allows the car to be started. Admittedly basing the smart key code on the readily visible VIN is short-sighted and foolish, the act of locking your car up will at least prevent the casual access.

Re:Smart key for ignition, not access.

[the_Bionic_lemming]

My mom's 2015 jeep cherokee latitude doesn't have key locks.

If you have the fob, you can just open the door.

and before you accuse me of living in a basement, make sure to note my account number.

Two extra things that suck about her jeep? 9 recalls to update the transmission software, and the third party radio won't let her get the latest maps for the gps - and it's the second radio.

Stay away from Jeep tech, it's crappy and buggy.

Re:Smart key for ignition, not access.

[the_Bionic_lemming]

Forgot to mention, I have a 2006 jeep wrangler, bought it new, and that's that's the last vehicle that I will ever buy new. The next car I'm buying is from here.

http://www.volocars.com/

Re:Smart key for ignition, not access.

[Lakitu]

This is patently false on many new Jeeps, and probably false on most new cars. What car manufactured in the last 10 years doesn't have remote door unlocks? How many of those don't have an option for remote starting? Jeep even has an app for remote starting. Seriously, inserting a key into the door to unlock it? That's 1990s technology.

Jeep Grand Cherokees have "smart key" like you describe which will allow for unlocking the door based on proximity alone, all you need is to have a key within x distance and place your hand on the doorhandle as if you were about to open it in order for it to unlock. If thieves are reproducing or reprogramming key fobs somewhere then whether the door is locked or not is irrelevant.

One of the links talks about thieves who enter unlocked cars and attach a laptop to an interior electronics port, which they then use to start the car, which is the only indication that locking it may be helpful. I would have to guess that they reproduce a new key somehow after it has been stolen.

Re:Smart key for ignition, not access.

This is patently false on many new Jeeps, and probably false on most new cars. What car manufactured in the last 10 years doesn't have remote door unlocks? How many of those don't have an option for remote starting? Jeep even has an app for remote starting. Seriously, inserting a key into the door to unlock it? That's 1990s technology.

My 2015 Jeep Patriot has manual door locks and windows. I prefer it this way so I can exit the vehicle in the event of a battery failure or an interruption with the electrical system any time. By the way, it has a manual transmission which I am told is a millennial anti-theft device.

Re:Smart key for ignition, not access.

[AK+Marc]

My car and the wife's car both use the smart key for unlocking, as well as starting. There are backup physical keys, but so long as the battery in the car and the battery in the key are good, you don't ever use the physical key.

Admittedly basing the smart key code on the readily visible VIN is short-sighted and foolish, the act of locking your car up will at least prevent the casual access.

I had the keys in my car start to fail. It was a 40 year old sports car. The keys were worn, and they were copies of copies. They were failing sometimes. I called the dealer. They said they couldn't give original keys for the car. I found a place in Australia that cuts keys to factory specs, from a picture of the key. They extrapolate wear and make a "new" key based on the assumed original key pattern. After doing that, I later broke my glove-box lock. It was a convertable spots car, so the glove box had a key lock, matched to the doors. I went to the dealer and ordered a replacement full-cost glove-box lock. It was made and shipped in Germany and came 6 weeks later. Put in the glove box lock, and it was keyed to the car. It also came with 2 spares. Those spares would open all the doors and start the car. So linking the key to the VIN is common, even if not the best idea. My current car, the dealer claims they don't know the key for. If you lose both keys at the same time (so they can't re-key) the only way to get a new key is re-program the computer (super expensive).

Re:Smart key for ignition, not access.

You're an IDIOT and your retarded post has proven to the world that you don't know how a door works.

Even if locked, opening the door via the interior door latch WILL unlock the door.

God damn mouth breathers.

Re:Smart key for ignition, not access.

[flyingfsck]

Oh, I thought you'll just program a key fob for another Jeep...

Re:Smart key for ignition, not access.

[flyingfsck]

You don't need to open a door or a window to get in or out of a rag top...

Re:Smart key for ignition, not access.

Thief tried to break into a friends convertible once. Evidently he had an inferior knife, couldn't cut all the way through the top and gave up. Modern convertible tops are thick and layered enough to slow down a thief with a pocketknife.

Re: Smart key for ignition, not access.

Tesla has this exact problem, dumbass.

Re:Smart key for ignition, not access.

[Lumpy]

"and before you accuse me of living in a basement, make sure to note my account number."

How cute, 6 digit UID and you think you are an "old timer here"

Re:Smart key for ignition, not access.

This is patently false on many new Jeeps, and probably false on most new cars. What car manufactured in the last 10 years doesn't have remote door unlocks? How many of those don't have an option for remote starting? Jeep even has an app for remote starting. Seriously, inserting a key into the door to unlock it? That's 1990s technology.

Bought a 2015 Toyota Yaris new last year. No remote door locks. No remote starter. I insert the key into door every time I want to unlock it. There are dozens of cars made in the last 10 years like this. Just because you don't see them doesn't mean they aren't being made.

Re:Smart key for ignition, not access.

[drinkypoo]

Stay away from Jeep tech, it's crappy and buggy.

It's Fiat tech. Marchionne is running FCA like it was Fiat, which means he's running it into the ground. He's responsible for retarded shifters that kill people. He's responsible for Dodge selling a full-size van with front wheel drive. Guess what? It's called the Fiat Ducato in other markets and nobody wants them.* They are unremitting pieces of garbage. He's responsible for Jeep going keyless. It's all meant to modernize it and bring the brand into this century. The problem is, what people liked about it was that it wasn't. They expected reliability and he's giving them tinsel and trash.

* Dodge vans only a year old are going for $15k. As it turns out, we actually use our rear wheel drive going up hills and towing in this country, and the Ducato will do neither. A ten-year-old sprinter is literally worth more than a one-year-old Ducato.

Re:Smart key for ignition, not access.

[NormalVisual]

My mom's 2015 jeep cherokee latitude doesn't have key locks. If you have the fob, you can just open the door.

Assuming the car has power. Earlier this year I had to replace a corroded battery cable, and a lack of key locks would have made that a bit more challenging.

Re:Smart key for ignition, not access.

[mysidia]

Vehicles without wireless starting, wireless key-entry, and non-mechanical driver controls are best, But
engine immobilizer with chip in the key is a good idea, As long as the programming procedure is physically secured.
No reason you shouldn't be able to require an actual key exchange during programming requiring physical access: instead of having keys programmable based on information in some database.

UID number isn't everything. I've been on Slashdot since 1997.
There hasn't always been this new-fangled user account system, and hasn't always been "cool to register".
You just typed your name: that is what I was accustomed to.. many of us were reluctant to register due to privacy concerns and simply started posting as Anonymous, or took a few years SlashVacation from commenting.

Re:Smart key for ignition, not access.

You can turn that off so the doors do not automatically lock/unlock from proximity.

Re:Smart key for ignition, not access.

[washort]

There's a lot of cute people around here. ;-)

Re:Smart key for ignition, not access.

[Archfeld]

My Jeep has a smart fob for an ignition key and remote access but the key is still cut for manual door locks. I didn't get auto locks or windows or such. I agree that their security is less than great but I love the performance in the desert and with the soft top I've never really depended on the locks to keep folks out, that is what the garage and insurance is for.
Comparing account numbers is a silly exercise in a place like this :)

Re:Smart key for ignition, not access.

[Duhavid]

"Even if locked, opening the door via the interior door latch WILL unlock the door."

Depends on the car.
My Fords did this great.  BMW's have a pull twice thing ( first pull unlocks, second pull opens )
GM, I have not owned any recent ones, but my recollection is that they dont open unless you unlock using the inside thingy to unlock.

Re:Smart key for ignition, not access.

[Lumpy]

Sure break out that 4 digit...

Show Off.

Re:Smart key for ignition, not access.

[ls671]

"and before you accuse me of living in a basement, make sure to note my account number."

That doesn't prove anything. You might have stolen your father credentials like I used to.

Re:Smart key for ignition, not access.

[drinkypoo]

Assuming the car has power. Earlier this year I had to replace a corroded battery cable, and a lack of key locks would have made that a bit more challenging.

A bit, but not much. You just use a jumper cable to bring power to the hot terminal on either the alternator or the starter.

Re:Smart key for ignition, not access.

[NormalVisual]

You just use a jumper cable to bring power to the hot terminal on either the alternator or the starter.

If you can get the hood open. Not all hoods are easy to unlatch from the outside to get to the alternator, and plenty of starters are mounted such that you can't get cables on them. On my truck's starter, it has to come completely out in order to reach the terminals.

Re:Smart key for ignition, not access.

[stoatwblr]

Normally I'd say this was FIAT's legendary reliability(*), but the reality is that they've sorted their technical and mechanical issues a long time ago.

This is 100% on Chrysler and is more or less the same reason that Daimler got shot of them (the daimler-chrysler merger did nasty things to Mercedes reliability)

(*) Italian - looks good, handles badly, dies quickly.

Re:Smart key for ignition, not access.

[stoatwblr]

"parked in public places (carparks, street parking, etc"

They have _a_ key lock. You just have to know where to look for it.

Re:Smart key for ignition, not access.

[drinkypoo]

You just use a jumper cable to bring power to the hot terminal on either the alternator or the starter.

If you can get the hood open. Not all hoods are easy to unlatch from the outside to get to the alternator, and plenty of starters are mounted such that you can't get cables on them.

I have yet to see a vehicle where you can't access one or the other from below. On my A8 I can access both, plus the frame rail-mounted positive terminal (the battery is in the trunk.)

Re:Smart key for ignition, not access.

[NormalVisual]

Can't do it on my truck ('02 GMC Sierra) unless you have REALLY long arms, but I have key locks so it wouldn't be a problem. In contrast, on my old '86 Silverado I could do practically anything from underneath. I could replace both the water pump and fuel pump together in less than 10 minutes.

Re:Smart key for ignition, not access.

[synaptik]

I know, right?

YOU HAVE A PROBLEM HOUSTON ..FBI

>Two thieves in Houston

Slashdot is FBI.

What good does locking the door do?

[damn_registrars]

Doesn't the fob unlock the door as well? The standard place for a VIN is under the wind shield; hence any car parked in the open could be a target as someone could easily walk by and snap a picture of the vin through the wind shield with their phone while walking by and nobody would think of it as odd. You won't be doing yourself any good to lock your car if that is the case.

Besides, if they are stealing Wranglers the parts are so easily obtainable that a broken window is trivially easy to replace. Maybe Grand Cherokees are slightly more difficult to obtain quickly but likely not by much.

Re:What good does locking the door do?

[Solandri]

If you watch the video, the procedure is to:

• Open the door and get in (either the car is unlocked, or they break in triggering the alarm).
• Plug the laptop into the OBD port. Command the alarm to turn off (if it was triggered).
• Reprogram the car to accept a new keyfob.
• Once that's done, the car recognizes your keyfob as its owner, and allows you to start the car and drive off.

So the new keyfob can't be paired until after the thief is inside the vehicle.

There're a lot of ways the manufacturer could've made this harder. But I've been arguing for two decades now that there should be a physical jumper or toggle switch on computers which you should have to flip in order to be able to change files in the system folder/partition. With it flipped to the default state, system files should be read-only (write logfiles somewhere else). That hasn't happened yet and systems are still getting rooted left and right, so I really don't think computer folks have much grounds for criticism.

Re:What good does locking the door do?

[Ungrounded+Lightning]

Open the door and get in (either the car is unlocked, or they break in triggering the alarm).
Plug the laptop into the OBD port. Command the alarm to turn off (if it was triggered).

Can you get to the onboard bus by popping off a mirror and plugging into its remote-tilt wiring?

How about cracking in via bugs in the radio stack for the tire pressure sensors?

Re:What good does locking the door do?

[AmiMoJo]

There was a similar flaw in BMWs a few years ago. You could break the drivers side corner window, reach in and connect to the OBD-II port without triggering the alarm.

To secure your car...

[fustakrakich]

Remove the rotor from the distributor... or you can always put a banana in the tailpipe

Re: To secure your car...

or, you know, park it in your garage if you have one instead of filling it with junk.

Re: To secure your car...

[flyingfsck]

You may be onto something. If you fill the car with junk so it looks like a homeless den, then it probably won't get stolen either.

Re: To secure your car...

[epyT-R]

Good idea. It'll be perfectly secure as long as you never drive anywhere.

Re: To secure your car...

I don't remember the last time I drove a car with a distributor.

You might as well adjust the points while you're in there!

Re:To secure your car...

[SeaFox]

Remove the rotor from the distributor... or you can always put a banana in the tailpipe

How many cars do you think still have mechanical distributors now?

Re: To secure your car...

[Type44Q]

Potato. Tailpipes are generally too large for bananas; it'd be like Danny Devito trying to give anal pleasure to Andre the Giant...

Re:To secure your car...

[OrangeTide]

I never leave my car.

Re:To secure your car...

The best solution is a manual transmission.
So few people know how to drive them now they're practically magic.

Re:To secure your car...

[Rei]

I've often been tempted, rather than fitting a locking gas cap to my pickup that gas thieves have several times stolen from, to replumb it so that I fuel it from behind the plastic paneling in the bed, while the normal fueling port leads to something that will ruin their engine.

I recently did the next best thing. I discovered that they like to nab gas cans after they stole three of them (and my toolbox) out of the back of my pickup when I stepped out to pick up my father while preparing for a trip. So I offered them a "bait" can (they took it the same evening I put it out). Oh, sure, the *top* two liters in the can were gasoline.... but the bottom two liters were hydrochloric acid. I considered sodium silicate instead of HCl, but I figured this would do the job even better, since even the fumes will aggressively rust steel. ;) Maybe I should have tried adding some surfactants to try to make the two liquids miscible, so that the engine would never flood and they'd run the whole acid load through the engine. But meh, this is probably good enough even if it does flood ;)

Re:To secure your car...

[KiloByte]

The best solution is a manual transmission. So few people know how to drive them now they're practically magic.

I haven't been in an automatic one in my life, so your estimate is off. Poland.

Re: To secure your car...

WTF did I just read?

Re: To secure your car...

[TimeTraveler1884]

WTF did I just read?

You wouldn't understand. It's a Jeep thing.

Re:To secure your car...

[AndroSyn]

Uhh have you ever heard of this thing called ignition coils on plug? Basically the ignition coil is on top of the spark plug itself, with low voltage wires going to the coil.

I'm not sure there has been a car made with a mechanical distributor made in the past 25+ years?

I will now remove myself from your lawn.

Re:To secure your car...

[drinkypoo]

I'm not sure there has been a car made with a mechanical distributor made in the past 25+ years?

I assure you that they have. While coil-on-plug has been around since the late eighties, it didn't really become mainstream until about 2000. In between the eighties (when everything had a distributor) and now (when COP is fairly common) most vehicles had a "waste spark" system, with one remote ignition coil shared between each pair of "opposing" (in the firing order, not necessarily physically opposed) cylinders. They're called waste spark because both spark plugs are always connected to the coil, so the engine is wasting a spark during the exhaust phase of the other cylinder which accomplishes literally nothing except maybe make your spark plug wear out infinitesimally quicker.

The 1993 Audi V8 had two distributors, one per head. In 1994 it was replaced by the A8, which used the same engine with a new oil cooler, intake manifold... and ignition system using COP. We've got a 2000 Astro which has a 4.3 liter Vortec V6 which uses a distributor, I'm pretty sure that continued to be true through 03 or 04, whenever they dropped it.

Re: To secure your car...

Sure there has. The 1st gen Xterra's 3.3L V6 at the very least has a mechanically driven distributor as does the 2nd gen (basically 2001-2004). That's only 12 years ago.

Re: To secure your car...

[ELCouz]

Like this ? ---> http://3.bp.blogspot.com/_8n5K... http://www.autoblog.com/2007/0...

Re:To secure your car...

[stephanruby]

I never leave my car.

Yes, the good old standby unemployed homeless hermit strategy.

Re: To secure your car...

[stephanruby]

or, you know, park it in your garage if you have one instead of filling it with junk.

And when you need to get back and forth to work, just use Uber/Lyft. Thankfully, Houston is not in some third world country where those aren't an option.

Re:To secure your car...

Because KiloByte is the defacto average of the land! His (and his alone) experience IS the 80% bell curve. If you deviate from KiloByte, you are NOT average!

Re:To secure your car...

[KiloByte]

Sorry to let you such disturbing news, but there is a world outside the USA. Here, automatic transmission is derided akin to training wheels on a bicycle, and every armchair engineer will tell you how much worse acceleration you get with auto.

In the old days...

We had a new truck stolen off the dealer lot. The thief was looking at the trucks during the day, left a door unlocked which the lot boy missed. He went to an auto parts store and bought a $6 ignition switch/key assembly, went back at night and reached under the dash to unplug the stock switch and plugged in the new on, and drove off. Luckily it ran out of gas a mile down the road or it would have wound up in Tijuana.

Homemade kill switch?

I don't have a car, living in London. When I do get one, first thing is going to be a homemade switch in one of the ignition wires, hidden somewhere discreet. Maybe a reed switch and magnet or something. Then the car just won't ever start unless the switch is on, and no car thief will know why.

Re:Homemade kill switch?

[nukenerd]

[my car will have ] a homemade switch in one of the ignition wires, hidden somewhere discreet.

My car does. The switch does two things, disables the ignition and also the starter motor. Very discouraging to a thief if the starter will not even turn. My switch is not "home made" of course and is in fact a multi-pole key switch and even if the thief realises there is such a switch he is unlikely to be bothered to find it. Even if he did, he is not going to be able to hot-wire it without seeing my circuit diagram or alternatively being familiar with the fuse box area and handy with a soldering iron.

The advantage of "home made" is that it is unique.

Re:Homemade kill switch?

A starter can be kicked with anything that can take a short across the solenoid and the ignition circuit can be powered by a 12v battery any place where ignition power goes.
Just because you've made it difficult for your battery to power the car doesn't mean it's difficult for my battery to power the car. Those lithium emergency jump starting power packs are getting easier to carry around all the time.
 

Re:Homemade kill switch?

My car does. The switch does two things, disables the ignition and also the starter motor. Very discouraging to a thief if the starter will not even turn. My switch is not "home made" of course and is in fact a multi-pole key switch and even if the thief realises there is such a switch he is unlikely to be bothered to find it. Even if he did, he is not going to be able to hot-wire it without seeing my circuit diagram or alternatively being familiar with the fuse box area and handy with a soldering iron.

The advantage of "home made" is that it is unique.

I'm confused, are we now promoting security by obscurity as being a good thing?

Re:Homemade kill switch?

[nukenerd]

With a level of knowlege of the car model, and undisturbed time, and additional batteries and cable, any car security can be defeated. However my thief will probably look for something easier. I did not mention that I sold that particular car recently and removed the feature, restoring the wiring to standard. It took me most of an afternoon, with the aid of my own and the manufacturer's circuit diagrams.

Don't forget I still have all the standard anti-theft features of the car as well.

Re:Homemade kill switch?

[drinkypoo]

even if the thief realises there is such a switch he is unlikely to be bothered to find it. Even if he did, he is not going to be able to hot-wire it without seeing my circuit diagram or alternatively being familiar with the fuse box area and handy with a soldering iron.

Everything is color-coded behind the fuse box, and most professional car thieves have at least basic automotive electrical knowledge, which is not hard to come by.

Re: Homemade kill switch?

And you were a dumbass if you interrupted the starter line *and* the ignition line. Nothing like your self-made interrupt malfunctioning and killing the ignition power at the worst time, resulting in the car unexpectedly shutting down leading to a potential fatality

Re:Homemade kill switch?

I'm confused, are we now promoting security by obscurity as being a good thing?

In this case yes. Security by obscurity increases the time it takes to defeat a system. In nearly all cases, a car thief can't afford the extra time to figure out the home made security and will give up.

Re: Homemade kill switch?

Not a problem if he didn't do it wrong.

Brake pedal lock

[RightwingNutjob]

Old school. But effective.

Re:Brake pedal lock

Not really. Thieves just cut the steering wheel and remove the lock.

The real problem is that the Republican's thugs in blue have been ordered to ignore car thefts so they are no longer willing to even file a police report for a stolen car. My roommate had to hire a lawyer here in Seattle to file a lawsuit so he could get a police report so his insurance company would pay him. Of course, they only paid him about 40% of what the car was worth.

Re: Brake pedal lock

The Seattle police union is very Republican. They fight against protecting minorities and against doing any work at all.

Re:Brake pedal lock

[RightwingNutjob]

Hard to get any paperwork filed when you're so stoned out of your mind that you can't tell a brake pedal lock that locks around the brake pedal from a steering wheel lock that locks around the steering wheel.

I sure hope

[clonehappy]

My 1991 Cadillac DeVille isn't susceptible to this sophisticated hack!

Re: I sure hope

[Type44Q]

Hell, I bet that p.o.s. even has throttle-body fuel injection... God, I fucking HATE Cattlecrack...

Re:I sure hope

[OrangeTide]

I think that one you can start using a screwdriver and turning really hard.

Re:I sure hope

Why bother with that much effort?
During that era, GM only had 16 unique keys. It's easy enough to obtain them all.
As a side benefit, if you ever locked your keys in the car just ask passers-by to try their key if they had a GM. Usually only takes a few minutes in a decently busy parking lot.

Re:I sure hope

[OrangeTide]

Seems like a good way to create a lot of witnesses.

obligatory

You wouldn't download a car !

Re:obligatory

[93+Escort+Wagon]

You wouldn't download a baby!

Wall Street Journal

The WSJ is a filthy Murdock rag. don't believe anything you read.

Lock my Chrysler?

[No+Longer+an+AC]

"Chrysler/Jeep owners should always make sure their vehicles are locked!" And other people shouldn't?

As a Chrysler owner who has lived in Houston, I thought the advice was to never lock your car. They'll just stick a knife through the convertible top.

It has happened to me before. The alarm still went off though. It costs more to replace the top than it would have to replace the stereo.

but I owned a Chrysler, I didn't replace the top. I just lived with it.

But really, are there people out there who don't lock their cars up if they are not convertibles? Why would you do that?

Re:Lock my Chrysler?

but I owned a Chrysler, I didn't replace the top. I just lived with it.

Don't you guys have insurances against vandalism and robery over there? What kind of first-world country are you in?

Re:Lock my Chrysler?

My definition of "first-world country" would rather be that you don't need such insurance...

Re:Lock my Chrysler?

Your definition of first-world country matches the same view of a naive 5 year old then.

Grow up.

Re:Lock my Chrysler?

Don't you guys have insurances against vandalism and robery over there? What kind of first-world country are you in?

Have you ever made an insurance claim against that ?

1. There'll be an excess the owner has pay.
2. Next years premium will go up.
3. Possibly lose your no claims discount.

For relatively minor damage it sometimes just isn't worth making a claim.

Re:Lock my Chrysler?

Don't you guys have insurances against vandalism and robery over there? What kind of first-world country are you in?

Have you ever made an insurance claim against that ?

1. There'll be an excess the owner has pay.
2. Next years premium will go up.
3. Possibly lose your no claims discount.

For relatively minor damage it sometimes just isn't worth making a claim.

1) The excess is clearly defined in the contract, in Europe that's usually around 350 euros.
2) Next year's premium won't go up unless the vandalism/robbery statistics in your city go up; or your car gets vandalized/robbed a lot more often than the average car owner in the same area as you.
3) Clearly you don't own a convertible, because to "stick a knife through the convertible top." causes major damage to the soft top. Replacing the soft-top is from 4 to 6 times more expensive than the excess you would pay for the insurance claim.

Next time actually follow the conversation thread before replying with pointless arguments.

Electronic "Security". Ha ha ha

Anyone who trusts any piece of security "software" which is based on anything other than a hugely long one time pad is a fool.

Every day we read of something being cracked because of a stolen database, a weak algorithm, a buffer overflow, a poor interface, packet sniffing etc. etc.

Digital security is fucking shit. If you want to protect something put a Rottweiler or three in it's vicinity.

All computer "security" is total fucking shite.

Ha ha ha.

 

Re: Electronic "Security". Ha ha ha

Those dogs loved the steaks I just gave them shortly before I hit then with a tranquilizer dart and made them go nite-nite. Better go check all your shit and see if I missed something. Thanks for letting me know you had something of value to protect!

Hacking?

[pthfdr]

I wonder why there are computer systems inside a JEEP CAR.
Are those manufacturers insane?
I guess the sole reason for them to do that is they WANT them to be hacked.
And stolen.
^D

Just for the schnapps here

Care to enlighten me with make and year of your car?

I have been eying the vintage (25+) sport car market for a while and I would definitely like to find out about small things like this.

I like my sports cars older than 25 and my women younger.

Oh and and I have no problems with keying young women.

The scariest words - "Stolen Database."

[robbak]

Data doesn't ever get 'un-stolen'. That database is out there, maybe for a price, or maybe posted for anyone with access to the right dark website. Basically, this should mean that G.M. should now be recalling their entire fleet to reencrypt all their vehicle's remote locking equipment, unless they can prove that some of their vehicles cannot have been in that database.

Army lock and key

The army does that with most of its common trucks like Humvee and pick ups. Most of these are keyed alike, so to prevent uncontrolled joyrides or theft. Good old padlock and chain welded to the floor.

If there are any servicemen out there they will likely agree.

Re:Army lock and key

CUCVs had a common key for the doors and ignition. Most other vehicles didn't have door or ignition locks. The steering wheel locks were unique keys.

Re:Army lock and key

[ls671]

Are we allowed to agree even if we ain't servicemen?

Re:Army lock and key

[ls671]

How often were you actually using it?

Guess you've never been broken into

[stabiesoft]

No one needs you to unlock anything. I've had doors kicked open and windows broken to get in. It just is not that hard to break into a house. In fact, when I suggested to the officer I should beef up the frame of the door so it cannot be kicked in, he laughed, he said they'll just break a window instead.

Re:Guess you've never been broken into

[stoatwblr]

The best reason for securing your doors is that if anyone sees your stuff exiting via the windows they're more likely to call the cops.

ONLY 3 FBI STORIES SINCE EXPOSED YESTERDAY

This story. August 05, 2016 @11:30PM

Then this story
NASA Celebrates Curiosity's Fourth Year On Mars With a Game
Posted by BeauHD on Saturday August 06, 2016 @03:00AM from the happy-anniversary dept
https://games.slashdot.org/story/16/08/06/0020228/nasa-celebrates-curiositys-fourth-year-on-mars-with-a-game

Then this story
Luxury Liner SS United States Cannot Be Put Back In Service
Posted by BeauHD on Saturday August 06, 2016 @06:00AM from the insurmountable-challenges dept
https://news.slashdot.org/story/16/08/06/0436207/luxury-liner-ss-united-states-cannot-be-put-back-in-service

Then this story
BBC To Deploy Detection Vans To Snoop On Internet Users
Posted by BeauHD on Saturday August 06, 2016 @09:30AM from the creepy-and-worrying dept.
https://mobile.slashdot.org/story/16/08/06/0414226/bbc-to-deploy-detection-vans-to-snoop-on-internet-users

Exposed a few stories earlier.
https://yro.slashdot.org/story/16/08/05/2154216/1000-us-spies-are-protecting-rio-olympics-says-report
Full story all comments expand: https://yro.slashdot.org/story/16/08/05/2154216/1000-us-spies-are-protecting-rio-olympics-says-report

That is why you have been getting Windows 10 ANNIVERSARY ads all day and night on Slashdot.
Windows 10 is United States Government spyware.

Re:ONLY 3 FBI STORIES SINCE EXPOSED YESTERDAY

Yes, this thread too. This was the honeypot social engineering thread that was too many clues to ignore.

https://yro.slashdot.org/story/16/08/05/0329246/popular-bittorrent-search-engine-site-torrentzeu-mysteriously-disappears
Expand all comments.

Especially this comment...
https://yro.slashdot.org/comments.pl?sid=9485881&cid=52651349

Many torrent sites are gone but many remain. This is the FBI on Slashdot pumping the public for info under the guise of Dice. It also explains why Microsoft threads are all day every day for months now. This is not a Microsoft friendly site. Well, except for the Microsoft PR teams that rally at the immediate posting of any Microsoft story lately. The entire top of the comments has been jibber jabber every time about how they can't believe Windows 10 is so easy to install and free.

happy-anniversary dept
insurmountable-challenges dept
creepy-and-worrying dept.

Re:ONLY 3 FBI STORIES SINCE EXPOSED YESTERDAY

More specifically, only THREE STORIES TOTAL since exposed. Slashdot is FBI.

Their domain registrar shows as Missouri for slashdot but slashdotmedia is San Diego.

Over the past few months there have been many different connections made while reading Slashdot, some of them multiple CA authorities. It has been posted directly in comments and each time modded down. It is a fact, and they modded it down.

symcd.com is one I can think of off the top of my head. Slashdot CA is GeoTrust Inc. Not Symantec or the others it connected to. It doesn't today however.

Re:ONLY 3 FBI STORIES SINCE EXPOSED YESTERDAY

https://yro.slashdot.org/comments.pl?sid=9485881&cid=52651539

Registry Registrant ID:
Registrant Name: Host Master
Registrant Organization: SourceForge Media, LLC
Registrant Street: 1660 Logan Avenue Suite A
Registrant City: San Diego
Registrant State/Province: CA
Registrant Postal Code: 92113
Registrant Country: US
Registrant Phone: +1.8584545900

It is not Tucows in Chesterfield, MO like it is preferred suddenly to state on WHOIS.

Somebody with an account chimed in about tin foil but that is just an idiot.

Serving griefers paying customer fodder

[Impy+the+Impiuos+Imp]

Reminds me of Ultima Online where locks on your house were useless against thief characters.

Why can't Chrysler figure out who accessed the DB?

Article is unclear. So which is it?

1) Thieves stole a copy of the VIN DB, so they don't need to log in to it.

2) Thieves look up VINs on Chrysler's DB, using an unauthorized user ID.

3) Thieves don't use VINs and just tell the car to use a different key via the ODB port.

If it's 2), Chrysler IT should easily be able to track down the unauthorized user ID(s) and cancel them.

Isn't this a solved problem?

[NotSoHeavyD3]

What I mean is with public/private key pairs the hard part (and why you can't totally be sure on a web site) is getting a valid certificate on your PC in the first place. (Which means it comes with the OS and then there's a chain of certs going back to the original one.) But in this case you'd think they'd just leave a port on the car and the fob, generate a pair of certificates one for the car and one for the fob and then download them over a wire to each one. (Then all the wireless communication could be secured via public/private keys.) I know I know, in theory it's a solved problem but they just messed it up instead of hiring somebody who's actually an expert in this.

Born and raised American

We got exactly the sort of government that we deserve.