Car Thieves Arrested After Using Laptop and Malware To Steal More Than 30 Jeeps

New submitter altnuc writes: Two thieves in Houston stole more than 30 Jeeps by using a laptop and a stolen database. The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked! The Wall Street Journal issued a report in July with more details about how hackers are able to steal cars with a laptop. The whole process takes roughly 6 minutes. CrimeStopHouston has posted a video on YouTube of one of the thieves in action.

I'm not a car guy

[rsilvergun]

but is there a reason it's so easy to reprogram the key fobs to start a car? I mean, my bloody credit card has a chip in it for Pete's sake and I got it free with my account. Heck my crummy bank card has one.

Re:I'm not a car guy

[Barny]

And those are probably just as easy to skim and duplicate.

Also, wasn't this done in an NCIS episode about 5 years ago? I mean, come on Jeep!

Re:I'm not a car guy

Incompetence. More secure systems program the car to the fob, not the other way around. Subaru for instance. The fobs are not re-programmable - the cars are.

Re:I'm not a car guy

Me & my wife are still practicing efficient typing on one keyboard. Maybe one day...

Re:I'm not a car guy

[flyingfsck]

When key broke, it took the dealer a week to update their Windows PC, get the proper software and program a new key, so I guess a thief could really do it in about 5 seconds...

Re:I'm not a car guy

[ArchieBunker]

Neither of you have a clue what you're talking about. They started doing rolling codes now but the list isn't that great so you can still brute force things with an HackRF. And no those keyfobs aren't easy to program or clone. Do you know the most popular stolen car is still 90s Hondas? Rarely do newer cars get stolen anymore. Now its all about factory wheels that cost $2k each to replace.

Re:I'm not a car guy

[lucm]

It's called Peer Firewalling, it's the latest trend in cybersecurity. One adds the firewall rules, the other handles the "firewall-cmd --reload" calls.

Re:I'm not a car guy

[mjwx]

but is there a reason it's so easy to reprogram the key fobs to start a car? I mean, my bloody credit card has a chip in it for Pete's sake and I got it free with my account. Heck my crummy bank card has one.

Usually they aren't. What they're doing here is essentially cloning key fob's from a master.

If you lose all your keys, the only way to replace them is to replace the entire locking system as you cant clone keys from the system in the car. It's a bit like PKI, the car contains the public key, the fob contains the private key.

Of course this is Fiat-Chrysler we're talking about here, so the security is likely to be designed by drunken monkeys.

Re:I'm not a car guy

[pcjabber]

The fobs are not re-programmable - the cars are.

The factory-supplied fobs aren't reprogrammable, but that doesn't mean you can't buy other types of RFID fobs that could be cloned from the official manufacturer fob.

In general, if it communicates wirelessly, there is ALWAYS a way to eavesdrop/snoop & then clone or spoof the transmissions. (Might take more time than it's worth, depending on encryption (etc), but it is theoretically possible.)

Re:I'm not a car guy

[maeka]

Do you know the most popular stolen car is still 90s Hondas? Rarely do newer cars get stolen anymore.

90's Hondas weren't the most popular car to steal in the 90's. You're confusing the stolen car market (parts) with ease of theft. New cars aren't stolen at the same rate as older cars not because they are harder to steal, but because there demand isn't there for their parts.

Honda always tops the list not because Hondas are easier to steal, but because they are ubiquitous (thus probability is in their favor when it comes to the joyride market) and because the black market for parts (organized theft) needs more Honda parts than Mercedes.

Re:I'm not a car guy

[ChumpusRex2003]

I don't know what the current auto security tech is, but proper PKI was shunned for a long time. Possibly for reasons of key battery life, or silicon IP costs.

I wouldn't be surprised if current systems are using techniques like HMAC, where both the car and the key use a pre-shared key. In this case, the factory keeps a copy of the database matching VINs to private keys. This allows a dealer or authorized locksmith to either order a new pre-programmed key from the factory, or possibly request the key for field programming a new key. Of course, if that database gets compromised....

If a proper PKI system was used, then it would be possible to program the car to a new fob, by having the fob transmit its public key to the car, and having the car add it to the authorization database.

Re:I'm not a car guy

[Lumpy]

To make dealerships more money.

BMW makes 10 keys for your car when it's made. when you lose all 10 keys, the dealership is required to point and laugh at you while live streaming to youtube.

It takes a few days for the key to arrive for your car, It's part of the punishment for being a dimwit and losing all your sets of keys.... because your car was sold with 3 freaking sets.

Note: if you buy a used bmw and they dont hand you all 3 sets, the previous owners are scumbags, or the dealership is a scumbag. They "found" my extra 2 sets when I said.. "nope, no deal. I dont want to buy a car that someone else has a key to."

Suddenly the dealer found the other set and the valet key.

Re:I'm not a car guy

[Bing+Tsher+E]

Now its all about factory wheels that cost $2k each to replace.

Car culture sucks.

Re:I'm not a car guy

I thought everybody associated with BMWs was a scumbag.

Re:I'm not a car guy

[Registered+Coward+v2]

but is there a reason it's so easy to reprogram the key fobs to start a car?

People lose keys, keys break, and non-replaceable batteries die.

Re:I'm not a car guy

[drinkypoo]

90's Hondas weren't the most popular car to steal in the 90's.

Earlier Hondas have always been popular targets for theft, and yes, they are easy to steal. They don't have immobilizers or really any other anti-theft equipment and they're very easy to get into physically.

Re:I'm not a car guy

[gweihir]

Yes, there is a reason: It costs money to make them more secure! And since management bonuses are more important than having a good product, you can imagine how that decision went. It is something you run into time and again in the security-space: Management deciding on cheaper-than-possible solutions that do not get the job done anymore in order to safe money that then goes to them. Just think of the Takata Airbag Recalls, the problems with car doors opening, the problems with borked ignition, etc. All of these are minor savings, but the non-engineer idiots in charge want these as they improve the quarterly results.

Unless we get personal civil and criminal accountability for such bad management decisions, nothing is going to change. Of course, a small part of these decisions are honest mistakes. In this case it is necessary to establish whether due diligence was followed (e.g. were independent experts consulted if the situation was not clear and the item was obviously safety/security-critical). But most will be due to decisions made to save a penny where it was pretty obviously not a good idea to do so or cases were non-expert management made a technical decision that should have been made by an expert.

Re:I'm not a car guy

[maeka]

If you'll kindly notice, from your own link, the model years being stolen always lag by a decade or more what' current. Exactly as I said.

Re:I'm not a car guy

[sudon't]

The reason it's easy, is that they make it easy for dealers and service technicians to reprogram the fobs. Had you RTFA, you wouldn't have had to ask.

Re:I'm not a car guy

[BarbaraHudson]

This is neither new, nor restricted to jeeps. Even premium brands such as BMW are just as vulnerable.

Re: I'm not a car guy

[dgatwood]

It's actually very different. Most car thieves can't physically carry around the $10k+ worth of specialized equipment needed to cut a mechanical key (and I'm assuming that it is even possible to get a single cutter that will cut them all, such that you don't need one of those $10k cutters plus five or six different kinds of $5k cutters).

Re:I'm not a car guy

[dgatwood]

The reality is that people rarely have zero sets of keys. Usually, they lose one and need to replace that one set. As a result, in the more common case, the design where you add the set of keys to the car is much simpler for dealers than one that involves reprogramming the keys with specialized hardware. The process is something like: put the old key in, turn the car on with it, push a button on the new fob, turn it back off and back on, push a button on the new fob, repeat n times. No hardware needed, no knowledge of how to program the key, no special database. The fobs are just standard, off-the-shelf devices, and any random person in the garage can do the work with five minutes of training and no need for any sort of security clearance.

That's why most systems that are designed by sane people work the other way. The fob has a fixed digital key, and you turn the physical key several times in a row to put the ECU in a programming mode, after which time it will accept codes from the next fob that tries to talk to it. To steal those cars, you would have to have a key cutter and know how to put the ECU into programming mode (and on newer vehicles, you would also need one functioning fob to put it into reprogramming mode, without which the car would fail to detect the chip in the key and would either refuse to start the car or would refuse to put the ECU into programming mode even if it did decide to start and run for a short period of time).

Granted, with those designs, in the rare situation where you have no keys, you usually have to physically replace the ECU, though in some cases it is possible to force the ECU into programming mode using vehicle-specific OBD-II magic. Either way, this is the right approach, because it minimizes the risk of theft, is easier to reprogram in the common case, and is only marginally more painful in one rare edge case.

Re: I'm not a car guy

[Hylandr]

Mocking valid points will not alter the reality of America's almost third-world status of it's infrastructure.

We lag in bandwidth, repair of our roads, bridges, rail systems, water management, most of our ISP's have data caps now despite 'net neutrality' etc.

Though we do lead the world in military spending and the number of people in jail by several orders of magnitude.

The real shitter? We have the power to change it, but instead allow ourselves to be distracted and led around by the entertainment industry.

Re:I'm not a car guy

[sjames]

They just have it back to front. The thieves are reprogramming the car to accept the fob they have, not the other way around.

Re:I'm not a car guy

[Lumpy]

That's AUDI .. Your thinking is from the 1990's. This is the 2010's and this decade it's Audi.

Re:I'm not a car guy

[ls671]

Of course this is Fiat-Chrysler we're talking about here, so the security is likely to be designed by drunken monkeys.

Are they related to the 12 monkeys?

Re:I'm not a car guy

[mjwx]

Because you're AMERICAN, that's why.

Actually I'm Australian.

And I did it because I like antagonising Grammar Nazi's.

Re:I'm not a car guy

[mjwx]

If a proper PKI system was used, then it would be possible to program the car to a new fob, by having the fob transmit its public key to the car, and having the car add it to the authorization database.

The locks in the car are read only for obvious reasons. Its not exactly like PKI, it's just the best analogy. All the security is in the key, not the car. Keys are actually pretty easy to clone if you've got the original, however the equipment needed to do this is heavy (starting with a workbench and a vice) as well as the fact that if a thief gets their hands on the original key, why not just use that to steal the car?

Re:I'm not a car guy

[drinkypoo]

If you'll kindly notice, from your own link, the model years being stolen always lag by a decade or more what' current. Exactly as I said.

That's not the point. The point is that parts for many other vehicles are even more valuable, but Hondas are stolen more because it's easier.

Re:I'm not a car guy

[drinkypoo]

You could jack Beamers and H3s but the kind of people that drive those car's don't take them to "Sal's Trusty Autoshop" to be repaired out of warranty with "refurb" parts.

You are wrong, and I have the complete service history on an Audi A8 Quattro with four and a half thousand dollars' worth of optional extras to prove it. The prior owner repeatedly sourced his own parts on eBay and took them in to shops to have them installed. If only you had some idea of what you were talking about, you might have something worth logging in and posting.

Why lock the car?

[Snotnose]

The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked!

They're duplicating the key fob. If it's good enough to start the car it's good enough to unlock the damned thing.
Even better, the VIN is easily readable from outside the car. This whole thing smacks of TSA level security. That is, look like you're doing something while creating a bottleneck, when in reality all you're doing is creating a bottleneck.

Re:Why lock the car?

[invictusvoyd]

Back to the good old chain and padlock .

Re:Why lock the car?

[Yvan256]

https://www.youtube.com/watch?...

Re:Why lock the car?

[PPH]

Even better, the VIN is easily readable from outside the car.

Damned if I don't 'accidentally' always throw a roadmap* up on the dashboard, right on top of the VIN plate.

*Get off my lawn!

Re:Why lock the car?

[Joe_Dragon]

the club

Re:Why lock the car?

I love the club. It's like a free prybar to crack the wheel lock. 5 seconds with a junior hacksaw and you're through the wheel. Throw away the club, hotwire/screwdriver the ignition, and drive off.

Well, that's what the thieves tell me, anyways.

Re:Why lock the car?

[the_Bionic_lemming]

You are aware that's not the only place the vin is right?

Re:Why lock the car?

[flyingfsck]

A chain also has other uses, apart from properly securing the steering wheel to the seat of a car. I once chased off five youths with it. The improbable sight of a big bearded guy in a black leather jacket getting out of his car with a heavy chain in his hand, made them change their minds very swiftly.

Re:Why lock the car?

[flyingfsck]

Good idea, but who these days has a road map?

Re:Why lock the car?

[Cigamit]

My 2015 Jeep Renegade is completely operated by the FOB. You just walk up to the door with the FOB in your pocket, put your hand on the door handle (there is a tiny button there) and it unlocks.

One thing to note, it makes it impossible to lock your key in the car, since it will sense it nearby and allow you to unlock it just by pressing that button again.

Re: Why lock the car?

[Frosty+Piss]

Visible from the OUTSIDE? Or are you suggesting car thieves will get underneath and find the VIN on the rear axle?

Re: Why lock the car?

[OrangeTide]

oops, I dropped my wallet, I'll just be a second down here to pick it up. *wink*

Re:Why lock the car?

[lucm]

the purpose of the club is not to prevent theft, it's to make other cars that have no clubs more enticing for potential joyride-type thieves. Ot's like having a rottweiler in your backyard; people who badly want your Faberge eggs collection will deal with it, but junkies looking for pawnable items will skip your house.

Re:Why lock the car?

[lucm]

The improbable sight of a big bearded guy in a black leather jacket getting out of his car with a heavy chain in his hand, made them change their minds very swiftly.

I guess they were not into the bear and cub thing

Re: Why lock the car?

[LanceMcGrath]

I've got a 2011 Audi, and the feature that prevents you from locking the key inside is slightly better than that - it won't lock in the first place, because it knows the key is inside the vehicle.

Re:Why lock the car?

[Zontar+The+Mindless]

The last time I was in the States, I bought a Rand McNally road atlas for $15.

Out on America's glorious Interstate Highways, it can be a long way between cheap coffee/free wifi stations (I think you lot call them "McDonalds", yes?), and when you're hiring a car those on-dash GPS things cost extra--about $15/day.

Re: Why lock the car?

[Mashiki]

Visible from the OUTSIDE? Or are you suggesting car thieves will get underneath and find the VIN on the rear axle?

What? Guess you're new to this. Since ~2005 the vehicles VIN is on everything from windows to door panels to rims and rocker panels. Some of them even have the vin on taillights and headlamp housings. If you know the vehicle you can etch the vin out in 5 seconds using paper and a chunk of charcoal and no one would be the wiser.

Re: Why lock the car?

[gnasher719]

Heard a story of a friend of a friend who borrowed his car to a friend, who drove off without the key (the guy with the key in his pocket stood right besides the car); 100 miles later he filled the borrowed car up at petrol station and couldn't start the car again because he didn't have the key...

Re: Why lock the car?

Actually we are suggesting that most all car thieves won't have a stolen database with which to lookup the vin in to get the needed fob rolling code seed.

The vin alone isn't going to help you at all.

Re:Why lock the car?

[SimonInOz]

But once they have stolen it they then have - a Jeep.

What are they going to do with it? Surely nobody sane actually buys those things?

No, wait. There are apparently people in that country that actually plan to vote for a orange flavoured lunatic.
Forget what I said.

Re:Why lock the car?

[Duhavid]

In the days of my youth, I bought a club and used it on my pickup.
I went to a friend's house, the friend had some friends of, shall we say, ill repute.
My friend told me not to bother with the club, it was not effective.  I disputed, he said, "Ok...".
We went into the house, then back out a short time later.  My friend "I told you so...".
There was the club, sitting on the seat, no damage to the steering wheel, none to the club.
The club was still locked, and, as far as I could tell, just as it was when I put it on while discussing it's goodness.

Re:Why lock the car?

[Ol+Olsoc]

But once they have stolen it they then have - a Jeep.

I didn't know that Slashdot has the Ferd vs Chivvy crowd!

What are they going to do with it? Surely nobody sane actually buys those things?

Only in my area. Seems that Jeeps are maybe 1 out of every 4 vehicles. There's a reason for that. They have a marked tendency to simply go. Our weather is unpredictable, and as the typical weather changes, we have gone from snowstorms to ice storms. They are sure footed enough that they even got my wife to drive in the nasty weather, when at one time a threat of snow got me called out to pick her up. If you don't like one, don't buy one. I'm on my third, and put a couple hundred thousand miles on them before getting rid of them.

No, wait. There are apparently people in that country that actually plan to vote for a orange flavoured lunatic.

You're a touch smug aren't you? Well, your conflating Jeep ownership with being a Trump supporter only shows you are operating with the same sort of pre-judgement of people as BillyBob Smith putting on his Grand Dragon robe, gonna burn a cross tonight outlook.

Forget what I said.

Forgotten, just like a fart in a pigsty.

Re:Why lock the car?

[BarbaraHudson]

The club only seems to work as a deterrent because only people driving shitboxes use them. Nobody wants to steal you Chrysler Omni or AMC Pacer.

Re:Why lock the car?

[mysidia]

Even better, the VIN is easily readable from outside the car.

So lock your car, put a piece of paper on top of the dash so it covers the VIN completely, paint/tape over VIN number on underside,
and conceal VIN number in all locations where it's visible without opening the car first.

Put in LoJack and a car alarm with a long-distance notification and control features.

Re:Why lock the car?

[mysidia]

If you REALLY want an effective deterrent, then get a lockable wheel clamp that you install on the front right or front left tire (Or Both), and stops the vehicle from being driven.

Also, if a thief is trying to defeat your wheel clamp, they will be in plain sight in the parking lot or public street....

Re:Why lock the car?

[Archfeld]

The steering wheel is by design not a secure location to attach to, it is by intent supposed to fold so you don't die by getting impaled. A better security point is the break petal. It is by design supposed to stand up to a severe crash.

Re:Why lock the car?

[lucm]

Old shit cars get stolen all the time. Not because the thieves wil get a fortune out of it or because they're on special order from foreign billionaires. They get stolen because they're easy to steal and/or can be useful in the commission of other crimes.

There's this guy who specializes in insurance scams. Lets say you're stuck with a lease on a Prius that you'd love to get rid of, and you just can't find a moron to take it. For $250 that guy will steal an old Pontiac Sunbird or some other piece of garbage, and will ram it in your Prius in a way that ensures it's totaled. Problem solved. If there's two Sunbirds side by side, and one of them has a club, guess which one he's going to steal.

Re:Why lock the car?

[stephanruby]

Chrysler/Jeep owners should always make sure their vehicles are locked!

This sounds like the response of first level support person.

"Hello, my car was stolen. It looks like they had the key to get in and start the car."

"I'm so sorry to hear that. In the future, Chrysler recommends that you lock your car."

"But my car was locked, that's my point! I am not the only one. You guys need to do a recall to fix this security issue. Or reimburse the cost of people's car. "

"I understand you're upset. But Chrysler/Jeep can not be responsible when owners don't lock up their car."

Re:Why lock the car?

[stephanruby]

Damned if I don't 'accidentally' always throw a roadmap* up on the dashboard, right on top of the VIN plate.

*Get off my lawn!

Cool! Another idiot tourist! Tourists always leave valuables in their car. Let's break the window.

Re:Why lock the car?

[SimonInOz]

What? You have a special pigsty to fart in? - Americans think of everything, I'm impressed.

Re:Why lock the car?

[ls671]

Which are the other spots readable by silent helicopters (and sat...)?

Re:Why lock the car?

[Ol+Olsoc]

What? You have a special pigsty to fart in? - Americans think of everything, I'm impressed.

You really need to try harder. The only thing worse than being witty is not being witty.

Re:Why lock the car?

[SimonInOz]

If you are going to quote great people from my (ex)home country, please get it right ...

"There is only one thing in life worse than being talked about, and that is not being talked about." Oscar Wilde

Maybe this is what our non-friend Trump, serial liar, murderer of language, is going for. He is certainly getting talked about. It saddens me that the great country of USA, 350 million people or so, can only come up with Trump and Hillary. I mean really, is that the best you can do?

You have astonishing folk - Elon Musk, Bernie Sanders even, Bill Gates (maybe), Steve Jobs,Susan B. Anthony, Washington, Nader, Fermi - the list is long and impressive (ok, I admit most of those are dead, history is a bit like that).

America, you need to do better!

Re: Why lock the car?

[stoatwblr]

No FOAF here. It happened to a close friend of mine - for some reason her daughter had the fob when dropped off at school.

Shortly after this event (her husband was a marketing VP at Renault), Renault cars acquired a dashboard telltale warning of the fob moving out of the vehicle whilst running.

Re:Why lock the car?

[stoatwblr]

My experience of jeeps is that they're usually the cars beached or rolled on the side of the road during snowstorms, or stranded at the side of the road on steep hills whilst I drive past in my lightweight french FWD rustbucket with chains fitted.

People seem to think that 4WD means that the steering or braking works better than other cars.

Welcome to the future

[suso]

Next year, the thieves will start up the car and drive it by remote and autonomous drive from their laptop. Good thing its a bit trickier to remotely refuel.

Re:Welcome to the future

[flyingfsck]

Tesla already has an auto plug in charger, so your future has arrived already.

Re:Welcome to the future

[Required+Snark]

When IoT fully arrives not only will you loose your car, all the belongings in your house will be up for grabs.

There will be no way to avoid this by sticking with "real hardware" technology like mechanical locks and keys. In the same way that that all credit cards will be chipped along with all passports, you will ultimately be required to have your house/apartment hooked to the internet to get insurance. This will be justified due to fire sensors that automatically call the fire department. Part of the installation will also unlock all doors and windows to insure that anyone trapped inside will be able to escape.

It sounds reasonable up to a point, but it's obvious that the police and government are already drooling over the possibility that no one will be able to secure their physical space. It will be justified in terms of "terrorists" and "home invasion", but the real motivation is so they can infiltrate anybody at any time. The lack of constitutional protections for communications will be extended into real life.

When Orwell wrote 1984 he was being optimistic.

Black Ops by TMBG

Black ops, Black ops

A holiday for secret cops

Black ops, Black ops

Dropping presents from the helicopter

It's been a long year

We've been so far from home

Too many people here

Here come the drones

We take the best of it

And make a mess of it

Ripping up some lawn

And then we're gone

Re:Welcome to the future

[93+Escort+Wagon]

Next year, the thieves will start up the car and drive it by remote and autonomous drive from their laptop.

Just park it near a white semi trailer - the car will never make it to the thieves.

How will locking the car help?

[Streetlight]

I'm not sure locking the car will make any difference. My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

Re:How will locking the car help?

[Feral+Nerd]

I'm not sure locking the car will make any difference. My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

I'm still looking forward to the day when I'll be able to pull this prank:

http://xkcd.com/1559/

With self driving cars one would not have to hack the ignition or even need a rock. If you can hack the autopilot in these things you don't even have to drive the car to the chop shop or even come close enough to drop a rock in the driver's seat. You just have to hack the car's autopilot from a safe distance, disable the trackers and tell the thing where to go. I'm sure there will be a complete malware package for this compete with side-loaded Android app. Joining the classic car club and buying an old completely analog car is beginning to have a certain appeal.

Re:How will locking the car help?

[AntronArgaiv]

I'm not sure locking the car will make any difference. My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

Sure as heck won't make a bit of difference with my soft top JK Wrangler.

Re:How will locking the car help?

[NormalVisual]

My guess is they can hack into the electronic ignition they can hack into the electronic door locks as well.

And if not, there aren't many cars that a brick won't unlock.

Re:How will locking the car help?

[Streetlight]

You mentioned chop shop. I was wondering if the parts of a new Jeep would be saleable soon after stealing unless they work on old Jeeps because new ones shouldn't need new parts. Then again, these are Jeeps. Someone once said that you need two Jeeps: one to drive while the other is in the shop for repairs. Of course the stolen cars could be shipped whole to someplace like Cuba where VINs are not too important.

The obvious flaw in their plan

[the_other_one]

Trying to make a getaway driving 15 cars each.

Smart key for ignition, not access.

[Archfeld]

The programming on the key has nothing to do with the door locks, but everything to do with starting the car. You have to insert the key into the door to unlock it, while mere possession of the smart key allows the car to be started. Admittedly basing the smart key code on the readily visible VIN is short-sighted and foolish, the act of locking your car up will at least prevent the casual access.

Re:Smart key for ignition, not access.

[the_Bionic_lemming]

My mom's 2015 jeep cherokee latitude doesn't have key locks.

If you have the fob, you can just open the door.

and before you accuse me of living in a basement, make sure to note my account number.

Two extra things that suck about her jeep? 9 recalls to update the transmission software, and the third party radio won't let her get the latest maps for the gps - and it's the second radio.

Stay away from Jeep tech, it's crappy and buggy.

Re:Smart key for ignition, not access.

[the_Bionic_lemming]

Forgot to mention, I have a 2006 jeep wrangler, bought it new, and that's that's the last vehicle that I will ever buy new. The next car I'm buying is from here.

http://www.volocars.com/

Re:Smart key for ignition, not access.

[Lakitu]

This is patently false on many new Jeeps, and probably false on most new cars. What car manufactured in the last 10 years doesn't have remote door unlocks? How many of those don't have an option for remote starting? Jeep even has an app for remote starting. Seriously, inserting a key into the door to unlock it? That's 1990s technology.

Jeep Grand Cherokees have "smart key" like you describe which will allow for unlocking the door based on proximity alone, all you need is to have a key within x distance and place your hand on the doorhandle as if you were about to open it in order for it to unlock. If thieves are reproducing or reprogramming key fobs somewhere then whether the door is locked or not is irrelevant.

One of the links talks about thieves who enter unlocked cars and attach a laptop to an interior electronics port, which they then use to start the car, which is the only indication that locking it may be helpful. I would have to guess that they reproduce a new key somehow after it has been stolen.

Re:Smart key for ignition, not access.

This is patently false on many new Jeeps, and probably false on most new cars. What car manufactured in the last 10 years doesn't have remote door unlocks? How many of those don't have an option for remote starting? Jeep even has an app for remote starting. Seriously, inserting a key into the door to unlock it? That's 1990s technology.

My 2015 Jeep Patriot has manual door locks and windows. I prefer it this way so I can exit the vehicle in the event of a battery failure or an interruption with the electrical system any time. By the way, it has a manual transmission which I am told is a millennial anti-theft device.

Re:Smart key for ignition, not access.

[AK+Marc]

My car and the wife's car both use the smart key for unlocking, as well as starting. There are backup physical keys, but so long as the battery in the car and the battery in the key are good, you don't ever use the physical key.

Admittedly basing the smart key code on the readily visible VIN is short-sighted and foolish, the act of locking your car up will at least prevent the casual access.

I had the keys in my car start to fail. It was a 40 year old sports car. The keys were worn, and they were copies of copies. They were failing sometimes. I called the dealer. They said they couldn't give original keys for the car. I found a place in Australia that cuts keys to factory specs, from a picture of the key. They extrapolate wear and make a "new" key based on the assumed original key pattern. After doing that, I later broke my glove-box lock. It was a convertable spots car, so the glove box had a key lock, matched to the doors. I went to the dealer and ordered a replacement full-cost glove-box lock. It was made and shipped in Germany and came 6 weeks later. Put in the glove box lock, and it was keyed to the car. It also came with 2 spares. Those spares would open all the doors and start the car. So linking the key to the VIN is common, even if not the best idea. My current car, the dealer claims they don't know the key for. If you lose both keys at the same time (so they can't re-key) the only way to get a new key is re-program the computer (super expensive).

Re:Smart key for ignition, not access.

[flyingfsck]

Oh, I thought you'll just program a key fob for another Jeep...

Re:Smart key for ignition, not access.

[flyingfsck]

You don't need to open a door or a window to get in or out of a rag top...

Re:Smart key for ignition, not access.

[Lumpy]

"and before you accuse me of living in a basement, make sure to note my account number."

How cute, 6 digit UID and you think you are an "old timer here"

Re:Smart key for ignition, not access.

[drinkypoo]

Stay away from Jeep tech, it's crappy and buggy.

It's Fiat tech. Marchionne is running FCA like it was Fiat, which means he's running it into the ground. He's responsible for retarded shifters that kill people. He's responsible for Dodge selling a full-size van with front wheel drive. Guess what? It's called the Fiat Ducato in other markets and nobody wants them.* They are unremitting pieces of garbage. He's responsible for Jeep going keyless. It's all meant to modernize it and bring the brand into this century. The problem is, what people liked about it was that it wasn't. They expected reliability and he's giving them tinsel and trash.

* Dodge vans only a year old are going for $15k. As it turns out, we actually use our rear wheel drive going up hills and towing in this country, and the Ducato will do neither. A ten-year-old sprinter is literally worth more than a one-year-old Ducato.

Re:Smart key for ignition, not access.

[NormalVisual]

My mom's 2015 jeep cherokee latitude doesn't have key locks. If you have the fob, you can just open the door.

Assuming the car has power. Earlier this year I had to replace a corroded battery cable, and a lack of key locks would have made that a bit more challenging.

Re:Smart key for ignition, not access.

[mysidia]

Vehicles without wireless starting, wireless key-entry, and non-mechanical driver controls are best, But
engine immobilizer with chip in the key is a good idea, As long as the programming procedure is physically secured.
No reason you shouldn't be able to require an actual key exchange during programming requiring physical access: instead of having keys programmable based on information in some database.

UID number isn't everything. I've been on Slashdot since 1997.
There hasn't always been this new-fangled user account system, and hasn't always been "cool to register".
You just typed your name: that is what I was accustomed to.. many of us were reluctant to register due to privacy concerns and simply started posting as Anonymous, or took a few years SlashVacation from commenting.

Re:Smart key for ignition, not access.

[washort]

There's a lot of cute people around here. ;-)

Re:Smart key for ignition, not access.

[Archfeld]

My Jeep has a smart fob for an ignition key and remote access but the key is still cut for manual door locks. I didn't get auto locks or windows or such. I agree that their security is less than great but I love the performance in the desert and with the soft top I've never really depended on the locks to keep folks out, that is what the garage and insurance is for.
Comparing account numbers is a silly exercise in a place like this :)

Re:Smart key for ignition, not access.

[Duhavid]

"Even if locked, opening the door via the interior door latch WILL unlock the door."

Depends on the car.
My Fords did this great.  BMW's have a pull twice thing ( first pull unlocks, second pull opens )
GM, I have not owned any recent ones, but my recollection is that they dont open unless you unlock using the inside thingy to unlock.

Re:Smart key for ignition, not access.

[Lumpy]

Sure break out that 4 digit...

Show Off.

Re:Smart key for ignition, not access.

[ls671]

"and before you accuse me of living in a basement, make sure to note my account number."

That doesn't prove anything. You might have stolen your father credentials like I used to.

Re:Smart key for ignition, not access.

[drinkypoo]

Assuming the car has power. Earlier this year I had to replace a corroded battery cable, and a lack of key locks would have made that a bit more challenging.

A bit, but not much. You just use a jumper cable to bring power to the hot terminal on either the alternator or the starter.

Re:Smart key for ignition, not access.

[NormalVisual]

You just use a jumper cable to bring power to the hot terminal on either the alternator or the starter.

If you can get the hood open. Not all hoods are easy to unlatch from the outside to get to the alternator, and plenty of starters are mounted such that you can't get cables on them. On my truck's starter, it has to come completely out in order to reach the terminals.

Re:Smart key for ignition, not access.

[stoatwblr]

Normally I'd say this was FIAT's legendary reliability(*), but the reality is that they've sorted their technical and mechanical issues a long time ago.

This is 100% on Chrysler and is more or less the same reason that Daimler got shot of them (the daimler-chrysler merger did nasty things to Mercedes reliability)

(*) Italian - looks good, handles badly, dies quickly.

Re:Smart key for ignition, not access.

[stoatwblr]

"parked in public places (carparks, street parking, etc"

They have _a_ key lock. You just have to know where to look for it.

Re:Smart key for ignition, not access.

[drinkypoo]

You just use a jumper cable to bring power to the hot terminal on either the alternator or the starter.

If you can get the hood open. Not all hoods are easy to unlatch from the outside to get to the alternator, and plenty of starters are mounted such that you can't get cables on them.

I have yet to see a vehicle where you can't access one or the other from below. On my A8 I can access both, plus the frame rail-mounted positive terminal (the battery is in the trunk.)

Re:Smart key for ignition, not access.

[NormalVisual]

Can't do it on my truck ('02 GMC Sierra) unless you have REALLY long arms, but I have key locks so it wouldn't be a problem. In contrast, on my old '86 Silverado I could do practically anything from underneath. I could replace both the water pump and fuel pump together in less than 10 minutes.

Re:Smart key for ignition, not access.

[synaptik]

I know, right?

Re:Is that link a honeypot BurEAU HD? FBI head?!

[Yvan256]

Slashdot is the mother fuckin FBI

Is it really?

What good does locking the door do?

[damn_registrars]

Doesn't the fob unlock the door as well? The standard place for a VIN is under the wind shield; hence any car parked in the open could be a target as someone could easily walk by and snap a picture of the vin through the wind shield with their phone while walking by and nobody would think of it as odd. You won't be doing yourself any good to lock your car if that is the case.

Besides, if they are stealing Wranglers the parts are so easily obtainable that a broken window is trivially easy to replace. Maybe Grand Cherokees are slightly more difficult to obtain quickly but likely not by much.

Re:What good does locking the door do?

[Solandri]

If you watch the video, the procedure is to:

• Open the door and get in (either the car is unlocked, or they break in triggering the alarm).
• Plug the laptop into the OBD port. Command the alarm to turn off (if it was triggered).
• Reprogram the car to accept a new keyfob.
• Once that's done, the car recognizes your keyfob as its owner, and allows you to start the car and drive off.

So the new keyfob can't be paired until after the thief is inside the vehicle.

There're a lot of ways the manufacturer could've made this harder. But I've been arguing for two decades now that there should be a physical jumper or toggle switch on computers which you should have to flip in order to be able to change files in the system folder/partition. With it flipped to the default state, system files should be read-only (write logfiles somewhere else). That hasn't happened yet and systems are still getting rooted left and right, so I really don't think computer folks have much grounds for criticism.

Re:What good does locking the door do?

[Ungrounded+Lightning]

Open the door and get in (either the car is unlocked, or they break in triggering the alarm).
Plug the laptop into the OBD port. Command the alarm to turn off (if it was triggered).

Can you get to the onboard bus by popping off a mirror and plugging into its remote-tilt wiring?

How about cracking in via bugs in the radio stack for the tire pressure sensors?

Re:What good does locking the door do?

[AmiMoJo]

There was a similar flaw in BMWs a few years ago. You could break the drivers side corner window, reach in and connect to the OBD-II port without triggering the alarm.

To secure your car...

[fustakrakich]

Remove the rotor from the distributor... or you can always put a banana in the tailpipe

Re: To secure your car...

[flyingfsck]

You may be onto something. If you fill the car with junk so it looks like a homeless den, then it probably won't get stolen either.

Re: To secure your car...

[epyT-R]

Good idea. It'll be perfectly secure as long as you never drive anywhere.

Re:To secure your car...

[SeaFox]

Remove the rotor from the distributor... or you can always put a banana in the tailpipe

How many cars do you think still have mechanical distributors now?

Re: To secure your car...

[Type44Q]

Potato. Tailpipes are generally too large for bananas; it'd be like Danny Devito trying to give anal pleasure to Andre the Giant...

Re:To secure your car...

[OrangeTide]

I never leave my car.

Re:To secure your car...

[Rei]

I've often been tempted, rather than fitting a locking gas cap to my pickup that gas thieves have several times stolen from, to replumb it so that I fuel it from behind the plastic paneling in the bed, while the normal fueling port leads to something that will ruin their engine.

I recently did the next best thing. I discovered that they like to nab gas cans after they stole three of them (and my toolbox) out of the back of my pickup when I stepped out to pick up my father while preparing for a trip. So I offered them a "bait" can (they took it the same evening I put it out). Oh, sure, the *top* two liters in the can were gasoline.... but the bottom two liters were hydrochloric acid. I considered sodium silicate instead of HCl, but I figured this would do the job even better, since even the fumes will aggressively rust steel. ;) Maybe I should have tried adding some surfactants to try to make the two liquids miscible, so that the engine would never flood and they'd run the whole acid load through the engine. But meh, this is probably good enough even if it does flood ;)

Re:To secure your car...

[KiloByte]

The best solution is a manual transmission. So few people know how to drive them now they're practically magic.

I haven't been in an automatic one in my life, so your estimate is off. Poland.

Re: To secure your car...

[TimeTraveler1884]

WTF did I just read?

You wouldn't understand. It's a Jeep thing.

Re:To secure your car...

[AndroSyn]

Uhh have you ever heard of this thing called ignition coils on plug? Basically the ignition coil is on top of the spark plug itself, with low voltage wires going to the coil.

I'm not sure there has been a car made with a mechanical distributor made in the past 25+ years?

I will now remove myself from your lawn.

Re:To secure your car...

[drinkypoo]

I'm not sure there has been a car made with a mechanical distributor made in the past 25+ years?

I assure you that they have. While coil-on-plug has been around since the late eighties, it didn't really become mainstream until about 2000. In between the eighties (when everything had a distributor) and now (when COP is fairly common) most vehicles had a "waste spark" system, with one remote ignition coil shared between each pair of "opposing" (in the firing order, not necessarily physically opposed) cylinders. They're called waste spark because both spark plugs are always connected to the coil, so the engine is wasting a spark during the exhaust phase of the other cylinder which accomplishes literally nothing except maybe make your spark plug wear out infinitesimally quicker.

The 1993 Audi V8 had two distributors, one per head. In 1994 it was replaced by the A8, which used the same engine with a new oil cooler, intake manifold... and ignition system using COP. We've got a 2000 Astro which has a 4.3 liter Vortec V6 which uses a distributor, I'm pretty sure that continued to be true through 03 or 04, whenever they dropped it.

Re: To secure your car...

[ELCouz]

Like this ? ---> http://3.bp.blogspot.com/_8n5K... http://www.autoblog.com/2007/0...

Re:To secure your car...

[stephanruby]

I never leave my car.

Yes, the good old standby unemployed homeless hermit strategy.

Re: To secure your car...

[stephanruby]

or, you know, park it in your garage if you have one instead of filling it with junk.

And when you need to get back and forth to work, just use Uber/Lyft. Thankfully, Houston is not in some third world country where those aren't an option.

Re:To secure your car...

[KiloByte]

Sorry to let you such disturbing news, but there is a world outside the USA. Here, automatic transmission is derided akin to training wheels on a bicycle, and every armchair engineer will tell you how much worse acceleration you get with auto.

Brake pedal lock

[RightwingNutjob]

Old school. But effective.

Re:Brake pedal lock

[RightwingNutjob]

Hard to get any paperwork filed when you're so stoned out of your mind that you can't tell a brake pedal lock that locks around the brake pedal from a steering wheel lock that locks around the steering wheel.

I sure hope

[clonehappy]

My 1991 Cadillac DeVille isn't susceptible to this sophisticated hack!

Re: I sure hope

[Type44Q]

Hell, I bet that p.o.s. even has throttle-body fuel injection... God, I fucking HATE Cattlecrack...

Re:I sure hope

[OrangeTide]

I think that one you can start using a screwdriver and turning really hard.

Re:I sure hope

[OrangeTide]

Seems like a good way to create a lot of witnesses.

Re:obligatory

[93+Escort+Wagon]

You wouldn't download a baby!

Lock my Chrysler?

[No+Longer+an+AC]

"Chrysler/Jeep owners should always make sure their vehicles are locked!" And other people shouldn't?

As a Chrysler owner who has lived in Houston, I thought the advice was to never lock your car. They'll just stick a knife through the convertible top.

It has happened to me before. The alarm still went off though. It costs more to replace the top than it would have to replace the stereo.

but I owned a Chrysler, I didn't replace the top. I just lived with it.

But really, are there people out there who don't lock their cars up if they are not convertibles? Why would you do that?

Re:Lock my Chrysler?

My definition of "first-world country" would rather be that you don't need such insurance...

Re:Homemade kill switch?

[nukenerd]

[my car will have ] a homemade switch in one of the ignition wires, hidden somewhere discreet.

My car does. The switch does two things, disables the ignition and also the starter motor. Very discouraging to a thief if the starter will not even turn. My switch is not "home made" of course and is in fact a multi-pole key switch and even if the thief realises there is such a switch he is unlikely to be bothered to find it. Even if he did, he is not going to be able to hot-wire it without seeing my circuit diagram or alternatively being familiar with the fuse box area and handy with a soldering iron.

The advantage of "home made" is that it is unique.

Re:Homemade kill switch?

[nukenerd]

With a level of knowlege of the car model, and undisturbed time, and additional batteries and cable, any car security can be defeated. However my thief will probably look for something easier. I did not mention that I sold that particular car recently and removed the feature, restoring the wiring to standard. It took me most of an afternoon, with the aid of my own and the manufacturer's circuit diagrams.

Don't forget I still have all the standard anti-theft features of the car as well.

The scariest words - "Stolen Database."

[robbak]

Data doesn't ever get 'un-stolen'. That database is out there, maybe for a price, or maybe posted for anyone with access to the right dark website. Basically, this should mean that G.M. should now be recalling their entire fleet to reencrypt all their vehicle's remote locking equipment, unless they can prove that some of their vehicles cannot have been in that database.

Re:Homemade kill switch?

[drinkypoo]

even if the thief realises there is such a switch he is unlikely to be bothered to find it. Even if he did, he is not going to be able to hot-wire it without seeing my circuit diagram or alternatively being familiar with the fuse box area and handy with a soldering iron.

Everything is color-coded behind the fuse box, and most professional car thieves have at least basic automotive electrical knowledge, which is not hard to come by.

Guess you've never been broken into

[stabiesoft]

No one needs you to unlock anything. I've had doors kicked open and windows broken to get in. It just is not that hard to break into a house. In fact, when I suggested to the officer I should beef up the frame of the door so it cannot be kicked in, he laughed, he said they'll just break a window instead.

Re:Guess you've never been broken into

[stoatwblr]

The best reason for securing your doors is that if anyone sees your stuff exiting via the windows they're more likely to call the cops.

Serving griefers paying customer fodder

[Impy+the+Impiuos+Imp]

Reminds me of Ultima Online where locks on your house were useless against thief characters.

Isn't this a solved problem?

[NotSoHeavyD3]

What I mean is with public/private key pairs the hard part (and why you can't totally be sure on a web site) is getting a valid certificate on your PC in the first place. (Which means it comes with the OS and then there's a chain of certs going back to the original one.) But in this case you'd think they'd just leave a port on the car and the fob, generate a pair of certificates one for the car and one for the fob and then download them over a wire to each one. (Then all the wireless communication could be secured via public/private keys.) I know I know, in theory it's a solved problem but they just messed it up instead of hiring somebody who's actually an expert in this.

Re:Army lock and key

[ls671]

Are we allowed to agree even if we ain't servicemen?

Re:Army lock and key

[ls671]

How often were you actually using it?