Installing Security Gateway Bypasses: Just How Vulnerable Does This Make Us?

[AndySpill]

How many of you remember this opening scene to the 1981 For Your Eyes Only Bond Movie? Bond arch enemy Blofeld (upon which Mike Meyers must have based his Dr. Evil spoof character), commandeers the helicopter Bond is being transported in via remote control mechanisms, and just before Bond's to meet his end, Bond identifies and disables this mechanism, takes control of the aircraft, and turns the tables on and puts an end to Blofeld?



I think about this movie sometimes (comically at least) as it relates to security gateway bypass modules like that of ECRU and JL Tazer.

As I understand the history, in 2015, well intended hackers out prove a concept, not inflict mayhem, were able to control aspects of a Jeep Cherokee https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ that from this incident gave birth to the security gateway that (and I'm no expert on this stuff) separated aspects of the electronics that literally control the vehicle, like steering and brakes, from its entertainment system.

I guess (again, I'm light years from an expert on this) that without such mechanisms, wired or wireless access into the more penetrable entertainment system might then allow access to these more sensitive vehicle control electronics barring such a secured gateway.

Since installing my JL Tazer I've been able to take advantage of some of its great features. I'm a big fan. But do accessories like this and the ECRI open me up to modern day Blofelds of the world?

I suspect such hacking advanced. Still more, I suspsect it slowed down but perhaps not defeated by the security gateway. As I understand it, messages to control things like steering need some form of electronic validation, meaning to me, that they slow down all but the best hackers, but don't defeat all of them.

Sponsored

 

[YBABRAT]

If someone wants your vehicle they will get it. A remote bypass to the ignition will detour a common thief once broke into. Strippers can take anything piece by piece in minutes.

I prefer the old 70s film where in the starting sequence a Jenson Interceptor III is stolen by a hand held electronic device. It would unlock the doors allowing the thief to obtain access to the ignition. The film had to be made between 72 and 74.

 

[AndySpill]

Strippers can take anything piece by piece in minutes.

My dad warned me of this before my first visit to Vegas.

 

[gato]

Most of the "security gateways" in vehicles are there simply to force independent repair shops to have to use scanners and diagnostics systems that pay a license to the OEM for access. Anyone that can plug anything in an OBDII port on your Jeep, can very easily reach out and unclip the security gateway like you did when you plugged the Tazer. It takes 5 seconds. It does not slow anyone dows.

As far as remote (wireless) access to the vehicle, either it is enabled or it is not. If it is enabled for Jeep (e.g. their disastrous 4xe bricking update), then hackers can hack the protocol, with or without the security gateway.

The question to ask is ..... Why would anyone spend that much effort to break into your CAN BUS. What do you think they can gain by it? Steal your car? It is so much easier to record and spoof your key. Immobilize your vehicle like Jeep did with the 4xe? What is there to gain?

So net/net - no one cares enough to try to break into your CAN BUS. They can send an undocumented teenager to break into your home and take your spare key when you are out by just giving him a joint. Why would they even bother with anything else?

People really underestimate how lazy criminals are - they always go by the least effort. Most cars are still broken into/stolen by thieves just trying the door handle to see if anyone left it open or forgot the key inside. Criminals are lazy.

 

[RatZero]

The security flaw that was ‘discovered’ most notably in the Grand Cherokees and Chargers has been largely fixed for all the models that could be patched.

Remote options using the app are tied to your account and a specific VIN registered to that account. Data between the app and the vehicle is encrypted TO the vehicle using a unique key generated for each command sent to the vehicle. The acknowledgment data that the command was completed is not encrypted but doesn’t contain anything worthwhile. The 2024 models and later also now use a new seed block every time a new command is sent rather than one generated using a static seed block as what‘s used in earlier years.

None of these remote commands IF they were ever spoofed will allow that person to drive the vehicle without a registered key fob. You still have to press the Start button with the fob in the vehicle to finish the process. That’s two different hoops to jump through in order to drive off. Sure, If they manage to spoof the encryption (good luck) and unlock the door they can go through your car but they can’t drive off in it.

Hope that helps.

 

[GinaC]

What is really weird is that a guy who lives up the street from me has an older, maybe 1980's truck, and whenever I happen to park next to him in town my Jeep says "key not found" and I have to touch it to the button to start it.

Obviously I've learned to stay away from his vehicle, but what the heck is that all about?

 

[Bob Burd]

He could have some sort of RF jamming device broadcasting from his truck. Maybe paranoid?

 

[GinaC]

He could have some sort of RF jamming device broadcasting from his truck. Maybe paranoid?

Yeah, he seems the type. His yard is completely full of junk.

 

[VKSheridan]

Not to feed the anxiety and paranoia but ponder this OP:

How many times have you seen a tow truck or tilt back haul off a car. Of those instances, how many times did you question if the tow was on the up and up and not theft?

I am confident I could take a tow truck and literally steal a fully loaded cop car in their parking lot and not a single soul would ask me what I was doing. They’d all think it broke down right there and I was contracted to move the vehicle.

It takes less time to tow off your Jeep and half a Walmart parking lot than it took to write this reply so don’t sweat the security bypass as a thief’s friend.

TLDR: Lazy thieves outnumber smart ones by a million to one.

 

[AndySpill]

Not to feed the anxiety and paranoia but ponder this OP:

How many times have you seen a tow truck or tilt back haul off a car. Of those instances, how many times did you question if the tow was on the up and up and not theft?

I am confident I could take a tow truck and literally steal a fully loaded cop car in their parking lot and not a single soul would ask me what I was doing. They’d all think it broke down right there and I was contracted to move the vehicle.

It takes less time to tow off your Jeep and half a Walmart parking lot than it took to write this reply so don’t sweat the security bypass as a thief’s friend.

TLDR: Lazy thieves outnumber smart ones by a million to one.

I agree. Actually my concern, small that it is, was centered on compromise of the communications that control the vehicle's operation, whether intentionally compromised or inadvertently so, while otherwise under the legitimate control of its owner/operator.

 

[Ratbert]

I agree. Actually my concern, small that it is, was centered on compromise of the communications that control the vehicle's operation, whether intentionally compromised or inadvertently so, while otherwise under the legitimate control of its owner/operator.

If you're that paranoid concerned about "those people" taking over control of your vehicle while you're driving it (I'm guessing you perceive yourself to be a target of these types of attacks) then don't put in the device.

 

[AndySpill]

If you're that paranoid concerned about "those people" taking over control of your vehicle while you're driving it (I'm guessing you perceive yourself to be a target of these types of attacks) then don't put in the device.

John: I described my concern of control of my vehicle being compromised as small, and that was before others introduced the idea of encryption standards associated with those commands that I had previously read about and discussed in my OP.

I don't see this being a prevalent problem let alone one in which I'd be specifically targeted. Please don't conflate discussion of likelihood of compromise with my near absence of fear of same, let alone it happening to me: see the comedic intended video of remote vehicle control in my OP.

That said, while the first to concede that no security system is impenetrable, and motivation for same far more likely to be from theft than overtaking some vehicle's live controls, I sought to gauge just how easy and cheap it might be for "my next door neighbor's tech wiz kid" to acquire such hardware and "do donuts in the parking lot while eating same in the comfort of his kitchen."

 

[jharp]

gato is right... the "security" gateway is nothing more than an additional part intended to make it near-impossible for independent shops to work on things. I believe there is nothing going on in there to make our vehicles more secure, as has been proven by the fact that a fat finger fu*kup by mother Stellantis bricked thousands of 4xe's.

I'm in the cybersecurity business, you'd be surprised how many trojan horses ride in under the guise of being a "security" component.

I plan when my warranty is up on the two Jeeps I have in the driveway to fully "de-digitialize" both of them by removing telematics and other associated dead weight garbage like the "security" gateways...

 

[Carguy34]

gato is right... the "security" gateway is nothing more than an additional part intended to make it near-impossible for independent shops to work on things. I believe there is nothing going on in there to make our vehicles more secure, as has been proven by the fact that a fat finger fu*kup by mother Stellantis bricked thousands of 4xe's.

I'm in the cybersecurity business, you'd be surprised how many trojan horses ride in under the guise of being a "security" component.

I plan when my warranty is up on the two Jeeps I have in the driveway to fully "de-digitialize" both of them by removing telematics and other associated dead weight garbage like the "security" gateways...

If you end up doing that, I would be very interested in a write-up on it. Our vehicles don’t have factory Nav and we don’t use any of the location services. We just use iPhones and CarPlay for everything.

 

[WranglerMan]

I’ve had a ECRI gateway bypass installed for almost 5 years so I can just plug in my module to run JSCAN and never had any issues, if someone wants to steal or control a vehicle they are going to do it.

Sponsored