Wrangler Break-Ins

[SadRobot]

Since, you now have a spare, it'll probably never happen again, but since Property Crimes are no longer a crime in California, I'm not going to bet on that philosophy.

Well property crime (defined as theft of property valued under $950) is still a crime in CA with a punishment and everything. Whether or not the person is going to get caught and charged is a different issue.

Sponsored

 

[Pape]

I tend to agree. Believe it or not, a lot of neighbors leave their doors unlocked and the keys in the car. Thinking back, I think everything was out of sight in my jeep. I also normally park it in the garage.

I just have no idea how key skimming works, and how long it takes for somebody to be out there doing something. And if they need access to the hood or what.

In a nutshell: keyless entry or start of the jeep work as follow:
Push the start button / keyless entry button jeep send a signal to the key
if key is in range reply to the challenge handshake
jeep receive the reply validate the code and perform or not the action

The easy way is to insert a man in the middle that will listen on the radio frequency of the signal and retransmit it to the a end device who will emit it to the key acting a relay. this what we call a relay / man in the middle attack.

This is why the faraday pouch is a effective counter measure as it will block the signal.
Jeep should have insert a manual authorization switch on the key fob. As when a request is received you need to push a button to authorize the reply, but I guess that would kill the buzz !

The key programming step on site is totally optional as once the jeep is started it will run even if the key is no longer present, only draw back the horn will blare.

 

[SlickRicksWilly]

My advice is don't leave anything in your Jeep you don't want to go missing and leave the doors unlocked. I have had my Jeep rummaged through at least once, nothing was worth stealing so nothing was missing. If someone is looking to steal the whole Jeep that is what insurance is for.

 

[nU7OuxIx]

In a nutshell: keyless entry or start of the jeep work as follow:
Push the start button / keyless entry button jeep send a signal to the key
if key is in range reply to the challenge handshake
jeep receive the reply validate the code and perform or not the action

The easy way is to insert a man in the middle that will listen on the radio frequency of the signal and retransmit it to the a end device who will emit it to the key acting a relay. this what we call a relay / man in the middle attack.

This is why the faraday pouch is a effective counter measure as it will block the signal.
Jeep should have insert a manual authorization switch on the key fob. As when a request is received you need to push a button to authorize the reply, but I guess that would kill the buzz !

The key programming step on site is totally optional as once the jeep is started it will run even if the key is no longer present, only draw back the horn will blare.

Thanks for this. The keys are definitely not in range of the keyless entry or start function. The lock/unlock is another story though.

It seems like there's two ways to go about stealing it, one is the replay attack and the other is taking the VIN to make a second key.

As the other said, I think they were just checking to see if it was unlocked. I didn't see anybody around the VIN or take any pictures of it. I also had a neighbor that had their doors unlocked, they got in and used the garage door opener to gain access to that. I guess they took a lot more.

 

[alphawolff]

I parked my jeep out in the drive the other night. I noticed on my security cameras that a SUV with the lights off drove around, somebody got out, went to the neighbors and ran back in. Then they stopped in front of my house, two people got out, went to the driver side of the jeep and ran back into their car and drove away. My camera did not capture what they did on that side of the jeep. They were there for about 15 to 20 seconds. A few things popped into my head, they were either checking for unlocked cars or did something to come back later. Mind you, I have a ~8 year old subaru parked in the driveway too and they ignored that. My neighbor doesn't have any jeeps or fiat products, but they do have a newer hyundai suv.

Is there anything that I should be looking for to make sure nothing was skimmed? I know a TSB was issued about this exact issue, is there a way to see if it was applied? Anything else I should be doing to prevent exploitation?

Go the dealer and get the update completed. No way to tell unless you go to the dealer. Maybe have the dealer wipe out all the keys and re-program yours before completing the update in the unlikely chance they programmed a key before running off.

 

[alphawolff]

I think if they were skimming the key with a relay your Jeep would already be gone.

Thankfully it seems like they were just checking for unlocked doors and easy targets. Still sucks though. My Jeep has been broken into and they took something like a screwdriver and jammed it into the lock which broke it and then opened the door. Then did the same thing to the lock inside on the glove box. I never bothered replacing the glove box but I did replace the door lock and bought a spare lock for when it happens again.

I want to mention that these are insanely hard to pull off if your house has multiple key fobiks. It's already difficult to capture the signal, and if there's multiple keys (especially identical jeep fobiks,) it's near impossible to single one out and relay it without a key button being actively pressed.

I don't think worrying about this attack vector is worth much merit. If they're capable of pulling it off it's gone anyway. You can prevent this attack completely by disabling passive entry in the radio settings.

 

[Mr. Nimbus]

I think if they were skimming the key with a relay your Jeep would already be gone.

Thankfully it seems like they were just checking for unlocked doors and easy targets. Still sucks though. My Jeep has been broken into and they took something like a screwdriver and jammed it into the lock which broke it and then opened the door. Then did the same thing to the lock inside on the glove box. I never bothered replacing the glove box but I did replace the door lock and bought a spare lock for when it happens again.

If only there was some other step to prevent stuff like this...
Like a unique piece of metal for each vehicle, that you plug into a port and turn, to activate/release the engine. That way, without the physical piece of metal inserted your couldn’t drive off with the car. It would work almost like 2- factor authentication. There would be an electronic security component, and a physical one also. You could even attach it or integrate it into the FOB somehow.

Oh well…. Maybe someday, some Millennial or Gen Z genius will figure it out and make billions with this innovation.

Push button start alone was a dumb idea.

 

[Pape]

Thanks for this. The keys are definitely not in range of the keyless entry or start function. The lock/unlock is another story though.

It seems like there's two ways to go about stealing it, one is the replay attack and the other is taking the VIN to make a second key.

As the other said, I think they were just checking to see if it was unlocked. I didn't see anybody around the VIN or take any pictures of it. I also had a neighbor that had their doors unlocked, they got in and used the garage door opener to gain access to that. I guess they took a lot more.

Replay attack is probably not not a thing as the key own the crypto private key and will encryption what ever the jeep send, jeep should send different thing on each button press, probably the time. once the key encrypt the content and send it back the jeep who own the public key will decrypt the content of the message and will see if it fit the original message that was send.

In regard to range if I have a device that listen on the radio frequency use to transmit the key request I can capture this transmission and send it over the internet / WIFI / anything that permit communication to a other device that will just emit the request back on the original radio frequency and listen for the reply and forward it.

I want to mention that these are insanely hard to pull off if your house has multiple key fobiks. It's already difficult to capture the signal, and if there's multiple keys (especially identical jeep fobiks,) it's near impossible to single one out and relay it without a key button being actively pressed.

I don't think worrying about this attack vector is worth much merit. If they're capable of pulling it off it's gone anyway. You can prevent this attack completely by disabling passive entry in the radio settings.

First thing I did when taking ownership of my JL. I still keep the faraday pouch as nothing stop peoples to force the door open and do the same thing for the start sequence.

 

[Pape]

If only there was some other step to prevent stuff like this...
Like a unique piece of metal for each vehicle, that you plug into a port and turn, to activate/release the engine. That way, without the physical piece of metal inserted your couldn’t drive off with the car. It would work almost like 2- factor authentication. There would be an electronic security component, and a physical one also. You could even attach it or integrate it into the FOB somehow.

Oh well…. Maybe someday, some Millennial or Gen Z genius will figure it out and make billions with this innovation.

Push button start alone was a dumb idea.

Just add a physical button you need to press when the keyfob receive a request to authorize the request to proceed. So they can try to spam the keyless entry button all they want if you at the other end do not push the OK button on the fob nothing is happening. But this will be a really stupid system and should have just stay with the normal remote unlock / start feature....

 

[Flip]

If only there was some other step to prevent stuff like this...
Like a unique piece of metal for each vehicle, that you plug into a port and turn, to activate/release the engine. That way, without the physical piece of metal inserted your couldn’t drive off with the car. It would work almost like 2- factor authentication. There would be an electronic security component, and a physical one also. You could even attach it or integrate it into the FOB somehow.

Oh well…. Maybe someday, some Millennial or Gen Z genius will figure it out and make billions with this innovation.

Push button start alone was a dumb idea.

I don't know if this is something you might be interested in. I really like it. I've been meaning to get one I just haven't yet. It's plug & play.

https://41twentytwo.com/product/vehicle-kill-switch/

 

[xj2jk2jlu]

I don't know if this is something you might be interested in. I really like it. I've been meaning to get one I just haven't yet. It's plug & play.

https://41twentytwo.com/product/vehicle-kill-switch/

I have this and it works as intended. Plug and play too. And cheap!!

 

[Mr. Nimbus]

Just add a physical button you need to press when the keyfob receive a request to authorize the request to proceed. So they can try to spam the keyless entry button all they want if you at the other end do not push the OK button on the fob nothing is happening. But this will be a really stupid system and should have just stay with the normal remote unlock / start feature....

The Jeep Fob for the JL is super annoying and feels like carrying a huge brick. I much prefer the old JK key with the Fob in the handle, or my old Tacoma’s separate set up. I would pay extra to not have push button start, but it’s now on every new US vehicle. It seems like progress for progress‘ sake, rather than innovation. And it is overall less secure than a redundant physical/digital system.

 

[nU7OuxIx]

I don't know if this is something you might be interested in. I really like it. I've been meaning to get one I just haven't yet. It's plug & play.

https://41twentytwo.com/product/vehicle-kill-switch/

I see what this is doing and I feel like this is bringing up memories from the 90's. Effective but works.

I don't think I'm there just yet. But it's definitely great to see options of what's out there because I'm sure others may be interested. I think you can do something similar if you're handy for much cheaper. Only thing, I don't know what else would be affected if you start cutting wires or adding relays.

 

[Maverick909]

I tend to agree. Believe it or not, a lot of neighbors leave their doors unlocked and the keys in the car. Thinking back, I think everything was out of sight in my jeep. I also normally park it in the garage.

I just have no idea how key skimming works, and how long it takes for somebody to be out there doing something. And if they need access to the hood or what.

Other guess it a vin look up to see if it is the model they need to they have a way to get a mirror key. I’d get a hood lock and I would keep the Subaru blocking the jeep in place

 

[AZpueblo]

In my Hellcat, I can put in a code to restrict the power to Valet mode (limits the engine to something like 20 HP ) using a 4 digit PIN. So actually, it would not be difficult to add optional 2 factor authentication, in other words push the start button and have to enter a 4 digit PIN on the UConnect (just like an ATM) and the vehicle starts. Could even go a step further and after 10 tries, makes you wait 10 min before you can try again. Enable it if you want the extra security. This feature would simply be a dealer flash update.

Sponsored