When are landrover going to admit they have a big problem?

When are landrover going to admit they have a big problem?

Author
Discussion

trashbat

6,005 posts

152 months

Friday 22nd May 2015
quotequote all
Sheepshanks said:
ChemicalChaos said:
thing is, if they locked down the ECUs so only a dealer could read them and service the car, how hard would everyone be moaning then? very, I'd guess
They pretty well are (supposed to be) locked down already - you can only do basic functions / code reading without the full manufacturer diagnostic kit, or a rip-off of it (which the manufacturers are trying to stop).
The whole point is that it isn't locked down and proprietary, so you don't need to go to a dealer for diagnostics. There is also no security protocol in the OBD standard. How much this translates to diagnostic utility vendors, I don't know (I believe OEMs are forced to publish their interfaces), but as far as consumers go it should be plain sailing.

However...

I don't know that it says you need to be able to do everything to a car via OBD, i.e. associate a single key without an existing one to hand. I also don't know that it says that random mechanics must be able to do this entirely independently; for instance, having to ring up JLR and ask for a code - that they have to give you ASAP for free - might be perfectly acceptable. But, for the sake of argument, let's assume that it mandates both of those things.

It almost definitely doesn't say that pairing a key to a locked car has to be completely trivial. I will eat a fine selection of hats if it says in the compliance rules that you're not allowed to make them wait an hour - hell, even five minutes - with the alarm intermittently going off.


Edited by trashbat on Friday 22 May 16:26

Sheepshanks

32,528 posts

118 months

Friday 22nd May 2015
quotequote all
trashbat said:
Sheepshanks said:
ChemicalChaos said:
thing is, if they locked down the ECUs so only a dealer could read them and service the car, how hard would everyone be moaning then? very, I'd guess
They pretty well are (supposed to be) locked down already - you can only do basic functions / code reading without the full manufacturer diagnostic kit, or a rip-off of it (which the manufacturers are trying to stop).
The whole point is that it isn't locked down and proprietary, so you don't need to go to a dealer for diagnostics. There is also no security protocol in the OBD standard.

However...

I don't know that it says you need to be able to do everything to a car via OBD, i.e. associate a single key without an existing one to hand. I also don't know that it says that random mechanics must be able to do this entirely independently; for instance, having to ring up JLR and ask for a code - that they have to give you ASAP for free - might be perfectly acceptable. But, for the sake of argument, let's assume that it mandates both of those things.

It almost definitely doesn't say that pairing a key to a locked car has to be completely trivial. I will eat a fine selection of hats if it says in the compliance rules that you're not allowed to make them wait an hour - hell, even five minutes - with the alarm intermittently going off.
You probably understand the software technicalities better than me, but OBD "open-ness" is mainly about finding emissions related issues. There have been various pushes in the US and the EU under "right-to-repair" banners to try and make the full diagnostics more open but I don't think they've been successful and, if anything, the tide is moving the other way as cars get increasingly complex.

So I don't think it was ever intended that you'd be able to program keys through simple OBD access hacks - that you can is a massive screw-up.

trashbat

6,005 posts

152 months

Friday 22nd May 2015
quotequote all
Sheepshanks said:
You probably understand the software technicalities better than me, but OBD "open-ness" is mainly about finding emissions related issues. There have been various pushes in the US and the EU under "right-to-repair" banners to try and make the full diagnostics more open but I don't think they've been successful and, if anything, the tide is moving the other way as cars get increasingly complex.

So I don't think it was ever intended that you'd be able to program keys through simple OBD access hacks - that you can is a massive screw-up.
I've no idea about the US, but in the EU it's primarily a competitiveness/anti-monopoly measure, and is almost entirely successful.

http://en.wikipedia.org/wiki/Block_Exemption_Regul...

bad company

18,483 posts

265 months

Friday 22nd May 2015
quotequote all
trashbat said:
You must have to either be really stupid, or really, really want to hate the EU to blame them for someone's car being nicked.

Show me the piece of EU legislation that said the vehicle manufacturer must implement a thoroughly crap security system that let someone break into a car without the alarm going off, access the diagnostics of the still-alarmed car, immediately associate a blank key and then drive away..
It's the having to disclose details of the security system causing the problem. There was a similar thread on the BMW section.

trashbat

6,005 posts

152 months

Friday 22nd May 2015
quotequote all
bad company said:
It's the having to disclose details of the security system causing the problem. There was a similar thread on the BMW section.
Obscurity doesn't equal security.

Anyone can open a book or Wiki page and find out how internet encryption like SSL works, but it doesn't mean they can hack into my online banking.

Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.

bad company

18,483 posts

265 months

Friday 22nd May 2015
quotequote all
trashbat said:
bscurity doesn't equal security.

Anyone can open a book or Wiki page and find out how internet encryption like SSL works, but it doesn't mean they can hack into my online banking.

Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.
Is there a better system available ?

unrepentant

21,212 posts

255 months

Friday 22nd May 2015
quotequote all
trashbat said:
Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.

trashbat

6,005 posts

152 months

Friday 22nd May 2015
quotequote all
bad company said:
Is there a better system available ?
See my post at the top of this page.

unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I don't know what interfaces they expose to meet US standards - presumably less, as it's not in their interest to make it open. Either that or it simply hasn't become a noticeable problem yet; it's a relatively modern phenomenon.

Sheepshanks

32,528 posts

118 months

Friday 22nd May 2015
quotequote all
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.

http://www.nj.com/news/index.ssf/2014/10/illicit_c...

Sheepshanks

32,528 posts

118 months

Friday 22nd May 2015
quotequote all
trashbat said:
've no idea about the US, but in the EU it's primarily a competitiveness/anti-monopoly measure, and is almost entirely successful.

http://en.wikipedia.org/wiki/Block_Exemption_Regul...
Sure, manufacturers have to make limited info available via the OBD port in the EU (and the US) but if you look at Mercedes, for example, which I'm most familiar with, you need Mercedes StarDiagnose to get into any depth, and, in Europe, to do anything it's got to be connected in real time to Mercedes Germany.

I know BMW is similar (there's a story on here about someone whose car was bricked when the dealer had a power cut while it was being reflashed). I don't know how LandRover do it, but they've got to have a similar system.

That people have been able to develop hacks to work around this and be able to program keys isn't surprising in itself, but the denials and delays in sorting it out are outrageous.

V8 Fettler

7,019 posts

131 months

Friday 22nd May 2015
quotequote all
Electrically isolate the OBD port until a known good key is inserted in the ignition. Or keypad protection to the OBD port. Or password protect the OBD port. Or make the OBD port physically less accessible. Or plenty of other things

bad company

18,483 posts

265 months

Friday 22nd May 2015
quotequote all
Sheepshanks said:
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.

http://www.nj.com/news/index.ssf/2014/10/illicit_c...
Yes but that would be the same for all manufacturers.

trashbat

6,005 posts

152 months

Friday 22nd May 2015
quotequote all
Sheepshanks said:
Sure, manufacturers have to make limited info available via the OBD port in the EU (and the US) but if you look at Mercedes, for example, which I'm most familiar with, you need Mercedes StarDiagnose to get into any depth, and, in Europe, to do anything it's got to be connected in real time to Mercedes Germany.
You can take an Android phone and a £10 eBay dongle and you probably can read the faults and get a fair array of mandated values on any Mercedes, probably enough for someone experienced with them to figure out most faults.

There will be loads of specialist things that the MB tools do that no others do, but probably much of this is because noone has bothered going to the expense of developing alternatives.

Then, that their own software 'needs' to be connected to MB Germany is much more likely a software licensing issue, primarily MB's design decision to make it harder for unauthorised people to steal the tool and use it on their own laptops offline, losing MB & their agents money.

unrepentant

21,212 posts

255 months

Friday 22nd May 2015
quotequote all
Sheepshanks said:
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.

http://www.nj.com/news/index.ssf/2014/10/illicit_c...
What's that got to do with this subject? Yes, there are a lot of cars stolen here, many by carjacking and the theft of keys. Nothing to do with my point or this thread though.

Sheepshanks

32,528 posts

118 months

Friday 22nd May 2015
quotequote all
unrepentant said:
Sheepshanks said:
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.

http://www.nj.com/news/index.ssf/2014/10/illicit_c...
What's that got to do with this subject? Yes, there are a lot of cars stolen here, many by carjacking and the theft of keys. Nothing to do with my point or this thread though.
It's talking about prestige cars being stolen and shipped abroad when you said in the US they buy them.

The method doesn't really matter, why dick about with trying to program a new key when it's much simpler to just blow the owners brains out?

unrepentant

21,212 posts

255 months

Friday 22nd May 2015
quotequote all
Sheepshanks said:
unrepentant said:
Sheepshanks said:
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.

http://www.nj.com/news/index.ssf/2014/10/illicit_c...
What's that got to do with this subject? Yes, there are a lot of cars stolen here, many by carjacking and the theft of keys. Nothing to do with my point or this thread though.
It's talking about prestige cars being stolen and shipped abroad when you said in the US they buy them.

The method doesn't really matter, why dick about with trying to program a new key when it's much simpler to just blow the owners brains out?
My point was that we have gangs actually buying cars (at full retail) to ship them to China. If it was that easy to steal them I'm guessing they would! I don't know of any JLR dealers that have had an issue with cars being nicked off the lot and, as I said in another thread about this, we leave all our cars out at night and have not had any issues.

It's all the fault of the EU, trust me.

Sheepshanks

32,528 posts

118 months

Friday 22nd May 2015
quotequote all
unrepentant said:
My point was that we have gangs actually buying cars (at full retail) to ship them to China. If it was that easy to steal them I'm guessing they would! I don't know of any JLR dealers that have had an issue with cars being nicked off the lot and, as I said in another thread about this, we leave all our cars out at night and have not had any issues.

It's all the fault of the EU, trust me.
I'm struggling to imagine the software is that different, but even if it is, if they wanted to take the cars and ship them off to China they could just come along with a truck and lift cars off the lot. I wonder why even that doesn't happen?

Of course the downside of making the cars unstealable without the key is thieves resort to other methods: http://www.dnainfo.com/new-york/20140320/ozone-par...