When are landrover going to admit they have a big problem?
Discussion
Sheepshanks said:
ChemicalChaos said:
thing is, if they locked down the ECUs so only a dealer could read them and service the car, how hard would everyone be moaning then? very, I'd guess
They pretty well are (supposed to be) locked down already - you can only do basic functions / code reading without the full manufacturer diagnostic kit, or a rip-off of it (which the manufacturers are trying to stop).However...
I don't know that it says you need to be able to do everything to a car via OBD, i.e. associate a single key without an existing one to hand. I also don't know that it says that random mechanics must be able to do this entirely independently; for instance, having to ring up JLR and ask for a code - that they have to give you ASAP for free - might be perfectly acceptable. But, for the sake of argument, let's assume that it mandates both of those things.
It almost definitely doesn't say that pairing a key to a locked car has to be completely trivial. I will eat a fine selection of hats if it says in the compliance rules that you're not allowed to make them wait an hour - hell, even five minutes - with the alarm intermittently going off.
Edited by trashbat on Friday 22 May 16:26
trashbat said:
Sheepshanks said:
ChemicalChaos said:
thing is, if they locked down the ECUs so only a dealer could read them and service the car, how hard would everyone be moaning then? very, I'd guess
They pretty well are (supposed to be) locked down already - you can only do basic functions / code reading without the full manufacturer diagnostic kit, or a rip-off of it (which the manufacturers are trying to stop).However...
I don't know that it says you need to be able to do everything to a car via OBD, i.e. associate a single key without an existing one to hand. I also don't know that it says that random mechanics must be able to do this entirely independently; for instance, having to ring up JLR and ask for a code - that they have to give you ASAP for free - might be perfectly acceptable. But, for the sake of argument, let's assume that it mandates both of those things.
It almost definitely doesn't say that pairing a key to a locked car has to be completely trivial. I will eat a fine selection of hats if it says in the compliance rules that you're not allowed to make them wait an hour - hell, even five minutes - with the alarm intermittently going off.
So I don't think it was ever intended that you'd be able to program keys through simple OBD access hacks - that you can is a massive screw-up.
Sheepshanks said:
You probably understand the software technicalities better than me, but OBD "open-ness" is mainly about finding emissions related issues. There have been various pushes in the US and the EU under "right-to-repair" banners to try and make the full diagnostics more open but I don't think they've been successful and, if anything, the tide is moving the other way as cars get increasingly complex.
So I don't think it was ever intended that you'd be able to program keys through simple OBD access hacks - that you can is a massive screw-up.
I've no idea about the US, but in the EU it's primarily a competitiveness/anti-monopoly measure, and is almost entirely successful.So I don't think it was ever intended that you'd be able to program keys through simple OBD access hacks - that you can is a massive screw-up.
http://en.wikipedia.org/wiki/Block_Exemption_Regul...
trashbat said:
You must have to either be really stupid, or really, really want to hate the EU to blame them for someone's car being nicked.
Show me the piece of EU legislation that said the vehicle manufacturer must implement a thoroughly crap security system that let someone break into a car without the alarm going off, access the diagnostics of the still-alarmed car, immediately associate a blank key and then drive away..
It's the having to disclose details of the security system causing the problem. There was a similar thread on the BMW section.Show me the piece of EU legislation that said the vehicle manufacturer must implement a thoroughly crap security system that let someone break into a car without the alarm going off, access the diagnostics of the still-alarmed car, immediately associate a blank key and then drive away..
bad company said:
It's the having to disclose details of the security system causing the problem. There was a similar thread on the BMW section.
Obscurity doesn't equal security.Anyone can open a book or Wiki page and find out how internet encryption like SSL works, but it doesn't mean they can hack into my online banking.
Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.
trashbat said:
bscurity doesn't equal security.
Anyone can open a book or Wiki page and find out how internet encryption like SSL works, but it doesn't mean they can hack into my online banking.
Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.
Is there a better system available ?Anyone can open a book or Wiki page and find out how internet encryption like SSL works, but it doesn't mean they can hack into my online banking.
Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.
trashbat said:
Whether you can find out how it works or not, the security system on these cars, as they come out of the factory - certainly BMW's and presumably JLR's - is just crap.
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market. bad company said:
Is there a better system available ?
See my post at the top of this page.unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I don't know what interfaces they expose to meet US standards - presumably less, as it's not in their interest to make it open. Either that or it simply hasn't become a noticeable problem yet; it's a relatively modern phenomenon.unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.http://www.nj.com/news/index.ssf/2014/10/illicit_c...
trashbat said:
've no idea about the US, but in the EU it's primarily a competitiveness/anti-monopoly measure, and is almost entirely successful.
http://en.wikipedia.org/wiki/Block_Exemption_Regul...
Sure, manufacturers have to make limited info available via the OBD port in the EU (and the US) but if you look at Mercedes, for example, which I'm most familiar with, you need Mercedes StarDiagnose to get into any depth, and, in Europe, to do anything it's got to be connected in real time to Mercedes Germany.http://en.wikipedia.org/wiki/Block_Exemption_Regul...
I know BMW is similar (there's a story on here about someone whose car was bricked when the dealer had a power cut while it was being reflashed). I don't know how LandRover do it, but they've got to have a similar system.
That people have been able to develop hacks to work around this and be able to program keys isn't surprising in itself, but the denials and delays in sorting it out are outrageous.
Sheepshanks said:
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.
http://www.nj.com/news/index.ssf/2014/10/illicit_c...
Yes but that would be the same for all manufacturers.http://www.nj.com/news/index.ssf/2014/10/illicit_c...
Sheepshanks said:
Sure, manufacturers have to make limited info available via the OBD port in the EU (and the US) but if you look at Mercedes, for example, which I'm most familiar with, you need Mercedes StarDiagnose to get into any depth, and, in Europe, to do anything it's got to be connected in real time to Mercedes Germany.
You can take an Android phone and a £10 eBay dongle and you probably can read the faults and get a fair array of mandated values on any Mercedes, probably enough for someone experienced with them to figure out most faults.There will be loads of specialist things that the MB tools do that no others do, but probably much of this is because noone has bothered going to the expense of developing alternatives.
Then, that their own software 'needs' to be connected to MB Germany is much more likely a software licensing issue, primarily MB's design decision to make it harder for unauthorised people to steal the tool and use it on their own laptops offline, losing MB & their agents money.
Sheepshanks said:
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.http://www.nj.com/news/index.ssf/2014/10/illicit_c...
unrepentant said:
Sheepshanks said:
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.http://www.nj.com/news/index.ssf/2014/10/illicit_c...
The method doesn't really matter, why dick about with trying to program a new key when it's much simpler to just blow the owners brains out?
Sheepshanks said:
unrepentant said:
Sheepshanks said:
unrepentant said:
Why isn't it a problem in the US then? Bear in mind that we have organised criminal gangs trying to buy cars in the US to ship to China on the grey market.
I guess it depends where you are - if you're a long way from a busy port then you're less vulnerable.http://www.nj.com/news/index.ssf/2014/10/illicit_c...
The method doesn't really matter, why dick about with trying to program a new key when it's much simpler to just blow the owners brains out?
It's all the fault of the EU, trust me.
unrepentant said:
My point was that we have gangs actually buying cars (at full retail) to ship them to China. If it was that easy to steal them I'm guessing they would! I don't know of any JLR dealers that have had an issue with cars being nicked off the lot and, as I said in another thread about this, we leave all our cars out at night and have not had any issues.
It's all the fault of the EU, trust me.
I'm struggling to imagine the software is that different, but even if it is, if they wanted to take the cars and ship them off to China they could just come along with a truck and lift cars off the lot. I wonder why even that doesn't happen?It's all the fault of the EU, trust me.
Of course the downside of making the cars unstealable without the key is thieves resort to other methods: http://www.dnainfo.com/new-york/20140320/ozone-par...
Gassing Station | Rover | Top of Page | What's New | My Stuff