^^^^ You must be a terrible driver....

4 words for you Ady.....







. 2014.5 SDV6 AB Dynamic ... Fuji /Santorini Pan roof and 22's
2013 Porsche Boxster S 3.4
2014 Audi A3 S line Quattro
---------------------------------

Chaps,

been reading this thread with interest. Couldn't possibly tell you what I do for a living....... but suffice to say if you own any JLR vehicle, BMW up to 2010 and any new Audi the scumbags can take it without the keys. On the beemers they simply smash the front drivers window, reach in next to the door which doesn't intrude far enough into the car to activate the alarm sensors, and programme a new key through the OBD port. I'm not giving anything away here as it's all on Youtube plain to see.

The kit for re-programming the keys is available online for about £5000 which pays for itself with the first theft...... This was not available before the EU decided it was against their monopoly principles and the kit should be available to all garages, mechanics, thieving scumbags......

Within a short time your pride and joy is then either being ripped apart for spares or hidden in a shipping container heading for Africa where these vehicles are much sought after. With the hundreds of thousands of containers leaving the UK each month only a handful get checked and even fewer are found to contain stolen motors. With the increasing cuts to the Police and border agencies their chances of catching anyone diminish. And yes, I'm afraid that a street robbery will take priority over a car theft.

Over the last few years most specialist policing teams i.e. the ones that would have been going after the gangs (These aren't opportunists, they're organised professionals stealing hundreds a year) have been disbanded and returned to general policing to fill the gaps left by reducing numbers. This loses a wealth of expertise and resources to go after the car thieves.

Anyway, hope that's given a brief insight, can't really add much more without giving too much away. After all, this is an open forum and could be read by anyone.

Cheers, Jem.

A good summary, thank you, which is why I believe the owner of the car should be in the authentication loop before the data can be downloaded. Mark

SVR in Estoril Blue

This may appear facile, and I'm sure I'll be knocked back on my theory, but say you purchase a new car and the dealer then has a special code from the manufacturer to interrogate the ODB. Then, the car is sold, maybe privately, or p/exed to another dealer. The new dealer has to receive a release code from the supplying dealer or manufacturer for servicing etc. Sold privately, and then utilising a non franchise garage, they would not be able to access the port without authentication and a release pin code. Thus if the vehicle is stolen the port will need authentication. It sounds a bit of a hassle initially, but it could be achievable.

That's a simplified version of what I am proposing but would not work in practice for a number of reasons:

- if the code is with the supplying dealer, there would be all sorts of problems moving from dealer to dealer
- a bent dealer employee could access the codes and give them out
- the code stays the same for each attempted use

It would be like going into your bank branch when you want to take out cash, they look up your PIN and key it in for you. How do they know who you are?

My proposal puts the responsibility for authorising the code download where it belongs, with the owner.

- when you buy the car, you get the car, two keys and a smart card, think Chip and PIN. Optionally, you could also get a reader to allow you to authenticate remotely.
- the PIN is sent separately to the first owner just like a bank PIN.
- the Smart card is permanently linked to the car by VIN and is required to cut new keys.
- if a new key is required, the OWNER uses their card and a reader either their own or one at the dealer. The car issues an 8 digit code in a response to a request to download the data; the owner keys in their PIN and the 8 digit code, the reader responds with a different 8 digit code to authenticate the transaction which is keyed in to the car and the data is downloaded.

This is much more secure because the ability to authorise a new key rests solely with the owner, not the dealer or even Land Rover. The code changes with each attempted use so that it can't be defeated by trial and error.

To see what it would be like, if you have a home banking reader, try inserting your debit card, press respond, key your PIN, enter an imaginary 8 digit code and you see an 8 digit response code, entirely unpredictable. Repeat, enter the SAME 8 digit code and you get a DIFFERENT response code. Repeat, enter a DIFFERENT 8 digit code, you get a DIFFERENT response code.

A few caveats...

- the ability to download the data still rests with some electronics and software in the car which would need to be hack-proof and preferably off-network, not updateable and not replaceable with a module from another car.
- there would need to be secure procedures for handling transfer of ownership, lost cards, forgotten PINs
- any security lapse by the owner, such as leaving their card and PIN in the car or revealing the PIN to an unauthorised person is no worse than carelessness with the keys. We're very trusting when we hand over our keys when we take the car in for service!

For the person on your driveway at 3am trying to cut a key, they wouldn't be able to. Even if they had the card, they couldn't use it because they would not know the PIN.

You are welcome to pick holes in this scheme and tell me why it wouldn't work... Mark

SVR in Estoril Blue

The quick solution will be a software patch that limits the number of active keys to two; thefts will revert to original-key possession.

That's unfortunately not going to work because if you limit the number of keys programmed to 2, you then have to provide a way of removing a key which is genuinely lost/not working. That requires an interface from the OBD port which can be readily hacked into. "Delete all the existing keys and program this new one".

The car cannot currently tell the difference between a legitimately connected dealer and an opportunistic thief. Mark

SVR in Estoril Blue

Hope I remember to remove it before driving away!

 MY2010 TDV8 purchased Jan 2017
MY14 HSE Dynamic 3.0 SDV6 sold Sept 2015
MY 2010 TDV8 sold April 2014
MY 2007 V6 HSE sold July 2013

Cars have always been stolen and always will be, is a continue battle between manufacturers and criminals.

And the best should be done to avoid it.

One issue(maybe the main issue) is that we want convenience and flexibility.

We want to be able to easily change lights bulbs on our cars, but then we complain how easily they can steal rear/head lights and grilles.

We want to be able to troubleshoot, update/upgrade, remap, program keys, add functions through the OBD port ourself or by a friendly garage, using third party tools(BAS, GAP, etc.), but then we complain when our cars get stolen using the same functions.

I'm pretty sure that LR(and others) could make the head/rear lights removable only using special tool available only to official garages.

But then we would be crying fool, complaining that is done only to make money, that we must be able to do it ourselves.

LR (and others) could make the OBD port accessible only with a special code, available only to dealers.

And again we (and providers of tools) will be complaining about those bas....ds doing this only to force us to go to the dealer, not letting us work on our cars.

etc. etc.

Unfortunately total security(impossible) and convenience cannot really coexist. '08 RRS TDV8
I converted my diesel RRS to run on an environmentally friendly mixture of caribou fat and baby seals oil

Is this a way forward:- (posted to another thread earlier)

[url] http://www.ccs-ltd.biz/cm/deadlocks.html [/url] P400e HSE Portofino Blue and Ivory Seats.. it's like a yacht!!
Lexus traded in ..a total piece of crap
Boldly now acquired - a Lexus RX 450hL
BoldlyGone...Sep 15 MY16 RRS SDV6, HSE, Barolo Black, Espresso/Almond interior.. Best car ever & Drop dead gorgeous... sadly with fuel dilution headaches that became intolerable
Arrived 2014. Oct - Lemoned March 2015- RRS SDV6 HSE
Boldly Gone = Sold for 14k via Pistonheads - 2006 TDV6 SE Buck Blue/Almond int

Not sure if serious.

However, how do the crims open the doors on a RRS that has been deadlocked?

In other words - I presume they have to access the OBD port and program a key through a broken window, so why not just make the port only accessible when the door is open? Can't access port unless door is open, can't open door without key, can't program new key unless door is open... 

Important to know that the OBD port is just a convenience. If that port is physically locked, access to the bus - which is a bit like a USB connection (though not exactly) - can be gained elsewhere in the car, anywhere where an electronic control unit responsible for local processing or data gathering needs to get that information to another place in the car. I expect there's a connection in the rear view mirror, for example. Mark

SVR in Estoril Blue

You're correct of course, but it seems silly to have a place where you have direct access to the bus as open and available as it is. This applies to all cars, not just LRs. 

Yes, I agree, no point in handing things to them on a plate. Mark

SVR in Estoril Blue