Are Hellcats (FCA) Products that easy to steal?

[Jack_Toepfer]

You mean a peaceful protest? 😂🤣😅🤣😂.

We need these cars because some criminal was killed trying to harm innocent people.

 

[Finface]

Adding to Hpindy’s post...thieves can read our key fobs very easily. I saw a video where thieves in London read a BMW’s fob from outside the owner’s apartment and then successfully stole the car. If you were to park, and then lock your car with the key fob, and a thief was close - or followed you - his laptop could steal your code.

I bought “farraday cage (sp?) little wallets for my Hellcat fobs. Not very expensive. There is a secure part and an unsecure part. You start the car, then if you’re concerned, you can put the key fob inside the secure part. When you get to the parking lot, or restaurant - wherever - you shut the car down and lock the car with the door lock. The fob is never exposed to be ripped off. Paranoia? Only if they aren’t out to get you!

Backing into parking spaces is also a good idea. A tow truck can hook a car’s rear end and be driven away in less than 2 minutes. They can’t hook the front end up and drag rear wheels with parking brake on or in gear.

 

[HWDan]

Or if you don't mind pressing the unlock button on your key fob to get in, you can turn that passive entry shit off in your settings. Now the car won't periodically ping your keys, you won't need to 'cage' them and bonus, won't drain the batteries in all 3 key fobs so they all don't die at exactly the same time.

 

[T_Trahan44]

Sadly, it is that easy... With all this high tech, most dealerships leave the key in the little lock on the window and think people don't know about the proximity locks... It's sad because I'm so tempted to go down to my local dealer ship and joy ride their cars. 😂😂😂

 

[fubar569]

3 foil chip bags does the same.

Tested this on my old V and the hellcat.

All of my spares are kept wrapped in at least 3 layers of foil for this reason.

I know this works. Couldn't find a storage cube that was 100% at the time.

 

[ACMAVRO]

Saw this today
https://motorillustrated.com/hellcat-durango-stolen-before-production-even-starts/64686/

https://autos.yahoo.com/2021-dodge-durango-hellcat-stolen-200000899.html

 

[Magnified]

Saw this today
https://motorillustrated.com/hellcat-durango-stolen-before-production-even-starts/64686/

https://autos.yahoo.com/2021-dodge-durango-hellcat-stolen-200000899.html

Yard has like 3' high weeds. Probably not the safest neighborhood, but still funny as hell. (No pun intended)

I'd turn that proximity stuff off if I were ya'll.

 

[ACMAVRO]

Yard has like 3' high weeds. Probably not the safest neighborhood, but still funny as hell. (No pun intended)

I'd turn that proximity stuff off if I were ya'll.

View attachment 30048

I noticed that too.. They work at FCA, taking home a test Durango HC, c'mon man

 

[fumanchu182]

I have participated in multiple bug bounties for FCA and Chrysler through bugcrowd (https://bugcrowd.com/fca). It is not a public reporting event so I can tell you all what I found but the systems are insecure across their whole gamut. Almost criminally negligible. FCA has been responsive to a lot of reports and is fixing what they can but embedded controllers with wonky ass firmware are harder to replace than you think. It is trivial to hook up an OBD2 scanner and start spoofing canbus messages, some paths lead to juicy nuggets that can get you into the firmware, some will have you spraying windshield washer fluid into your sunroof at 3am (did it with my scat pack).

Security is a arms race, as soon as someone patches something another vector of attack will appear.

 

[Finface]

I have participated in multiple bug bounties for FCA and Chrysler through bugcrowd (https://bugcrowd.com/fca). It is not a public reporting event so I can tell you all what I found but the systems are insecure across their whole gamut. Almost criminally negligible. FCA has been responsive to a lot of reports and is fixing what they can but embedded controllers with wonky ass firmware are harder to replace than you think. It is trivial to hook up an OBD2 scanner and start spoofing canbus messages, some paths lead to juicy nuggets that can get you into the firmware, some will have you spraying windshield washer fluid into your sunroof at 3am (did it with my scat pack).

Security is a arms race, as soon as someone patches something another vector of attack will appear.

Fumanchu,

Not good to hear about the insecurity of these systems. Like I said in my previous post I’d seen a video of two thieves reading the key fob of a BMW (now that I think of it, maybe a Mercedes) from outside an apartment with a laptop. I bought faraday cage wallets for all my Hellcat key fobs and I use them. Lining something with aluminum, as one poster mentioned, also works. I don’t know about turning off the proximity feature of these key fobs being a solution. My understanding is that the key fob can be “interrogated” anywhere, not just near the car, and that it can respond with the code to open car doors and start the car. Do you have an opinion of the proximity feature?

Cheap enough insurance to buy and use the wallets and yes, it is an electronic arms race.

Finface

 

[Diboblo]

This forum member had his Cat stolen, from a locked garage, in a gated community:

https://www.lxforums.com/board/char...lack-black-2020-widebody-charger-hellcat.html

Brand new WB Hellcat.

Some joker, with an RF code generator, boosted his car... months later and 3000 additional miles, the car was found, with 14 other Hellcats, in a private lot.

After repairs and a state VIN assignment, he finally has it back.


Bob

 

[Diboblo]

I'm considering putting my RF Hub on a physical switch. This would eliminate any data broadcasts. Still need to do more research. I would need to use my key, to enter... Not sure how that would interfere with the alarm package. This is still in Beta. LOL

I've already figured out how to disable the cell, without throwing a code. Next time I'm at the junkyard, I need to pull a few cell connectors, with about 6 inches of harness.

Can't wait to disable that UConnect OTA malware....

Bob

 

[DGatzby]

FOB covers just don’t seem like a good solution. If mine was not locked behind door sensors, motion alarms and cameras, I would mount a toggle switch somewhere, and I would not even tell you guys where. Oh maybe something like the power to the fuel pumps might make it harder to plug some bullshit into it and drive it away? Bullshit, like as said above you could steal a car in the old days in seconds. Nothing is different today, don’t think all this magic electronic crap is the creme to save us, because it is not.

 

[T_Trahan44]

FOB covers just don’t seem like a good solution. If mine was not locked behind door sensors, motion alarms and cameras, I would mount a toggle switch somewhere, and I would not even tell you guys where. Oh maybe something like the power to the fuel pumps might make it harder to plug some bullshit into it and drive it away? Bullshit, like as said above you could steal a car in the old days in seconds. Nothing is different today, don’t think all this magic electronic crap is the creme to save us, because it is not.

Buddy of mine got his Jetta stolen a lot, so he mounted an inline toggle switch behind the OBDII port. Slowly kept adding more, and now it's full rsce-car spec to start up with a ridiculous sequence. But it's not a bad idea.

 

[fumanchu182]

Got some toys in. Gonna see if I can do some work on it this evening.

 

[fumanchu182]

To start off I researched the devices. All key fobs are under a FCC id so I decided to hit up the FCC database and found the filings here: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Sum&calledFromFrame=Y&RequestTimeout=500&application_id=spKnbExGiCHJozOZmVpVNg==&fcc_id=M3N-40821302. The is all public knowledge and open source research. The most important records are the one with the RF Frequency information on them: https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1386312

So the plan is for me to sit in my garage with my fob upstairs and try and do the following.

1.) Attempt to open the door -> send LF message out but key fob is upstairs so no one is listenting, or are they?
2.) Intercept LF message with laptop nearby -> replay message with amplification so whole house is covered, therefore the FOB should reply.
3.) Fob responds with message but car doesn't have sensitive enough antenna -> intercept message at laptop with sensitive antenna and spoof RSSI information to gain entry and start car.

I will not be going into any technical details on how to do this. 1.) Illegal 2.) I would notify FCA first of any findings as required by law. 3.) Don't want anyone elses car to be stolen.

 

[fumanchu182]

To start off I researched the devices. All key fobs are under a FCC id so I decided to hit up the FCC database and found the filings here: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Sum&calledFromFrame=Y&RequestTimeout=500&application_id=spKnbExGiCHJozOZmVpVNg==&fcc_id=M3N-40821302. The is all public knowledge and open source research. The most important records are the one with the RF Frequency information on them: https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1386312

So the plan is for me to sit in my garage with my fob upstairs and try and do the following.

1.) Attempt to open the door -> send LF message out but key fob is upstairs so no one is listenting, or are they?
2.) Intercept LF message with laptop nearby -> replay message with amplification so whole house is covered, therefore the FOB should reply.
3.) Fob responds with message but car doesn't have sensitive enough antenna -> intercept message at laptop with sensitive antenna and spoof RSSI information to gain entry and start car.

I will not be going into any technical details on how to do this. 1.) Illegal 2.) I would notify FCA first of any findings as required by law. 3.) Don't want anyone elses car to be stolen.

I've set my car alarm off twice, disabled my key fobs by recording the signal and then replaying thus taking them out of sync. When it's not 8pm at night and I'm not trying to set the alarm off in my house I'll play with this some more.

 

[Hellcatcfp]

Someone posted this on Facebook (I know), but they gutted this Charger Daytona.

https://www.facebook.com/groups/DodgeHellcat/permalink/2512863222356470/

Damn...

 

[Hellcatcfp]

Now Police Are Warning About Dodge Muscle Car Thefts

https://www.motorious.com/articles/news/police-warning-dodge-thefts/

Nothing new, but still concerning.

 

[Kwalski]

bang bang usually stops this and further incidents.