Your fleet running reports

[Beany]

I was looking at whether the adaptive cruise on the 1-series can be retrofitted to my car, but apparently the front bumper for the M135i is a necessity for cooling, and it doesn't have the ability to take the hardware gubbins.

Which is a shame, but then again once I found that out I didn't bother looking at the cost of the parts so maybe it's a good thing

[Sundayjumper]

I was looking at JLR paint codes. I’d like to report a hate crime.

IMG_1132.jpeg (32.17 KiB) Viewed 505 times

[Sundayjumper]

Security stuff. Long article about CAN injection. I didn't really understand it.

https://kentindell.github.io/2023/04/03/can-injection/


A Range Rover Sport that was stolen by cutting a hole in the tailgate to access the wiring. Either search instagram yourself to try and find a photo, or use the link I've provided here:

https://www.rrsport.co.uk/forum/topic60060.html

[Beany]

Security stuff. Long article about CAN injection. I didn't really understand it.

https://kentindell.github.io/2023/04/03/can-injection/


A Range Rover Sport that was stolen by cutting a hole in the tailgate to access the wiring. Either search instagram yourself to try and find a photo, or use the link I've provided here:

https://www.rrsport.co.uk/forum/topic60060.html

Hmm....

The way CAN Injection works is to get into the car’s internal communication (i.e. the CAN bus) and inject fake messages as if from the smart key receiver, essentially messages saying “Key validated, unlock immobilizer”. In most cars on the road today, these internal messages aren’t protected: the receivers simply trust them. You can see how it can work in the RAV4 from the wiring diagram above: thieves break into the wiring for the red CAN bus (the one the smart key receiver ECU - shown in yellow - is connected to) and then use a simple electronic device to send CAN frames on to the red CAN bus to send fake “Key is validated” messages as if from the smart key receiver. The gateway ECU (a simple device that just copies certain CAN messages back and forth) will copy that fake message over to the green CAN bus, and the engine control system (shown in blue) will accept the message and deactivate the immobilizer function.

The thieves can then use their CAN Injector device to send a different fake CAN message that the door ECU (also shown in blue) that in essence says “Key is valid, unlock the doors”. So they don’t even need to damage the car to break into it: they can simply open the door, get in, and drive the car away - all without needing the key.

I, er.....what the fuck?

There's a section later on about how it can be fixed by implementing end to end encyrption and utilising a zero-trust security model.

No, ya think? Toyota - and other manufacturers - should be put against a wall and shot for this level of shoddy, lazy architecture. End to end encryption has been effectively zero-cost for well over a decade; there's no excuse for this. They need to class-actioned or government sanctioned into the dirt for letting this shit out. Like the action against VW for the emissions scandal but with some actual teeth.

[Sundayjumper]

End to end encryption has been effectively zero-cost for well over a decade; there's no excuse for this.

The article does touch on that towards the end - that ten years isn't really that long in vehicle development. My car is 7 years old but the L405 came out in 2012 and the architecture would have been in development years before that so it's maybe 15 years old now ? Even a brand-new just-launched car could be 5yo architecture with bells on.

Plus once stuff is on the road, it'll be out there for quite a long time compared to IT stuff. To me a ten year old car is still pretty new; a ten year old phone or laptop is basically scrap.

[Sundayjumper]

Update to my 3G / tracker subscription quandary - I've just been playing around with insurance quotes (I'm with Admiral FWIW) and adding / removing a tracker makes exactly £0.00 difference. On that basis the LR tracker subscription @ £260pa despite being good value for a tracker is not good value overall. And if it gets stolen maybe I don't want it back anyway ?

Which reminds me of an argument I had years ago. My Frontera was insured TPF&T and got stolen - opportunistic house break-in and the keys were near the door so they took the car. Instead of telling me they'd found it a couple of miles away and asking if I had a spare key, the Police had it lifted & transported to a storage compound and I ended up with a fairly large bill to pay for a) transport b) use of skates to move it around the compound because it was locked and c) a locksmith for finally opening it. I tried to claim for all this under the "theft" part of TPF&T but was told that "theft" only applies if the car is not recovered. If you get it back it's not theft

[integrale_evo]

I probably wouldn’t want the car back, it just wouldn’t be the same. However I’d like the people caught. Probably wouldn’t pay £260 a year for a miniscule chance of that happening though

[Mito Man]

Maybe better off with an AirTag?

I mean if it makes no difference to your premium, unlikely to work after the 3G cut off, probably not the best tracker when new either and all the usual locations for it known by thieves by now.

[Rich B]

I probably wouldn’t want the car back, it just wouldn’t be the same. However I’d like the people caught. Probably wouldn’t pay £260 a year for a miniscule chance of that happening though

I never really understood this concept, if I could have it back without cost then I'd happily have my car back.

[Sundayjumper]

I probably wouldn’t want the car back, it just wouldn’t be the same. However I’d like the people caught. Probably wouldn’t pay £260 a year for a miniscule chance of that happening though

I never really understood this concept, if I could have it back without cost then I'd happily have my car back.

e.g. the RRS in the thread above - it needed £17k of repairs, it would never be the same. If I was in that situation I would have preferred that it had "disappeared".

[Rich B]

I probably wouldn’t want the car back, it just wouldn’t be the same. However I’d like the people caught. Probably wouldn’t pay £260 a year for a miniscule chance of that happening though

I never really understood this concept, if I could have it back without cost then I'd happily have my car back.

e.g. the RRS in the thread above - it needed £17k of repairs, it would never be the same. If I was in that situation I would have preferred that it had "disappeared".

obs I wouldn't want it back if it was fucked. But a straight stolen and recovered with no damage/cost, no problem!

[Sundayjumper]

Having said all that, I do find myself drawn to wanting a tracker. Something like this looks reasonable - £60 for the unit then £60/year subscription.

https://www.trutrak.co.uk/product-page/ ... acker-payg

[Beany]

End to end encryption has been effectively zero-cost for well over a decade; there's no excuse for this.

The article does touch on that towards the end - that ten years isn't really that long in vehicle development. My car is 7 years old but the L405 came out in 2012 and the architecture would have been in development years before that so it's maybe 15 years old now ? Even a brand-new just-launched car could be 5yo architecture with bells on.

Plus once stuff is on the road, it'll be out there for quite a long time compared to IT stuff. To me a ten year old car is still pretty new; a ten year old phone or laptop is basically scrap.

That's a fair point, but I'm talking about literally zero cost, effectively perfect encryption - the cost of plenty good enough encryption has been very low for over well over two decades - basically since online banking became a thing and people wanted systems that didn't need dozens of watts per device to do key exchanges at scale. The sort of thing that to this day would still need a decent GPU running on mains power and a few hours to crack.

To not even try however, and to have a setup that allows engine management and security access via the headlight is woeful architecture though.

Car manufacturers really are fucking woeful at security, and I guess the only thing that would make that change would be the insurance industry coming at them with the knives out to recoup their costs. It's not like legislators are going to do anything, etc.

I wonder if that's what happened to JLR?

[John]

A work colleague has had their Toyota CHR targeted twice, the thieves pull the front bumper off to access "some" wiring.

[Matty]

I'm currently eyeing up a couple of Giulia's which can be easily stolen via a front port. It's been known about forever, and Alfa have done nothing - insurance policies for them are really high because of how easy they are to steal.

Some random bloke on the internet has fixed it for a few hundred quid with a retromod to block it. Obviously he's kept it a secret to how it's done, but hundred have now fitted it and it's proven to work. Keeps Alfa warranty too.

Still confuses me as to why manufacturers haven't done more about it, it can't be good for sales and/or brand? Like @Beany said encryption has been in place for years....if you can have encryption that works across multiple operating systems, hardware and languages, how hard can it be to implement it into a single cars software?

[Mito Man]

Because manufacturers aren’t a victim of car crime but a beneficiary. Land Rover only bothered to come up with a proper fix once insurance premiums went so high and they had so much negative press that it started to influence sales.

[V8Granite]

Security stuff. Long article about CAN injection. I didn't really understand it.

https://kentindell.github.io/2023/04/03/can-injection/


A Range Rover Sport that was stolen by cutting a hole in the tailgate to access the wiring. Either search instagram yourself to try and find a photo, or use the link I've provided here:

https://www.rrsport.co.uk/forum/topic60060.html

Hmm....

The way CAN Injection works is to get into the car’s internal communication (i.e. the CAN bus) and inject fake messages as if from the smart key receiver, essentially messages saying “Key validated, unlock immobilizer”. In most cars on the road today, these internal messages aren’t protected: the receivers simply trust them. You can see how it can work in the RAV4 from the wiring diagram above: thieves break into the wiring for the red CAN bus (the one the smart key receiver ECU - shown in yellow - is connected to) and then use a simple electronic device to send CAN frames on to the red CAN bus to send fake “Key is validated” messages as if from the smart key receiver. The gateway ECU (a simple device that just copies certain CAN messages back and forth) will copy that fake message over to the green CAN bus, and the engine control system (shown in blue) will accept the message and deactivate the immobilizer function.

The thieves can then use their CAN Injector device to send a different fake CAN message that the door ECU (also shown in blue) that in essence says “Key is valid, unlock the doors”. So they don’t even need to damage the car to break into it: they can simply open the door, get in, and drive the car away - all without needing the key.

I, er.....what the fuck?

There's a section later on about how it can be fixed by implementing end to end encyrption and utilising a zero-trust security model.

No, ya think? Toyota - and other manufacturers - should be put against a wall and shot for this level of shoddy, lazy architecture. End to end encryption has been effectively zero-cost for well over a decade; there's no excuse for this. They need to class-actioned or government sanctioned into the dirt for letting this shit out. Like the action against VW for the emissions scandal but with some actual teeth.

Every single IT person who says how easy something is inevitably has to come back 5 times to fix the IT thing they said was easy.

That’s top level IT in jet engine development, in Caterpillar security, people who do the PLC automation for whole countries.

If it wasn’t done, it’s highly likely for it being far more difficult than it looks.

Dave!

[Mito Man]

Got round to fitting my new shiny brakes on the 6.

It was all very enjoyable and didn’t take half a day this time. I am surprised the rear calipers are not seized, they looked like they came off the bottom of the ocean and even the caliper pistons looked like actual turds with chunks of rust coming off.
The whole car is at that age where it needs some maintenance underneath. The rear shocks have a slight oil misting. Looks like the subframe bushes even have some oily residue and are quite cracked.

[Sundayjumper]

There’s an OEM sausage holder available for the Range Rover. I think I’ll get a pair

IMG_1141.jpeg (30.51 KiB) Viewed 302 times

[GG.]

I never really understood this concept, if I could have it back without cost then I'd happily have my car back.

e.g. the RRS in the thread above - it needed £17k of repairs, it would never be the same. If I was in that situation I would have preferred that it had "disappeared".

obs I wouldn't want it back if it was fucked. But a straight stolen and recovered with no damage/cost, no problem!

I'm not sure it is better to get it back though because you have to report it to your insurer to ensure they'll pay out in the event it is not recovered and then you have the potential for it to be marked stolen recovered. I think perhaps if there is no damage and nothing to claim from your insurer (e.g. not even a smashed window or replacement trim) then perhaps you don't get that marker. Anyway - I never found out as mine was long gone never to resurface.

The LR tracker is pointless as the thieves know exactly where is is (rear NS wheelarch trim) and promptly rip it out. A well hidden 3rd party tracker might be good but if you don't get it back quickly either it will be shipped somewhere or chopped up. The only real solution is a no tag no start or a ghost.