GTS Stolen

[muzziman]

Agreed, that's a lovely looking car. Don't forget to get a new number plate before driving off though!

So you don't think pulling out headlights or other devices to get to the CAN bus wiring, but using the OBD port. Not great that this is enough to hack the car "security" but good to know.

The question still unanswered is how they're getting in the car in the first place. Did you have Porsche Connect enabled? The app no longer supports remote unlock, but I'm wondering if the underlying protocol does. i.e. can someone from Porsche still send the relevant commands to the car to unlock it (and tell someone where it is).

[Bazza06]

UNLESS there is a 'mole' in an elevated position in OPC......................


Thinks..................

A few years ago I was working with police on spate of Range Rovers being stolen. All linked to the same dealer, and, yes, the thief was connected to them.

If your vehicle is out of your control or sight, such as being serviced or in a drive-in car wash, there is always opportunity for a tracker to be secreted allowing the thief to locate your car to steal at a more convenient time.

[Bazza06]

Ghost devices - I see these are getting a lot of mentions and I have no direct experience of one myself, but I do know how they operate.

I'm temporarily driving a Range Rover Evoque, 23 plate, and it' already broken down once which I wasn't surprised given the general history of Range Rovers, but I got talking to the AA guy that attended (well, JLR call them Land Rover Assist) and he said that he had attended a stolen vehicle fitted with the Ghost device that had been stolen.

Now I caution this with not knowing the full facts, but it raised the question about the ability of thieves to overcome vehicle security via the CAN BUS Injection method.

[muzziman]

Ghost devices - I see these are getting a lot of mentions and I have no direct experience of one myself, but I do know how they operate.

I'm temporarily driving a Range Rover Evoque, 23 plate, and it' already broken down once which I wasn't surprised given the general history of Range Rovers, but I got talking to the AA guy that attended (well, JLR call them Land Rover Assist) and he said that he had attended a stolen vehicle fitted with the Ghost device that had been stolen.

Now I caution this with not knowing the full facts, but it raised the question about the ability of thieves to overcome vehicle security via the CAN BUS Injection method.

How do they operate? I can't see how it could send a start code the engine ECU (as the ECU wouldn't be expecting the code). Does it send a "shutdown" command if it's not given the right code? If so, I can see the CAN bus injection would struggle a bit with that. It would either have to stay on the bus and prevent the Ghost sending the shutdown messages (but as I understand it, that would probably mess up everything else needed to drive the vehicle too), or the thieves would have to physically disable/remove the Ghost.

Interesting to note that if the car manufacturers add CAN encryption as they should, only the original components will trust each other so the Ghost systems won't work either. But in theory that's fine, as they won't be needed any more.

[Nuclear Nick]

Ghost devices - I see these are getting a lot of mentions and I have no direct experience of one myself, but I do know how they operate.

I'm temporarily driving a Range Rover Evoque, 23 plate, and it' already broken down once which I wasn't surprised given the general history of Range Rovers, but I got talking to the AA guy that attended (well, JLR call them Land Rover Assist) and he said that he had attended a stolen vehicle fitted with the Ghost device that had been stolen.

Now I caution this with not knowing the full facts, but it raised the question about the ability of thieves to overcome vehicle security via the CAN BUS Injection method.

How do they operate? I can't see how it could send a start code the engine ECU (as the ECU wouldn't be expecting the code). Does it send a "shutdown" command if it's not given the right code? If so, I can see the CAN bus injection would struggle a bit with that. It would either have to stay on the bus and prevent the Ghost sending the shutdown messages (but as I understand it, that would probably mess up everything else needed to drive the vehicle too), or the thieves would have to physically disable/remove the Ghost.

Interesting to note that if the car manufacturers add CAN encryption as they should, only the original components will trust each other so the Ghost systems won't work either. But in theory that's fine, as they won't be needed any more.

See this article posted by Bluesnose earlier today. Great read!

Also see a linked article by Pen Test that shows some of the after market ‘security’ systems can actually introduce vulnerabilities that can easily be exploited making the car less secure than it was originally!

[JJay]

Isn't the vulnerability that all Macans have a physical keyhole, whether the car has keyless or not, which can be forced / picked using a keygun allowing the miscreant to gain access to the interior?

[muzziman]

That shouldn’t matter if the immobilers CAN bus was properly secure. Even once in, with access to the OBD port, the thief wouldn’t be a le to start the engine.

[JJay]

I'm don't have enough technical knowledge to answer how the immobiliser is bypassed but it that seems to be what is happening once they have access to the interior / electrics, for example with the RR bootlid intrusions. Where there's a will... and with the tech that seems to be available to these people. There's a whole industry devoted to defeating manufacturer security systems.

[muzziman]

Yes, that is what is happening now. What I mean is, if they secure the electronics properly, having a keyhole won’t matter. They wouldn’t be able to drive away. Right now, with the lack of security, someone inside can easily get to the electronics and drive off.

[muzziman]

Had our GTS stolen from outside the house last night with all the security on and a crook lock steering wheel lock + directly under CCTV, two white males arrived 2:30 and got in without setting anything off, pulled the front dash down and got into the boot and accessed the security on the right hand side,

Hi. I’m still investing what happened with my Macan S while waiting for the insurance company to stop faffing about.

You mention the thieves got in without setting anything off. From the CCTV, did they appear to interfere with the car at all or just walk up and get in (i.e. no delay).

I’m wondering if the initial access was via a CAN bus attack, or if there’s either a key cloning aspect or perhaps some weakness in the Porsche Connect service that’s allowing them to know both where the car is and remotely unlock it.

Did you have an active Porsche Connect subscription?