ravelco
 


about us
productmagazines and videostestimonials
competitionhistorydealersopportunitiescontact us
 
       
  LAPTOPS - RFI - SMART KEYS, ETC.    
       
 

WHAT THE CAR DEALERS SAY . . .

SALESPEOPLE AT THE CAR DEALERS DO NOT KNOW HOW TO KEEP YOUR VEHICLE FROM BEING STOLEN. EVERYTHING THEY KNOW IS WHAT THEY WERE TRAINED TO SAY.

Please do not depend on your vehicle's Factory Security System to keep your vehicle from being stolen. No matter what kind!

Let your dealer supply you your vehicle - - - and let RAVELCO supply your security.

One Honda dealer told a Ravelco customer that they would not need a Ravelco because the Ravelco kills the same circuits as the factory system that Honda includes in their vehicles for free! The Ravelco customer then asked "Well if Honda's factory system is so foolproof why is Honda the number #1 stolen vehicle in the world?" The Honda dealer was lost for words!

Car dealers are always telling their customers "You do not need any additional security because you have a chip it your key that has a billion different combinations and it sends a signal to the vehicle to let the vehicle know that this is the real key . . . Blah Blah Blah Blah!" BALONEY !!!! PLEASE DO NOT BELIEVE THIS! THIS IS JUST SALES TALK! 

There are companies who manufacture by pass kits . . . (shown at bottom of page)

Be sure to read these newspaper articles below . . . 

THE FOLLOWING ARTICLES BELOW TELL YOU WHY YOU NEED THE RAVELCO  . . .

BBC - One Watch Dog 

BMW: Open to car theft?

They cost between £17,000 and more than £100,000. Providing owners with the last word in German luxury engineering. But - every day – more and more BMW owners are waking up to find them gone.

Steven Singh opened his door and noticed that his car wasn’t there, apart from some shattered glass on the floor. His BMW M6 convertible had been stolen. After paying so much, he thought he’d taken all the necessary safety precautions and had both the keys in his possession. Exasperated, he told us “you spend £40,000, £50,000 on a vehicle and someone can come and take your car without a key. It’s just ludicrous” On the same night Steven's car was taken, he met another BMW owner who’d also been targeted. Since then, more have been writing to Watchdog. Their cars have gone too. And all of them still have their keys.

What’s going on?

It begins with the computerization of cars. Most modern vehicles, like the BMW, now have an on-board computer hidden away under the bonnet. This computer basically controls the engine and makes sure everything is working correctly. It also controls the car’s electronic key. All BMWs have had them since 2006. The keys communicate with the computer via radio signal and that in turn allows you to start the vehicle. But crucially, the computer can also program a new key, should the old one be lost. Now this used to be a complicated task that took around 40 minutes to complete and required specialist equipment. But someone has managed to simplify the process by cracking BMW’s technology.

The result?

A device exists which allows anyone to access the on-board computer and program a blank key. It's so easy to use and the process takes little more than three minutes. The device was actually designed and marketed for garages and recovery agents etc, so they could use it over and over again on different vehicles. Unfortunately, the same could also apply to criminals. Amazingly, the blank keys and the device are both available to buy at a bit of a price on the internet. But, as it works on many models of BMW – and as it can be used repeatedly - the criminals are happy to pay. Police in Warwickshire are so concerned they released a press release in April, warning BMW owners to take extra precautions because of the high number of cars being stolen.

It clearly states “The thief uses a device on the vehicle which program a blank key”. And it's the same story in London. There’ve been so many thefts here, that that in August the Metropolitan Police left leaflets under windscreens, warning BMW owners their cars were likely to be targeted So with the police going out of their way to warn the public of the dangers, you'd expect BMW to be doing the same. Surely they are contacting owners and letting prospective buyers know the risks? Well, not exactly. We visited BMW dealerships in both the Midlands and London – both theft hotspots and we got totally inconsistent messages. So we got hold of one of these devices and a blank BMW key ourselves and, surprise, surprise, with the blank key we were able to start the car. A security system so compromised that even our reporter could break it. How much more proof does BMW need that it is time for them to take action?

Company Response

A BMW spokesperson said:

"Criminal activity of all kinds is becoming increasingly sophisticated and particularly in this electronic age evolves with incredible speed. For highly complex, valuable and desirable products like cars, this has been a constant battle for manufacturers, legislators, the police and of course the owners of these cars. Organized crime has turned its attention to profits which can be made when stealing premium cars to order and selling them under false identities or, more often, breaking them up for parts and selling them piecemeal. Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action. However, BMW has always taken security extremely seriously and has worked closely with police forces around the country (and the world), with Thatcham and with the industry body, the SMMT (The Society of Motor Manufacturers and Traders) to understand and mitigate against car crime wherever possible. Therefore, when we were made aware of this new form of attack, we took it very seriously and immediately launched an investigation." A vital point to acknowledge here is that there is no such thing as the ‘unstealable’ car, as Ron Cliff knows well. If a criminal decides they want your car, they will find a way to take it. Our job is to make it as difficult as possible.

Can BMW confirm it is aware of the issues raised above?

We are aware of this new type of high-tech car crime, which is certainly not restricted to BMW, but is an industry wide issue. Manufacturers and police forces are in a constant battle against the increasing sophistication of organized car criminals.

When did BMW become aware of the security issues outlined above?

We have a close working relationship with the Metropolitan Police and with Thatcham and first became aware of this new type of car crime in autumn 2011. We immediately started an investigation, which was a complex process to establish the exact method of attack and the technical implications.

What is BMW doing to rectify the security problems?

There is no specific BMW security issue here, this is something which affects many brands, however organized criminals have targeted particularly desirable cars, with higher value parts and that is why BMW is amongst the brands affected. BMW prides itself on its vehicle security systems and all BMWs meet all UK and global security standards. Our engineers and technicians review all aspects of our vehicles constantly, including security systems, and after extensive research we are clear that none of our latest models - new 3 Series, 5 Series, 6 Series and 7 Series - nor any other BMW built after September 2011 can be stolen using the method you have highlighted. For cars built before this date our investigations, jointly with the police, have identified late model BMW X5 and X6 as cars which have been focused on by organized criminals. We are now taking steps to mitigate against this type of theft for these two models and are contacting customers accordingly. For obvious security reasons we cannot say what these measures are. Other models, including earlier M cars, as featured in your program, are also being looked at to see if similar measures might be applied.

What advice can you offer your customers?

We agree with the general advice to customers given by the Police:

  • When using remote locking, ensure the car has actually locked by checking a door.

  • Be careful with your keys and who you give them too keys (e.g. valet parking). There is a risk that they could be cloned.

  • Where ever possible park your car out of sight, in a locked garage or under the cover of CCTV cameras

  • In addition: We recommend servicing your BMW at dealerships capable of providing software updates (e.g. authorized BMW Dealerships) on a regular basis to give the opportunity of further enhancing theft protection.

I am pleased to say that we have now had further information from our technical team which means that we will be able to offer the same mitigating measures mentioned in relation to X5 and X6, to any concerned BMW owners, starting within the next eight weeks. This will mean that the car cannot be taken using the piece of equipment you highlight. Of course this will not render the car unstealable, but it will address this particular form of attack.

Any customer who is concerned about this issue can contact our customer service department on 0800 083 4397 or their dealer, either of which will happy to advise.

This page was posted on 12 September 2012.

Texting, grand theft auto style; alarms pose risk

AP Friday August 19, 2011

For car thieves, texting and driving might mix; alarm systems open door, literally, for attack

In this photo taken Tuesday, Aug. 16, 2011, security consultants Don Bailey, left, and Mathew Solnik, right, with iSEC Partners, demonstrate with a computer how they force cars with certain alarm systems to unlock their doors and start their engines by sending them text messages in San Francisco. (AP Photo/Eric Risberg)


SAN FRANCISCO (AP) -- Texting and driving don't go well together -- though not in the way you might think. Computer hackers can force some cars to unlock their doors and start their engines without a key by sending specially crafted messages to a car's anti-theft system. They can also snoop at where you've been by tapping the car's GPS system.

That is possible because car alarms, GPS systems and other devices are increasingly connected to cellular telephone networks and thus can receive commands through text messaging. That capability allows owners to change settings on devices remotely, but it also gives hackers a way in.

Researchers from iSEC Partners recently demonstrated such an attack on a Subaru Outback equipped with a vulnerable alarm system, which wasn't identified. With a laptop perched on the hood, they sent the Subaru's alarm system commands to unlock the doors and start the engine.

Their findings show that text messaging is no longer limited to short notes telling friends you're running late or asking if they're free for dinner. Texts are a powerful means of attack because the devices that receive them generally cannot refuse texts and the commands encoded in them. Users can't block texts; only operators of the phone networks can.

These devices are assigned phone numbers just like fax machines. So if you can find the secret phone number attached to a particular device, you can throw it off by sending your own commands through text messaging.

Although these numbers are only supposed to be known by the devices' operators, they aren't impossible to find. Certain network-administration programs allow technicians to probe networks to see what kinds of devices are on them. Based on the format of the responses, the type and even model of the device can be deduced. Hackers can use that information to craft attacks against devices they know are vulnerable. (In this case, the researchers bypassed these steps and simply took the alarm system out of the car to identify the secret phone number.)

You'd have to ensure that the phone number you found is attached to the car you're standing in front of, for instance. There are hacking tools to do that -- they listen for cellular traffic around a particular vehicle -- but in many cases it's easier to take a car that doesn't have an alarm.

The research from Don Bailey and Mat Solnik is unsettling because it shows that such attacks are possible on a variety of other devices that use wireless communications chips. Those include ATMs, medical devices and even traffic lights. Hackers have already sent specially crafted texts with commands to instantly disconnect iPhones from the cellular network.

Bailey, whose specialty is cellphone network security, also found that similar techniques can be used to get a certain type of GPS system to cough up its location data. Such information can be used by stalkers or home burglars, for instance.

The type of GPS system he studied is known as assisted GPS, which means that it uses cellular signals in addition to the usual satellite signals. That makes the system vulnerable. The research isn't just about taking off with someone else's car or finding out where that person has been.

It raises the possibility of other, more sinister dangers, such as those potentially affecting braking and acceleration, said Scott Borg, director of the U.S. Cyber Consequences Unit, a group that studies hacking threats. That becomes possible as networked electronics are more tightly coupled with physical machinery.

"Doing one that is harmful is quite hard, but we need to prepare for people doing that," Borg said.

The research got the attention of a trade group for electric utilities, the North American Electric Reliability Corp. After the pair showed off the techniques at the Black Hat security conference in Las Vegas this month, the group warned that the types of wireless chips exploited by the pair are also used at power plants and said that more caution is needed in their use.

The vulnerable GPS system was made by Zoombak Inc., which promotes its products' usefulness in tracking children and automobiles. The company said it has made changes to its devices, so that outside parties can no longer get location data without passwords.

Bailey and Solnik are working with the manufacturer of the car alarm system to fix its vulnerabilities. Bailey said the unidentified manufacturer has fixed many of the security issues. Bailey said stricter security standards are needed.

"We're so excited to use technology that we're deploying it too quickly and not really thinking about the impact of security," he said.

Online Video demonstration of attack

Laptop Thieves
High-Tech Thieves Use Laptops to Steal Cars with RFID Chips
By JOHN HOLL - January 7, 2008

NEW YORK -- Security technology created to protect luxury vehicles may now make it easier for tech-savvy thieves to drive away with them. In April, high-tech criminals made international headlines when they used a laptop and transmitter to open the locks and start the ignition of an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5 stolen from him using this technology within six months.

The most recent theft occurred while Beckham and his two sons were eating at a restaurant in suburban Madrid. Spanish police suspected a Bulgarian gang of car thieves that specialize in stealing luxury cars. At the time of publication, no suspects had yet been apprehended.

This highly publicized theft was not the first indication that keyless systems were vulnerable to wireless break-ins. Back in 2004, when keyless technology was still new and touted as unbreakable and secure, Dr. Aviel D. Rubin, a professor of computer science at Johns Hopkins University, along with several of his graduate students examined this possibility. Within three months they had successfully cracked the code embedded within the ignition keys of newer model cars, theoretically allowing them to steal the autos.

Using a laptop computer, an antenna and specifically designed software, Rubin and his team extracted a code that transmits from a small Radio Frequency Identification (RFID) chip inside the key. From there the team tested more than one trillion possible encryption answers.

"It was a trial-and-error process," Rubin said. "We wanted to see if it could be broken and found out that it could. We were surprised."

Realizing the ramifications of their discovery, Rubin and his team presented their findings to Texas Instruments — the makers of the chip — and automaker representatives and posted their research paper online. On the site, the team does not reveal the specifics of how they broke the code, so as to not enable criminals to harness the technology.

Texas Instruments’ reaction was one of surprise, Rubin said. The chip manufacturer was skeptical at first, but once the engineers received an in-person demonstration, they relented that the technology could be broken. Unfortunately, there wasn't much that TI, the world’s largest integrated maker of RFID tags, smart labels and reader systems, could do about it. A recall would be nearly impossible and very expensive.

Bill Allen, director of business development for Texas Instruments' RFID division, did not dispute what the Johns Hopkins team did, but said it is "a complex thing and not something that can be done easily."

He said that researchers were working on staying one step ahead of criminals. Texas Instruments, he said, had already introduced 128-bit encrypted RFID tags to make it harder for thieves and hackers to manipulate the system.

"In practicality, consumers are as safe today as they were yesterday," Allen said.

Kevin P. McHugh, president of the International Association of Auto Theft Investigators, said RFID thefts "are known and growing" in Europe, especially with expensive cars. However, because the method used to steal a car isn’t always noted in police reports here, the specific number of how many cars had been stolen in the U.S. using laptops is unknown, confirmed Frank Scafidi, director of public affairs for the National Insurance Crime Bureau.

Yet these recent thefts may be no cause for alarm in America. The number of reported car thefts in the U.S. has increased in 2004 there were more than 1.8 million cars stolen in the U.S., up 1.9 percent from 2003, according to the Department of Justice.

"It is getting harder for the amateur to steal cars," McHugh said. "The professional thief with high-tech experience who wants your car for reason ‘x’ is going to come up with a way to get it, and these days that often involves using technology."

RFID chips are used in everything from supermarket scanners to credit cards. Of the hundreds of millions of RFID ignition keys in use in the United States, most operate with a 40-bit frequency that broadcasts their number through the air. In order for thieves to get access to the numbers, they first must get within several inches of the key with a receiver. From there, the signal can be downloaded onto a computer, processed and broken in about 15 minutes. The thieves can then feed the signal to the car and successfully hotwire the vehicle.

Nick Twork, a technology spokesman for Ford Motor Company, said that while no technology is foolproof, RFID has contributed to a drop in thefts over the last several years.

"We are always coming up with new ways to make it harder for people to steal cars," Twork said. "And if a car is stolen, we are making it easier to recover."

Twork said that Ford is also working on next-generation antitheft measures but declined to elaborate when asked for specifics.

Loretta Worters, a spokeswoman for the Insurance Information Institute, said that insurance companies are inclined to offer reduced rates to consumers who drive cars equipped with antitheft devices like RFID, alarm systems and safety devices like airbags.

"We feel that anything that can help reduce the number of thefts is a good thing," Worters said. "It benefits the owner of the vehicle and the insurance companies."

She added that RFID thefts "are not a big problem in the [insurance] industry.”

With millions of these tags in circulation, Rubin says there is not a lot drivers can do to protect themselves. "You can wrap your keys" in tinfoil, but that's not very practical," he said. "It is best to wait until the second-generation tags come out."

Gone in 60 seconds--the high-tech version

By Robert Vamosi
Special to CNET News.com
Published: May 6, 2009, 6:00 AM PDT

Let's say you just bought a Mercedes S550--a state-of-the-art, high-tech vehicle with an antitheft keyless ignition system.

After you pull into a Starbucks to celebrate with a grande latte and a scone, a man in a T-shirt and jeans with a laptop sits next to you and starts up a friendly conversation: "Is that the S550? How do you like it so far?" Eager to share, you converse for a few minutes, then the man thanks you and is gone. A moment later, you look up to discover your new Mercedes is gone as well.

Now, decrypting one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car--making the hack tempting for thieves. The owner of the code is now the true owner of the car. And while high-end, high-tech auto thefts like this are more common in Europe today, they will soon start happening in America. The sad thing is that manufacturers of keyless devices don't seem to care.

Wireless or contactless devices in cars are not new. Remote keyless entry systems--those black fobs we all have dangling next to our car keys--have been around for years. While the owner is still a few feet away from a car, the fobs can disengage the auto alarm and unlock the doors; they can even activate the car's panic alarm in an emergency.

First introduced in the 1980s, modern remote keyless entry systems use a circuit board, a coded radio-frequency identification (RFID) technology chip, a battery and a small antenna. The last two are designed so that the fob can broadcast to a car while it's still several feet away.

The RFID chip in the key fob contains a select set of codes designed to work with a given car. These codes are rolling 40-bit strings: With each use, the code changes slightly, creating about 1 trillion possible combinations in total. When you push the unlock button, the keyfob sends a 40-bit code, along with an instruction to unlock the car doors. If the synced-up receiver gets the 40-bit code it is expecting, the vehicle performs the instruction. If not, the car does not respond.

A second antitheft use of RFID is for remote vehicle immobilizers. These tiny chips, embedded inside the plastic head of the ignition keys, are used with more than 150 million vehicles today. Improper use prevents the car's fuel pump from operating correctly. Unless the driver has the correct key chip installed, the car will run out of fuel a few blocks from the attempted theft. (That's why valet keys don't have the chips installed; valets need to drive the car only short distances.)

One estimate suggests that since their introduction in the late 1990s, vehicle immobilizers have resulted in a 90 percent decrease in auto thefts nationwide. But can this system be defeated? Yes.

Keyless ignition systems allow you the convenience of starting your car with the touch of a button, without removing the chip from your pocket or purse or backpack. Like vehicle immobilizers, keyless ignition systems work only in the presence of the proper chip. Unlike remote keyless entry systems, they are passive, don't require a battery and have much shorter ranges (usually six feet or less). And instead of sending a signal, they rely on a signal being emitted from the car itself.

Given that the car is more or less broadcasting its code and looking for a response, it seems possible that a thief could try different codes and see what the responses are. Last fall, the authors of a study from Johns Hopkins University and the security company RSA carried out an experiment using a laptop equipped with a microreader. They were able to capture and decrypt the code sequence, then disengage the alarm and unlock and start a 2005 Ford Escape SUV without the key. They even provided an online video of their "car theft."

But if you think that such a hack might occur only in a pristine academic environment, with the right equipment, you're wrong.

Real-world examples: Meet Radko Soucek, a 32-year-old car thief from the Czech Republic. He's alleged to have stolen several expensive cars in and around Prague using a laptop and a reader. Soucek is not new to auto theft--he has been stealing cars since he was 11 years old. But he recently turned high-tech when he realized how easily it could be done.

Ironically, what led to his downfall was his own laptop, which held evidence of all his past encryption attempts. With a database of successful encryption strings already stored on his hard drive, he had the ability to crack cars he'd never seen before in a relatively short amount of time.

And Soucek isn't an isolated example. Recently, soccer player David Beckham had not one, but two, antitheft-engineered BMW S5 SUVs stolen. The most recent theft occurred in Madrid, Spain. Police believe an auto theft gang using software instead of hardware pinched both of Beckham's BMWs.

How a keyless car gets stolen isn't exactly a state secret--much of the required knowledge is Basic Encryption 101. The authors of the Johns Hopkins/RSA study needed only to capture two challenge-and-response pairs from their intended target before cracking the encryption.

In an example from the paper, they wanted to see if they could swipe the passive code off the keyless ignition device itself. To do so, the authors simulated a car's ignition system (the RFID reader) on a laptop. By sitting close to someone with a keyless ignition device in his pocket, the authors were able to perform several scans in less than one second without the victim knowing. They then began decrypting the sampled challenge-response pairs. Using brute-force attack techniques, the researchers had the laptop try different combinations of symbols until they found combinations that matched. Once they had the matching codes, they could then predict the sequence and were soon able to gain entrance to the target car and start it.

In the case of Beckham, police think the criminals waited until he left his car, then proceeded to use a brute-force attack until the car was disarmed, unlocked and stolen.

Hear no evil, speak no evil . . . The authors of the Johns Hopkins/RSA study suggest that the RFID industry move away from the relatively simple 40-bit encryption technology now in use and adopt a more established encryption standard, such as the 128-bit Advanced Encryption Standard (AES). The longer the encryption code, the harder it is to crack.


The authors also suggest that car owners wrap their keyless ignition fobs in tin foil when not in use to prevent active scanning attacks, and that automobile manufacturers place a protective cylinder around the ignition slot. This latter step would limit the RFID broadcast range and make it harder for someone outside the car to eavesdrop on the code sequence.

Unfortunately, the companies making RFID systems for cars don't think there's a problem. The 17th annual CardTechSecureTech conference took place this past week in San Francisco, and CNET News.com had an opportunity to talk with a handful of RFID vendors. None wanted to be quoted, nor would any talk about 128-bit AES encryption replacing the current 40-bit code anytime soon. Few were familiar with the Johns Hopkins/RSA study we cited, and even fewer knew about keyless ignition cars being stolen in Europe.

Even Consumer Reports acknowledges that keyless ignition systems might not be secure enough for prime time, yet the RFID industry adamantly continues to whistle its happy little tune. Until changes are made in the keyless systems, any car we buy will definitely have an ignition key that can't be copied by a laptop.

LOS ANGELES TIMES - February 8, 2009

Thieves outwit high-tech advances

Automobile antitheft systems have gotten smart -- but so have networks of criminals.

By Ralph Vartabedian
Times Staff Writer

February 8, 2009

The recent thefts in Southern California of several Lexus LS 400s, known among security experts for their antitheft systems that tie into the car's central computer system, have created new concerns about the evolving expertise of organized crime rings to defeat the auto industry's most clever engineering.

In the past, the theft of a few vehicles might not have seemed like such a big deal. But the ability of thieves to defeat top-tier automotive technology is another sign of the sophistication of criminal networks. Increasingly, car theft is more like computer hacking than like breaking and entering a home or business protected by physical locks and keys.

For every step taken by engineers to increase the difficulty of stealing a car, criminal networks have responded with schemes to defeat physical and electronic systems.

"It is a cat-and-mouse game between the bad guys on the street and the engineers in the lab," said Kim Hazelbaker, senior vice president of the Highway Loss Data Institute, a Washington, D.C. insurance group.

Though theft rates have been cut in half, insured losses remain unchanged from a decade ago as professional thieves target higher-value vehicles.

Just like any automotive technology, antitheft systems differ widely in both their design and effectiveness, said Forrest Folck, who operates Motor Vehicle Forensic Services in San Diego.

The LS 400s that were stolen are among models that use a smart key to tie into the car's electronic control module, or ECM, the central brain for the engine, transmission and related systems. Unless the smart key sends the proper code to the ECM transponder, the ECM disables the electronic fuel-injection system.

Here's how a criminal ring has defeated it: First, they force the locks on the door and steering column with a custom-made tool, using a socket wrench coupled to a specially machined blank key that fits any Lexus lock and can deform the wafers and tumblers.

Once inside the car, the hood is popped, the steering wheel lock is broken and the ignition electronics can be engaged. Normally, however, the ECM transponder would recognize that the key is not providing the proper security code.

But a second team member goes straight for the ECM, unscrewing the 6-by-8-inch box under the hood and unplugging the 50-pin connector. It is replaced with an altered ECM with a disabled transponder that does not shut down the fuel-injection system, Folck said.

Ken Zion, a collision and theft expert from Auto Collision Consultants, said he inspected two of the Lexus LS 400s and was impressed with how little damage was caused during the thefts.

"This was very ingenious," Zion said. "They can do the entire ECM swap in under five minutes."

The Lexus vehicles were recovered by an inter-agency auto theft task force, one of 16 in the state funded with a portion of vehicle taxes in an attempt to keep a lid on the theft problem.

Southern California is close to the Mexican border and next to the nation's largest port complex, both destinations of choice for thieves who want to export luxury cars to foreign markets, according to Hazelbaker.

In 2004, there were 2.3 theft claims nationwide for every 1,000 insured vehicles. By contrast, Los Angeles has 2.8 theft claims per 1,000 and the claims average $10,240, about 30% above the national average, he said.

Mark Stowell, a theft expert with the National Insurance Crime Bureau who works with the Orange County Auto Theft Task Force, said police recover 86% of stolen vehicles. While some are undamaged, many are stripped, crashed or burned.

Every generation of antitheft technology is good for a while but eventually gets figured out by criminal networks, a cycle Hazelbaker has seen play out before.

"A new technology is good for two or three years before you see the theft statistics creep back up," he said. "By five or six years, if the manufacturer hasn't changed the technology, you see the numbers back to where they were before."

The evolution began with locking steering columns back in the 1970s. They were effective until thieves defeated them with brute force. Now, even teenage thieves know how to defeat a locking steering column.

Among the most sophisticated antitheft systems is the Bosch controller area network system, used on BMW, Mercedes-Benz and other brands, Folck said.

But thieves have increasingly found ways to defeat this system as well, using laptop computers that plug into the OBD II connector under the steering wheel to reprogram the vehicle's software. Who is smart enough to write pirate software to steal cars? Electrical engineers who are familiar with basic computer design, Folck said.

Less sophisticated antitheft systems are widely used, including the General Motors "Pass Key" system. Folck said Pass Key systems are defeated using a simple magnetic tool. Consequently, the Cadillac Escalade has ranked as the most frequently stolen vehicle in the nation.

Folck said homemade antitheft systems that cut off power to a key mechanical system often cause thieves more trouble than a factory device because they are so unpredictable in design. But even if a homemade or factory electronic system does work perfectly, it will not necessarily protect a vehicle.

Some theft teams use casters to elevate a car off its wheels and then roll it onto a flatbed tow truck.

*Ralph Vartabedian can be reached at ralph.vartabedian @latimes.com.
 

HOUSTON CHRONICLE - January 31, 2008

Researchers Crack Car Key Code

The Associated Press - 9:21 a.m. ET Jan. 31, 2009  - Researchers said they have found a way to crack the code used in millions of car keys, a development they said could allow thieves to bypass the security systems on newer car models. The research team at Johns Hopkins University said Saturday it discovered that the "immobilizer" security system developed by Texas Instruments could be cracked using a "relatively inexpensive electronic device" that acquires information hidden in the microchips that make the system work.

The radio-frequency security system being used in more than 150 million new Chevrolet, Fords, Chrysler, Toyotas and Nissans involves a transponder chip embedded in the key and a reader inside the car. If the reader does not recognize the transponder, the car will not start, even if the key inserted in the ignition is the correct one. It's similar to the new gasoline purchase system in which a reader inside the gas pump is able to recognize a small key-chain tag when the tag is waved in front of it. The transaction is then charged to the tag owner's credit card. Researchers said they were able to crack that code, too.

"We stole our own car, and we bought gas stealing from our own credit card," said Avi Rubin, a professor of computer science at Johns Hopkins who led the research team. Texas Instruments was recently given demonstrations of the team's code cracking capabilities, but the company maintains its system is secure. Tony Sabetti, a business manager with Texas Instruments, said the hardware used to crack the codes is cumbersome, expensive and not practical for common thieves.

"I think the way in which it's presented as being inexpensive to do and quick and all the rest of that is an exaggeration," Sabetti said. "And because of that, we believe the technology still is extremely secure for the applications that it's used in." But Rubin said the code-breaking demonstrations illustrate that developers did not pay enough attention to security. "I think the implications are that it sets us back about 10 years ago where we were with car security," Rubin said.

In the seven years the technology has been in use, Texas Instruments has never had a reported incident where a car has been stolen or a gasoline-purchasing tag has been duplicated, company spokesman Bill Allen said.

BYPASS KITS

This is a page from an automotive magazine that is offering ByPass Modules for every type vehicle manufactured. This is the proof on why the systems that come standard with the vehicles manufactured today are not doing their jobs.

 

  
World Headquarters
RAVELCO
6920 Oak Knoll Drive
Richmond, Texas
77406-8660
   extra plugs  
281.341.6222
help-info@ravelco.com
 email us