PSA: Classic Holden/HSVs being stolen daily using this cheap eBay tool

[EBSXR6]

Quote:

Originally Posted by Aussie Falcon

Holden parent 'aware' of Commodore theft crisis, solution no closer

https://www.carexpert.com.au/car-new...tion-no-closer

As I understand thefts of GM Vehicles in other parts of the world are happening the same way.

Late model Land and Range Rovers are the favourites in the UK using a similar method.
It is that bad in the UK it is very difficult and in some areas impossible to get insurance especially on the Limited Edition/ Performance models.
I watched a program a Professional Car Theif had an upmarket Range Rover started in pretty much the same time as a Locksmith that specialises in Motor Vehicle Lockouts.

[Sprintey]

"Pretty sure the method of theft is linked to push button start which wasn’t a thing with the VE. Even the earliest lower model VFs from 2013 weren’t push button start."

"A quick look on Carsales show VF Evokes still use a ignition barrel and later MY SV6 and above have proximity keys."

That's a couple of the comments - so it's the reprogramming of the virtual keys, and an early VF with physical key and locking barrel would be more of a deterrent? As much as locking barrels are.

[Citroënbender]

It’s been a good couple of months since awareness of this issue was abruptly broadened.

Surely insurers would by now demand evidence of an extra anti-theft measures, in order to continue comprehensive coverage under their policies for subject vehicles?

[XR Martin]

Yeah this is all related to proximity keys, theft of regular key vehicles are no longer a target.

Even on some Toyota's you could tap into the headlight loom and start the car from there.

[EBSXR6]

I saw a video ad on butt book from a refgional dealer for a low km VF Black Edition.
I was thinking that they are playing with fire though maybe they are a bit safer than being in a capital city.

[OneMadMan]

Quote:

Originally Posted by XR Martin

Yeah this is all related to proximity keys, theft of regular key vehicles are no longer a target.Even on some Toyota's you could tap into the headlight loom and start the car from there.

I'm so glad you said that.

I stumbled across a video by an Aussie guy, Paul Maric, that does Car Expert YouTube videos.

This is his latest effort regarding the whole lack of cops caring, how they are doing it, the crims I mean, and even worse for a lot of new car owners on here, it's NOT just Holdens that are vunerable to thefts:
https://www.youtube.com/watch?v=9MM45uR2Rmc





After following a link in the video and reading for more than 2 hours, I have learnt A LOT about CAN Injection (Can Bus) tech and how it works, why it works etc.

And my 1st cynical reaction to that was:
The Car companies like it (they get to sell another car)
The insurance companies like it, 'cause then they can increase our premiums.

Win win for everyone, except us, the consumers.

One guy summed it up perfectly for me on this website:
https://kentindell.github.io/2023/04/03/can-injection/

He said:

Quote:a) this is a well known attack and is based on a number of design vulnerabilities that were introduced over the years.Question: what business do the headlights have talking to the engine?Answer: none, and instead of adding relays or hardware you can have it so that each ECU knows which other ECUs can talk to it and which ECUs it is allowed to talk to. See: ``A Framework for Policy Based Secure Intra Vehicle Communication,'' Mohammad Hamad, Marcus Nolte, Vassilis Prevelakis, in the 2017 IEEE Vehicular Networking Conference (VNC) November 27-29, 2017, Torino, Italy.Also Dr. Hammad's PhD thesis at TU Braunschweig.b) the auto industry is in denial for very practical reasons, namely that since added security will not bring in more customers, the added cost of elementary security is wasted money. So they subscribe to the fallacy that the car internal networks are internal and hence not accessible from the outside without breaking into the car. This keep claiming this, despite numerous instances where people have demonstrated attack vectors ranging from wireless tire pressure sensors, to the radio or CD player, to physically accessing the CAN bus via largely unprotected paths (such as the headlights used in this attack).c) Customers don't really care because car theft, although inconvenient and quite possibly traumatic, does not carry significant financial penalties for the victim since the insurance usually covers theft.d) However, plausible deniability (see b) though works until you have been presented with evidence showing that your claim is false. And here come the insurance companies who have every incentive to attempt to recover their costs from the vehicle manufacturer who after all made the vehicle an easy target through negligence.So why aren't we seeing any legal action against manufacturers. It is possible that insurance companies consider these thefts as an acceptable cost of doing business. After all they can adjust the premiums paid by the car owners to cover the cost of these thefts.So do not expect any help from either the vehicle manufacturers or the lawyers.Best thing to do is, instead of buying a new car, lease it, so that if its stolen you just call the car leasing company to send you another.Security researchers such as myself, on the other hand, benefit from this situation since we get to write more papers and get funding to do research on fixing this, despite the fact that no one really wants it to be fixed. :-)

End of Quote.Just my thoughts.

[OneMadMan]

Sorry for the crap formatting of his quote. I'll try putting it up again..

here goes:

a) this is a well known attack and is based on a number of design vulnerabilities that were introduced over the years.
Question: what business do the headlights have talking to the engine?
Answer: none, and instead of adding relays or hardware you can have it so that each ECU knows which other ECUs can talk to it and which ECUs it is allowed to talk to. See: ``A Framework for Policy Based Secure Intra Vehicle Communication,'' Mohammad Hamad, Marcus Nolte, Vassilis Prevelakis, in the 2017 IEEE Vehicular Networking Conference (VNC) November 27-29, 2017, Torino, Italy.
Also Dr. Hammad's PhD thesis at TU Braunschweig.
b) the auto industry is in denial for very practical reasons, namely that since added security will not bring in more customers, the added cost of elementary security is wasted money. So they subscribe to the fallacy that the car internal networks are internal and hence not accessible from the outside without breaking into the car. This keep claiming this, despite numerous instances where people have demonstrated attack vectors ranging from wireless tire pressure sensors, to the radio or CD player, to physically accessing the CAN bus via largely unprotected paths (such as the headlights used in this attack).
c) Customers don't really care because car theft, although inconvenient and quite possibly traumatic, does not carry significant financial penalties for the victim since the insurance usually covers theft.
d) However, plausible deniability (see b) though works until you have been presented with evidence showing that your claim is false. And here come the insurance companies who have every incentive to attempt to recover their costs from the vehicle manufacturer who after all made the vehicle an easy target through negligence.
So why aren't we seeing any legal action against manufacturers. It is possible that insurance companies consider these thefts as an acceptable cost of doing business. After all they can adjust the premiums paid by the car owners to cover the cost of these thefts.
So do not expect any help from either the vehicle manufacturers or the lawyers.
Best thing to do is, instead of buying a new car, lease it, so that if its stolen you just call the car leasing company to send you another.
Security researchers such as myself, on the other hand, benefit from this situation since we get to write more papers and get funding to do research on fixing this, despite the fact that no one

[Big_Daz]

Quote:

Originally Posted by Citroënbender

It’s been a good couple of months since awareness of this issue was abruptly broadened.

Surely insurers would by now demand evidence of an extra anti-theft measures, in order to continue comprehensive coverage under their policies for subject vehicles?

As an owner of one of the cars being stolen (17 SSV Redline) i havent had the question asked of me so far. It was renewal time last month. The renewal didn't say they needed it either. I did, when I called them about my agreed value, let them know I had one fitted recently, and told them the brand. Didn't make a difference to the premium but its on file anyway. FYI, in my particular case:

- Insurance Company is Shannons
- I'm in Qld where i don't believe its as much of a problem (yet)
- I have Part Use policy, I can use it 2 days a week rather than full usage
- When I got the policy originally, they did ask if its Garaged (it is at all times, unless im driving it) and if I had any sort of security system in my home (CCTV with cloud backup, B&D Auto Lock motor on garage door).

The above probably made zero difference to them, but wanted to be transparent about my particular case as other owners may have different experience.

[Citroënbender]

I’m glad you’ve been proactive - you seem to genuinely enjoy the car. I’m worried about my mate in the Central West with his 13K (mileage) Redline VF2. Absolutely a prime target; older bloke and SFA security on the place, crackheads up and down the suburb.

[mondeomatureguy]

Hi Guys,
I read about this tool. We had two cars my beloved Ford Mondeo which has died now and my wife has a VE Commodore Wagon International model.

This crime wave is all over Australia and it angers me taking some body's pride and joy for a ride and either burning it afterwards or stripping it for parts.
A bloke was saying that a lot of his Neighbours in his street have had there cars stolen.

So he went out and brought himself an MG because nobody interested in stealing it.

[Big_Daz]

Quote:

Originally Posted by Citroënbender

I’m glad you’ve been proactive - you seem to genuinely enjoy the car. I’m worried about my mate in the Central West with his 13K (mileage) Redline VF2. Absolutely a prime target; older bloke and SFA security on the place, crackheads up and down the suburb.

Appreciate that, I figured doing what I could, with what I can control in regards to the issue both makes me feel better and, hopefully, less of a target in that a large percentage of these VF's being flogged are those parked in public or parked in someone driveway/yard with easy access. Mine is none of these. Im sure if someone was desperate to get MY car, nothing Is going to stop them, but ive sure as hell done what I can to NOT become one of the statistics...

As much as I like my daily Sorento, and wifey's Everest.. They are completely replaceable without a drama... My Redline isnt.. Yes, I can get a used one but its not the same as having owned it from new and modified it how I like it...

But anyway, Id be on to your mate to even do the basic's. Ghost 2 immobiliser cost $1500 installed (I paid less as I have a relationship with the shop that did it) and without the right sequence of buttons on the steering wheel/consol it wont start, regardless of whether you have that doohicky from the internet...

[smoo]

Quote:

Originally Posted by Big_Daz

Appreciate that, I figured doing what I could, with what I can control in regards to the issue both makes me feel better and, hopefully, less of a target in that a large percentage of these VF's being flogged are those parked in public or parked in someone driveway/yard with easy access. Mine is none of these. Im sure if someone was desperate to get MY car, nothing Is going to stop them, but ive sure as hell done what I can to NOT become one of the statistics...

Following a couple of VF FB pages. It appears the thefts are slowing down.
Last year there were stolen posts every 2-3 days but not the case now.

A Maloo was taken from a Melbourne shopping mall last month.
Pretty hard to have any sympathy for them, unless they’ve been living under a rock. Call it victim blaming but after all the attention this has been getting, only an idiot would leave one of these parked in a public spot for any length of time.

[XR Martin]

Quote:

Originally Posted by smoo

Following a couple of VF FB pages. It appears the thefts are slowing down.
Last year there were stolen posts every 2-3 days but not the case now.

A Maloo was taken from a Melbourne shopping mall last month.
Pretty hard to have any sympathy for them, unless they’ve been living under a rock. Call it victim blaming but after all the attention this has been getting, only an idiot would leave one of these parked in a public spot for any length of time.

Not everyone is on the internet/youtube/facebook/forums etc constantly.
I'm sure the vast majority of people don't know they are so easily stolen.

[smoo]

Quote:

Originally Posted by XR Martin

Not everyone is on the internet/youtube/facebook/forums etc constantly.
I'm sure the vast majority of people don't know they are so easily stolen.

Maybe the majority of people, but I’d be betting most V8 and HSV owners would have their finger on the pulse as to what is happening.

[Interceptor]

funny..... a HQ with a 186 and 3sp column shift manual would probably be second choice to a SSV.....

[jpd80]

[lra]

Quote:

Originally Posted by Interceptor

funny..... a HQ with a 186 and 3sp column shift manual would probably be second choice to a SSV.....

Don't be silly. Nobody under the age of 50 would be able to work out how to drive it.

[prktkljokr]

The thing is that the general run of the mill thief, would not know how to do this even if they had the tool to do it, so someone who knows how is showing them what they need to do, these people would need to be well trained by the manufacturer, automotive locksmith or be a pretty smart auto electrician to know even how to do this.

I just did a course on ADAS through Bosch for doing all the crap that the new cars come with these days, the things that are supposed to make us safer , anything from coding new headlights, camera, radar through to Doppler and Lidar, it would confusing for someone that is under the age of 20, so I dont know how these kids figure out you can remove a headlight to be able to steal a car?

[fiestaz]

We just had the horn relocated from behind the front bumper to up into the engine bay. If they give it a crack they won’t be able to disable the horn now.
2017 VF SS