9

If a car-thief wants to steal a modern car, he often uses the OBD2 (On Board diagnosis) to "hack" the car. Simplified: He achieves this by plugging his "hacking device" in the port, which aquieres the code for the engine immobilizer. With the code he is able to start the car.

Now for my own car I want to manipulate said OBD2-interface by changing some Pins. The workshop for sure still need access to the port for maintenance, so I want to use an adaptor which undoes the changes.

Here is the Pin-schema for the OBD-plug

OBD2

What would be the best way to manipulate this plug?

I thought about switching pin 7 (K-Line), with pin 16 (12 Volts). Will this damage the hacking-tool of the thief, if he plugs in his device? Or would it a better idea to switch GND and 12V?

Do you have other suggestions on how to achieve my goal?

George
  • 6,605
  • 38
  • 86
  • 123
user_1559454
  • 287
  • 1
  • 5
  • 10

4 Answers4

11

You're glossing over how the hack actually happens. The hack involves erasing the old keys and then reprogramming a new key to the vehicle. If the car uses a smart key then you're in right away. If the car has a physical key, then having the correct cut of key is also required.

Cars also fall into two categories. The first is the real expensive cars that would be stolen by a professional to chop up. They prefer the car intact. If you are in this category, then just insure the car well, if you bought an expensive car then you can afford it. Also voiding the warranty on an expensive car is no fun.

The second is a cheap car but in a bad neighbourhood. Regardless if the thief is skilled enough to pull off the hack or not they don't care what the condition of the car is. A broken window would not be uncommon. I would not be surprised if after their hack tool fried, assuming it would be, they would just vandalize the car.

As mentioned by @Passerby you will have problems if taking the car to a repair or inspection facility. Further if tampering with the diagnostic port damages someone very very expensive equipment you could be held liable.

I would suggest investing in a general run of the mill alarm that cuts the line to the starter. It adds a second layer of stuff to go through to steal the car and no other person would complain. Alarms are common enough, they incorporate motion detectors and siren won't leave you liable for thousands a dollars.

Utku
  • 285
  • 1
  • 5
  • 13
vini_i
  • 16,115
  • 1
  • 42
  • 64
4

I think modifying the OBD-II port is complete overkill to deal with a possible theft issue. In addition to being a tricky issue as to how exactly to modify it, as the other answer points out, it may actually be illegal.

When I have had to leave cars unattended and I have had some concern about possible theft, I usually unplug a component in the ignition system. My understanding about how cars are stolen (not that I've ever done it!) is that thieves want to spend minimal time making the attempt. No thief is going to sit in the car continually cranking the engine for minutes and then set about troubleshooting an apparent electrical problem. They will simply move on elsewhere...

timbo
  • 1,186
  • 2
  • 15
  • 25
4

If I was as worried as you seem to be about this, which I am not, I'd probably do the following;

Go to a breakers yard and buy the OBD II port from a similar model. I'd then unscrew the existing port and push it back into the recess of the dashboard, then fit the new dummy port in its place.

Alternatively, add an aftermarket security measure such as an alarm, immobilizer or even physical security measure. Just something which isn't controlled by the OBD II port.

Steve Matthews
  • 23,464
  • 2
  • 41
  • 92
3

You would need to "Re-Engineer" an adapter once you accomplish "Disabling" your OBD-2 port. How you do that, is honestly up to your judgement. Depending on the vehicle they also have factory ports in very odd locations. Nissan, Toyota and a few European brands are known for this. Vehicle hacking is becoming a real thing that people DO have to worry about.

I attend Defcon and last year they added their car hacking village. Here are some videos about it. These guys REALLY know how this stuff works. I'm currently working on my own project because of these guys.

Car Hacking

They also explain a little bit about how to protect yourself correctly from being a victim.

As far as changing your pins to thwart a thief's attempts at getting into a car or to damage their tool. Most of the car hackers out there and things I've seen on darknet websites all use Rasberry Pi type devices WHICH use self correcting signal. It probably wouldn't even work if you did that. You'd essentially just be doing it for no reason or for your own reassurance. As someone who works with security and have been for years; There isn't much you can do.

What I would suggest is disable your keyless entry (The other guy mentioned that). You could disable the engine bay factory port. If you have GPS, disable that because COM systems are why Chrysler recalled millions of cars. These are honestly the only options you could within reason, use to secure your vehicle.

Also, it seems a bit like you don't fully understand how involved this process is and how long it takes to "Hack" a vehicle. They need entry to the vehicle first. They then need to apply their method of "hacking" to the car. Then manage to get away with this. Every make and model is different and there are no universal "tools" for this on the open market, or black market. I do analytics for work and keep up to date with this as much as possible. They would essentially have to research and engineer a tool for a specific Make and model for it to work efficiently. That takes MONTHS. Unless you own a contract with the manufacturer.

To essentially answer what you're asking.

Will switching the pins damage their tool

Most likely no. Especially with today's modern circuit boards and their processors that can route electrical signal if data collision occurs. You'll find this a lot in networking equipment.

What else can you suggest

All I can suggest is to disable your keyless entry, disable the engine bay factory ECU plug, and any COM systems that can be accessed wirelessly. Quite a few CAN data bus systems are implementing 802.11 into their vehicles and that's just another attack vector. If you have a really nice modern car, you might have something like that in your car. My Hyundai Genesis uses 802.11n and connects directly to the CAN from the radio.

Lastly, unless you're driving a $250,000 car I don't think you should worry yourself too much unless you just want a project.

Defcon Website

There is the defcon website. I hope I gave something that can help you!

cloudnyn3
  • 3,353
  • 1
  • 17
  • 24