Infiniti Q50 Forum banner

21 - 40 of 113 Posts

·
Registered
Joined
·
1,251 Posts
That method isn't as simple as you describe. There's no control module under the steering column that controls vehicle security. The only control module that stores key fob codes and compares them to received RF fob signals is the BCM that is located in the passenger side wheel well behind the dash side finisher. Accessing the BCM to swap out with another BCM also requires reconfiguration of the new BCM with a CONSULT tool, otherwise the BCM will not function properly. While this procedure is technically possible, the time required to do this would take too long for the comfort of most car thieves.

A lot simpler and faster method being used to spoof PKES (Passive Keyless Entry Systems) these days is the "relay attack" method. Using readily available power amplifiers and circuitry from the internet, criminals can boost the low frequency signal from one of your key fobs while it's in your house and relay it to the BCM. These "black boxes" can have a range of up to 1000 feet. The car thinks the fob is next to the car and allows the car to be unlocked and started in a matter of seconds. Driving out of range of the key fob will not stop the engine but only display a PKES error stating the key fob is out of range.

There is also another method that has been shown to work but is more complex. This requires a laptop and RF transmitter than can bombard the BCM with thousands of authorization codes until the right one is selected and the car is unlocked and able to be started.

These relay attack boxes are becoming more prevalent and certainly puts the Q50 and any other car that uses PKES in danger of burglary or car theft. If this is a concern to you because of your neighborhood and that your car is parked outside of a locked garage, then there is a simple way to thwart these relay attack boxes. Put your key fobs in a Faraday Cage to block the fob's RF signal from being detected.

There are RF shielded security pouches you can put your fob in (eg. FobGuard) that you can buy or you can simply fashion your own Faraday Cage by making a pouch out of aluminum foil and putting your fob inside. This is similar to products that provide protection from people walking by you with black boxes and reading your credit card's chip information while it's in your wallet or purse.
Yes that is a popular way as well but in South Florida they are doing it the way you described first. They know this because when they are arresting people they have extra modules and keys that go with them. Infiniti has also said this way would work. I was told it’s under the steering wheel but I don’t think they know exactly where it is just that there using new modules.
 

·
Registered
Joined
·
185 Posts
Discussion Starter #22
I started this thread and now I'm very paranoid. What have I done?
 

·
Registered
Joined
·
5,784 Posts
The problem with PKES is that the current systems don't actually measure the distance between the key fob and the car. They assume the key is next to the car even if a relay attack device is used. A different radio technology, UWB 9 (Ultra Wide Band) would be required to measure the distance. It uses short radio pulses which allow it to measure the time at which signals arrive very accurately so distance can be inferred. However, additional cryptography needs to be implemented by car manufacturers

I've thought about installing a hidden fuel pump switch that I can cut the fuel pump power off with and would be independent of the vehicle security system. If I lived in a high-crime area, I'd already have one. It's tough to start a car without fuel!
 

·
Registered
Joined
·
1,128 Posts
that method isn't as simple as you describe. There's no control module under the steering column that controls vehicle security. The only control module that stores key fob codes and compares them to received rf fob signals is the bcm that is located in the passenger side wheel well behind the dash side finisher. Accessing the bcm to swap out with another bcm also requires reconfiguration of the new bcm with a consult tool, otherwise the bcm will not function properly. While this procedure is technically possible, the time required to do this would take too long for the comfort of most car thieves.

A lot simpler and faster method being used to spoof pkes (passive keyless entry systems) these days is the "relay attack" method. Using readily available power amplifiers and circuitry from the internet, criminals can boost the low frequency signal from one of your key fobs while it's in your house and relay it to the bcm. These "black boxes" can have a range of up to 1000 feet. The car thinks the fob is next to the car and allows the car to be unlocked and started in a matter of seconds. Driving out of range of the key fob will not stop the engine but only display a pkes error stating the key fob is out of range.

There is also another method that has been shown to work but is more complex. This requires a laptop and rf transmitter than can bombard the bcm with thousands of authorization codes until the right one is selected and the car is unlocked and able to be started.

These relay attack boxes are becoming more prevalent and certainly puts the q50 and any other car that uses pkes in danger of burglary or car theft. If this is a concern to you because of your neighborhood and that your car is parked outside of a locked garage, then there is a simple way to thwart these relay attack boxes. Put your key fobs in a faraday cage to block the fob's rf signal from being detected.

There are rf shielded security pouches you can put your fob in (eg. Fobguard) that you can buy or you can simply fashion your own faraday cage by making a pouch out of aluminum foil and putting your fob inside. This is similar to products that provide protection from people walking by you with black boxes and reading your credit card's chip information while it's in your wallet or purse.
yep....+1....1,000,000x
 

·
Registered
Joined
·
3,867 Posts
I started this thread and now I'm very paranoid. What have I done?
You should go take a 2 year security course in I.T and tell me how you feel after that.


Jokes aside the end of the day you have two choices, either you do something to mitigate the risks or you ignore the problem.
In either case you do yourself no favors by worrying about it what "Could happen".

If your really worried about car theft install a Kill switch on the fuel pump per Avedis's post is a great way to
prevent your car being stolen.
 

·
Registered
Joined
·
5,784 Posts
Yes that is a popular way as well but in South Florida they are doing it the way you described first. They know this because when they are arresting people they have extra modules and keys that go with them. Infiniti has also said this way would work. I was told it’s under the steering wheel but I don’t think they know exactly where it is just that there using new modules.
From what you've described, I would hazard to guess that the CONSULT tool may not be necessary to spoof the car with a different BCM. Still, the time necessary to gain access to the car interior plus acquiring access to the existing BCM and swapping the connectors to a different BCM would take too much time for the average car thief. One would also have to obtain BCMs and keys at some cost. An attack relay system is cheap to make with off-the-shelf parts and assembly directions are no doubt available on the internet somewhere. If I were so inclined, that's the way I'd go. In and out in seconds.
 

·
Registered
Joined
·
1,002 Posts
As we have said, if they want your car or truck, they will take it, security system or not, my neighbors car was gone in five minutes, tow truck came and left, none of us heard anything, never did find it. Anything with remotes can be beaten, my garage door has opened up a few times, while I was home.
 

·
Registered
Joined
·
3,867 Posts
From what you've described, I would hazard to guess that the CONSULT tool may not be necessary to spoof the car with a different BCM. Still, the time necessary to gain access to the car interior plus acquiring access to the existing BCM and swapping the connectors to a different BCM would take too much time for the average car thief. One would also have to obtain BCMs and keys at some cost. An attack relay system is cheap to make with off-the-shelf parts and assembly directions are no doubt available on the internet somewhere. If I were so inclined, that's the way I'd go. In and out in seconds.
+1 Signal Capturing/Relay would be how I'd go about it as well. transceivers are dirt cheap and most manufactures are too lazy to even implement the most
basic protection into their systems

NFC does help mitigate this issue to a degree but still a long way to go.
 

·
Registered
Joined
·
1,128 Posts
As we have said, if they want your car or truck, they will take it, security system or not, my neighbors car was gone in five minutes, tow truck came and left, none of us heard anything, never did find it. Anything with remotes can be beaten, my garage door has opened up a few times, while I was home.

Between the topic of this thread vs. a gun in the face:eek:.....give me the former!
 

·
Registered
Joined
·
5,784 Posts
The one of the best ways to combat high-tech is to go low-tech, thus an independent fuel system kill switch. As stated above though, if criminals want your car bad enough, odds are they are going to find a way to steal it anyway.
 

·
Registered
Joined
·
21 Posts
I had my first Type-R stolen in 4 minutes flat, from a secure parking lot with cameras and guards on vehicle patrol. A black tinted suburban pulled up sideways to block all camera angles. The '01 ECU had an immobilizer that year, and they came prepared with a different ECU, broke in, hot-wired and left. 4 minutes. I watched it pull away on film, which was painful to say the least. It was brand new with a few thousand miles on it.

If they want it, they'll get it. A fuel cut is actually the best option available IMO.
 

·
Registered
Joined
·
3,392 Posts
Hidden electric fuel pump kill switch is low tec and works.


<Start JohnInNH story>
Back in the day when stealing a Harley was a way to get into a "club" regardless of the lock, chains, and garage... A 12 gauge is all you need. And, to add insult to injury, they make you help load the bike into their van.
Then comes the lecture about reporting it to the authorities would result in bad things. No explanation needed.
<End JohnInNH story>
 

·
Premium Member
Joined
·
2,281 Posts
Hidden electric fuel pump kill switch is low tec and works.
Waiting for Avedis to chime in and tell all of us where in the wiring harness to tap in so that the switch can be mounted in a location convenient to the driver's seat.
 

·
Registered
Joined
·
3,392 Posts
I don't think he's going to install one. He said if he lived in an area like that he would. Maybe he will post some helpful advice out of the goodness of his heart.
 

·
Registered
Joined
·
3,867 Posts
Waiting for Avedis to chime in and tell all of us where in the wiring harness to tap in so that the switch can be mounted in a location convenient to the driver's seat.
I may pull up the ole wiring diagram for the fuel pump later tonight.
 

·
Registered
Joined
·
5,784 Posts
Waiting for Avedis to chime in and tell all of us where in the wiring harness to tap in so that the switch can be mounted in a location convenient to the driver's seat.
Wiring harness diagrams are a bitch to sort out. I can tell you that the fuse (#52-15A) for the fuel pump relay is in the IPDM E/R (Intelligent Power Distribution Module Engine Room). One could put a switch in line with that fuse and disable the relay which would not allow power to the fuel pump. Run the wires through the firewall and locate the switch under the dash or wherever it can't not be readily seen.

There are other critical fuses that can be switched to prevent ignition but this is probably the simplest.
 

·
Registered
Joined
·
1,368 Posts
Years ago, I was parking my Legend at a concert in LA. A white panel van full of vato’s rolled up and stopped right behind me. I eye balled them like WTF? I hit my alarm and was about to go in to the venue.

I noticed that my alarm wasn’t armed like usual. I got back in it, started it up, pulled around to another spot around the way, hit the alarm and it seemed to work like usual. It was still there when I got back.

I’m sure that if I didn’t do that it would have been gone.
 

·
Registered
Joined
·
1,368 Posts
My friend always popped the hood on his truck and wired his spark plugs in a jumbled mess.

Not a bad theft prevention method.

Podcaster Adam Carolla just put a switch in his truck to kill the fuel pump. He found it blocks away, dead, a few times.
 

·
Registered
Joined
·
1,374 Posts
I put a simple kill toggle switch in my Maxima, tapping the fuel pump fuse. Sometimes, if I was really worried, I'd pop the hood and unplug the MAF sensor too.

On a different but related note, I have been researching steering wheel locks. It seems The Club Twin Hooks 3000 gets 1st place in a lot of reviews. $21 (for yellow) on Ama and $14 on bay! Heck of a deal. I bought 2 tonight. Seller Pep Boys.

https://www.ebay.com/itm/The-Club-Twin-Hooks-Steering-Wheel-Lock-Yellow-3000/163503619739?_trkparms=aid=111001&algo=REC.SEED&ao=1&asc=20160908105057&meid=15d3508b2c9845628516c3da866ed5e8&pid=100675&rk=1&rkt=15&mehot=pp&sd=163503619739&itm=163503619739&pg=2481888&_trksid=p2481888.c100675.m4236&_trkparms=pageci:d119ed27-b5c6-11e9-bd8a-74dbd180ed6c|parentrq:568c055e16c0abd99f0977d3ffeb6a2b|iid:1
 

·
Registered
Joined
·
376 Posts
Hidden electric fuel pump kill switch is low tec and works.


<Start JohnInNH story>
Back in the day when stealing a Harley was a way to get into a "club" regardless of the lock, chains, and garage... A 12 gauge is all you need. And, to add insult to injury, they make you help load the bike into their van.
Then comes the lecture about reporting it to the authorities would result in bad things. No explanation needed.
<End JohnInNH story>
Just pull the fuel relay out. If you want to be really sneaky, get another fuel relay from the junk yard and cut the pins/terminals and put this relay in place of the original fuel relay.

I did this on my Mazda RX7 FD3s due to living in a rough side of town with my ex-girlfriend along time ago.
 
21 - 40 of 113 Posts
Top