• Sign Up! To view all forums and unlock additional cool features

    Welcome to the #1 Dodge, Jeep and RAM Forum dedicated to FCA owners and enthusiasts. Register for an account, it's free and it's easy, so don't hesitate to join the SRT Forum today!

Are Hellcats (FCA) Products that easy to steal?

Jack_Toepfer

1000 Posts Club
Founding Member
Member ID
#966
Messages
1,336
Reactions
2,418
Points
162
City
Buffalo
State
NY
Country
United States
Vehicle
2016 Dodge Charger Triple Black
#21
You mean a peaceful protest? 😂🤣😅🤣😂.
We need these cars because some criminal was killed trying to harm innocent people.
 

Finface

Active Member
Premium Account
Member ID
#2078
Messages
113
Reactions
127
Points
27
City
Morning View
State
KY
Country
United States
Vehicle
2019 Challenger Hellcat Redeye Wide Body
#22
Adding to Hpindy’s post...thieves can read our key fobs very easily. I saw a video where thieves in London read a BMW’s fob from outside the owner’s apartment and then successfully stole the car. If you were to park, and then lock your car with the key fob, and a thief was close - or followed you - his laptop could steal your code.

I bought “farraday cage (sp?) little wallets for my Hellcat fobs. Not very expensive. There is a secure part and an unsecure part. You start the car, then if you’re concerned, you can put the key fob inside the secure part. When you get to the parking lot, or restaurant - wherever - you shut the car down and lock the car with the door lock. The fob is never exposed to be ripped off. Paranoia? Only if they aren’t out to get you!

Backing into parking spaces is also a good idea. A tow truck can hook a car’s rear end and be driven away in less than 2 minutes. They can’t hook the front end up and drag rear wheels with parking brake on or in gear.
 

HWDan

Active Member
Founding Member
Premium Account
Member ID
#1183
Messages
278
Reactions
615
Points
67
City
Home of the Hellcat
State
Non-US
Country
Canada
Vehicle
2017 Charger SRT 392
#23
Or if you don't mind pressing the unlock button on your key fob to get in, you can turn that passive entry shit off in your settings. Now the car won't periodically ping your keys, you won't need to 'cage' them and bonus, won't drain the batteries in all 3 key fobs so they all don't die at exactly the same time.
 

T_Trahan44

Active Member
Founding Member
Member ID
#1185
Messages
477
Reactions
933
Points
117
City
Spokane Valley
State
WA
Country
United States
Vehicle
2012 Challenger SXT
#24
Sadly, it is that easy... With all this high tech, most dealerships leave the key in the little lock on the window and think people don't know about the proximity locks... It's sad because I'm so tempted to go down to my local dealer ship and joy ride their cars. 😂😂😂
 

fubar569

Active Member
Founding Member
Member ID
#1073
Messages
416
Reactions
458
Points
67
City
Bradford
State
PA
Country
United States
Vehicle
2018 Charger Hellcat
#25
3 foil chip bags does the same.

Tested this on my old V and the hellcat.

All of my spares are kept wrapped in at least 3 layers of foil for this reason.

I know this works. Couldn't find a storage cube that was 100% at the time.
 

ACMAVRO

500 Posts Club
Founding Member
Donating Member
Member ID
#1214
Messages
977
Reactions
1,973
Points
132
City
Ocean Springs
State
MS
Country
United States
Vehicle
2015 Challenger Hellcat
#26

Magnified

4000 Posts Club
Founding Member
Member ID
#1155
Messages
4,594
Reactions
8,679
Points
252
City
West Texas
State
TX
Country
United States
Vehicle
2017 Charger HC
#27

ACMAVRO

500 Posts Club
Founding Member
Donating Member
Member ID
#1214
Messages
977
Reactions
1,973
Points
132
City
Ocean Springs
State
MS
Country
United States
Vehicle
2015 Challenger Hellcat
#28
Yard has like 3' high weeds. Probably not the safest neighborhood, but still funny as hell. (No pun intended)

I'd turn that proximity stuff off if I were ya'll.

View attachment 30048
I noticed that too.. They work at FCA, taking home a test Durango HC, c'mon man
 

fumanchu182

Active Member
Premium Account
Active Duty U.S. Navy
Donating Member
10 Second Best E/T
Member ID
#2366
Messages
477
Reactions
1,017
Points
117
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#29
I have participated in multiple bug bounties for FCA and Chrysler through bugcrowd (https://bugcrowd.com/fca). It is not a public reporting event so I can tell you all what I found but the systems are insecure across their whole gamut. Almost criminally negligible. FCA has been responsive to a lot of reports and is fixing what they can but embedded controllers with wonky ass firmware are harder to replace than you think. It is trivial to hook up an OBD2 scanner and start spoofing canbus messages, some paths lead to juicy nuggets that can get you into the firmware, some will have you spraying windshield washer fluid into your sunroof at 3am (did it with my scat pack).

Security is a arms race, as soon as someone patches something another vector of attack will appear.
 

Finface

Active Member
Premium Account
Member ID
#2078
Messages
113
Reactions
127
Points
27
City
Morning View
State
KY
Country
United States
Vehicle
2019 Challenger Hellcat Redeye Wide Body
#30
I have participated in multiple bug bounties for FCA and Chrysler through bugcrowd (https://bugcrowd.com/fca). It is not a public reporting event so I can tell you all what I found but the systems are insecure across their whole gamut. Almost criminally negligible. FCA has been responsive to a lot of reports and is fixing what they can but embedded controllers with wonky ass firmware are harder to replace than you think. It is trivial to hook up an OBD2 scanner and start spoofing canbus messages, some paths lead to juicy nuggets that can get you into the firmware, some will have you spraying windshield washer fluid into your sunroof at 3am (did it with my scat pack).

Security is a arms race, as soon as someone patches something another vector of attack will appear.
Fumanchu,

Not good to hear about the insecurity of these systems. Like I said in my previous post I’d seen a video of two thieves reading the key fob of a BMW (now that I think of it, maybe a Mercedes) from outside an apartment with a laptop. I bought faraday cage wallets for all my Hellcat key fobs and I use them. Lining something with aluminum, as one poster mentioned, also works. I don’t know about turning off the proximity feature of these key fobs being a solution. My understanding is that the key fob can be “interrogated” anywhere, not just near the car, and that it can respond with the code to open car doors and start the car. Do you have an opinion of the proximity feature?

Cheap enough insurance to buy and use the wallets and yes, it is an electronic arms race.

Finface
 

Diboblo

1000 Posts Club
Vendor
Founding Member
Premium Account
Wiki Contributor
Member ID
#1044
Messages
1,026
Reactions
2,130
Points
162
City
Riverside
State
CA
Country
United States
Vehicle
2015 Dodge Charger Hellcat!
#31
This forum member had his Cat stolen, from a locked garage, in a gated community:

https://www.lxforums.com/board/char...lack-black-2020-widebody-charger-hellcat.html

Brand new WB Hellcat.

Some joker, with an RF code generator, boosted his car... months later and 3000 additional miles, the car was found, with 14 other Hellcats, in a private lot.

After repairs and a state VIN assignment, he finally has it back.


Bob
 

Diboblo

1000 Posts Club
Vendor
Founding Member
Premium Account
Wiki Contributor
Member ID
#1044
Messages
1,026
Reactions
2,130
Points
162
City
Riverside
State
CA
Country
United States
Vehicle
2015 Dodge Charger Hellcat!
#32
I'm considering putting my RF Hub on a physical switch. This would eliminate any data broadcasts. Still need to do more research. I would need to use my key, to enter... Not sure how that would interfere with the alarm package. This is still in Beta. LOL

I've already figured out how to disable the cell, without throwing a code. Next time I'm at the junkyard, I need to pull a few cell connectors, with about 6 inches of harness.

Can't wait to disable that UConnect OTA malware....

Bob
 

DGatzby

2000 Posts Club
Founding Member
Premium Account
U.S. Air Force Veteran
Donating Member
Member ID
#797
Messages
2,685
Reactions
6,384
Points
252
City
SW Twin Cities
State
MN
Country
United States
Vehicle
2019 Dodge Challenger Redeye WB
#33
FOB covers just don’t seem like a good solution. If mine was not locked behind door sensors, motion alarms and cameras, I would mount a toggle switch somewhere, and I would not even tell you guys where. Oh maybe something like the power to the fuel pumps might make it harder to plug some bullshit into it and drive it away? Bullshit, like as said above you could steal a car in the old days in seconds. Nothing is different today, don’t think all this magic electronic crap is the creme to save us, because it is not.
 

T_Trahan44

Active Member
Founding Member
Member ID
#1185
Messages
477
Reactions
933
Points
117
City
Spokane Valley
State
WA
Country
United States
Vehicle
2012 Challenger SXT
#34
FOB covers just don’t seem like a good solution. If mine was not locked behind door sensors, motion alarms and cameras, I would mount a toggle switch somewhere, and I would not even tell you guys where. Oh maybe something like the power to the fuel pumps might make it harder to plug some bullshit into it and drive it away? Bullshit, like as said above you could steal a car in the old days in seconds. Nothing is different today, don’t think all this magic electronic crap is the creme to save us, because it is not.
Buddy of mine got his Jetta stolen a lot, so he mounted an inline toggle switch behind the OBDII port. Slowly kept adding more, and now it's full rsce-car spec to start up with a ridiculous sequence. But it's not a bad idea.
 

fumanchu182

Active Member
Premium Account
Active Duty U.S. Navy
Donating Member
10 Second Best E/T
Member ID
#2366
Messages
477
Reactions
1,017
Points
117
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#35
Got some toys in. Gonna see if I can do some work on it this evening.
 

Attachments

fumanchu182

Active Member
Premium Account
Active Duty U.S. Navy
Donating Member
10 Second Best E/T
Member ID
#2366
Messages
477
Reactions
1,017
Points
117
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#36
To start off I researched the devices. All key fobs are under a FCC id so I decided to hit up the FCC database and found the filings here: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Sum&calledFromFrame=Y&RequestTimeout=500&application_id=spKnbExGiCHJozOZmVpVNg==&fcc_id=M3N-40821302. The is all public knowledge and open source research. The most important records are the one with the RF Frequency information on them: https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1386312

So the plan is for me to sit in my garage with my fob upstairs and try and do the following.

1.) Attempt to open the door -> send LF message out but key fob is upstairs so no one is listenting, or are they?
2.) Intercept LF message with laptop nearby -> replay message with amplification so whole house is covered, therefore the FOB should reply.
3.) Fob responds with message but car doesn't have sensitive enough antenna -> intercept message at laptop with sensitive antenna and spoof RSSI information to gain entry and start car.

I will not be going into any technical details on how to do this. 1.) Illegal 2.) I would notify FCA first of any findings as required by law. 3.) Don't want anyone elses car to be stolen.
 

fumanchu182

Active Member
Premium Account
Active Duty U.S. Navy
Donating Member
10 Second Best E/T
Member ID
#2366
Messages
477
Reactions
1,017
Points
117
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#37
To start off I researched the devices. All key fobs are under a FCC id so I decided to hit up the FCC database and found the filings here: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Sum&calledFromFrame=Y&RequestTimeout=500&application_id=spKnbExGiCHJozOZmVpVNg==&fcc_id=M3N-40821302. The is all public knowledge and open source research. The most important records are the one with the RF Frequency information on them: https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1386312

So the plan is for me to sit in my garage with my fob upstairs and try and do the following.

1.) Attempt to open the door -> send LF message out but key fob is upstairs so no one is listenting, or are they?
2.) Intercept LF message with laptop nearby -> replay message with amplification so whole house is covered, therefore the FOB should reply.
3.) Fob responds with message but car doesn't have sensitive enough antenna -> intercept message at laptop with sensitive antenna and spoof RSSI information to gain entry and start car.

I will not be going into any technical details on how to do this. 1.) Illegal 2.) I would notify FCA first of any findings as required by law. 3.) Don't want anyone elses car to be stolen.
I've set my car alarm off twice, disabled my key fobs by recording the signal and then replaying thus taking them out of sync. When it's not 8pm at night and I'm not trying to set the alarm off in my house I'll play with this some more.
 
OP
Hellcatcfp

Hellcatcfp

3000 Posts Club
Staff Team
Founding Member
Premium Account
Donating Member
Member ID
#1027
Messages
3,448
Reactions
9,488
Points
252
City
Simi Valley
State
CA
Country
United States
Vehicle
2018 Dodge Charger SRT Hellcat
Thread Starter #38

Similar threads



Top