• Sign Up! To view all forums and unlock additional cool features

    Welcome to the #1 Dodge, Jeep and RAM Forum dedicated to FCA owners and enthusiasts. Register for an account, it's free and it's easy, so don't hesitate to join the SRT Forum today!


Are Hellcats (FCA) Products that easy to steal?

Jack_Toepfer

3000 Posts Club
Founding Member
Premium Account
Donating Member
Member ID
#966
Messages
3,294
Reactions
6,589
Likes
252
City
Buffalo
State
NY
Country
United States
Vehicle
2016 Dodge Charger Triple Black
#21
You mean a peaceful protest? 😂🤣😅🤣😂.
We need these cars because some criminal was killed trying to harm innocent people.
 


Finface

Active Member
Member ID
#2078
Messages
319
Reactions
504
Likes
67
City
Morning View
State
KY
Country
United States
Vehicle
2019 Challenger Hellcat Redeye Wide Body
#22
Adding to Hpindy’s post...thieves can read our key fobs very easily. I saw a video where thieves in London read a BMW’s fob from outside the owner’s apartment and then successfully stole the car. If you were to park, and then lock your car with the key fob, and a thief was close - or followed you - his laptop could steal your code.

I bought “farraday cage (sp?) little wallets for my Hellcat fobs. Not very expensive. There is a secure part and an unsecure part. You start the car, then if you’re concerned, you can put the key fob inside the secure part. When you get to the parking lot, or restaurant - wherever - you shut the car down and lock the car with the door lock. The fob is never exposed to be ripped off. Paranoia? Only if they aren’t out to get you!

Backing into parking spaces is also a good idea. A tow truck can hook a car’s rear end and be driven away in less than 2 minutes. They can’t hook the front end up and drag rear wheels with parking brake on or in gear.
 


HWDan

1000 Posts Club
Founding Member
Premium Account
Donating Member
Member ID
#1183
Messages
1,531
Reactions
4,600
Likes
162
City
Home of the Hellcat
State
Non-US
Country
Canada
Vehicle
2017 Charger SRT 392
#23
Or if you don't mind pressing the unlock button on your key fob to get in, you can turn that passive entry shit off in your settings. Now the car won't periodically ping your keys, you won't need to 'cage' them and bonus, won't drain the batteries in all 3 key fobs so they all don't die at exactly the same time.
 


T_Trahan44

500 Posts Club
Founding Member
Member ID
#1185
Messages
883
Reactions
1,933
Likes
132
City
Spokane Valley
State
WA
Country
United States
Vehicle
2012 Challenger SXT
#24
Sadly, it is that easy... With all this high tech, most dealerships leave the key in the little lock on the window and think people don't know about the proximity locks... It's sad because I'm so tempted to go down to my local dealer ship and joy ride their cars. 😂😂😂
 


fubar569

1000 Posts Club
Founding Member
9 Second Best E/T
Member ID
#1073
Messages
1,142
Reactions
1,620
Likes
162
City
Bradford
State
PA
Country
United States
Vehicle
2018 Charger Hellcat
#25
3 foil chip bags does the same.

Tested this on my old V and the hellcat.

All of my spares are kept wrapped in at least 3 layers of foil for this reason.

I know this works. Couldn't find a storage cube that was 100% at the time.
 


ACMAVRO

2000 Posts Club
Founding Member
Donating Member
11 Second Best E/T
HFCOTM
Member ID
#1214
Messages
2,174
Reactions
5,105
Likes
302
City
Ocean Springs
State
MS
Country
United States
Vehicle
2015 Challenger HC M6
#26

Magnified

Poster Club Hall of Fame
Founding Member
Member ID
#1155
Messages
11,710
Reactions
19,827
Likes
352
City
West Texas
State
TX
Country
United States
Vehicle
2017 Charger HC (once upon a time)
#27

ACMAVRO

2000 Posts Club
Founding Member
Donating Member
11 Second Best E/T
HFCOTM
Member ID
#1214
Messages
2,174
Reactions
5,105
Likes
302
City
Ocean Springs
State
MS
Country
United States
Vehicle
2015 Challenger HC M6
#28
Yard has like 3' high weeds. Probably not the safest neighborhood, but still funny as hell. (No pun intended)

I'd turn that proximity stuff off if I were ya'll.

View attachment 30048
I noticed that too.. They work at FCA, taking home a test Durango HC, c'mon man
 


fumanchu182

3000 Posts Club
Vendor
Premium Account
U.S. Navy Veteran
Donating Member
9 Second Best E/T
HFCOTM
Member ID
#2366
Messages
3,484
Reactions
8,476
Likes
302
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#29
I have participated in multiple bug bounties for FCA and Chrysler through bugcrowd (https://bugcrowd.com/fca). It is not a public reporting event so I can tell you all what I found but the systems are insecure across their whole gamut. Almost criminally negligible. FCA has been responsive to a lot of reports and is fixing what they can but embedded controllers with wonky ass firmware are harder to replace than you think. It is trivial to hook up an OBD2 scanner and start spoofing canbus messages, some paths lead to juicy nuggets that can get you into the firmware, some will have you spraying windshield washer fluid into your sunroof at 3am (did it with my scat pack).

Security is a arms race, as soon as someone patches something another vector of attack will appear.
 


Finface

Active Member
Member ID
#2078
Messages
319
Reactions
504
Likes
67
City
Morning View
State
KY
Country
United States
Vehicle
2019 Challenger Hellcat Redeye Wide Body
#30
I have participated in multiple bug bounties for FCA and Chrysler through bugcrowd (https://bugcrowd.com/fca). It is not a public reporting event so I can tell you all what I found but the systems are insecure across their whole gamut. Almost criminally negligible. FCA has been responsive to a lot of reports and is fixing what they can but embedded controllers with wonky ass firmware are harder to replace than you think. It is trivial to hook up an OBD2 scanner and start spoofing canbus messages, some paths lead to juicy nuggets that can get you into the firmware, some will have you spraying windshield washer fluid into your sunroof at 3am (did it with my scat pack).

Security is a arms race, as soon as someone patches something another vector of attack will appear.
Fumanchu,

Not good to hear about the insecurity of these systems. Like I said in my previous post I’d seen a video of two thieves reading the key fob of a BMW (now that I think of it, maybe a Mercedes) from outside an apartment with a laptop. I bought faraday cage wallets for all my Hellcat key fobs and I use them. Lining something with aluminum, as one poster mentioned, also works. I don’t know about turning off the proximity feature of these key fobs being a solution. My understanding is that the key fob can be “interrogated” anywhere, not just near the car, and that it can respond with the code to open car doors and start the car. Do you have an opinion of the proximity feature?

Cheap enough insurance to buy and use the wallets and yes, it is an electronic arms race.

Finface
 


Diboblo

4000 Posts Club
Founding Member
Wiki Contributor
Member ID
#1044
Messages
4,702
Reactions
26,107
Likes
252
City
Riverside
State
CA
Country
United States
Vehicle
2015 Dodge Charger Hellcat!
#31
This forum member had his Cat stolen, from a locked garage, in a gated community:

https://www.lxforums.com/board/char...lack-black-2020-widebody-charger-hellcat.html

Brand new WB Hellcat.

Some joker, with an RF code generator, boosted his car... months later and 3000 additional miles, the car was found, with 14 other Hellcats, in a private lot.

After repairs and a state VIN assignment, he finally has it back.


Bob
 


Diboblo

4000 Posts Club
Founding Member
Wiki Contributor
Member ID
#1044
Messages
4,702
Reactions
26,107
Likes
252
City
Riverside
State
CA
Country
United States
Vehicle
2015 Dodge Charger Hellcat!
#32
I'm considering putting my RF Hub on a physical switch. This would eliminate any data broadcasts. Still need to do more research. I would need to use my key, to enter... Not sure how that would interfere with the alarm package. This is still in Beta. LOL

I've already figured out how to disable the cell, without throwing a code. Next time I'm at the junkyard, I need to pull a few cell connectors, with about 6 inches of harness.

Can't wait to disable that UConnect OTA malware....

Bob
 


DGatzby

6000 Posts Club
Founding Member
Premium Account
U.S. Air Force Veteran
Donating Member
HFCOTM & HFCOTY
Member ID
#797
Messages
6,693
Reactions
42,593
Likes
402
City
SW Twin Cities
State
MN
Country
United States
Vehicle
2019 Dodge Challenger Redeye WB
#33
FOB covers just don’t seem like a good solution. If mine was not locked behind door sensors, motion alarms and cameras, I would mount a toggle switch somewhere, and I would not even tell you guys where. Oh maybe something like the power to the fuel pumps might make it harder to plug some bullshit into it and drive it away? Bullshit, like as said above you could steal a car in the old days in seconds. Nothing is different today, don’t think all this magic electronic crap is the creme to save us, because it is not.
 


T_Trahan44

500 Posts Club
Founding Member
Member ID
#1185
Messages
883
Reactions
1,933
Likes
132
City
Spokane Valley
State
WA
Country
United States
Vehicle
2012 Challenger SXT
#34
FOB covers just don’t seem like a good solution. If mine was not locked behind door sensors, motion alarms and cameras, I would mount a toggle switch somewhere, and I would not even tell you guys where. Oh maybe something like the power to the fuel pumps might make it harder to plug some bullshit into it and drive it away? Bullshit, like as said above you could steal a car in the old days in seconds. Nothing is different today, don’t think all this magic electronic crap is the creme to save us, because it is not.
Buddy of mine got his Jetta stolen a lot, so he mounted an inline toggle switch behind the OBDII port. Slowly kept adding more, and now it's full rsce-car spec to start up with a ridiculous sequence. But it's not a bad idea.
 


fumanchu182

3000 Posts Club
Vendor
Premium Account
U.S. Navy Veteran
Donating Member
9 Second Best E/T
HFCOTM
Member ID
#2366
Messages
3,484
Reactions
8,476
Likes
302
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#35
Got some toys in. Gonna see if I can do some work on it this evening.
 


Attachments

fumanchu182

3000 Posts Club
Vendor
Premium Account
U.S. Navy Veteran
Donating Member
9 Second Best E/T
HFCOTM
Member ID
#2366
Messages
3,484
Reactions
8,476
Likes
302
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#36
To start off I researched the devices. All key fobs are under a FCC id so I decided to hit up the FCC database and found the filings here: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Sum&calledFromFrame=Y&RequestTimeout=500&application_id=spKnbExGiCHJozOZmVpVNg==&fcc_id=M3N-40821302. The is all public knowledge and open source research. The most important records are the one with the RF Frequency information on them: https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1386312

So the plan is for me to sit in my garage with my fob upstairs and try and do the following.

1.) Attempt to open the door -> send LF message out but key fob is upstairs so no one is listenting, or are they?
2.) Intercept LF message with laptop nearby -> replay message with amplification so whole house is covered, therefore the FOB should reply.
3.) Fob responds with message but car doesn't have sensitive enough antenna -> intercept message at laptop with sensitive antenna and spoof RSSI information to gain entry and start car.

I will not be going into any technical details on how to do this. 1.) Illegal 2.) I would notify FCA first of any findings as required by law. 3.) Don't want anyone elses car to be stolen.
 


fumanchu182

3000 Posts Club
Vendor
Premium Account
U.S. Navy Veteran
Donating Member
9 Second Best E/T
HFCOTM
Member ID
#2366
Messages
3,484
Reactions
8,476
Likes
302
City
Pasadena
State
MD
Country
United States
Vehicle
2015 Challenger SRT Hellcat
#37
To start off I researched the devices. All key fobs are under a FCC id so I decided to hit up the FCC database and found the filings here: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Sum&calledFromFrame=Y&RequestTimeout=500&application_id=spKnbExGiCHJozOZmVpVNg==&fcc_id=M3N-40821302. The is all public knowledge and open source research. The most important records are the one with the RF Frequency information on them: https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1386312

So the plan is for me to sit in my garage with my fob upstairs and try and do the following.

1.) Attempt to open the door -> send LF message out but key fob is upstairs so no one is listenting, or are they?
2.) Intercept LF message with laptop nearby -> replay message with amplification so whole house is covered, therefore the FOB should reply.
3.) Fob responds with message but car doesn't have sensitive enough antenna -> intercept message at laptop with sensitive antenna and spoof RSSI information to gain entry and start car.

I will not be going into any technical details on how to do this. 1.) Illegal 2.) I would notify FCA first of any findings as required by law. 3.) Don't want anyone elses car to be stolen.
I've set my car alarm off twice, disabled my key fobs by recording the signal and then replaying thus taking them out of sync. When it's not 8pm at night and I'm not trying to set the alarm off in my house I'll play with this some more.
 


OP
Hellcatcfp

Hellcatcfp

5000 Posts Club
Staff Team
Founding Member
Donating Member
HFCOTM
Member ID
#1027
Messages
5,765
Reactions
36,899
Likes
402
State
CA
Country
United States
Vehicle
2018 Dodge Charger SRT Hellcat
Thread Starter #38
OP
Hellcatcfp

Hellcatcfp

5000 Posts Club
Staff Team
Founding Member
Donating Member
HFCOTM
Member ID
#1027
Messages
5,765
Reactions
36,899
Likes
402
State
CA
Country
United States
Vehicle
2018 Dodge Charger SRT Hellcat
Thread Starter #39

Kwalski

Active Member
Founding Member
Member ID
#1210
Messages
190
Reactions
276
Likes
37
City
SALISBURY
State
NC
Country
United States
Vehicle
2018 Hellcat Challenger
#40
bang bang usually stops this and further incidents.
 




Top