I knew someone with a shitty pickup truck where he wired a light switch into the fuel pump and hid it under the steering column. The truck would be stolen something like 5 times a year and every time he would find it abandoned a km or so away when the gas in the line ran out.
I drove in it once to get lunch and near the beginning the car begins sputtering and he's like, "oh right, you're thirsty" and reached under and flicked the switch. So understated, I still laugh at the memory.
Super common in simple vehicles used to "run into town" in rural areas. We call them "kill switches".
My previous vehicle was a '97 Jeep Wrangler. There were two kill switches installed when I bought it: one down by the driver's seatbelt latch for the fuel pump, and one reachable by inserting your finger into the opening for the 4wd shifter the disabled the starter. Neither was easily visible.
Yup, I put an ignition kill switch in my old Triumph Spitfire behind the dashboard when I was living in a not so great part of town. Just had to reach my hand up behind and flick it. I didn't hide it too hard, figuring anybody that tried to drive away in my Triumph and couldn't get it to start would figure it was just being a typical Triumph.
Cars built with Lucas electrics typically have 3 modes of operation. Off, Dim, and Flicker. Which two of the three end up on your switch is entirely random.
My car in high school had a similar system. The radiator fan didn't turn on automatically, so my dad wired it directly into the AC controller. (The AC also did not work. It was not a great car.)
If you got in the car, and did not specifically turn the AC to the correct setting, the car would overheat about a mile down the road.
Luckily for me, I never had a chance to put this into practice, because nobody stole my car. Unluckily for me, there were several times where I forgot that I had to do this, and my car overheated about a mile down the road.
The radiator fan didn't turn on automatically, so my dad wired it directly into the AC controller.
All that trouble, rather than run to NAPA to spend $12 on the thermo-switch that would be easier to install than hacking into the A/C controller. Yeah, I've known some dads like that.
"Run to NAPA" in what car? Presuming the nearest auto parts store is more than 10mins down the road (probably much more), you won't make it there without first doing something hacky.
And then the stupid solution is already working, so...
I have a 2000 civic. The thermoswich went bad and I replaced it (bit of a bother, tried to do it fast while coolant was pouring out the opening).
Couple years later it went bad again (I probably put in a crappy one from a generic country) so instead of going through that again I just stuck a bent paper clip into the socket of the wire that plugs into the thermoswich. Now it always has the fan on when the car is on.
Could have gotten the same effect by tampering with the relay (this short that I added actually just activates the relay for the fan) but I went with the easiest option.
Or destroying the pistons. I did this once. It was a long walk as in many kilometers from where we broke down to Mannheim train station so we could get home. Normally you could hitchhike but it was late at night and for some reason the locals didn't want to pick up a couple of scruffy looking American GIs.
I'm the type of person who will start a cross-country road trip with a nearly broken car with locking pliers and zip ties in the trunk just to try create some fun adventure along the way.
I did similar, except wired into the ignition circuit and with the control being a little cheap ebay RFID thing with the sensor on the underside of the dash. I kept a little RFID tag on my keys, chuck my keys up onto the dash when i'm ready to go and the truck is started with a pushbutton. I also put a cheater switch in the glove box in case i forgot my RFID tags.
In my case it was motivated more by maintenance headache - the mechanical linkage that went from the ignition switch to the ignition control device at the base of the steering column was busted and I was too cheap to buy another one and it was a pain to replace.
Project trucks that nobody can drive but you are the best trucks, IMO.
I guess this works if you don’t have immobilizers. In Canada they’re mandated, so the ECU is expecting some kind of digital signal from the key before turning on (but sometimes you can just shuck the rf chip inside they key and glue it in the right spot, or uncode it from the écu).
1996 ford pickups have about the simplest ignition wiring you could possibly imagine. I wouldn't even dream of doing this on anything new enough to have an immobilizer.
Our local police department had a guy get his squad car stolen TWICE during traffic stops, and they installed an ignition interlock switch on their entire flee to prevent it happening again. Also they relegated the guy to motorcycle duty after that.
Another story is once my friend called me for help because his car would't start. I looked it over; tested his battery etc, but it wouldn't turn over. I asked him if he had an interlock of any sort and he said no. I didnt do any more investigating since the car was still new, so I showed him how to push start it and drove it over to the dealer. Come Monday morning the dealer called him to ask where he had put the interlock loop that he had pulled out from under the dash. "Oh that thing? Yeah I thought that was weird." SMH
When I was younger here in the Netherlands a lot of us had tweaked motorcycles/scooters that would go much faster than the allowed cap of 50km/h.
Many had a "cop switch". Cops suspecting you messed with the engine would put the scooter on a test belt to measure its maximum speed. The cop switch would instantly cap it to the allowed speed. Mine was hidden in the left mirror, a minor adjustment would activate it.
I wired the cigarette lighter socket in my old MR-2 so that, if the lighter wasn't pushed in, the fuel pump would work for the first half mile. Then, the gas gauge would go to zero and the car would stall. Bonus: I kept a second cigarette lighter in the car with its heater removed, so I could leave it in the socket and there's no way to disable it (unless you brought your own cigarette lighter).
Of course, my system was just a bit flaky, and time and again I'd be on the highway, desperately pumping the lighter trying to keep the car going. I ended up yanking the whole shebang.
Same car had an alarm system, which over the years got triggered several dozen times by yours truly. The one time someone else triggered it by bumping my car, I came outside and thanked them.
In one of my old cars I reach down under the dash and partially unplug the clutch switch. Prevents any starting because the car thinks you've forgotten to press the clutch in. You'd need to know that one connector is a bit too far out, super stealth.
A local Chevy dealer once got a Silverado pickup with the 454 (7.5 liters) V8 in it. As an anti-theft measure, they disconnected four of the spark plug wires when they parked it on the lot. It got stolen anyway - it turns out that a 454 will still run on half it's cylinders.
My family's little econobox had a few interesting 'features':
The slushbox would shift into high gear and lug the engine unless you drove it like you stole it. The ignition didn't really need the keys unless you purposefully locked the steering column The exhaust split down the middle, giving the car a great sporting growl, and last but my favorite, the radio would often lock itself to the particular station and volume you were last playing. Sorry mom, hope you like metal at 11!
My last century GTI had kill switch (it was one of those circular keys and a spring loaded button) under the steering wheel. The engine would turn like it was trying to start, but it wouldn't unless it was unlocked. The other thing the switch did which I didn't realize at first was lock the hood. I bough the car used and trying to lift the hood initially I thought the latch was broken..
I used to drive an old ratty Subaru Impreza which was at one point meant to become a racecar (it never did) so the previous owner had removed the key ignition system. Never had it stolen because in lieu of a key it used an obscure sequence of flipping unlabeled switches in a specific order (power, fuel, ignition, then crank) to get it to start. Security through obscurity!
>At the end of the three-year project, the team aims to have a commercially viable prototype that can be scaled up to commercial production, first as a theft deterrent device, and potentially later as a complete vehicle entry and control system that could replace traditional keys and fobs.
What's the point of this? Modern cars already have engines that are cryptographically tied to keys[1]. They're not perfect, but is adding a whole new rube goldberg machine into your car really better than fixing the existing system?
What about a classical mechanical key? I am referring to a laser cut key, the type that can't be easily lock picked, other than in Hollywood movies.
The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographically signing won't help.
However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute. Upmarket car manufacturers like Mercedes have started to add this. The only reason this is not yet widespread as increased car theft is good for car manufacturers.
Keyless cars top the list for most stolen cars across the UK, with around 93% of all stolen vehicles in 2020 being taken without vehicle keys. Addressing this stupidity would be the first step. It is like projecting your bank account details and security details on the facade of your building, and then being surprised your bank account is drained.
>The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographical signing won't help.
AFAIK the attack you describe only applies to keyless entry systems (ie. you can open and start a car without having to pull your key out), which is related but not the same as an immobilizer. Transponder keys without keyless entry systems still exist on today's models, and is the default on most cars unless you opt for an upgrade.
>However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute.
That helps against someone cloning your key while you're at your desk, but it seems way easier to clone the key while the driver is walking away from the car? That way you know which car to steal and don't have to follow the victim into the building, which might be secured (eg. office building with badge system). Measuring RTT time and/or trilateration (multiple antennas inside car) should be much more reliable.
The modern versions of these keys cannot be cloned, they are challenge response. So you need to relay the challenge from the key, and then relay the response from the key back to the car.
This is often used by thiefs who bring the relay close to the front door, hoping for the keys to be in a bowl or a hook near the door. Then they can open and start the car using the relay. The car then won't turn off when it loses connection to the key (because that is dangerous) which allows stealing of the car.
There are cases where this was done over much larger distance, but those attacks are more easily defeated by having tighter tollerances on the latency of the reply. The latency tollerance does not do much for the 'keys near the front-door' attack, which is what the 'stationary keys do not reply' solution is aimed at.
> The modern versions of these keys cannot be cloned
The persistent rumor, of course, is that this has been cracked for specific models from specific manufacturers, with the help of someone at the dealership, maybe someone who owes large amounts of drug or gambling money to local criminal syndicate types. "All" you'd need to do then is use a valid challenge response pairs off as a cryptographic oracle to brute force the challenge-response algorithm and recover the seed value computation algorithm for the key and the car. Then "all" you need to do is record a challenge-response pair from the real key talking to the vehicle, and maybe the VIN, in order to duplicate the key, in order to steal the vehicle.
If this has been been done, the algorithm and seed-value recovery technique have not been publicly shared over the Internet, so it's only a rumor that it's been done, but given how high-tech thieves are these days, I don't consider it outside the realm of possibility.
What isn't outside the realm of possibility is the Rolling-PWN attack, which can be done with a $32 device and has been demonstrated against 10 years of Honda vehicles, up to 2022.
I've always wondered why the car doesn't warn the driver that there's 100 yards left before it will cut the engine (or limit it to idle), keep the power steering, turn on the hazards, and warn the driver that the vehicle won't continue to function because the key is not in range. Doesn't seem dangerous at all...
That's still dangerous, and it doesn't matter how far out you warn the driver. The moment the car cuts to idle, the driver will lose some control. Imagine this happens while you're in less-than-ideal road conditions and you need to be able to accelerate. And there are a lot of reasons that the key might lose connection to the car other than the 'not present inside the car' case, like for example, the keyfobs battery running out, or the driver dropping their keys into some kind of shielded bag (my car for example has problems sensing the key when it's in an insulated shopping bag that I have).
I think at most you could do something like have the car go into 'limp home' mode if it senses the key was never present in the car for some amount of time after the car is started.
I dropped my wife off downtown in her car and she had the key in her purse. The car did make a weird beeping noise as I drove away, but I had no idea what it meant and I was pulling onto the highway which would have been a bad time for the car to stop driving on me.
Picking a laser cut key isn't trivial. Even picking a standard house lock isn't trivial, especially not in the dark.
They don't clone the key, they use an antenna to amplify the signal from your key fob and then drive off. In principle you can do this by following someone, but much safer to do this at 2am at night. Similar to a one time password, the signal is only valid for a short period of time.
The fact that the LPL does it, with or without a special tool, doesn't really say much about how easy it is. He is an _extremely_ skilled lockpicker, and the vast majority of thieves, even those with some lockpicking skills/experience, are not going to be able to do what he does, as fast as he does it.
I have no idea how hard it is to do with that tool. I myself have as close to zero lockpicking skills as it's possible to have while still having picked a lock (I messed with a friends clear practice lock one time). But just seeing the LPL do it gives almost no indication of how hard it is to replicate what he is doing.
Darkness doesn't have anything to do with anything. Once you get the tensioner and pick into the keyway you aren't using your eyes anymore, at that point it's all feel.
If you are that good a lock pick, you are better off as a locksmith. In real life the people send out to steal the car aren't the most talented and brightest, otherwise they would be running the operation safely from an office somewhere.
I spent maybe 2 hours with my first set of picks to unlock my first shitty masterlock padlock. An hour later I was through my front door deadbolt. It's not a hard skill to learn, especially when it comes to typical american door locks (pin tumbler). But this is all non-destructive. I used to keep a set of picks in my desk specifically to open up people personal rolling underdesk drawers/file cabinets, when they lost or forgot their keys.
My understanding that your average ignition is a little more complicated (or at least different .. wafer locks) circa 70s-90s and then they started adding radios and other things into the mix. I dunno, I've never tried to pick one of these.
Destructively bypassing your average old-school ignition is still something you can do blindly with a bent flathead screwdriver and some elbow grease in about 15 seconds flat. As is destructively bypassing any given door lock.. well not bypassing the lockper se, but instead the bolt/doorframe generally.
This is two factor auth but when the "thing you own" is the standard case.
I don't get why it's not a keypad and relay though. Sounds like a complex solution to a fairly simple problem. I might be missing something though.
Edit - ah it's intended to work with many other options like controlling indicators or wipers or something - so you choose some pattern that is your password.
> it's intended to work with many other options like controlling indicators or wipers
I think you're asking exactly the right question though - how is all this not just a more complex, less secure, shittier version of a keypad that you enter a 4-6 digit code on?
It is also not any better than any other immobiliser. Unless it's on the CANBUS talking securely to the ECU, thieves will likely just bypass the module physically if they have the time.
This coupled with a CANBUS integration with the ECU to prevent it from starting would be pretty good though, since no one can wirelessly collect the signals to spoof the code.
I don't think any of your typical car thieves are actually picking locks. For a traditional mechanical key ignition, generally they're going to break into the steering column and just hotwire the right connections together, or possibly jam a strong tool in the keyway and forcibly twist the cylinder depending on the design of the lock. Obviously that won't spoof a signal from a fob or other electronic signal, but it's why having a traditional mechanical lock on the ignition isn't really worthwhile. If the electronic communication is secure, a mechanical lock doesn't add value.
Maybe it's different for very high-end vehicle thieves, though.
Not great from an accessibility standpoint. For anyone with any sort of arthritis/rsi type issues, doing two things with the same hand at the same time is anywhere between tricky and impossible.
Consider how annoying the modern cigarette lighter is for a non-smoker.
> The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographically signing won't help.
It seems relay theft could be 100% prevented by measuring the response time, and capping it to whatever is the equivalent of say 100 meters + processing time in key fob.
Most thieves try to be quiet to avoid detection. However, one should be open minded to new technologies, and the use of a loud jackhammer on the drive way sound like an excellent solution to this problem.
> The only reason this is not yet widespread as increased car theft is good for car manufacturers.
Not if your brand is one of the ones known to be easy to steal. I doubt I’d buy a Hyundai in the future given my understanding of their reputation as easy targets.
Doesn't the system already check the latency from key fob to car antenna? Better yet, you could use two antennas in the car, and triangulate the key fob.
Why not? A 2GHz is very attainable in modern CPUs and translates to 0.0005ns per cycle. This isn't theoretical either. 802.11mc[1] is a real standard and is accurate to 1-2m.
UWB is augmenting Bluetooth for car keys solving this exact issue; The Car Connectivity Consortium came up with the Digital Key 3.0 standard that's available today, as implemented by some makes like BMW and the Hyundai/Kia group and Apple, and resists relay and replay attacks through precise ranging.
That amount of money is absolutely nothing compared to the waste that goes on in the startup industry. Remember the $445 million self driving pizza oven delivery van?
Sure. In theory, investors can behave as rational actors. In practice, you get all sorts of chasing the Next Big Thing because there’s too much money flowing around to too little fundamental research.
So I’m ok if we spend $1.2M on research. That’s like 5 developers for one year who would otherwise be allocated by the invisible hand into effectively useless endeavors like high frequency trading or ad tech.
Cut to the alternative universe where they’re working at Blackrock and a car thief is driving their car away.
You don't get to, because you don't get to opt out of the social benefit that they result in.
(remember that government spending basically created transistorized logic, microchips, and computer networking as we know them today. would you have opted out of those too?)
Government funded research gave us computers, the internet, EUV technology, GPS, lasers, and all sorts of other shit.
If you're on HN in the first place, there is an approximately zero percent chance that the few dollars of your tax money spent on this kind of research hold a candle to the benefits you've gained from it.
You didn't lose any money. Nor did the country, the money didn't vanish, it ended up in employees pockets. Given they are probably low paid researchers, it'll all be back in the engine of capitalism by the end of the month. Some of it will even be back in the gov's coffers, where you can pretend it's doing something you prefer, like barely covering maintenance of a single road for a year.
>Stellar, which was founded by former SpaceX employees in 2019, uses a robot to cook mobile ordered pizzas which are then delivered by the truck driver.
If you could get that robot-cooks-as-you-drive idea right, even without the self-driving bit, you can out-compete Dominos by saving half the trips (back to store from delivery address).
The technology was immature but the fundamentals were there, and they'd save a not-insignificant amount of gas.
That's easy. Put it on treads, and add a tree cutter/stripper, and a hopper, so that it can pick up all the fuel it needs to wood-fire the pizza off the side of the road before it goes to the next destination.
I really can't imagine that. So you save some driver time. They're usually idle before delivery already, there's no driver shortage, and drivers/delivery isn't expensive. So there's only a small amount to undercut. For the profit to become interesting, you'd need a massive volume, but then you'd be forced to maintain a large fleet of mobile ovens. There's no automated driving, so you'd need drivers anyway. You'd have to pay everything from their idle return time, including the increased energy consumption.
The fact that Dominos practically begs people to come in and pick up their pizzas themselves undercuts your arguments about driver idle time. Maybe in your market they sit idle, but in mine I'd imagine they are spending 90%+ of their time fulfilling orders. My orders often spend 10min in the "Quality Check" state (waiting for a driver under a heat lamp).
Automated driving is orthogonal to the bake-as-you-drive model. Dominos will also switch to self-driving when they can.
The cost of owning 10 oven-vans vs 1 store + 10 regular cars will be the tough part and will require scale, but pizza is big business.
Arch that "quality check" thing bugs me to no end. It's the lie that bothers me: it's not like they're individually inspecting every single pepperoni or anything. They just don't have a driver available. Don't lie to me!
The Fed is the cause of QE/ZIRP, but it's not "funded by taxpayers" in any meaningful sense. The mechanism by which QE is done is that the fed prints money and uses it to buy government bonds and other assets, which pushes bond prices up, and consequently yields (and therefore interest rates) down. All of this doesn't cost the fed anything. The money is printed by them, after all. It's not like they're borrowing money from some other bank at 2%, and then distributing to the wider economy at 0%.
Yeah, that startup doesn't sound terrible to me. Like the other comments say, it's a multi-billion dollar industry. If you cook the pizza while you're driving it to the destination, then you change the time 15 minutes cooking + 15 minutes driving to just 15 minutes cooking and driving. Twice as fast.
But of course, you could offer the same latency by having a non-customizable menu and having pizzas ready to go when they're ordered. If it's 6:30PM on a Friday night, odds are someone wants the Pepperoni pizza that just came out of the oven. No fancy hardware required. The pizza is technically less fresh, but are minutes of freshness worth millions in VC? I don't know.
If car manufacturers can fuck up implementing today's immobilizer systems, what makes you think they won't fuck up implementing the rube goldberg contraption? Why do we have to switch to it just to get a non-broken cryptographic implementation?
That was because the base model of those vehicles didn't have an immobilizer like every other car on the market as a cost cutting measure. They also have ignition switches that are relatively trivial to bypass.
It's possible that some other manufacturer may try it again in the future, but the hit to Hyundai/Kia's reputation has been substantial.
> ignition switches that are relatively trivial to bypass.
The switches themselves aren't bypassed. Their design for the lock cylinder is so crappy that it can be snapped off, exposing the peg that actuates the switch.
”Mr. Trump’s budget, the largest in federal history, includes a nearly 5 percent increase in military spending — which is more than the Pentagon had asked for“
Locks are often intentionally omitted from equipment in environments where high availability is prioritized. They are also often omitted in locations where physical security is provided at a broader level.
Sure, let's intentionally omit locks from equipment that is designed not to fall into enemy hands. Let's not have a kill switch, either. Sure, makes sense for an agency with more money to spend than every corporation in America!
My guy, I believe the enemy already knows about our WWII-era "large truck" technology. It's fine.
You don't want either of those things in a widely used military vehicle. Soldiers do not need to die because they're fumbling and dropping keys under fire. They also don't need their truck dying in the middle of a maneuver because the kill switch accidentally went off.
Also, in war, trucks will be getting destroyed left and right. It'll literally be a rounding error.
> Sure, let's intentionally omit locks from equipment that is designed not to fall into enemy hands.
Slow down there with the sarcasm and think about the actual requirements or use-cases first. Your average operable military vehicle is in one of three situations:
1. Actively occupied or guarded from theft by current owners/operators with guns who will not tolerate strangers getting close.
2. Parked somewhere in the middle of a whole bunch of people who are generally guarding the whole area, and those people may need to be able to operate it very quickly.
3. In some long-term storage which is well-fenced, under surveillance, guarded by people with guns, and typically very far from both overt enemies and opportunistic thieves.
So there's already an access control system tuned to a particular set of needs... and one of those needs includes "using it to escape from something dangerous even if the prior-driver and everything in their pockets got vaporized."
How many tanks and materiel did Ukrainians take from the Russians? On October 2022 it was an estimated 453 Russian tanks. I guess 1, 2, 3 don't work that well in battle
So what? None of that wall-spaghetti supports an argument for keyed ignition locks as the solution. It's not like those Russian troops had just stepped away to get coffee.
If anything, it suggests other things like:
1. Russia shouldn't have tried a desperate blitzkreig through muddy terrain.
2. The Russian military should have had better policies/equipment to destroy or scuttle the ofabandoned tanks.
3. Russian tank-drivers should have had better training so that they didn't get their vehicles stuck in embarrassing ways.
Plus it's not like the opposing force will be a bunch of joyriding delinquents: Even if you completely remove your abandoned truck's steering-wheel and pedals, your way out, they've got mechanics and tools and factories, they can just fit their own. Truly denying them any valuable salvage is actually a lot of work/damage.
No fucking key is going to stop them from finding that tank in a field, towing it back to a farm behind friendly lines, and bypassing the fucking lock using a fucking hammer or a soldering iron.
An opposing military capable of leading the Russian military to abandon their tanks would also have the capability of defeating a kill switch once they have unhindered physical access to it.
Scuttling has been a common military practice, for literally millennia. This practice is unrelated to the presence of any locks on the vehicle. Militaries are equipped with explosives and weapons and can perform these actions without them being built into the vehicle. The reason this did not happen is not due to the construction of their vehicles, it is because they did not take action to do so. https://en.wikipedia.org/wiki/Scuttling
The automated self-destruct countdowns you have seen in movies and TV shows are used for dramatic effect. In reality, it is cheaper, more reliable, and safer to scuttle a manned vehicle manually.
Forget the suspensefully-narrated self destruct sequences, why has the Pentagon not invested in plot armour for every soldier? Make sure the uniforms aren't red and they can only die near series finales.
Yes, it does make sense that the DoD is more concerned about their own soldiers' lives than whether or not the Iraqi military has their vehicles stolen from them. These vehicles were already given away, adding some stupid biometric system would increase both the price of the vehicles and the number of lives lost due to failures. Throwing technology at problems is not always a solution. The vehicles typically have better security than a lock anyway, they're occupied or guarded by soldiers with guns.
You might be familiar with locks on vehicles due to your own experiences, but deterrence to unoccupied theft is a requirement that is somewhat unique to civilian passenger vehicles. It is completely normal for many other types of vehicles to have very minimal or zero theft mitigations due to operating in different conditions with different requirements. For example, multi-million dollar jets have no anti-theft systems at all.
> Throwing technology at problems is not always a solution
It's a fine solution to the very pressing "VCs aren't giving me money" problem. You can't have a blockchain or AI startup, say, without throwing technology at random things!
Even if you put the locks on, they would never be used. If you need it you need it right now, and it's usually life or death. If somebody is trying to steal it, you shoot them. The last thing you want to be doing in a gunfight is fucking with a lock.
All you have to do is have every soldier who is authorized to use your equipment unlock the vehicle through an affirmative phrase — and the vehicle can check their voice for instance, or other biometrics like their fingerprint. Or each of them can wear a beacon or smartphone which does that.
Cars today open with you just getting into the car. This is easy stuff man
Solders in warzones frequently wear gloves, encounter debris, shoot guns, or are exposed to extremely noisy conditions, which would result in an inadequate signal-to-noise ratio for reliably and quickly sensing fingerprints and/or voices. They also tend to avoid unnecessarily emitting RF which would give away their position to enemy forces who have advanced signals intelligence gathering.
Yes, it would be possible to do what you are saying. However, militaries find this undesirable because they find the drawbacks outweigh the benefits.
Let’s assume for the sake of argument that electronics are perfect, and never fail for any reason (including but not limited to battery drain, battery overcharging, battery age, heat, cold, sudden change between heat and cold, vibration, shock, moisture, dryness, flooding, corrosion, UV degradation, rodent infiltration, wind, wind containing abrasives such as sand and dirt, chemical exposure, fire smoke exposure, fire heat exposure, sabotage due to local exploits, sabotage due to remote exploits, etc.).
Does not sound like you have ever been anywhere near a combat situation.
You don't know who is going to need to be able to drive something at the drop of a hat. And the more fiddly and complicated something gets, the more likely it is to fail because of either technological or UX/human reasons in stressful situations. This would cost lives.
It doesn't matter how robust it is, any voice recognition less than 100% reliable and any more expensive than $0 would put your equipment at an operational disadvantage when put on the battlefield against an opposing military with vehicles that exhibit a 0% rate of authentication failures because they lack authentication.
There is no realistic scenario in which a military has lost physical control of the vehicle, and the situation is mitigated by locks on the vehicle. It is always already too late at that point.
When shrapnel and bullets are flying and your nerves are completely shot, your voice wavering and you're croaking from smoke inhalation, do you really want to entrust your life to voice recognition? Come on dude, you're being absurd. We're talking about military hardware, not tech gadgets for your home.
I'm saying what everyone else is trying to tell you 'you have no fucking idea what you are talking about, you are trying to solve a problem that does not need to be solved, that no one has a desire to solve and is in fact not even a problem'.
If the enemy gets physical access to the vehicle that you're going to use to escape, you're already toasted.
And on the other hand, if you are ambushed, you don't want you and your unit to die because the soldier who had the keys just got fragged by the enemy and now you can't escape.
Or: "Our unit was ambushed while setting up camp. We could all have escaped alive in our truck, if not for the fact that the first of us killed by the enemy was Private Jeane, and she was the one with the keys."
Even if you put this device in a car or a biometric device in a car or even a normal keyed system. An enemy who has possession of that car for more than a few hours can easily bypass most locking devices.
This one is nothing more than a relay on the battery line. Simply find the relay and bridge it. Problem solved. Might take you a few hours to dig under the dash to find the damn thing, but once you do 'problem fucking solved'.
The men in power always abuse that power, more or less.
We need oversight but politicians are not very interested in doing oversight because corporations use their money as free speech helping their favorite politicians get re-elected, because of the Supreme Court decision that allows that to happen.
So we need a more informed population to stop corruption from happening, but some politicians don't like the idea that people should be able to read whatever books they want.
That's probably true, but tangential to the absurd point made above.
There is almost zero reason to include robust locks or immobilizers on military vehicles. They're either occupied by soldiers with guns. Or in a locked facility, guarded by soldiers with guns. Or abandoned on the battlefield (in which case, they should be scuttled, but shit happens and sometimes you need to GTFO ASAP).
The problem with this defense is that it is invisible... the thief will only know about it after they've caused external damage trying to get access to the system.
This is visible to the theif and just raised the theft effort from "jump these cables just behind the headlight" to "jump these cables behind the headlight and then use a loud angle grinder in a very enclosed space". I'm in a residential area, this is a strong deterrent and avoids the initial damage being done to the car.
PS: Some sports cars kill their CAN when the car is turned off... but we do insist on keyless entry and this is what we get for it.
"then use a loud angle grinder in a very enclosed space" They don't need to cut the lockbar:
> What we knew was that the Club is a hardened steel device that attaches to the steering wheel and the brake pedal to prevent steering and/or braking. What we found out was that a pro thief would carry a short piece of a hacksaw blade to cut through the plastic steering wheel in a couple seconds. They were then able to release The Club and use it to apply a huge amount of torque to the steering wheel and break the lock on the steering column (which most cars were already equipped with). The pro thieves actually sought out cars with The Club on them because they didn’t want to carry a long pry bar that was too hard to conceal.
> a short piece of a hacksaw blade to cut through the plastic steering wheel in a couple seconds
I'm having trouble visualizing that part, unless it refers to steering-wheels of the past with a lot less material. Wouldn't a piece of hacksaw blade also be much less effective, without the rest of the hacksaw to provide tension?
With a bit of leather/cloth wrapped around the blade, they're perfectly capable of cutting through softish metals and hard plastics. The tension is mostly optional, since the teeth usually only point towards the pull, resulting in the blade providing usable tension.
Source: Not a car thief, but have misplaced my hacksaw, for small tasks, far too many times.
My grandfather invented, marketed, and maybe patented a device on this premise before he died decades ago. I still have one in its retail packaging in my curio cabinet.
IIRC the first iteration he made used a keypad to enter the code, and the second used the blinkers.
Does the timer restart with each ignition start? I'm imagining a thief who is aware of the system diligently putting the car into neutral and turning the car off and on every 40 seconds during their getaway.
This is low tech, available since the late 80's. It's a bit ludicrous to think it wasn't invented, and reinvented, many times within the last 43 years.
The problem with security by obscurity is that as soon as it's widely used, the crooks learn to bypass it. It's literally a relay in the starter wire, all you gotta do is hotwire the starter and you're back to the status quo.
A whole lot of people have these on their own cars, any DIYer can do it in an hour or two. I may or may not have one on mine. But the "security" comes from there being no standard location for any of the components.
Looking at the prototype photo, it seems trivial to open the hood and remove the whole thing in a minute or so. Unless the plan is to have it somewhere way down there, and not simply sitting on top of the positive terminal.
The video says "alarms sound the when authenticator is removed", but that's a gimmick. They should be entirely disconnecting the whole negative terminal (duh), not just the wire to the device, leaving the whole car without power until the positive terminal is freed.
And if anyone bothers to ask what the thief is doing, they have a 100% plausible reply "got a parasitic drain, so I've put a cheap relay and now this crap is failing on me".
Couldn't they just make the car blare non-stop alternating sirens for 10 minutes at a time, 4 times an hour for 12 hours, loud enough to get through drywall and double-paned windows, at the slightest perturbation?
Although I don't own a car, I'm happy when I hear throughout the day and night that my neighbor's cars are well protected.
I've come pretty close to keying "FIX YOUR ALARM" into people's doors for this. In the end left them notes about it, which did result in it getting fixed, so I haven't had to actually do it. Someday, though.
I still think car alarms are a net negative to society. Thousands of hours of disrupted sleep and it prevents approximately no thefts.
Not to mention all of the mockingbirds that have learned the song of the car alarm. It's the most complex birdsong out there, so many mockingbirds picked it up while it was regularly sung, and now it's passed down from each generation to the next.
I guess it wasn't only me who mentally associated that sound with "uh oh someone's car was hit by a small branch carried by the wind" and/or "a cat walked over the car".
I lived in Chicago at that time, you heard those car alarms constantly and they were just ignored. I still remember the sequence of beeps, whoops, and buzzers of the popular alarms.
For the device in TFA, I don't see what prevents a thief from just bypassing the thing with a jumper from the battery + terminal.
This approach is not mischief proof and will become an easy way to get back at the owners and/or your neighbors.
All a thief has to do is trigger enough false alarms (directly or indirectly) to annoy you and the neighborhood that you either disable it or learn to ignore it as false alarm.
The receiver which measures the voltage pattern and decides if the rest of the voltage is allowed or not becomes the weak point. Like the encrypted key system used today, this could be buried deep inside the engine, but unclear why this is better than keys today.
In addition, if the driver should be able to manually recreate the voltage pattern by actually flicking the lights/wipers, there will be a relatively small number of voltage combinations which could be iterated through an automated device connected directly to the wires very quickly.
I don't see how this could possibly reduce the battery lifespan. Flashing the lights takes a few watts. The vehicle will then be started and charged and never reach any lower level of discharge where damage would occur.
Yes, if you flashed your lights everytime 500+ times and got your battery to a meaningful low voltage where it barely started every time, sure. But not in the use case presented here.
Consider two cars with fading batteries at the end of their lifecycles. They are on their last start before needing to be replaced. They both have exactly enough energy to start the car with nothing left over, however one car has this system installed so it needs to flash the headlights/wipers/windows first. That car fails to start
That's like saying we should also turn off keyless entry sensors to make our battery last an extra day too, since theyr draining power as your car sits all weekend, and then one Monday morning your car won't start when you need to go to work.
Does it really matter if your car starts 3000 times from a battery or 3001 times?
isn't this just an absurdly complex re-imagining of the on/off switch? I've spoken to numerous people who either had their vehicle stolen or it was broken into. The ignition cylinder was damaged in the process. Rather than spend money replacing it they just wired in an on/off switch in a random place on the dash. The car got broken into again but was never stolen.
I have an old beater. It cost me 2300 USD when I bought it. Last year the ignition cylinder broke. My friend is a mechanic and he told me he could replace the cylinder for 90 USD, or buy him a beer to just install a button. I now jokingly call my car a Tesla since it starts with a button (it also requires the key)
Off topic: My first car was a 1966 white Buick Skylark convertible that I bought for $500 cash in the summer of 1976 in Los Angeles when I was 28 years old.
Prior to that I had lived in LA from 1966 on and got around on foot and on my bicycle and city buses.
I drove that giant Buick — I mean it was HUGE, both in terms of length and width as well as weight — for about five years, the final 2-3 of which featured a caved-in non-functional driver's side door resulting from having been T-boned by a little old lady who ran a stop sign.
No worries: I'd just hop over the side or use the passenger side door.
After the crash I never worried about theft.
Also, amusingly, when I was on freeways, cars in adjacent lanes would quickly move away.
Lol. I soldered in an alligator clip jumper wire for my friend to temporarily bypass the failing ignition switch and he left it like that, says he likes the sparking.
The button was my go-to when I got a new car, I would defeat the lock cylinder without damaging the steering column, and place a button in a obscure spot to start my cars.
Huh, never considered valet parking to actually be a real thing. Isn't it annoying having to wait for someone to drive your car? I'd almost pay more not to have to do it.
It's common in denser cities, primarily with two applications:
1. at parking garages so that cars can be double- or triple-parked. This is by far the most common use case for valets today. At these lots, you actually do have to pay more (or arrive early) for a spot that doesn't require valet parking.
2. at high-end restaurants or other similar venues where there is no immediately nearby parking and limited or no street parking. The valet drives the car to a lot or garage a few blocks away and returns it to you when they are done. You can almost always opt out of these, although you may or may not save money by doing so and at some places it can be worth it to just pay up and deal with the inconvienance because the nearest parking is a bit far.
I've also seen it as a weird status symbol thing in cases where it's entirely unnecessary, primarily used by people who have never had to put up with #1 or #2. Think up-scale hotels but located where parking is extremely ample. I think that only exists because there's a general impression outside of super-dense cities that valets are a "fancy" thing because they are only really common in "fancy big cities". (Which, to be fair, owning a car in midtown definitely makes a person fancy in some sense even if I'd never ency that person :p)
But actually, for the most part, valets are not a fancy optional service. They are mostly a non-optional service that you have to pay more or go to significant inconvenience to not use.
At my work at the time (pre-pandemic) we used to have an EV valet - attendant would take your car, park it and then move it to an EV spot when one opened up, then put it back into normal parking - you would get a text with the location on each move.
It was quite nice and let me focus on work instead of worrying about charging and only initial paperwork (we had QR stickers on the car and keychain QR).
That's about the only time I've used a valet regularly.
Sometimes it's a lazy rich person tax, but sometimes it's required because there's limited parking, and the valets can jam the cars in double-parked (or more), since they can shuffle them around as needed.
Pal, I've seen wallet parking across several countries in the world. Latin American, Western, and Eastern Europe, I just got curious about where you live to never have seen it.
And to answer your question: No, valet parking is usually useful because the parking place is far from where you're going (usually a hotel or restaurant). Having the valet saves you the walk from the lot to the place where you're going. It is even more useful when it's raining and you're having a formal dinner.
The wait for getting the car back is also pretty short because someone radios a driver already in the parking lot to bring your car in most circumstances.
I suspect you are parking your wallet in the most tourist-equipped areas of each country you listed. I would bet that within a 5 mile radius of each, you could find 1,000 people who have never used valet parking in their lives.
Norway. I guess the less denser cities I've lived (that were somewhat car dependent) it was never an issue just parking right outside. And in the city I now live (Oslo) I would never use a car to get to dinner anyways.
Not who you’re replying to, but I’m from the Czech Republic, have been driving for 10+ years, live in Prague (the capital), I have never even seen valet parking anywhere. Even the local Hilton hotel doesn’t have it.
Very common. My work in the big city used to require us to use it when driving to take advantage of commuter parking benefit for the other reasons mentioned. Also use it at shopping malls where the valet price is the same or substantially similar to regular parking.
Surprisingly many of them use a text system so you text them to the number they confirmed with like 10 minutes before you need your car and they have it waiting — very convenient.
Also use it at big events like operas or plays or whatever where parking is awful but valet, despite being a little expensive, puts you right up at the front door when walking in and then they get it when you leave.
I used to have a car that had a kill switch requiring the turn signal to be turned on or some such thing. It was periodically a pain with valets or parking garages where your car might need to be moved. I'd leave a big note but it was ignored about half the time.
A friend had a car that required that you hold a magnet at a very specific spot in the back of the arm rest to be able to start ignition. Don't think he ever tried to valet that.
Had a valet ignore a huge, printed instruction taped over my steering wheel on how not to food my car (leave it running for at least 60 seconds). Sure enough, they flooded it really bad trying to start it over and over. Killed the battery. Never used a valet after that.
There's a lot of people remarking about this not being novel or the grant being too high, but I'd make two other critiques.
First, what happens if the electrical characteristics of your vehicle change in some way? New vs old battery? Busted headlight? Phone plugged into an outlet? Diesel air intake heater grid kicking in on a cold day? What if you need to jumpstart your vehicle? It just seems so finicky in the real world.
Second, what's the point of using this analog signaling system to begin with? I don't see the supposed simplicity of it. Both the transmitter and the receiver are more complex than would be needed for digital. The other argument is that it is somehow more "hacker-proof", but using analog signals doesn't make it so. You can have a similar scheme operating on the CAN bus with no added risk. In fact, I bet there are devices on the CAN bus that can both measure and modulate battery drain, so the isolation may be illusory.
Ultimately, it's not about not having the technology. It's just that your average customer favors convenience features over having a fortress on wheels. Plus, the returns on sophisticated defenses are diminishing, given that a car can always be loaded onto a tow truck, the hood can be popped open, or the whole thing can be stripped for parts with a Sawzall (as catalytic converter thieves tend to do).
This is a two part system. There's the relay under the hood, and a keypad plugged into the cigarette lighter port. When you put the correct code in, the device will induce the voltage fluctuations that tell the under-hood relay to close.
I think the whole "flip on wipers, flash high-beams twice, turn on map light" thing is a fallback for when you don't have the keypad or don't want it to always be plugged in. If the voltage variances for those actions changes, I suppose you can retrain it with the keypad plugged in.
And the point of that analog signalling is to make installation easy. You just plug the keypad into the lighter port. It handles the rest.
Right, but that voltage modulation scheme can be distorted by the changing electrical characteristics of your car. Again, imagine a diesel heater kicking in, or windshield wipers, or some other variable load (phone charging)... you can have a clever fault-tolerant modulation scheme, but probably not if you want to also support "blink headlights" as a backup input method?
Beyond that, I don't see the "simplicity" argument for analog. You're already messing with the vehicle's wiring. CAN bus is easily accessible from the passenger compartment. Or, running an extra data wire takes 10 minutes. Short-range RF can be easily secured in this application too.
Plus, on many newer cars, USB charging ports are displacing 12 V outlets, so it's not even all that future-proof.
It's not that I'm desperate to dislike this design, but I'm struggling to see the qualitative improvement over a billion aftermarket designs that most people just kinda don't use...
Thus begins the spiral coming back to "physical" security vs abstracted tech. Imagine the sales of a new BMW M5... "Yup this baby has it all. Top of the line security. Worried the thieves will see your finger prints on the keypad no worries. Just manually hit the windshield 3x, run the blinkers so many times. Etc etc. And there she goes..."
2. It adds tons of uselees innovation to a kill switch.
3. If your car is antique/valuable/interesting, the people stealing it know the starting diagram/circuit and can easily rip it out/bypass it.
4. IF your car is antique/valuable/interesting you wouldn't add this as it can depreciate the car value/make it more ugly. You're not installing this in a brand new BMW M6, or a new Honda Civic, or a E24/1980's BMW M6 or a 1990's Honda EK Civic.
Solutionism at it's worse. Ignores the whole idea of what a car is. Ignores the innovation in Transponder tech that has been the standard for a while - only Kita/Hyundai in the USA has been avoiding it because if added BOM.
Outside the USA car thefts are not as common and in Domestic Japan/India/Asia a transponder is still pretty rare.
But back to the article - seeing this was sponsored by "University of Michigan- " - WTH is going on there? That is Ford/GM.
"Battery Sleuth bypasses both the wireless communication that key fobs depend on and the standardized onboard communication network that’s used in today’s vehicles. Instead, it authenticates drivers by measuring voltage fluctuations in a vehicle’s electrical system. "
Worthless, so it knows the cars resting voltage usage (easy enough) and if theres a drain, it means something is connected and that it can lock it up, but the same as a killswitch, it can be removed or bypassed.
"Battery Sleuth also has defenses to guard against hacking or physical attacks on the device itself, including a siren that sounds if illegitimate activity is detected and a resistor that shuts down the vehicle’s electrical system if an unauthorized power source is connected to the vehicle. "
Very easy to pop hood, pull siren out/disconnect. and lol "resistor" means anything/nothing.
> Outside the USA car thefts are not as common and in Domestic Japan/India/Asia a transponder is still pretty rare.
My priors are that car theft inside the USA is fairly rare now, but exceedingly common in Europe. I'm constantly hearing about all kinds of sophisticated electronic attacks on vehicles particularly in the UK, that are simply not an issue in the US.
I disagree - many cars are kept in parking lots - especially in HCOL. Access is basically whenever - if someone sees it there, and not moved often and such they know they can most likely attack it.
Stripping an security system is also doable, via the can-bus attacks we see of late, but more personalized can just be to replace the ECU. In many cars this can be done in less than 15 minutes.
Car shopping as presented in gone in 60 seconds is somewht common - ask people on any enthusiast forum and you'll see.
Miatas in Bay area, stolen for the hard top/car itself.
Skylines
Honda Civics - just spare parts basically, though if it's a mint enough model I can see people vin swap because 2000's
Honda S2000 - mint models reach 30K now, so it's own market.
And that's just from what I've kept up* in.
Now would someone pull up to someones garage, open that, and drive out? Probably not - but alot of people do drive cars to a parking space for work, or if they live in a condo - have shared/communal parking, and such.
And to add an extra layer of paraonia, it is very inexpensive to attach a GPS/Air tag to a car and track it - within a week or two you can see a pattern of where it goes, for how long and what amount of time its standby.
The VIN number is also viewable from the windshield, meaning if the thief has any sort of connection - they could even just order a replacement key thats preprogrammed with a base code and potentially just turn up to the car and drive away.
But for opportunistic theft, yes - keys left within car/visible and then stolen but there are many different type of thieves for different markets. For unique/"antique" cars or any cars that were in the first three gran turismo - being targeted is a very big thing now in the community.
Thanks for reminding me of the Miata/Civic thefts, I nearly forgot how big that was in the mid 2010s. I recall so many articles of that happening.
I was living in Miami during that time, a friend had his EK hatch stolen, beautiful example too, spent a fortune on that car and it showed. Of course the aftermath was the same ole story of it being stripped, and cut to a near nonexistent state.
Now thinking on this "solution" the amount of social engineering that happens today will defeat this pretty quickly. Most of the thefts for cars like my friends were done by people who knew the owners.
Unfortunately it's happening more now, simply because the value of the 90's/first generation ones are through the roof (haha get it, because it's topless?). Hard tops are now worth $2500-4000 in Miata world. Used to be you couldn't sell one for $500 or so.
Running cars are worth $5000, coupled with a hard top its worth around $7000 easily - mint/very nice ones exceed $10,000. For a 20-30yr old car, it's appreciating to exceed new cost (msrp for a 1990 miata was not even $14,000!)
Over in honda land, same thing, you used to be able to pick up a basic ek no/manual/only option is AC for less than $3,000 now those are the ones in most demand and exceed $15,000-20,000!
> In a field test study on eight vehicles published in July 2022, the researchers showed that a prototype of Battery Sleuth was more than 99.9% effective at detecting and preventing illegitimate activity without interfering with normal vehicle operation
Would anyone be able & kind enough to explain what sort of testing could go from a sample of eight vehicles to a result of "more than 99.9%"?
Does that mean they tested 1000 ways of hacking (or 125 ways on each of 8 cars) and found 0 of them were successful? Or...
The GM EV1 had this solved early on: they didn't use keys at all - just a numeric PIN that you entered on the door and on the center console to start. ;)
It used to be that the PIN logic was just a simple rolling buffer and substring(ish) search, such that for a 6 button keypad, an optimized 80ish button sequence would open every single vehicle with those keypads.
This is a very engineering solution to a very not-engineering problem.
Would this deter thieves? Possibly! Would thieves eventually be able to work around it? Also probably! Would it increase the friction of getting in and driving? Definitely!
Today, your house keys are basically useless for security -- getting into your house is trivially easy both destructively and not. But we all use house keys because they feel safer. Ask people to provide biometrics or long passkeys or keycards and eliminate the existing locks? It's a hassle most folks won't tolerate.
Likewise, people are comfortable with the walk up, push button, leave nature of fobs. Replacing that with "walk up, scan fingerprint" or "walk up, type in password" is going to tick off a lot of people.
"Today, your house keys are basically useless for security"
They are not useless.
Only some people have the skills and tools to open them - so they are useful at keeping most people out, even though they don't provide perfect protection.
Most thieves are not professionals, but for example junkies who look for something easy. A simple automatic light, is already doing wonders to keep them away.
Raking house locks is a) not difficult and b) not expensive. You don't need to be a professional to do that.
But also, bricks through windows are equally not difficult and not expensive, though they do leave a bit more evidence. When my neighbors have been burgled, this is the preferred method of entry I've seen.
"But also, bricks through windows are equally not difficult and not expensive, though they do leave a bit more evidence"
But that would be loud. You don't want attention when breaking in. (Unless you are a fucked up junkie not caring about anything anymore)
But yes, my parents for example are paranoid about always locking the front door 2 times(and get angry if I don't do it when I visit), but have a glass door in the back. There are also glass cutters.
"Raking house locks is a) not difficult and b) not expensive. You don't need to be a professional to do that"
But you do have to make some investment. They are illegal to purchase (in most places), I would not know, where to start looking. And then you have to learn to use them. And I know someone who did play with those a bit - yet he still could not enter my door at all. So it is a barrier.
Lockpicks are legal almost everywhere in the US.[0] Even in places where they aren't legal, they're not exactly difficult to obtain, given that a perfectly adequate rake can be made from any key that fits the target lock, and there are only ~3 keyways in common residential use.
I got one lockpick kit as a gift, and found out I can open the door of my apartment in 20 sec with it as a complete beginner. The fun part was that it was not possible to open it from the inside. That was how I learned that the lock was mounted with the inside part on the outside (it was a rented apartment).
> But that would be loud. You don't want attention when breaking in. (Unless you are a fucked up junkie not caring about anything anymore)
Pre-Covid, it didn't matter if you were loud. You and your neighbors were all off at work all day. So long as a thief felt confident there was no alarm to trigger, they could make all the racket they wanted and no one would hear.
Today, it's a little more risky but of the half dozen houses on my street I'd probably only hear one getting broken into and that's only if I were downstairs. Our homes aren't on especially large lots either (7-10k sq ft).
But a thief does not know, if no one is there in the neighborhood, unless he is indeed professional and scouts the area in advance. Also in my area, there are plenty of old people always watching and listening ..
The best locks offer is that you have to plan a break-in in advance; i.e., you have to have your lockpicking tools with you. That said, you can pick master locks with a paperclip; I've done it. So it's not much of a barrier.
That said, just because people have low-security locks on their house doesn't mean that better options aren't available. I have Medeco locks. They are harder to pick than what you get at the hardware store. So far, no break-ins from lockpickers! Also, I'll sell you a rock that keeps tigers away.
At least here in the Nordics no one uses easily pickable locks for house or apartment doors. Those kinds of locks are mostly found in cheap padlocks and maybe bike locks. Doors usually have Abloy locks or similar.
It's funny, I have the opposite problem. I have a particular door lock for which three different locksmiths have all failed to cut usable keys. The originals work fine, but the copies don't. The last set barely works, if you wiggle it around a lot and ram to get it in, but then it gets stuck in there and is nearly impossible to remove.
They've tried various blanks, and I've never gotten a satisfactory explanation from any of them. It's possible all my local locksmiths are inexpert.
The pins in new locks have pretty tight tolerances for the first couple years until they wear a bit. Its likely they are just using older equipment which isn't sufficiently precise to cut them. Get a key that is exactly right, and works with a bit of wiggling, use it as your primary key for a couple months and it will work just as well as the originals. The slight variations in the key ways/etc will knock the edges off the pins with enough use. Assuming the key is cut correctly from the right blank, you might just need a bit of lube/oil on the key. If you can see variations by eye in the ramps/etc its likely the key is just wrong.
> Only some people have the skills and tools to open them - so they are useful at keeping most people out,
No, not really. A large part of the security of locks comes from most people not knowing that they have the tools and skills to open them. It's like if everyone taped their door shut, and we depended on most people not knowing that tape is easily removed.
My kid accidentally locked us out of the house the other day by twisting the knob lock on our garage door. Turns out we never got a key for that lock when we bought the house - oops! And we didn't have keys for the back door, for complicated reasons. No worries, I took my wife's key ring and used the key to her parents' house to open our back door. In my experience, most keys work in most locks, if you just apply a light turning force and then rake the key in and out a bunch of times, ending with the key sticking all the way out except for a millimeter or two.
Erm, maybe the locks in germany(europe) are different - but what you describe I only know from very old or cheap locks, no one would use for a front door (insurance would not accept that).
haha, well in America, insurance has no idea what kind of locks you have, and the vast majority of home locks are "whatever was cheap at home depot".
My front door is a pricey digital lock with a key for backup, and I don't think I could pick it with this method. That's why my first instinct was to try on our cheapest door.
I haven't had a key for my house in probably 10 years. I used the garage door opener PIN pad to get in. I recently replaced the front door lock with a new one that also has a PIN keypad, but I still mostly enter and leave through the garage out of habit.
A friend of mine was bored and bought a Lishi tool online recently. Within 10 minutes and with no previous lock picking experience he was able to silently pick his house's deadbolt.
This can be true while it still keeping most criminals out. It's going to depend on the location and context. I'd say an analogy for this is engineer thinking versus economist thinking. My observation is that criminals prefer the latter. Rather than doubling down on engineering, they try to move to a more lucrative venture. Getting better at burgling houses doesn't change the upside as much as other crime.
In my suburban area, the biggest problem is unlocked doors on houses and cars. Despite this problem existing for many years, doors are still regularly left open. The criminals don't attempt to exploit the same neighborhood repeatedly. They pass through in waves and then go elsewhere before returning when everyone has let their guard down. When they attempt forced entry, or anything more than casual theft, they get a lot of attention and caught.
They could improve their takings by developing some lock picking skill, but it's also higher risk since they have to spend some more time on each target which increases the risk that an observer will actually notice them. I could easily imagine a dog walker ignoring someone entering a home through an unlocked door, or making it look like they are checking a door is locked when entry fails.
Being in country that uses proper locks... Yep, people aren't picking them in field.
Good locks are expensive, but they also last a long time. And nearly unpickable is good enough. There is wall of window next anyway that then becomes much easier.
Agreed. It's surprising how often we are great at post mortem analysis in engineering contexts (asking "why" five times), but we find it uncomfortable to do the same in social contexts. We jump straight to "How" rather than "why", and build locks that inconvenience people in hopes of stopping that one "how" rather than investing in fixing the root causes.
Property tax is not land value tax. Property tax is a tax on both the improvements and the base value of the land.
Land value taxes are only taxes on the value of the land.
A land value tax would tax a giant residential building and the parking lot adjacent to it the same, which encourages maximizing the value of the lot rather than leaving it for parking.
I imagine some Non-Americans reading this are horrified.
But Americans know that this (a pre-shooting checklist) isn't a reason for door locks for every American. And I'd guess it only is for a small minority of Americans.
No, you can't legally shoot someone that walks in through an open door. You can ask them to leave, but youre going to have big problems if you shoot them and all they did up to that point was not leave instantly when asked, if they walked through an open door.
If the door is locked, and they break in, you are not shooting them because they broke a lock. You are shooting them because theyve shown criminal intent by forcibly making their way through a locked door.
I'm curious in how many jurisdictions simply "showing criminal intent" is sufficient to mean they're legally a target to be shot at, potentially fatally. I'd be pretty horrified to know I was living in such a jurisdiction.
Whereas somebody walking through my open door while clearly posing a threat to my life, or the life of family members (e.g. holding a weapon) I would have no hypothetical qualms over aiming a gun at, and should they continue to approach, firing. Mind you if that did result in their death I'd still expect to be required to provide evidence that it was a reasonable course of self-defence given the circumstances. Are you saying that isn't the case wherever you live?
Are you sure you can run all those calculations while breaking and entering is occurring in your home? It varies quite a bit from place to place, as you can see...
But the basic idea is that the natural right of self-defense extends to certain areas, including one's home. (That is, you do not have to wait until the intruder has his hands around your neck in order to defend yourself.) If you would prefer to not be allowed to defend yourself, that's you. In many countries (not just the US) invading people's homes makes for a dangerous and short career, as it should.
Thanks for that link, that is pretty interesting and I can't honestly say I know exactly what the law is where I live (in Australia, but not in the state that gets a special mention in that article).
And absolutely, if I happened to have access to a lethal weapon and I was sufficiently fearful I might well be tempted to use it on an intruder even well before they posed an immediate threat. But if I really were responsible for taking an intruder's life and the courts determined that they were never a realistic threat to anyone, nor was there any good reason for me to believe they were (e.g. I had a clear view of them, could see that had no weapon, and they weren't acting in any sort of hostile manner), I'd fully expect to go to jail for it.
Instead of trying to catch me making a language error on exactly what criminal intent is... Why don't you think about this like a human....
You are at home with your wife and kids. A large man wearing all black with his face covered has broken your door lock and forced the door open. He is now making his way up your stairs where all your family is.
Should you be able to legally shoot this man?
If not, what is your plan for protecting your family members from this person?
Not a question of language error, I'm just interested in how different parts of the world have different takes on when taking a life can be legally justified.
FWIW, in your scenario, if I simply shot the man and killed him, then I would fully expect to be questioned and possibly charged, and only acquitted if I could demonstrate killing him was a justifiable act of self-defense. I don't imagine whether he'd broken the door lock would be considered particularly relevant.
As it happens, I've forced locked doors open with no criminal intent - I'd simply lost my key and needed to get back inside my own house. It's not impossible the man in question had got confused about which house was his and was doing the same thing.
I got it. If a man breaks into your house, begins walking up the stairs while your wife and kids are there, you're going to be cautious to see if stopping him with deadly force is necessary. Maybe first let him strike you in the face too. You wouldn't want to kill him if he's punch only knocks you down and allows you to get up and fight him off like a super hero! And if he punches you so hard you loose consciousness, what's the worst he's going to do? Rape your wife?
Yes, I absolutely would be cautious - if nothing else, attempting to stop him with deadly force may well be what triggers the situation to become violent and life-threatening for my family and myself.
But more importantly, all the circumstances I can realistically imagine myself trespassing into somebody's house do not involve me intending any harm to any of the occupants, so I would very much hope most people would approach such scenarios with similar caution.
By making it hard to obtain weapons.
The US thinking to me seams to go along the lines of handing out nuclear weapons to everybody so forces are balanced...
If the legal rule is "you can't shoot anybody", which is what the post I responded to said, wouldn't that make it impossible to legally obtain weapons? Why just "hard"?
If, OTOH, you mean make it hard to illegally obtain weapons, where has this actually been done successfully? My reading of human history is that criminals who want weapons have always been able to get them somehow.
> The US thinking to me seams to go along the lines of handing out nuclear weapons to everybody so forces are balanced...
I don't know where you are getting that from. The US thinking is very simple: since it is impossible for governments to prevent all violent crimes or to ensure that police show up in time to protect citizens from being harmed by violent crime, citizens must be allowed to have the means of self defense. The best way to minimize the number of citizens that feel the need to have weapons for self-defense is to extirpate crime--but unfortunately the US in recent decades has been moving in the opposite direction.
And the overwhelming majority of people, including thieves, don't do this, because the raised barrier to entry makes gun crimes vastly less attractive. Combine that with a broad social safety net that reduces poverty, and you miraculously get homicide rates dropping through the floor: https://commons.wikimedia.org/wiki/File:Map_of_countries_by_...
> because the raised barrier to entry makes gun crimes vastly less attractive.
Is that assertion based on study or "common sense?" It may well be that they don't feel the need to bring a gun because they know their victims are definitely not going to be armed anyways.
The real question would, do the criminals not use a weapon at all, or do they use weapons that just don't happen to be guns?
> broad social safety net that reduces poverty
People aren't being shot in the US because of poverty. The _majority_ of "gun violence" in the US is actually suicides. It's nearly 2/3 of that terrible statistical category. The remainder of murders typically involve alcohol and arguments.
The majority of murder victims in the US know their murderer by name and have been acquainted with them for years. Means. Motive. Opportunity. These things don't change.
This is a lame response. A man with a knife or a bat has the tools he needs to easily kill your whole family. So what is the plan to protect a family since knives and bats will always exist?
He was right leaning so you are probably correct.
But I would think his murder might have happened earlier if weapons were legal for most citizens as in the US.
I'm not so sure. The assassin took advantage of the fact that nobody was expecting a gunman. In an armed society, there would have been more defense measures present to prepare for such an attack
The number one, by far most effective thing you do comes well ahead of those armed, home entry thieves, and that is you make your home scream "GO AWAY!"
Get a dog
Employ great lighting
Put the home alarm stickers on, actual alarm optional, [3]
Clean up.
Etc...
The criminals work on risk reward. You can bias that equation away from favorable meaning the baddies pick another home, not yours.
From there, should you really feel this scenario could happen, maybe consider a gun. But if you do, please get gun education. One bad scenario is to have a gun, and face experienced users. Your chance of getting you, and or family, hurt go way up!
I do mostly identify with the left, but am gun friendly having grown up rural and well educated about guns.
[3] - no joke! Neighbors had done the sticker thing for roughly a decade. That, plus the other suggestions work well.
Opportunity cost of the additional travel time[1] that you have to spend because you don't have a car.
[1] Yes, I'm aware of european cities where cars aren't necessary or are actually slower than public transit. That's not applicable to most of the US though.
I wonder how many instacart/uber orders I would need to have to offset the cost of a car, assuming I can bike to most of my needs.
The only reason I have a car is because there are some specialized transportation needs (towing) that I cannot get from my bike. I use my bike for everything from hardware to Costco to groceries to child care to ... lots of stuff.
> I wonder how many instacart/uber orders I would need to have to offset the cost of a car, assuming I can bike to most of my needs.
Not that much. One site[1] lists the TCO of a compact car at around $33k/year if you drive it for 15k mi/year for 5 years. That works out to $550/month. Of course, if you're comparing this to getting ubers, there's no way that you'll be driving anywhere near 15k mi/year, so the TCO of a comparable car is probably $450/month. That's a lot of money to spend on uber/instacart, but keep in mind that if you have a modest commute of $20 each way, that only works out to 11 round-trips a month, or half the working days. So if your lifestyle is such that you don't need to drive to work most days, and you don't any other similar uses for cars (eg. picking up kids from school and/or driving them to extracurriculars), then by all means uber everywhere rather than owning a car.
I've got an ebike that takes me anywhere within ~10 miles easily, including picking up/drop off kids), and I'm a remote worker (though I could bike to the office easily.)
I have a friend whose only reasonable option to commute to/from work is uber/lyft. He spends more each month on that than I do on my car loan. He can't afford to make a downpayment for a car loan of his own, because he is spending that money on uber/lyft. This is a vicious and familiar cycle in America.
I guarantee you I, or anyone else with ~30m of training can get into 95% of homes without leaving much evidence that the locks were tampered with. House locks are very easy to pick open.
If I know my door is locked, and you get in, I can still shoot you since I know I locked it, thus you'll have the tools somewhere near you showing you broke in.
If it's just a code, tons of legal ambiguity comes up. Can a gf shoot her exbf that she gave the keycode to last month?
This a good point, except that I've found that people with keycode locks on door and garages hand out the keycode like candy for some reason.. way more than anyone else hands out physical keys.
Evidence of what? I can't see how it would prevent fraud, the occupant can damage the "seal" just as well, and a burglary without damage is still a burglary and lock-picking is a thing so it doesn't have much to say about due diligence either.
> getting into your house is trivially easy both destructively and not.
Absolutely not the case. With toughened glass and modern reinforced doors it is very far from trivial. At least in the UK. I understand security standards can be much lower depending on the country.
The main problem here is that manufacturers aren't incentivized to make great security systems for their cars. There isn't a ton of press about cars getting stolen like there is about data privacy.
Imagine if the folks who built FaceID, TouchID, and Secure Enclave were tasked with building car security. Cars are a lot more expensive than phones and laptops, it would be worth the $50 or $100 in extra hardware to secure them.
And as an added bonus, you wouldn't even need a key anymore because you could start your car with your face. :)
Maybe I'm missing something, but in some of my international travels, rental cars had a keypad that had to be entered correctly prior to the key working.
No key code entry, no run.
Put the keypad in 3 times incorrectly in a row, system blinks rad, you sat for an hour unless you called the rental place for an override key.
Voltage fluctuation aside, it seems like the same system.
I haven't seen a separate keypad immobilizer (the kind where you put key in ignition and turn, but engine wont start until a pin is entered into a separate keypad in the cabin) since I last sat in a Peugeot 205 in the early 90s - I'd be shocked to see one on anything made in the last decade that isn't a weird aftermarket accessory. I've never seen this on a rental car in Europe/US in recent memory.
The pin pads Ford often fit to doors are not the same thing - those are to provide cabin access without a key at places such as worksites or camping trips etc.
Running a relay into the car to a switch thats protected just moves a analog electrical problem somewhere else, it' still just two wires to jump at the end of the day
What you want is what smarter cars have, integration to the ECU. So you put in the wrong key, it does a crypto exchange with the ecu, and the ECU won't crank. Even if you crank it by jumping the solenoid, it won't power the fuel pump, the computer will still say 'I am off' sorry no fuel no timing, nothing.
Right, the image shows it connected to the battery pole. Just pop the hood, bridge the contacts. Any proper solution has to be integrated into some essential part that is difficult to access (like the ECU).
Maybe they want that thing to talk to the ECU? Otherwise, how is it locking the car?
a lot of cars have cutoffs switches for all sorts of stuff, like rollover switches, overboost limiters etc... you could tap into any of those to immobilize a car.
but you need to tuck that shit up under neath in the dash or wherever the ECU is, and that doesn't solve any issues because it's still just one wire to short out. You need something tucked up underneath you can use wireless transponder so theres nothing obvious preventing it from cranking.
Wow - the solution is to overlay a physical keylike component to the system tied to the battery. The whole point of keyless fob was to make it easier. This negates that benefit. Why not just put a key back to start the engine. Whoever is signing off on that grant money doesn't understand product design.
Car manufacturers are directly to blame for the increased theft of cars. It is a win win for them, as it results in higher car sales. If a dood manufacturer would sell doors that can be easily opened, everyone would complain. Far less so with cars.
It wouldn't stop anything. You have a car that has everything it needs to start and go just sitting there. Whether you have a physical key, password, retina scanner, you name it the issue is that the thief has physical access. For physical security they can just short some wires to make the car think it has the key, and for digital systems they gain access to the cleartext internal message bus of the car and tell it to start. The latter is the one that has more promise on making it actually secure because you can make the software required to drive the car and the car physically can't move without it but that comes with a lot of usability and performance trade-offs.
Do you believe that mechanical keys were a deterrent before the introduction of the immobilizers? And if they were why did they bother with immobilizers, anti-theft alarms, and GPS trackers?
Cool idea! Seems like car thieves could probably just carry around another device to hack it, but certainly could be a deterrent.
I don’t know much about it but it seems like a key is supposed to be the password for the car, so seemingly the key is where improvements could be made. Like add unique and random differences in the metal on each key and have the key slot read those and only turn on the car if it matches (since I guess the metal bumps are easily bypassed by thieves?)
Or couldn’t the bumps on keys just be replaced by.. pretty much anything that is physically secure and not multiple hundreds of years old technology? Credit card chips, magnet strips, 2fa fobs, fingerprint sensors, etc?
> Like add unique and random differences in the metal on each key and have the key slot read those and only turn on the car if it matches
So turn a $100 ignition switch assembly into a $3,000 1-of-1 monstrosity? Would you need to replace the entire ignition assembly if you lose your keys, or would you be able to generate a key from the ignition assembly (or VIN or other unique identifier)? Thieves would probably just do that for high end vehicles anyway.
> Or couldn’t the bumps on keys just be replaced by.. pretty much anything that is physically secure and not multiple hundreds of years old technology?
Isn't this exactly what push-to-start tech is? I'm not sure the percentage of vehicles that have push-to-start at this point but I'd imagine it's well into the majority, and increasing.
High security door keys commonly use magnets embedded in the key as an additional security layer. A lot harder to pick by hand, and also doesn't appear in photographs of the key.
For car keys manufacturers try to get away from physical keys for years, and for a remote keyfob it's just a cost question. Bidirectional communication allows for good cryptography with challenge-response protocol, but costs more than unidirectional. But then people want to be able to open their car when the battery of their fob is dead ...
I imagine the purpose is to extend the timer when attempting to steal a vehicle.
Ford had their dial pad on their vehicles for the longest time to prevent entry if you were using a non factory key to enter. I always thought that was a neat feature, but heavily under utilized.
It looks like if I connect a standard jump-pack to the starter motor it bypasses this new deterrent? Given the 50 years arms race leading to current immobilizers this seems a bit comical.
After my first car was stolen I went out to design and build an immobilizer system based on these PIC16F84 AlphaCard “smartcards”. Along the way I realized that what matters most is that it is obvious that there is something obscure like that and the real security does not matter. So I ended up with very consciously placed smartcard reader, complete with two blinking LEDs and 12wire rainbow flat IDC cable coming from that. In reality only thing that it did was that the card-present switch activated an relay that was wired in series with fuel pump relay coil. It didn't get stolen and I ended up shoving my drivers license into the slot, which for various onlookers made the “security system” look even more like some kind of high-end technology.
Edit: the original idea was that there would be some kind of reader unit that converts the ISO 7816-ish protocol to RS485 and the actual cryptographic challenge-response verification will happen in a unit buried deep inside the engine bay. Well, as long as it is one-off obscure hack, you don't really need any of that.
Q: if this is the equivalent of a password, what’s the mechanism for resetting the password? For example, you are selling a used car. Or you have many cars each of which you don’t use too frequently. Or you have a tractor that you use seasonally. In those cases, it’s totally reasonable that you would have forgotten the password. How do you reset it if it’s wired into the power line?
Way better would be a system of sliding metal panels to cover the windows when parked. Most break ins here in SF just smash and grab your shit.
Give me a way to protect the inside of the car.
Plus the fact that neither SFPD nor Oakland deploy decoy cars to actually go after the thieves - what a total failure of basic policing this area is. Can I get a 10mil grant to propose that!?
This will always be a cat and mouse game: as cars become more complicated and have more security features, there are just more points of failure. A toolmaker for thieves or locksmiths will get a new car and automate the exploitation of a vulnerability. Some new lamps are fully computer controlled with pins for 12v, GND, CAN-H, and CAN-L instead of just a switched leg and a common. If I can get access to the inside of the housing, it’s game over anyway.
A sufficiently motivated actor will steal your car if then want to. The immobilizer is kind of a joke when you can, with an Arduino and access to the CAN bus, just dump the memory of your immo controller or instrument cluster and find your pin, then use that to pair a new key you had cut to a vin.
If your car can be repossessed, it can be stolen, and the set of tools in a repo mans arsenal for moving vehicles is much larger than most people might expect. If I can get my hands on your vehicle, I can take it.
I'm surprised no one has resorted to chemical warfare. Add a can of skunk spray under the driver's seat, wired up with a motor to spray it if someone else tries to drive off in your car. Have an audible beep a few times before it goes off, to remind YOU to hit the secret switch to disable it. Car thieves will continue on their merry way, wondering what that beeping is.
Of course, you'd probably be sued by the car thief, who wouldn't spend a minute of jail time because city governments don't want to do their job, so probably not actually a good idea...
(Maybe instead of skunk spray, you could turn the radio up full blast, playing some CIA-approved heavy metal music?)
Sounds like a simple layer that can be retrofitted easily, but "there's nothing to hack" is absurd. The truth is that car security is bad, and any killswitch at all is something they don't come with standard.
Use a manual transmission. I had a car that in the previous century (Saab 900Turbo 5spd) was visiting in NYC and found it broken into, scratches around the ignition (also in a weird place in the center floor), but not stolen; clearly they had no clue about operating the gears.
These days I read multiple articles about would-be thieves foiled by manual trans.
It is merely security by obscurity, but it is nevertheless effective.
Nobody that doesn't already know how to drive a manual thans is going to figure it out in the 60 second window, and very few people already know.
As a kid, I watched my father pull a single fuse from the family 4x4's fuse box whenever we left the vehicle unattented for any extended period. Does a practical, lower-tech deterent exist?
My buddy has an 89 Prelude that got stolen a couple of times. It basically got driven around and left with an empty tank around town both times and no signs of break in. I think the keys are relatively common for those so maybe the thief has one.
Anyways, I installed a switch up under his dash the disconnects the fuel pump +12v wire. It takes just a moment to flick the switch if you know where it is, and afterwards, the engine will crank and crank and crank and sort of sound like it wants to start at first, but never do anything. It would probably take several minutes to find it if you had to look for the switch, especially if it were at night and you were trying to steal the car. Seems like a good lower tech deterrent to me! The car has not been stolen since.
> I think the keys are relatively common for those so maybe the thief has one.
I have a buddy who had an old Ford in San Francisco. Once in a while he'd get in the car in the morning and notice that it felt .... strange. He couldn't put a finger on it. Then one day he had to get to work a little early and showed up at his car much earlier than normal. He found a guy sleeping in his drivers seat. Needless to say, both were startled and the homeless dude ran off, leaving a big bunch of keys behind in a keychain. Those were "master" keys to get into a whole slew of older vehicles.
I remember (in the late '70's or maybe early '80's) a friend's car where he added (it was not unusual at the time to add "accessories" to cars, like fog lights or rear lights ) a number (four or five) lever switches (connected in serie) that acted like a dip-switch, you had to set them in a given pattern (like up-down-up-up) to be able to start the car.
> They might perform some combination of flicking the windshield wipers, turn signal or headlights on and off, or locking and unlocking the doors.
I'm just imagining having this technology become ubiquitous, then using it without knowledge of how it works. We end up with magic incantations that a general population does without reason. People already do so many things on their computers etc because that's how they learned it the first time--whether or not the specifics of their actions are relevant.
GM seemed to have had this right in the late 80s and early 90s with VATS: my Camaro had a resistor integrated into the key, and if the ECM sensed the wrong resistance, it wouldn't start or run the ignition. I think there were a large number of possible values, and it would lock you out for a while if it detected a couple of failed attempts. It also seemed pretty good at preventing theft, and can't possibly be more complicated or expensive than the silly fobs everything comes with.
I think chip-keys are extremely common now - my twenty year old Infiniti has one. Car theft rates have been declining for thirty years [1]. I think thieves focus on either the remaining old cars or very specialized efforts for new cars.
They were first designed (and patented) in 1919. More importantly is that they're now required on all new cars sold in the US according to Standard No. 114; Theft protection and rollaway prevention, though I'm not totally clear on when that got passed.
My buddy uses a big-ass knife switch on the battery + terminal, under the hood.
Since you have to open the car to 'pop' the hood, the only way to steal it is to get inside somehow (slim jim, smash the window, etc), pop the hood, pop the hood safety, know which black plastic box has the knife switch, open that, close the switch, close the hood, hotwire the ignition, and, finally... drive away.
Too much trouble. some other victim car will be chosen by the typical car thief.
That works on older cars, on newer cars they will run like shit if they are constantly killed. The ecu likes to learn things, the transmission ecu, the radio, all your settings. A knife switch on the fuel pump or starter would be better.
This seems to be the automotive version of port knocking, but deployed in an environment where the attacker has the equivalent of physical access to your server.
Easier solution: take off one highly visible trim piece from the dashboard or console of your car, and throw a $20 DMM on the passenger seat. A couple random bits of loose wire in various colors for effect, maybe a half roll of electrical tape, and nobody's going to take a second look.
Source: nobody has ever stolen any of the cars I've owned while I've been troubleshooting the ongoing electrical problems.
What's the value of the underlying implementation here? Is it just the ability to retrofit?
From a user perspective, this is "you need to physically be in the car and scan your thumbprint or type on a keypad to start it"; it seems like there are lots of simpler ways that such functionality be built into a car by the manufacturer that are just as secure, it's just that there's no demand for it.
In the late 70s my father had a Simca with part of the ignition key lodged in the ignition lock cylinder. Getting the replacement key from France was going to take ages, so he rigged it up so that you had to flip a toggle switch he'd installed on the dashboard and honk the horn in order for it to start. It was the opposite of a kill switch.
I’ll let you in on a secret that would deter care thieves.
Adequately punish the ones police happen to catch.
It’ll create a reinforcing cycle. Police are more interested in pursuing these cases because it’s worth it for their time, and thieves will be dissuaded from car theft because there might actually be consequences if caught compared to the current slap on the wrist.
It's interesting to read how many comments here underestimate the sophistication and expertise of mechanics and car thieves, and, all of the poor suggestions to overcome theft. This despite the userbase being technical.
I wonder if there's a mechanics forum somewhere in which posters are confidently proposing Caesar ciphers and so on.
Colleague had a Mini Cooper in the 80es where the Choke could be pulled but pushing it back did nothing. There was one traffic light that was always red (for the street with no priority) where the owner went around and pushed the lever back. The car was stolen once and found with the carb flooded after a mile or so.
I know someone who wired their turn signal / high beam stalk to need to be pulled while turning the ignition key. Back in the early-mid 90s, my dad had a tiny light switch that needed to be toggled before starting the car.
It's ridiculous this sort of thing is needed, but it's sort of...fun?
Im pretty sure 90s Hertz rentals in Italy had something like this. It was terrible, unreliable and once left us stranded.
Whats not clear to me is if this blocks the starter (high current) or is a bit smarter by blocking a lower current component (like injector pump, or the ignition).
This is a perfect example of why research grants have so much red tape and approval. Apparently the process can still fail horribly, and over a million dollars can be wasted building something that was invented by a farmer in their barn in the 70’s.
This is a tech solution for a non-tech problem. Why is there an uprising in car thefts? Why do people feel the need to steal someone's expensive property?
Deal with those issues first. Or someone will smash a window to steal something valuable no matter what you try.
This, however, is not a good solution. A starter relay kill switch, hidden somewhere non-obvious, is far better. Not a suitable solution for mass-market of course, but, for a hacky intermediate solution, it'll work just fine, which is all the power sensing keypad is good for but with way more steps.
The actual solution is to have real cryptographic security that isn't subject to replay attacks. Not difficult to do, or expensive, and already exists.
People used to use horses for transportation. You can't lock a horse, but there were substantial penalties for stealing a horse. It maybe was a capital crime at some point?
You're right, the technology of horse locks wasn't available so people went to other lengths: branding, guards, registering of horses. In societies where there was the death penalty for such things there was still horse theft.
Most of those aren't actually solving the same problems, but the point wasn't that non-tech solutions are always better, rather that if you solve the source of the problem you don't need annoying tech workarounds.
I'm not saying don't bother protect personal assets. I'm saying don't bother with an additional and pretty stupid protection. Just a game of cat and mouse.
Paraphrasing: "And you would have to turn the windshield wipers on and off, switch the radio off, flash the headlights and our clever device will then permit the car to start."
Yeah, that kinda sounds like my Caterham 7 back in the 1990s during wet weather.
How about working car alarms?! Two of my family members were hit in the same week (back window smashed) and the alarm never made a sound. Luckily both of their cars weren’t susceptible to the common attack…so the damage was minimal.
Another DIY solution I've seen is magnet activated switch in a place in the panels & magnet on keychain. Short of tearing the car apart you're gonna have to know where to hold the magnet.
Maybe we should insist that production key fobs are secure. It is only pure laziness and incompetence that has resulted in them not being secure. The tech is not difficult.
It seems really sluggish to do all this. Just spitballing here, but what if instead we have some sort of key... and it goes into a keyhole... and that starts the car? /s
Most of these car thieves are probably repeated offenders. You need to catch them not only foiling them. The simplest way to catch and prevent these petty thieves is to enable the car's available 360 camera (or install after market solutions) that always monitor its surroundings and backup this data to the cloud (could be real-time connection or intermittently with local-first technology). The camera data should be kept only for several days and rotated as any backup in order to keep the cloud storage affordable for the masses. This simple way should easily catch more than 99% of the car thieves even the most sophisticated ones.
From 2015-2020. I started keeping it locked away since 2020.
You're obviously wrong about the car thieves, because this happened to my car. Two of the thieves were central american gangsters. They left reggaeton and stolen audio systems in the car. Another guy was an old meth-head, who stole and lived in it for a week by the bay. I found all his drug crap in it afterward.
But on modern cars, cigarette lighters are disabled when the ignition is turned off. So you can't use any device powered by the lighter to start the car.
Is the whole security around this burying the relay bypass so far inside the car that no thief would be able to easily bypass this by just bridging the relay?
In Israel, all the rental cars we rented had a keypad and you had to enter a 4 digit pin to start it. That sounds simple. This sound a bit more complicated.
Now I’ve seen grift, but come on. I want to hire their grant writer.
Literally a relay in the starter lead. This looks like one of my afternoon projects, and I’m not even joking. I have a 1990s montero diesel and it leaks power, and I often forget to disconnect the terminal.
So I bought a relay from AliExpress (same one shown in this photo but one size up) and hooked it up with an esp32 and some discrete components.
It senses my phones Bluetooth radio and energises the relay if I turn the key on when I’m within a few feet, as well as any other Bluetooth radios I authenticate.
I can also just turn on the wipers momentarily and it will latch the relay. If the vehicle is not running, the relay unlatches in 15 minutes.
That way I can basically forget that it exists, problem solved. It has been working flawlessly for two years now. The whole thing took me about 3 hours to put on strip board and program, another half hour to enclose and mount it.
Give me an hour more in micropython and I could make it require a passcode entered on your phone with a secret wiper switch sequence as a backup. If I threw a five dollar Hall effect current sensor (as shown in their project) it could require a whole dog and pony show of switch activations to unlock it. Adjusting it to different vehicles would be a one- time calibration sequence like I use for my water flow meters.
This is a frustrating yet common sort of take. Yes, this is simple, as the article clearly points out. Yes it is obvious in retrospect. But did you do anything with your brilliant work besides bodge your terrible car a few more miles down the road?
There is value to developing the entire system... to ensuring the keypad mechanism is reasonably robust and tamper proof. There is value to understanding the vehicle as a system and reasoning out this defense strategy. There will be value in preliminary productization of something this for mass production, especially as regards the use of that terrible 12v power port and providing the 'fingerprint' in a safe range of voltage fluctuations to avoid catastrophic and probably non-obvious failure modes. There will likely be D.O.T. paperwork, and UL listing.
$1.2 million is probably a bit meager to truly develop something like this.
Yes, you can hobble some crap together on your Montero. Congratulation. Hardly a solid foundation to speak ill of this team doing something genuinely productive.
It is obvious in retrospect because this concept has been around for 30 years. A common killswitch mechanism that I remember being implemented in the early 90's was a system that tied into accessory devices. On my friends car you had to put the key to ACC, then turn the cruise control on and off, and then engage and disengage the parking brake before the car would start. No other obvious lights, buttons, switches, etc. And you could install the killswitch device to tie into basically any 2 systems that used battery power.
My father disconnected the distributor (correct word?) and took a piece of it with him. Definitely a killswitch. That was in the 70s. Cars got more complicated around 1980.
> My father disconnected the distributor (correct word?) and took a piece of it with him.
Yes, my dad was used to removing the rotor from the distributor (small piece, easy to pop off and unless the thief just happens to have the correct model handy, the car can't run) back in the 60s (maybe he did it earlier).
I'm pretty sure some form of this has been popular for just about as long cars have had an electrical system.
But Dropbox made rsync more user friendly and available to people who weren't techies.
The concept of a starter interrupter has been around almost as long as the automobile itself. Ways to engage and disengage that interrupter have evolved and advanced over the years. Older folks will remember cars with a keyswitch on the front fender, and then a keypad inside, and then hidden switches like I described in my OP, and then IR and RF remotes, and so forth.
The basic concept in the linked article is not very novel, IMO. The specific implementation is cute, and somewhat current in the sense of evolution of these systems. But the whole thing is as noteworthy as the next arm64 advancement.
Is there actually a significant rise in car thefts? Or did we just hit an acute rise in car thefts of two particular models, caused by the discovery (Well, publication, really) that they are still using 30-year-old security?
Good question, it seems like car theft is on the rise, yes. And it’s spiking in particular metro areas (Milwaukee, Chicago) more than average, although national trends are also up.
In California, if youre car is stolen and then found, the cops will give you a fat ticket and tow your car and then give you a ticket for it getting towed. Somehow getting the car towed is also a ticket.
Moving illegally parked cars for the myriad reasons it is necessary is completely understandable. The fuckery, though, is beyond the pale. It should be a fine of the cost of doing business of moving your piece and not a penny more. Instead it's a racket
A salient issue has been that Hyundai/KIA didn't implement any anti-theft mechanisms on certain models, and recently the details about how to steal these cars has become popular knowledge, and now people who own the affected models can't even get insurance on them.
There's been some other exploits to infotainment systems, but AFAIK, they are all limited to proof of concepts. And the radio-repeater that almost works occasionally on some cars with wireless key access (better implementations have proximity detection which prevents this attack vector).
As it turns out, immobilizers are pretty damn effective.
If I owned an effected Hyundai/KIA, I'd do like we all did with 90s cars and put a killswitch in. It's not professional car thieves hitting the bulk of these cars, but mostly bored people showing of. So if YT can't show them what to do if the car won't start, they will go away.
I would say because of how it must be installed, and that it is probably not common knowledge. In my country, it is not unheard of, but I hadn't heard of it until my electrician mentioned seeing one on a car he worked on recently. I asked if he can install one for me, and he said he doesn't know how, nor did he know the name of the person that installed the one on the other car.
> On my friends car you had to put the key to ACC, then turn the cruise control on and off, and then engage and disengage the parking brake before the car would start.
That’s a cute trick, but if a current day equivalent is integrated into modern day cars (i.e. CANBUS-based), then the security is already defeated.
No one challenged the security of the “cruise control cheat code” of the 1990s simply because there were no devices small enough.
The other bit is that criminals weren’t sophisticated enough.
And that's all well and good, but maybe introspect here for a second? You're upset that your accomplishments aren't being respected, immediately after discounting the accomplishments of others.
The point is that your car's modifications and the university's are similar, but different, particularly in scale and broad robustness, which adds difficulty in ways you may not be appreciating.
$1.2 million may sound like a lot to you, but to pay a team of people to work on, and provide materials for them to work with (especially cars, which generally aren't cheap, especially used cars right now!)... Well, it likely doesn't go as far as you think it does.
The professor did gloss over briefly the difficulty in making the system work for a large number of vehicles, before arriving at a viable "signature" idea, as the article describes. Sounds like an area with a lot of false starts (heh) and time consumption, and dead ends.
The professor should have seen that he could send a signature over the airwaves to his relay since that is even more universally compatible… plus, you can buy that exact device for about $20 at the online retailer of your choice.
Cover the two PhD students at the NIH payscales for PhD students on a standard training grant[1] ($43,894 not including benefits) and you've used up over a quarter of your budget on less than half the salary needs, completely ignoring any research costs that need to be covered on top of the much higher payscales of the professors. Plus a large number of PhD students in this kind of work make more than the states stipend above. Not extravagant.
Where are you seeing $44k? The link you gave shows payscales for postdocs, and points to another page [1] showing that predoctoral trainees get $27k.
Also, in my field and in my region, $27k is massive funding. I don't know anybody who makes that much, let alone $44k, and we also don't get tuition or benefits covered. Our TA/RA union is currently striking because it's essentially impossible to live off of funding alone.
I'll give you that I misread bullet 2, so the total is a little over 31k. But grants that fund salaries for predoctoral scholars don't just fund the salary itself, they also cover the additional funds listed on that page. You can't partially fund a trainee on a grant. In any case, this wildly misses the forest for the trees - 1.2 mil in grants does not cover 6 years of salary plus research costs for 2 trainees and 2 professors full stop.
Absolutely, 6 years with a 1.2mil grant is ridiculous. I was just hopeful that somewhere there were PhD students making enough money to live from research
I’m not disparaging their work. It is probably really cool, and they probably published some great information that will be useful to many. I don’t doubt it was challenging for them, but I do doubt that the problem was fundamentally challenging from en engineering perspective.
As for my “work” it is literally insignificant tinkering by a bored old fucker with nothing better to do than chat on hacker news.. I don’t even respect my work, and anyone who thinks more of it than digging a ditch is just wrong and has obviously never dug a ditch.
But, just calling it like it is, the “signature “ thing they are working on is something that is already solved for decades and if it took anyone more than a week they may not have a clue what they are doing. I have implemented a version of it myself in a technically adjacent application.
In case anyone cares enough - and you probably shouldn’t- feel free to read my incoherent ranting that follows:
In my case I use load vector analysis it to detect and characterise loads on our microgrid. We have several buildings and houses, and we run 100 percent solar on an off grid system.
Using an esp32 and a current transformer coil on each of the three phases, with some good 16 bit ADCs, we monitor and characterise loads. Each of the refrigeration compressors has a somewhat unique starting and load profile. Each water pump in our utility system similarly has a unique startup and load profile. Same with air compressors, fans, and other equipment.
The profiles are programmed into the esp32 by putting it in calibration mode and switching the load off and on 10 times. It’s a pain in the ass because you have make sure no big changes happen in the power system in the meantime, but it works.
The MCU saves the signature as a vector and assigns it a number if it doesn’t sit too close to any existing vector signature.
It is really good actually, even being able to discriminate between identical pumps on the system because of their supply impedance and loading.
I’m not a data scientist or an actual engineer so I adapted some vector code from a DSP project, and the whole thing took me about 2 days using the Arduino IDE (please kill me)
I’m basically an idiot. Anyone who does this for a living should be able to do it in less than half the time.
There are still some rare false negatives because a grid can be quite chaotic, but in general it’s very accurate. In a simple D.C. system like a car in the off condition with predictable loads I would fully expect 4 nines discrimination.
What they did was cool, but it wasn’t hard. Not saying it wasn’t hard for them, and maybe they learned a lot, but I’m pretty sure that 1.2 million to solve the problems described in the article is two orders of magnitude off of reasonable.
From the provided description, If a single engineer with decent tools could not have this from zero to a production ready GERBER file with masks, stencils, and the works to send off for automatic assembly inside of a month they should probably look for another line of work.
Of course, if they work like I do which is to say they don’t, very much, and they mostly drink coffee and fuck off all day, then I’d give them a month and a half knowing full well they did all of the actual work in a week of panicked thrashing, creating months of technical debt in every line of code to build the glass house that somehow works without passing any of the tests but that’s fine you just rewrite the tests.
Of course certification and things like that are a whole different beast, but this was a CORE research grant.
1 line barely acknowledging the criticism, 4 lines defending the car whose feelings I can assume have been mortally wounded. The defensiveness around the car is ironic given how casually you threw out your needlessly negative hot-take.
Nah, you can’t hurt pure evil. It just sits there, awaiting its next victim.
I hate that beast, but it’s my beast to hate.
You can’t just talk shit about it from your comfy chair, or sitting on the toilet with no circulation to your feet, or whatever — that’s something you earn.
You earn it with mild first degree burns on your right leg and tinnitus like the rest of us.
If I seem abrasive and unnecessarily combative, it’s probably just the incessant itching of my leg and the trauma from driving that thing.
There are dozens of similar mechanisms for sale on Amazon/aliexpress. A car alarm with an immobilizer is more advanced than this “innovation”.
They are claiming that the novel part is using voltage fluctuations to unarm the immobilizer and claiming that it requires less installation since the signaler device can plug directly into the cigarette outlet. A wireless relay requires the same cuttoff relay installation as their “new” idea, but is even more convenient because you don’t have to install a bodged together keypad on the cigarette lighter, and short your electrical system to cause voltage fluctuations.
They have blown through 1.2mm in grant money and their product is a bunch of prototype parts from a $50 arduino starter kit. It isn’t polished, it isn’t ready for consumers, it is a single prototype.
I guess the idea of causing voltage fluctuations is novel, but they sort of reinvented a $30 wheel for 1.2 million.
I work for a major OEM in automotive. Getting ANYTHING “simple” into real cars, especially anything related to physical access and starting the vehicle, is a huge undertaking. $1.2 mm is cheap for this sort of feature, assuming that money goes to the actual implementation, standardization, homologation, and integration on the assembly line.
> $1.2 mm is cheap for this sort of feature, assuming that money goes to the actual implementation, standardization, homologation, and integration on the assembly line.
Maybe I'm reading it wrong, but it sounded like the $1.2mm went to some prototypes and a research paper.
They already spent $1.2mm. They have a prototype hand wired together. This isn’t even close to production ready, and it never will go into production because almost every new vehicle has an immobilizer built in that is authenticated via an nfc chip in the key that does exactly what this does, but transparently without driver input.
The car is a complicated product. It’s not a website. It’s not an app. My employer has 120k+ employees and factories in every continent except Antarctica. Regulatory bodies interject with anything related to access and security, and those bodies are different in every country/region. The product itself is massive physical good that many countries consider domestic production of which to be a matter of national security. Every single physical change to the product is analyzed by bean counters. Shipping the product requires at least some level of expertise in mechanical engineering, chemical engineering, hardware, software, and manufacturing. You need factories, regulatory approval, supplier networks, programmers, drivetrain engineers, management, people to lobby the government, accountants, and much more. You need it all.
You’d be shocked at how difficult adding a single physical button to any given car can be. Scoffing at $1.2mm for a new ECU that relates to security is naive. “I could do this in one day in my garage” is not how shipping a change to automotive products works.
There is zero novel research here, and the entire purpose of the 1.2 million dollar grant was research. All the value you are mentioning is related to bringing a product to market, which is something that the grant did not require and universities don't usually follow through. Most of the time transition to industry happens is when there are motivated companies who do all the work to bring the device to market, but need university patent licenses and expertise to do so. This would be a great senior project, but it is a complete waste of money for a cyber security grant.
I disagree: the device monitors battery fluctuations to 'authenticate' the driver. the fluctuations need to be a specific pattern - delivered either by a device plugged into the 12v accessory port, or by some specific pattern of driver behavior, such as quickly flashing lights, activating wipers, etc. This is indeed a novel approach.
And it is a fair sight more involved than a simple kill switch, by the look of things. The research aspect comes from exploring the practicality of such an approach. This exploration requires prototypes, test beds and investigators.
Who's really to say what the results of the research will be, at this point? In my opinion, I think smart phones and NFC are probably the way to go... but I'm not going to hop on the internet and make scornful remarks until I know more. I'm not sure why you have done so?
That's the problem with the whole concept. Anybody can build a shockingly simple kill switch for $5 and a 5 video on YouTube. What are they trying to bring to market exactly? Cars have been around for 100 years and there have been hundreds if not thousands of these things brought to production during that time. They're all junk, they all fail and flop.
And great if you thing that those voltage fluctuations are gonna be consistent. Eventually some switch will corrode and then the person's wiper switch won't fluctuate the voltage properly. Nobody will want to reset their clocks using this every time they get in the car. Your break-in alarm won't work with the battery disconnectred. Car manufacturers will be pissed that you're disconnecting the battery because they can't get your telemetry and the car can't update while you're not int it. And then when you have problems, this will be the first thing ripped out of the car by your mechanic. This whole concept is flawed, and anybody with basic car or electronics knowledge will stay away from this thing because they can do it themselves.
And here's the kicker... anybody who doesn't have basic knowledge won't be hooking this thing up to their battery. They are terrified of even touching the battery. Congratulations on your marketing BS, but it's clearly not thought out from a common sense perspective at all.
If you read TFA then you'd realize they've solved almost every issue you throw down. They allow enough current through to power electronics (like your break-in alarm) but not enough to turn the engine over.
The target market for this is not "anyone with basic car or electronics knowledge who can do it themselves"... it's, "people who want an extra level of defense against car thieves".
This is the same kind of take as going to a nice restaurant and loudly exclaiming "$50 for a steak?! I could pay $8 at the butcher and make the same thing at home!"
It's more like a researcher getting a $1M grant to study whether putting salt on a steak makes it taste better, and a chef saying "Wtf, we've been doing this forever"
To be fair, most universities are great at interesting research but are also terrible at even preliminary productization. I highly doubt this $1.2M will go towards DOT paperwork and UL listing. This will go to a research prototype, then either get dropped off at the tech transfer IP office (good luck there), or spin out a startup. In the latter case, I'd have much rather seen this grant go directly to the startup, than pay the high Uni overhead.
$1.2 million sounds like a lot but there is a team of people working on it for a whole year. There is some insurance OP doesn't have in case it's proven one of these devices did cause a crash. If this was some Kickstarter I feel like it would cost more and be 3 years behind already.
> There is value to developing the entire system... to ensuring the keypad mechanism is reasonably robust and tamper proof. There is value to understanding the vehicle as a system and reasoning out this defense strategy. There will be value in preliminary productization of something this for mass production,
Optional extra on Series 1 Citroën XMs, an immobiliser keypad programmed into the engine ECU. It cost about 100 quid in 1990 money, on a 40 grand luxury car. Most V6es and 2.5 diesels had them, few 4-cyl petrols or 2.1 diesels had them.
There's no need to spend $1.2M developing something that's already existed for a long time. This was actually a development of a similar keypad fitted to most Citroën CX Turbos, from the mid-1980s. The idea is nearly 40 years old.
It's inexpensive proven technology, and it works well.
Probably half the award is taken up by indirect costs at the university, leaving the remainder for a few PhD students to be funded, money for the devices, and any studies where they are probably paying participants to use the device.
$1.2M doesn't go that far in terms of grants. As far as whether this is a good investment for the government's money, I'm a lot less clear. Given all of the recent car thefts due to TikTok, I assume that influenced NSF and the reviewers.
And an evergrowing administration, at least where my mom works. She said they used to take 1/3 not that many years ago, now it's 1/2. In the same period the administration has grown considerably.
A big problem is they don't always get all the money they apply for, and so with the added overhead there's sometimes very little left to do actual science.
Space is limited and coveted. What better way would you propose to allocate it than to give it to who can bring in the money to pay for it? That money goes to building new spaces, which is good for everyone.
Open up all federal grants -- especially NSF grants -- to anyone with credentials or experience necessary to PI (so, a PhD or equivalent industry experience). Broaden the reviewer pool so that each panel is at least 51% non-Professor expert citizens.
I can do a LOT of advising and conduct a LOT of research with close to 0% overhead. But most NSF grants are only possible to get if you attach yourself to a university, and at that point it's just not worth the effort. Everyone loses, except for the academic industry, which gets heinously immoral labor laws exceptions so that TT professors and admins can retire-in-place on the taxpayer's dime in their mid 30s.
What possible actual reason does the NSF have for requiring research work to be done at universities?
> I can do a LOT of advising and conduct a LOT of research with close to 0% overhead.
Spoken like someone whose never done research. I’d love to hear what kind of research you think you can do at 0% overhead. No one can do anything at 0% overhead, are you serious?
Consider it rent+taxes to live in the University environment. You get access to libraries. IT infrastructure. Special equipment and space for your research. Lots of competent smart people eager to help you with your project. How much would you pay for that?
I worked at a startup and between the rent for our office and our individual rents, like 80% of the VC money went into landlord pockets.
Also there are plenty of “tax breaks” you can get so that you don’t have to pay so much. Capital expenditures will be taxed at 0%, so you can get your overall rate down significantly.
It does certainly feel excessive as an academic. I've never seen actual tracking of where the F&A money goes in terms of a quantifiable breakdown, e.g., what fraction goes to university accounting for doing their needed work for supporting a sponsored project, what amount goes toward electricity, etc. Universities always seem to be negotiating with the Federal government to raise the rate. When I was at an institution with a 45% rate, though, it let me stretch my grants a lot further by allowing me to fund more students.
Usually about half. It's designed to cover the costs of running a university research program spread across all the projects. So a 10MM project provides 10x the funding that a 1MM project provides. Think things like health insurance for the researchers, covering time between projects, lab capital costs, electricity, administration, accounting, even the cost of writing grants.
There's a valid question of if that number can be smaller, but the general concept makes sense.
This is very close to what the original LoJack did in 1979. They added keypad to replace switching on lights:
[LoJack] could also include the incorporation of a scheme whereby an additional step was required to activate the ignition. Prior to starting, it would require the activation of any number of the usual vehicle features such as the radio, headlight switch, or other switched device. Without knowledge of the proper procedure, it would be almost impossible to activate the ignition. Modern transponder key based systems made the original LoJack starting system obsolete
> Modern transponder key based systems made the original LoJack starting system obsolete
Transponder keys aka immobilizer systems.
All those Kias being stolen in the US are being stolen because the US does not mandate any form of immobilizer, and thus Kia on their cheapest models didn't include one.
Canada mandates immobilizer systems. Guess where the whole "Kia boys" phenomenon isn't a problem?
This is one of many examples of how our "democracy" isn't working. The vast majority of the US populace would agree that an immobilizer system which prevents a car from being started with a screwdriver is a good thing.
Every time it's been proposed in congress, the automotive lobby has told congress how very expensive it would be for them (and by very expensive, we're talking probably less than $100 per car.)
The expense to society (the owner losing their likely sole means of transport to work, health care, social activities and suddenly having a massive expense), police response to do something (er, just collect the report, I guess), the lost productivity, emergency services, and medical costs of people injured (victims or perps) from joyriders...all that goes unmentioned, because nobody's spending money to put someone in front of Tommy Tubletone from chucklesville to tell him that it'll cost everyone less to mandate the things.
Consider that ABS was not mandated in the US until 2012, along with traction control.
Compared to a lot of european "socialist" countries, we have much worse alignment between public opinion and legislation, and it's because of how powerful lobbying and corporate election funding is here, and a pervasive, insidious effort to portray anything other than wild-west free-market attitudes as "communism."
Speaking as someone who's reviewed for NSF before, I'd have expected this grant to also include resources to get the product to market, which I'm assuming you haven't done.
Not on the battery relay, no, but I have done some small scale hardware projects (>10k units) , and for something like this I’d need about 250k to make 10k units of a <$10 BOM setup like this. Not sure what any relevant certificates might cost though. At any rate it’s not going to be good for your vehicle warranty lol.
But they might be funding for marketing costs and other soft expenses. Nice project and a great jaunt for a year or two. I’m sure they will learn a lot. Good for them.
The real screwy thing here is it’s like they did no market research or customer testing here. There are already a multitude of cheap, sophisticated, highly effective solutions in this segment that are much less user hostile than this gadget seems to be .
I don't think so. NSF Small Business Technology Transfer (STTR) and NSF Small Business Innovation Research (SBIR) grants include getting products to market. But this is a regular research grant from NSF Secure and Trustworthy Cyberspace (SaTC)[1].
The SaTC does have a Transition to Practice (TTP) option. However, this research is CORE (see the text "CORE" in the project title [2]). The objective is to write research papers.
Hmm. If the can figure out how to make it so I can’t just tear their device out and hook up my own battery cable they might be on to something, but most new cars already come with sophisticated anti tampering measures.
At any rate, good for them. It will be a great learning experience at least.
Agreed. This is just fancy marketing for what is is essentially a battery with an obscure and overly convoluted password scheme to output >x amps.
Also:
Plugging in a battery booster down stream of the device's imposed amp bottleneck seems like a stupid simple circumvention.
Maybe it isolates the starter circuit, but that starts diminishing it's selling point of being simple and universal, if you need to start dealing with differences in wiring.
Echoing the sentiment from many of the replies, it's easy to arm-chair quarterback and criticize others' work (and moreover, the existence of the work itself) as intuitively obvious, and therefore lacking value.
Besides the fact that it has value to someone (therefore the grant award), the devil's in the details, and a grant like this isn't just for the idea, but also for development and productionizing.
But, going back to your point... if you think you can do better, than by all means do so. Seems like sour grapes that someone else is capitalizing on something that is intuitively obvious to you.
That’s what people said about Dropbox too. I can set this up in 5 mins with rsync blah blah. There is value and effort involved in making it production ready, seamless, general population ready etc.
> There is value and effort involved in making it production ready, seamless, general population ready etc.
This wasn't done. Well, it wasn't done by these researchers, but it has been done countless times before by other people. This research is a joke.
Edit: I've realized the dropbox comment reference is an appropriate reference, but in the exact opposite way you're suggesting. All the ignition interlock switches already on the market are dropbox. This researcher is the one saying "look what I can do with rsync."
Because there’s no product market fit here. There are a myriad of far more secure and user friendly alternatives. I briefly investigated the market thinking maybe I had something cool, but there are a thousand better solutions under 20 dollars.
The only way something like this gets traction is “as seen on TV” marketing to naive consumers, and I have no interest in building for that market.
>That way I can basically forget that it exists, problem solved. It has been working flawlessly for two years now. The whole thing took me about 3 hours to put on strip board and program, another half hour to enclose and mount it. Give me an hour more in micropython and I could make it require a passcode entered on your phone with a secret wiper switch sequence as a backup.
So, basically a custom rig, with some shit that might or might not work from AliExpress, is out of the question for anybody not knowledgable in electronics ("hooked it up with an esp32 and some discrete components"), and needs even more work to have a functionality that would come in standard in a
commercial solution.
Not sure about the details of this particular grant, but with federal grants usually you don't get a million dollar check to develop your idea. The money is divided in phases each requiring a set of milestones to be completed, reviewed and approved for you to have access to more resources. The total grant may be a million, but you may first get 100K and 6 months to show a working version then the next phase if approved gives you 200K more and so on.
There was a news story a while ago that detailed a paper that coined a term, something like “time battery”. It detailed how data centers could save money and power by processing intensive tasks during off hours.
It seemed like a simple crib job would cover the entire premise. Let alone all the other strategies out there.
It wasn’t clear to me if the paper in question recognized that people already do that with computers. I tried reading it but it was pretty hard to get through.
I thought I had the only 1980's-vintage Montero diesel. 4D55 4 cylinder engine, no turbo. That engine with a turbocharger was sold in Mitsubishi pick-ups, but as of 1985, the 4D55 was not imported. Had to import it myself, long story. I understand there are replacement engines in Chile.
The boomer in me suggests that you buy a manual transmission automobile to deter would-be thieves...
Regarding the article, I get the idea that essentially this is a stripped down version of using something like a Yubikey to access a workstation (in this case, a car). I chuckled at the idea of doing certain actions within the car to get it to operate.
Car theft isn't such a big problem in the town I live. The problem is random vandalism. Kids party in the parks all night and at random times go out to spray paint buildings, break off rear view mirrors, smash windows. I haven't been hit yet, but two neighbours have.
Ok, but can you please make your substantive points thoughtfully, without name calling, fulmination, or putdowns? This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.
.svg){kind=link}
I drove in it once to get lunch and near the beginning the car begins sputtering and he's like, "oh right, you're thirsty" and reached under and flicked the switch. So understated, I still laugh at the memory.