Volkswagen Passat & Golf Security Flaw Kept Secret By VW

turbovan+tdi

Top Post Dawg
Joined
Mar 23, 2014
Location
Abbotsford, BC.
TDI
2003 TDI 2.0L ALH, auto, silver wagon, lowered, Colt stage 2 cam, ported head,205 injectors, 1756 turbo, Malone 2.0, 3" exhaust, 18" BBS RC GLI rims. 2004 blue GSW TDI, 5 speed, lowered, GLI BBS wheels painted black, Malone stage 2, Aerotur
Here's a situation with a new Jeep Cherokee. Its involves someone that I know well and completely trust.
He bought a new Jeep Cherokee last year. He and his wife drove to to visit his daughter in another town. They went to church with her. They turned the car off, got out of the parked car and locked the doors - keys in hand. After church they came out and the car was gone. They assumed it had been stolen. But looking around they found it across the street engine racing having crashed into something. By now the police had been called and very soon arrived.
Here's what had to happen...Some how the 'hack' was able to start the car AND put it in gear and to an extent (though I'm guessing on this last one) accelerate the engine. Upon inspection the engine was still running, and the car was still locked. If my memory serves me one wheel was still spinning. The police report verifies this.

Its definitely possible the hack was a local drive-by or nearby hack. But I am increasingly considering the idea that the hack was done via satellite. Also important is to realize what use to be various mechanical components in cars - as in the actual physical mechanics of the ignition key lock , of physical mechanics of putting the car in drive, the physical cable of acceleration are now done with a computer system and electrical switching.
And of this is the case that cars can be controlled in this manner car companies have been silent about this technology.
This vehicle was brand new - maybe a couple of weeks old. The car dealership was only minimally responsive with the person that owned the Cherokee having to absorb a month or two of rental charges while the debate back-and-forth on what to do went on.
But the idea of a satellite based hack seems reasonable to consider.

Not sure how the Sattelite could move the shift lever unless its also push button?
 

atc98002

Veteran Member
Joined
Nov 24, 2006
Location
Auburn WA
TDI
2014 Passat TDI SEL Premium (sold back), 2009 Jetta (sold back), 80 Rabbit diesel (long gone)
Not sure how the Sattelite could move the shift lever unless its also push button?
Don't a number of FCA cars use a dial to select the gear, which I imagine is completely electronic?
 

turbovan+tdi

Top Post Dawg
Joined
Mar 23, 2014
Location
Abbotsford, BC.
TDI
2003 TDI 2.0L ALH, auto, silver wagon, lowered, Colt stage 2 cam, ported head,205 injectors, 1756 turbo, Malone 2.0, 3" exhaust, 18" BBS RC GLI rims. 2004 blue GSW TDI, 5 speed, lowered, GLI BBS wheels painted black, Malone stage 2, Aerotur
Don't a number of FCA cars use a dial to select the gear, which I imagine is completely electronic?
Even if it was a dial, it doesn't have an electric motor in it so it still requires external force to move it.

Its kinda like those movies where they ghost ride and somehow, the whatever's manage to move the shift lever without touching it, :rolleyes: :D
 

atc98002

Veteran Member
Joined
Nov 24, 2006
Location
Auburn WA
TDI
2014 Passat TDI SEL Premium (sold back), 2009 Jetta (sold back), 80 Rabbit diesel (long gone)
Even if it was a dial, it doesn't have an electric motor in it so it still requires external force to move it.
Its kinda like those movies where they ghost ride and somehow, the whatever's manage to move the shift lever without touching it, :rolleyes: :D
All I'm saying is that it may not be a requirement for the knob to turn. If the selection is electronic, it might be possible to select a gear that differs from the knob position. Since there's not an actual mechanical connection between the knob and the transmission, it's technically possible.
 

forcedfedbug

Veteran Member
Joined
Oct 11, 2009
Location
Oregon
TDI
2010 jetta, Totalled late 11. 2012 Passat TDI w/DSG and a 2012 Golf TDI. Golf traded for a 2013 beetle
Computer Controlled Functions like Tranny gear selection

Even if it was a dial, it doesn't have an electric motor in it so it still requires external force to move it.

Its kinda like those movies where they ghost ride and somehow, the whatever's manage to move the shift lever without touching it, :rolleyes: :D
With the hack done to the jeeps specifically and most likely any car with a TCU is the researchers that cracked this found out the mechanical position is not validated after the command to change gears is sent to the computer control unit.

What this means is the lever never has to move, just the signal telling the computer it moved for the computer to act.
What the researchers suggested to Jeep to prevent this type of hack was to validate the position of the lever/switch after receiving the signal to change to make sure the lever actually changed before taking action on the signal.

Of course for this to have happened to someone outside of the researchers would mean others have also found how to do this and did not make it public. My suggestion would be to make sure any one who owns an affected Jeep get the latest app and firmware so this would not happen again.

Ron
 

turbovan+tdi

Top Post Dawg
Joined
Mar 23, 2014
Location
Abbotsford, BC.
TDI
2003 TDI 2.0L ALH, auto, silver wagon, lowered, Colt stage 2 cam, ported head,205 injectors, 1756 turbo, Malone 2.0, 3" exhaust, 18" BBS RC GLI rims. 2004 blue GSW TDI, 5 speed, lowered, GLI BBS wheels painted black, Malone stage 2, Aerotur
With the hack done to the jeeps specifically and most likely any car with a TCU is the researchers that cracked this found out the mechanical position is not validated after the command to change gears is sent to the computer control unit.

What this means is the lever never has to move, just the signal telling the computer it moved for the computer to act.
What the researchers suggested to Jeep to prevent this type of hack was to validate the position of the lever/switch after receiving the signal to change to make sure the lever actually changed before taking action on the signal.

Of course for this to have happened to someone outside of the researchers would mean others have also found how to do this and did not make it public. My suggestion would be to make sure any one who owns an affected Jeep get the latest app and firmware so this would not happen again.

Ron
Ahhhh, very good point, totally forgot about that. :eek:

I foresee the day when I never leave the house as everything I own needs updating constantly! ;)
No crap, soon even we'll need updating, lol.
 

PC Passat

Active member
Joined
Jun 10, 2009
Location
Scottsdale, Az.
TDI
2017 Jetta GLI
If you don't want a Wrangler stolen just put the transfer case in neutral. A human can hardly get into gear when stopped, no way a computer ever could!
 

turbovan+tdi

Top Post Dawg
Joined
Mar 23, 2014
Location
Abbotsford, BC.
TDI
2003 TDI 2.0L ALH, auto, silver wagon, lowered, Colt stage 2 cam, ported head,205 injectors, 1756 turbo, Malone 2.0, 3" exhaust, 18" BBS RC GLI rims. 2004 blue GSW TDI, 5 speed, lowered, GLI BBS wheels painted black, Malone stage 2, Aerotur
If you don't want a Wrangler stolen just put the transfer case in neutral. A human can hardly get into gear when stopped, no way a computer ever could!
That would work as it rolls off into the sunset, :p
 

NSTDI

Veteran Member
Joined
Jan 26, 2002
Location
Nova Scotia
TDI
15 Passat
The fix for this is easy for the remote hack- go back to one mechanical connection in the system. Get rid of drive by wire, or electronic transmission shifters (or drive a manual transmission), or add a system, say you have to have the manual parking brake set in order to lock the car.

Don
 

Second Turbo

Veteran Member
Joined
Jul 28, 2002
Location
Kansas, USA
TDI
2003 ALH Wagon, 373K, 2nd 01M
Short term solution, one way or the other

re: Best yet: leave your fob in the microwave with the door shut.

Only until you have another RF-shielding solution. If you put it in the μwave, it's just a matter of time before you, or some other family member, fries the fob, and they aren't cheap.

An Altoids or similar tin works fine. Wipe out the dust.
 
Top