OBD Attack

You can see here in the above video how effective this latest method of theft can be, the thief leans down into the drivers footwell to access the vehicles OBD port and plugs in their OBD attack tool. Once plugged in, the software on the device talks to the vehicles ECU and commands it to perform certain functions.

What the OBD attack tool has really done is tell the vehicle to start even without the key, or more importantly without the vehicle keys signal. It also has the potential to bypass aftermarket immobilisers fitted on particular immobilisation points.

This theft method relies on the vehicle being unlocked, thieves are now using signal blockers to stop your vehicle locking when you press the lock button on your remote. Either they sit close-by and transmit the blocking signal or more commonly now they attach a magnetic signal blocker device to your vehicle and follow you home.

Learn more about how this theft method works below -

OBD Attack is the latest method of keyless vehicle theft. Thieves now have access to sophisticated hardware containing advanced software to steal vehicles in just a matter of seconds.

This hardware or ‘tool’ is plugged into your OBD port which then allows it to communicate with the vehicles ECU, commanding it start and in some cases bypass your aftermarket immobiliser to start your engine without ever needing your key or even its signal like what is needed in relay attack. They may use relay attack to unlock your vehicle initially to allow them access to the OBD port, however there have been many cases now of thieves using signal blockers to prevent your vehicle from locking when you try and lock it from your remote. With your vehicle now unlocked without you knowing (you should always look for indication that your vehicle locked - horn, indicator flash etc, in the video notice the vehicles mirrors are not folded in) theive’s now have direct access to your OBD port to plug in their OBD Tool. With an unlocked vehicle and access to technology that can potentially bypass aftermarket immobilisation and start your vehicle without the key, thieve's have now upped their game in regards to keyless vehicle theft.

This theft method relies on access to your OBD port, as such you should protect against it with the use of an OBD port immobiliser.

What type of security system is OBD Attack intended to get around?

Generally speaking it’s an advancement on, or has superseded the relay attack theft method, as you only need one thief instead of two so is much simpler to carry out. But it was really developed to get around aftermarket immobilisers, even digital Can-bus immobilisers for particular vehicles. As the starting of modern vehicles is software driven, its actually the software controlling the hardware in order to start your vehicle. This creates opportunity for exploitation.

In order for modern vehicles to start they require authorisation from the vehicles ECU. This authorisation is done via completion of a checklist. Items in this process may include ‘brake pedal depressed’, ‘transmission in park’ as well as many other things to ensure the vehicle is safe to start. If everything comes back ticked on the checklist the vehicle will start, if not, it will not.

We use immobilisers to disrupt this process by effectively blocking the signal from one of the items on the checklist from reaching the ECU, this could even be the power/signal to the starter relay although things are often a little more complicated than this with modern vehicles now. With this we are now able to stop the vehicle from starting. Now we can control the starting and non-starting of the vehicle or the immobilisation of it by introducing our own authorisation process. We often do this now with the use of modern No tag, No start driver recognition technology, essentially it’s a wireless battery operated tag that you carry on your person or attach to your keys. This tag produces a signal which our immobiliser is looking for in order to disarm (or re-connect the circuit). Once the immobiliser is disarmed that checklist signal is then able to reach its destination and allow the process to be completed so the vehicle can start. As only you, the authorised driver has access to the tag, you effectively control the authorisation to allow starting and non-starting of the vehicle yourself automatically.

This method or process has been used for a number of years to combat keyless vehicle theft via relay attack and key cloning to much success, and this is mainly due to the system operating independently from your factory security. It basically works like this: when the thieves pick up your vehicle keys signal and relays it to your vehicle it allows them to unlock your vehicle but crucially not allow them to start it. This is achieved with automatic immobilisation, whereby the vehicle is sat in an immobilised state because the authorised tag is out of range.

You can find out more about this process here (S5 + / No tag, No Start systems)

So how does OBD Attack actually get around this type of system?

Background -

Independent Immobilisation of your vehicle relies on us connecting an immobiliser to a particular wire in order to block that signal from reaching its intended destination to stop the vehicle from starting. However these wires or immobilisation points are actually relatively sparse. As such, many of the same immobilisation points are used across particular brands and platforms.

This has created an opportunity for criminals to exploit with newly developed hardware and software. When thieves steal vehicles and successfully find the systems fitted (often due to poor installation) especially immobilisers, this gives them insight into how those security products work, which immobilisation points are being used and how that particular immobilises the vehicle. As such they most likely begin to see a pattern of installation and common immobilisation points used on particular vehicles and then work to combat this. Therefore their specialist OBD tool was created to circumvent the most common points of immobilisation.

It has taken thieves around 5 years to get around these sorts of security systems (No tag, No start systems) that were combating keyless theft successfully. Now they are successful and with proven technology to get around them, its likely to take far less time to develop this type of software for more brands of vehicle.

Process -

As mentioned above, the starting of your vehicle is controlled via the software controlling the hardware in order to authorise the vehicle is safe to start by completing a checklist.

We will be vague about the actual process but effectively when the thieves OBD tool is plugged into your vehicles OBD port its software communicates with your vehicles ECU and tells it not to look for a particular item/items on the checklist. One of these particular items is often the one your aftermarket immobiliser is connected to in order to control the starting and non-starting of the vehicle.

With the status of this item’s signal now being ignored or excluded from the vehicles start authorisation checklist, the aftermarket immobiliser is now effectively bypassed.

Not only can your aftermarket immobiliser be potentially bypassed, but the thieves OBD tool and software is then able to start your vehicle even without your vehicles key or signal which is needed for other keyless theft methods such as relay attack.

This new keyless theft method is the latest development by criminals to get around modern aftermarket vehicle security such as S5+ / No tag, No start systems. Thankfully due to the sophistication of this theft method it still remains rare, and is contained to particular vehicles from specific manufacturers. However with its presence starting in the south east and now moving gradually northward into places like Birmingham and the Midlands it could become widespread across the UK after not to long, and also widespread amongst other vehicles and manufacturers.

How can you combat this type of theft?

OBD Port Immobilisation. As modern digital vehicle theft gets more sophisticated and widespread, to future proof your vehicle security against software enabled theft methods such as OBD Attack you should install an OBD port Immobiliser. This will deny thieves the ability to take control of your vehicles on-board control systems.

An OBD port immobiliser effectively cuts off the thieves access to your vehicle’s ECU, therefore denying them the means to communicate with it and instruct it to ignore the particular immobilisation point or the checklist item your aftermarket engine immobiliser is connected too. Not only does this protect against theft via OBD Attack but it also keeps your engine immobiliser or its particular immobilisation point safe if it’s compromised with this technology now or in the future.

You can get products that plug into your OBD port to block access but these are stand-alone products that generally require fixing or bolting onto the OBD port, making them inconvenient to the customer if access by authorised service personal is required such as vehicle servicing etc..

What I would recommend is a wirelessly connected OBD port immobiliser which also has the ability to be linked to your other vehicle security systems such as an S7, S5 or S5 + No Tag, No Start system. With your main unit/system now able to communicate with your OBD port immobiliser we can control it remotely through the products corresponding smartphone app. This makes the blocking and un-blocking of your OBD port for access by authorised service personal fast, secure and simple.

Click here to find out more about our OBD Port Immobiliser or -

Alternatively take a look at our latest complete security system that protects against everything mentioned in this topic and more, Meta Trak S5 Deadlock PRO or Deadlock PRO+ the ultimate integrated vehicle security and connectivity system.

Next Topic -

Key Cloning

A problem for keyed and keyless vehicles, thieves use advanced hardware to program an additional key to your vehicle. Once a new key is programmed thieves are able to unlock, start and drive your vehicle away.