Servassist Blog

Today's auto thieves need a lot more than a brick and some gall to steal the family truckster. The technology many of the largest automakers rely on has been doing an admirable job for almost two decades now, but does a recent security leak threaten to bring our collective peace of mind to a screeching halt, er, getaway?

The short answer is no, not just yet, but this should probably come as a bit of a wake up call to companies making their way supplying security measures.

Now, what do Toyota, Honda, Ford, GM and VW all have in common? Well, plenty as it turns out, but where automotive security (a favorite topic around here) is concerned, all these companies (and more) employ the proprietary Keeloq encoding technology for their remote key fobs.

A recent article in Wired describes how the master “code” for the technology, which was developed in the 1980’s, has recently been broken. Several automotive media outlets have grabbed a hold of the topic and after adding some editorial alarm in for good measure, have an interesting story of espionage and intrigue that starts in South Africa, makes its way to Russia and finally ends on in your driveway in anytown USA.

It is actually fitting that the scenario has taken on a spy novel guise as the technology or more appropriately, technique involved in actually electronically high-jacking a vehicle so equipped, is no more relevant to your average car thief than a banana, Frommer’s Guide to Chicago, and 99 Red Luft Balloons.

The actual procedure requires “sniffing” the radio signal when a vehicle is locked/unlocked or started, which presents a potential thief with some initial challenges, but from there, they must exploit vulnerability in the algorithm used to secure the locks that was recently discovered by Belgian and Israeli researchers. Yes, good Bond material indeed.

The larger principle at work here is Auguste Kerckhoff’s axiom from the late 19^th century regarding cryptography, which states that a cryptosystem should be based on algorithms that are publicly known/available and that only the key to the code is hidden. According to Kerckhoff, this is the more secure system. Should one key be compromised, it may be easily replaced or discarded, but if the entire cipher itself is hidden and then compromised, then the whole system is shot.

Now this principle has been around for a long time and has stood the test of time regardless of how inventive auto thievery has become. Even the additional horsepower provided by modern-day computing hasn’t rewritten the rule book, at least until now.

Car companies actually employ two codes, one per manufacturer (or model) and one for the individual vehicle that are used to provide an extra layer of protection. The recent news suggests that the necessary information needed to decipher the initial make or model code has been compromised and from there, the individual code should be fairly easy (and quick) to break. Now it has taken a crack team of hackers and the initial security leak of the algorithm info to get this far and would still take someone with the know-how an hour at least to decode the initial chain.

Clearly not mainstream thug methodology in a day of car-jacking and other more efficient means.

This really isn’t an issue of your Corolla specifically, but how vehicles are guarded in general. The vehicles that still employ a mechanical key, for example, provide even one more layer of complexity that makes their vehicles that much less attractive. The cat and mouse game will, no doubt, go on forever if for jus the sport of it. And as Kerckhoff has shown, no system is completely safe, but the more open it actually is, the safer it will prove.

Chalk one up for the mouse. We anxiously await the cat’s next move, once he returns.

A recent article in the Atlanta Journal-Constitution profiled something they refer to as a "full service" gas stations. Apparently the greater metropolitan Atlanta area has some 15 or 16 of such places dotted around in between the endless volume of corner self-service mini-mart station variety. For those of you who don't remember, or never have actually seen such a facility, a full service gas station is one where, get this, employees pump your gas. While you remain in the comfort of your seat, sometimes even a small army of workers scurry around to check every opening and fluid in your vehicle in a carefully orchestrated symphony of service.

And it doesn't end at their behavior. Even if they were slow (very unlikely) to get out to greet your car (queue the ding-dong sound as you roll over the rubber hose) you probably wouldn't be able to figure out or even recognize the pump with its obvious lack of digital read-out, multiple hoses, and credit card slot with number pad. The old jobs employ turnign numbers to measure the flow with dials that resemble the old style versions of a slot machine. These places even provide free air (even to non-customers) via a similarly odd looking contraption that clangs out a loud "dong" every few psi. Not that you would need it if you were a regular customer as the attendents would have no doubt gotten to that on your last and every trip in.

Nope, these are a very rare find unfortunately. You would think that anything that would help limit our fat and lazy society from doing the grunt work would be a gold mine. But alas, service really has a whole new meaning these days. Think about it, you probably check yourself out of the grocery store and when was the last time you spoke to a person when you picked up the phone and had to call for "Customer Service?"

No, you won't be able to buy beer, nachos, or beef jerky. But either way, should you come across such a throw-back to another (better?) time, please do us all a favor and stop by, even if you don't really need gas and they cost a nickle or dime more than the Quik-E-Mart down the street for I can guarantee there is an owner there who deserves the patronage. And if you are really lucky, you might be able to score a Coke...in a glass bottle.

Ahh...

Several articles under the Servassist banner have focused around (or at least mentioned) how far the average automotive mechanic has evolved with vehicle technologies over the last decade or so. If you have read any articles here or anywhere where auto news is covered, you have no doubt heard how smart and technologically savvy one must be to handle even fairly common procedures nevermind wrestle the gremlins hidden deep within your on-board vehicle system diagnostics. Add to that electronically-controlled seven speed and dual-clutch gearboxes, satellite GPS navigational components and draivetrains smarter than you are, and the job gets really advanced.

It is really no wonder that the independents have such a hard time competing with dealerships these days, so when Watham, MA native, Timothy Allen, decided to leave the proverbial rat race behind to open his own repair shop, neighbors might have thought he had gone off the deep-end. However, the position Tim left behind as Senior Vice President of IT at Fidelity Investments certainly qualified him on the pure wattage scale. Funny thing though, Tim may be the owner/operator but he is still the one doing the learning.

And while the work still requires his synapses to be firing on all cylinders, the work itself probably couldn't get much different than that of the job he left. Either way, the shop is profitable and locals have a place other than the local dealer to take their imports and still have an internet-enabled waiting area. That and they even might get some financial advice from their wrench.

OK, so maybe not total, but as far as recall campaigns go, this is a bit of a douzy. Ford Motor Car Company has recently announced a 3.6 million vehicle lot including vehicles from model year 1992 through 2004 may be affected. The recall is not limited to any particular vehicle type or class and is centered around the cruise control systems of trucks, cars, SUVs, and even motor homes. Imagine barreling down the highway in your house-on-wheels only to find your cruise has a mind of its own. Lets hope the airbags still work.

According to the National Highway Traffic Safety Administration, "the speed-control-deactivation switch may, under certain conditions, leak internally and then overheat, smoke, or burn." So, for all intents and purposes, the cruise control may not actually begin to speed up or slow down despite your repeated efforts to bend, twist, and prode the stalk in every direction otherwise, but the smoking and burning nit may cause a bit of a distraction at any speed.

To be fair, this type of a failure should not really reflect a complete disregard for quality and safety or competence in Ford vehicles (though many companies have been able to figure out the automatic speed control without the inadvertent possibility of lighting your crotch on fire), but unfortunately, many people will hold this against them. Adding insult to injury (and apparent perception of the recall's severity) is the sheer number of vehicles included. OK, a few thousand cars go left when you turn the wheel right, well, that is job for the PR company you hold on retainer to the tune of several million dollars a year. Send out a notice for a number over that magical threshold of a million, and your stock price may take a temporary hit requiring some longer term damage control. Fire off a 3.6 million car crusade and you need to start considering alternative suppliers.

Unfortunately for Ford, cruising just doesn't seem to be one of the company's strongest suits. As a matter of fact, the 3.6 million figure is paltry when compared to the roughly 6 million additional vehicles it has recalled from January 2005 and onward. I guess Quality is really job four, or five.

The vehicles includes the following vehicles: 1998-2002 Ford Ranger, 1992-1997 Lincoln Town Car, 1992-1997 Ford Crown Victoria, 1992-1997 Mercury Grand Marquis, 1993-1998 Lincoln Mark VIII, 1993-1995 Taurus SHO, 1999-2001 Ford Explorer and Mercury Mountaineer.

Also covered are the 2001-2002 Ford Explorer Sport, 2001-2002 Ford Explorer Sport Trac, 1992-1993 E150-350 vans, 1997-2002 E150-350 vans, 1993 Ford F-Series pickups, 1993 Ford Bronco, 1994 Mercury Capri, 2003-2004 Ford F-150 Lightning, and 1995-2002 Ford F53 motor homes. Ford's description of the vehicles can be found here.