Critical security issue - should I or should I not expose it?

In my old Chevy I used a toggle switch. Spliced into the 12 volt line to the coil, ran it under the dash to a toggle switch and back to the coil. couldn't start car without flipping the switch to supply juice to the coil. I imagine you could do the same to the hot wire of an ECU or fuel pump.
 
CC58 said:
Before cars had alarms, mine would get broken into once a year in Dallas. One morning saw my 1982 Camaro had door open, but nothing was taken, not even the radio. It was insulted, and knew it was time to buy a new car. Since then I've found the best deterrant is a blinking light on the dash. Thief thinks its an alarm, and will move on. Wish the CX-5 had a blinking light, but at least it does have an alarm.
Click to expand...

My Mazda6 has the blinking light..so does our CX-5. Yours should have it too I guess?
 
But without the original key fob, you won't get the proper rolling code or "signal" at the immobilizer. Not sure what the concern is here, I am not saying I want my car stolen but it is a CX-5...who would really steal one.
 
CC58 posted in part...

CC58 said:
Wish the CX-5 had a blinking light, but at least it does have an alarm.
Click to expand...

I just checked my CX-5 and mine does have a blinking alarm indicator. It's located in the lower area of the instrument cluster between the tachometer and speedometer. (It was shown on page 4-10 of my owners manual.)

CX5T Lover
 
bmninada said:
Bottomline: A guy in front of me started my car in 3 min flat, after entering my car. Yes, I did use the key fob to get him entry into the car but everyone knows how easy it is to jimmy the doors, to get in. The MEAT of the security lies in the immobilizer. He circumvented it in 3 minutes flat.
Click to expand...

Sounds like to me you were close enough to enable the push start.
Not quite a critical security issue IMHO.
But you are quite entertaining though.

carry on
 
So he started the car in 3 minutes, did he also disable the steering wheel lockout in that time as well?


Sent from my iPhone using Tapatalk
 
What I laugh the most about is that he gave entry into his car for this fellow and probably watched him perform whatever procedure he did with the key fob still in his pocket!
 
russiankid said:
What I laugh the most about is that he gave entry into his car for this fellow and probably watched him perform whatever procedure he did with the key fob still in his pocket!
Click to expand...

OP is probably still wondering why his wallet and phone went missing the same day some guy "hotwired" his car :)
 
With all the comments received I'll try to summarize. No, I did not have the key fob with me during the procedure. Yes, I know the person which is why I "allowed" him. Yes - him & I are both engaged in security products development, analysis and testing but in very different spheres.
My only reason for writing about it and contacting Mazda, Insurance (when Mazda never responded for sometime) and NHS was to get Mazda's attention. This happens regularly - in computers. A flaw is highlighted, its patched. I wouldn't call this a flaw, BTW. But rather a weak link.
Kudos to Mazda and they gained a lot of respect from my end - who took it on themselves, contacted me and finally a session was organized. I, obviously can not replicate and don't have my friend here nevertheless the core Mazda engineers carefully reviewed step-by-step everything with me. Finally, they left. I got some good coupons which I can use later on and they thanked me quite a bit. Bottom-line: the door open part can be done without raising any alarm. The point where we all were stumped is after starting the car, how my friend managed to move the gear from P, without shutting down the car and effectively releasing the steering wheel lock. I believe they themselves understood how since for a long time one of them were underneath the dash (driver side).

What's good is how serious they were, how seriously they took the whole thing and how professional they were. I had a good opportunity to clarify few things, ask about SkyActiv in general. They are all collectively very excited for CX9 since for them its a milestone which was extremely difficult it seems to achieve.

All in all - a very good exposure!
 
bmninada said:
With all the comments received I'll try to summarize. No, I did not have the key fob with me during the procedure. Yes, I know the person which is why I "allowed" him. Yes - him & I are both engaged in security products development, analysis and testing but in very different spheres.
My only reason for writing about it and contacting Mazda, Insurance (when Mazda never responded for sometime) and NHS was to get Mazda's attention. This happens regularly - in computers. A flaw is highlighted, its patched. I wouldn't call this a flaw, BTW. But rather a weak link.
Kudos to Mazda and they gained a lot of respect from my end - who took it on themselves, contacted me and finally a session was organized. I, obviously can not replicate and don't have my friend here nevertheless the core Mazda engineers carefully reviewed step-by-step everything with me. Finally, they left. I got some good coupons which I can use later on and they thanked me quite a bit. Bottom-line: the door open part can be done without raising any alarm. The point where we all were stumped is after starting the car, how my friend managed to move the gear from P, without shutting down the car and effectively releasing the steering wheel lock. I believe they themselves understood how since for a long time one of them were underneath the dash (driver side).

What's good is how serious they were, how seriously they took the whole thing and how professional they were. I had a good opportunity to clarify few things, ask about SkyActiv in general. They are all collectively very excited for CX9 since for them its a milestone which was extremely difficult it seems to achieve.
Click to expand...

Thanks for the follow up even if you didn't bring any clarity to some of the good questions asked here.

I'm also confused because in your first post you said you provided your friend entry by using your key fob immediately before he "hotwired" it, now you say you didn't even have your key fob with you during the procedure! Certainly you are aware the system is in a different state after unlocking it with your fob or key than it would be if your friend had shimmied the door open using burglar tools?

It looks like you agree with the consensus that whatever your friend demonstrated is not a flaw. How far did the Mazda USA rep travel to meet w/you?
 
BMNINADA needs a hobby to reduce free time to generates useless solutions to problems that don't exist.
 
Working in IT "20+ years" I understand the need to disclose but no need to publicly disclose something with a potential hit in the pocketbook (insurance) or enabling the dark side to quickly exploit a publicly known vulnerability. IMO: Triage the scenario... give it some time and see if vendor quickly addresses issue first. It sounds like Mazda was really open and glad to hear it.
 
Kedis82ZE8 said:
Working in IT "20+ years" I understand the need to disclose but no need to publicly disclose something with a potential hit in the pocketbook (insurance) or enabling the dark side to quickly exploit a publicly known vulnerability. IMO: Triage the scenario... give it some time and see if vendor quickly addresses issue first. It sounds like Mazda was really open and glad to hear it.
Click to expand...

Sorry man - I am with you. The general consensus is about 10 days and I had given Mazda 21. Trust me, I informed Mazda much, much before. There was no response and yes: I did follow-up. I do agree they really went over the top and I really appreciate it.
 
Please log in or register to reply here.

Similar threads

jadmt
    • Wow
    • Thinking
    • Sad
Reason #1 and #2 why it's better to change your own oil Vs a dealer
3 4 5
Replies
83
Views
10K
sm1ke
sm1ke
D
2020 CX-5 Radar issues
Replies
10
Views
2K
CX5Nut
C
H
Pre-purchase inspection...Would you chance this 2021 CX-5?
Replies
3
Views
505
hoopics
H

Latest posts

Back