571 comments

[ 2.5 ms ] story [ 460 ms ] thread
isn't this just an absurdly complex re-imagining of the on/off switch? I've spoken to numerous people who either had their vehicle stolen or it was broken into. The ignition cylinder was damaged in the process. Rather than spend money replacing it they just wired in an on/off switch in a random place on the dash. The car got broken into again but was never stolen.
Valets HATE this one weird trick
I used to have a car that had a kill switch requiring the turn signal to be turned on or some such thing. It was periodically a pain with valets or parking garages where your car might need to be moved. I'd leave a big note but it was ignored about half the time.
A friend had a car that required that you hold a magnet at a very specific spot in the back of the arm rest to be able to start ignition. Don't think he ever tried to valet that.
Had a valet ignore a huge, printed instruction taped over my steering wheel on how not to food my car (leave it running for at least 60 seconds). Sure enough, they flooded it really bad trying to start it over and over. Killed the battery. Never used a valet after that.
Huh, never considered valet parking to actually be a real thing. Isn't it annoying having to wait for someone to drive your car? I'd almost pay more not to have to do it.
It’s fairly common in the US at hotels and some parking garages, especially in bigger cities.

It can be nice if you’re in a hurry or worried about walking alone in a parking garage at night.

But yes, it can be annoying, especially because you’re expected to tip them in the US too.

Pal, I've seen wallet parking across several countries in the world. Latin American, Western, and Eastern Europe, I just got curious about where you live to never have seen it.

And to answer your question: No, valet parking is usually useful because the parking place is far from where you're going (usually a hotel or restaurant). Having the valet saves you the walk from the lot to the place where you're going. It is even more useful when it's raining and you're having a formal dinner.

The wait for getting the car back is also pretty short because someone radios a driver already in the parking lot to bring your car in most circumstances.

I suspect you are parking your wallet in the most tourist-equipped areas of each country you listed. I would bet that within a 5 mile radius of each, you could find 1,000 people who have never used valet parking in their lives.
Not who you’re replying to, but I’m from the Czech Republic, have been driving for 10+ years, live in Prague (the capital), I have never even seen valet parking anywhere. Even the local Hilton hotel doesn’t have it.
Norway. I guess the less denser cities I've lived (that were somewhat car dependent) it was never an issue just parking right outside. And in the city I now live (Oslo) I would never use a car to get to dinner anyways.
Sometimes it's a lazy rich person tax, but sometimes it's required because there's limited parking, and the valets can jam the cars in double-parked (or more), since they can shuffle them around as needed.
At my work at the time (pre-pandemic) we used to have an EV valet - attendant would take your car, park it and then move it to an EV spot when one opened up, then put it back into normal parking - you would get a text with the location on each move.

It was quite nice and let me focus on work instead of worrying about charging and only initial paperwork (we had QR stickers on the car and keychain QR).

That's about the only time I've used a valet regularly.

Most places that I have used a valet they had a number you could dial and they'd bring your car up for you then callback when it was ready.
It's common in denser cities, primarily with two applications:

1. at parking garages so that cars can be double- or triple-parked. This is by far the most common use case for valets today. At these lots, you actually do have to pay more (or arrive early) for a spot that doesn't require valet parking.

2. at high-end restaurants or other similar venues where there is no immediately nearby parking and limited or no street parking. The valet drives the car to a lot or garage a few blocks away and returns it to you when they are done. You can almost always opt out of these, although you may or may not save money by doing so and at some places it can be worth it to just pay up and deal with the inconvienance because the nearest parking is a bit far.

I've also seen it as a weird status symbol thing in cases where it's entirely unnecessary, primarily used by people who have never had to put up with #1 or #2. Think up-scale hotels but located where parking is extremely ample. I think that only exists because there's a general impression outside of super-dense cities that valets are a "fancy" thing because they are only really common in "fancy big cities". (Which, to be fair, owning a car in midtown definitely makes a person fancy in some sense even if I'd never ency that person :p)

But actually, for the most part, valets are not a fancy optional service. They are mostly a non-optional service that you have to pay more or go to significant inconvenience to not use.

Simplest way to avoid using a valet service is probably to not turn up in a car.
Well, yeah, I did say I don't envy the midtown car owner :)
Very common. My work in the big city used to require us to use it when driving to take advantage of commuter parking benefit for the other reasons mentioned. Also use it at shopping malls where the valet price is the same or substantially similar to regular parking.

Surprisingly many of them use a text system so you text them to the number they confirmed with like 10 minutes before you need your car and they have it waiting — very convenient.

Also use it at big events like operas or plays or whatever where parking is awful but valet, despite being a little expensive, puts you right up at the front door when walking in and then they get it when you leave.

I have an old beater. It cost me 2300 USD when I bought it. Last year the ignition cylinder broke. My friend is a mechanic and he told me he could replace the cylinder for 90 USD, or buy him a beer to just install a button. I now jokingly call my car a Tesla since it starts with a button (it also requires the key)
Tesla cars don't need a button to start
The brake pedal is _almost_ like a button.
The button was my go-to when I got a new car, I would defeat the lock cylinder without damaging the steering column, and place a button in a obscure spot to start my cars.
Lol. I soldered in an alligator clip jumper wire for my friend to temporarily bypass the failing ignition switch and he left it like that, says he likes the sparking.
Off topic: My first car was a 1966 white Buick Skylark convertible that I bought for $500 cash in the summer of 1976 in Los Angeles when I was 28 years old.

Prior to that I had lived in LA from 1966 on and got around on foot and on my bicycle and city buses.

I drove that giant Buick — I mean it was HUGE, both in terms of length and width as well as weight — for about five years, the final 2-3 of which featured a caved-in non-functional driver's side door resulting from having been T-boned by a little old lady who ran a stop sign.

No worries: I'd just hop over the side or use the passenger side door.

After the crash I never worried about theft.

Also, amusingly, when I was on freeways, cars in adjacent lanes would quickly move away.

The receiver which measures the voltage pattern and decides if the rest of the voltage is allowed or not becomes the weak point. Like the encrypted key system used today, this could be buried deep inside the engine, but unclear why this is better than keys today.

In addition, if the driver should be able to manually recreate the voltage pattern by actually flicking the lights/wipers, there will be a relatively small number of voltage combinations which could be iterated through an automated device connected directly to the wires very quickly.

Plus DOS when the battery is exhausted after a couple of "turn lights on off, turn wipers on off".
You could flash headlights probably 500+ times before a healthy battery had even a little trouble starting.
We're considering the entire battery lifecycle. So the correct way to think about this change is:

More energy required to start engine --> Minimum battery health required to start engine increases --> battery lifecycle decreases.

I don't see how this could possibly reduce the battery lifespan. Flashing the lights takes a few watts. The vehicle will then be started and charged and never reach any lower level of discharge where damage would occur.

Yes, if you flashed your lights everytime 500+ times and got your battery to a meaningful low voltage where it barely started every time, sure. But not in the use case presented here.

Consider two cars with fading batteries at the end of their lifecycles. They are on their last start before needing to be replaced. They both have exactly enough energy to start the car with nothing left over, however one car has this system installed so it needs to flash the headlights/wipers/windows first. That car fails to start
That's like saying we should also turn off keyless entry sensors to make our battery last an extra day too, since theyr draining power as your car sits all weekend, and then one Monday morning your car won't start when you need to go to work. Does it really matter if your car starts 3000 times from a battery or 3001 times?
As a kid, I watched my father pull a single fuse from the family 4x4's fuse box whenever we left the vehicle unattented for any extended period. Does a practical, lower-tech deterent exist?
My buddy has an 89 Prelude that got stolen a couple of times. It basically got driven around and left with an empty tank around town both times and no signs of break in. I think the keys are relatively common for those so maybe the thief has one.

Anyways, I installed a switch up under his dash the disconnects the fuel pump +12v wire. It takes just a moment to flick the switch if you know where it is, and afterwards, the engine will crank and crank and crank and sort of sound like it wants to start at first, but never do anything. It would probably take several minutes to find it if you had to look for the switch, especially if it were at night and you were trying to steal the car. Seems like a good lower tech deterrent to me! The car has not been stolen since.

> I think the keys are relatively common for those so maybe the thief has one.

I have a buddy who had an old Ford in San Francisco. Once in a while he'd get in the car in the morning and notice that it felt .... strange. He couldn't put a finger on it. Then one day he had to get to work a little early and showed up at his car much earlier than normal. He found a guy sleeping in his drivers seat. Needless to say, both were startled and the homeless dude ran off, leaving a big bunch of keys behind in a keychain. Those were "master" keys to get into a whole slew of older vehicles.

Some cars also have unused switches on the dashboard (presumably features you didn't pay for) that are perfect for such use cases.
I remember (in the late '70's or maybe early '80's) a friend's car where he added (it was not unusual at the time to add "accessories" to cars, like fog lights or rear lights ) a number (four or five) lever switches (connected in serie) that acted like a dip-switch, you had to set them in a given pattern (like up-down-up-up) to be able to start the car.
This is the 2¢ solution to the problem... and usually doesn't even require you to pop the hood if the fuse is inside the car.
Yup; in our case it was in the cabin, a little to the left of the steering column.
The "traditional" way (many years ago) was to open the distributor (no tools needed, they had spring clips) and take the rotor with you.
Cool idea! Seems like car thieves could probably just carry around another device to hack it, but certainly could be a deterrent.

I don’t know much about it but it seems like a key is supposed to be the password for the car, so seemingly the key is where improvements could be made. Like add unique and random differences in the metal on each key and have the key slot read those and only turn on the car if it matches (since I guess the metal bumps are easily bypassed by thieves?)

Or couldn’t the bumps on keys just be replaced by.. pretty much anything that is physically secure and not multiple hundreds of years old technology? Credit card chips, magnet strips, 2fa fobs, fingerprint sensors, etc?

> Like add unique and random differences in the metal on each key and have the key slot read those and only turn on the car if it matches

So turn a $100 ignition switch assembly into a $3,000 1-of-1 monstrosity? Would you need to replace the entire ignition assembly if you lose your keys, or would you be able to generate a key from the ignition assembly (or VIN or other unique identifier)? Thieves would probably just do that for high end vehicles anyway.

> Or couldn’t the bumps on keys just be replaced by.. pretty much anything that is physically secure and not multiple hundreds of years old technology?

Isn't this exactly what push-to-start tech is? I'm not sure the percentage of vehicles that have push-to-start at this point but I'd imagine it's well into the majority, and increasing.

High security door keys commonly use magnets embedded in the key as an additional security layer. A lot harder to pick by hand, and also doesn't appear in photographs of the key.

For car keys manufacturers try to get away from physical keys for years, and for a remote keyfob it's just a cost question. Bidirectional communication allows for good cryptography with challenge-response protocol, but costs more than unidirectional. But then people want to be able to open their car when the battery of their fob is dead ...

I imagine the purpose is to extend the timer when attempting to steal a vehicle.

Ford had their dial pad on their vehicles for the longest time to prevent entry if you were using a non factory key to enter. I always thought that was a neat feature, but heavily under utilized.

The hacks that are being used are bypassing the authentication device so improving authentication device is pointless.
The boomer in me suggests that you buy a manual transmission automobile to deter would-be thieves...

Regarding the article, I get the idea that essentially this is a stripped down version of using something like a Yubikey to access a workstation (in this case, a car). I chuckled at the idea of doing certain actions within the car to get it to operate.

^ ^ v v < > < > B A Start Start

LB LT RB RT left right left right LB LT RB RT left right left right
A surprisingly simple way to foil car thieves

It's so simple, it can be done "With a new $1.2 million dollar grant from the National Science Foundation"...

I guess simple doesn't mean what it used to mean...

> I guess simple doesn't mean what it used to mean...

"You should see our new, redesigned, UI/UX" /s

The amount is comical but there is still some development required to turn DIY hack into actual product.
It looks like if I connect a standard jump-pack to the starter motor it bypasses this new deterrent? Given the 50 years arms race leading to current immobilizers this seems a bit comical.
I knew someone with a shitty pickup truck where he wired a light switch into the fuel pump and hid it under the steering column. The truck would be stolen something like 5 times a year and every time he would find it abandoned a km or so away when the gas in the line ran out.

I drove in it once to get lunch and near the beginning the car begins sputtering and he's like, "oh right, you're thirsty" and reached under and flicked the switch. So understated, I still laugh at the memory.

Super common in simple vehicles used to "run into town" in rural areas. We call them "kill switches".

My previous vehicle was a '97 Jeep Wrangler. There were two kill switches installed when I bought it: one down by the driver's seatbelt latch for the fuel pump, and one reachable by inserting your finger into the opening for the 4wd shifter the disabled the starter. Neither was easily visible.

Yup, I put an ignition kill switch in my old Triumph Spitfire behind the dashboard when I was living in a not so great part of town. Just had to reach my hand up behind and flick it. I didn't hide it too hard, figuring anybody that tried to drive away in my Triumph and couldn't get it to start would figure it was just being a typical Triumph.
Cars built with Lucas electrics typically have 3 modes of operation. Off, Dim, and Flicker. Which two of the three end up on your switch is entirely random.
Oh yes, those of us of a certain age remember well Lucas, Prince of Darkness.
The only thing that Lucas built that didn't suck was a vacuum cleaner.
Realistically, these days driving a stick might as well be a kill switch.
I did similar, except wired into the ignition circuit and with the control being a little cheap ebay RFID thing with the sensor on the underside of the dash. I kept a little RFID tag on my keys, chuck my keys up onto the dash when i'm ready to go and the truck is started with a pushbutton. I also put a cheater switch in the glove box in case i forgot my RFID tags.

In my case it was motivated more by maintenance headache - the mechanical linkage that went from the ignition switch to the ignition control device at the base of the steering column was busted and I was too cheap to buy another one and it was a pain to replace.

Project trucks that nobody can drive but you are the best trucks, IMO.

Hey! How do you know how to do that? Nobody can start this car but me, butthead!
Watched this movie last night :)
I guess this works if you don’t have immobilizers. In Canada they’re mandated, so the ECU is expecting some kind of digital signal from the key before turning on (but sometimes you can just shuck the rf chip inside they key and glue it in the right spot, or uncode it from the écu).
1996 ford pickups have about the simplest ignition wiring you could possibly imagine. I wouldn't even dream of doing this on anything new enough to have an immobilizer.
> I wouldn't even dream of doing this on anything new enough to have an immobilizer.

It would work great on many Hyundais built as recently as last year!

Welcome to the south.

No snow means no salt which means no rust.

Not unusual around here to see farm trucks from the 80s or earlier (sometimes MUCH earlier) still kicking around.

My car in high school had a similar system. The radiator fan didn't turn on automatically, so my dad wired it directly into the AC controller. (The AC also did not work. It was not a great car.)

If you got in the car, and did not specifically turn the AC to the correct setting, the car would overheat about a mile down the road.

Luckily for me, I never had a chance to put this into practice, because nobody stole my car. Unluckily for me, there were several times where I forgot that I had to do this, and my car overheated about a mile down the road.

Sounds like a recipe for blowing head gaskets!
Or destroying the pistons. I did this once. It was a long walk as in many kilometers from where we broke down to Mannheim train station so we could get home. Normally you could hitchhike but it was late at night and for some reason the locals didn't want to pick up a couple of scruffy looking American GIs.
The radiator fan didn't turn on automatically, so my dad wired it directly into the AC controller.

All that trouble, rather than run to NAPA to spend $12 on the thermo-switch that would be easier to install than hacking into the A/C controller. Yeah, I've known some dads like that.

"Run to NAPA" in what car? Presuming the nearest auto parts store is more than 10mins down the road (probably much more), you won't make it there without first doing something hacky.

And then the stupid solution is already working, so...

But then you have no story to tell! What a boring thermo sensor lol
I have a 2000 civic. The thermoswich went bad and I replaced it (bit of a bother, tried to do it fast while coolant was pouring out the opening).

Couple years later it went bad again (I probably put in a crappy one from a generic country) so instead of going through that again I just stuck a bent paper clip into the socket of the wire that plugs into the thermoswich. Now it always has the fan on when the car is on.

Could have gotten the same effect by tampering with the relay (this short that I added actually just activates the relay for the fan) but I went with the easiest option.

I'm the type of person who will start a cross-country road trip with a nearly broken car with locking pliers and zip ties in the trunk just to try create some fun adventure along the way.

And even I wouldn't do something that stupid.

Our local police department had a guy get his squad car stolen TWICE during traffic stops, and they installed an ignition interlock switch on their entire flee to prevent it happening again. Also they relegated the guy to motorcycle duty after that.

Another story is once my friend called me for help because his car would't start. I looked it over; tested his battery etc, but it wouldn't turn over. I asked him if he had an interlock of any sort and he said no. I didnt do any more investigating since the car was still new, so I showed him how to push start it and drove it over to the dealer. Come Monday morning the dealer called him to ask where he had put the interlock loop that he had pulled out from under the dash. "Oh that thing? Yeah I thought that was weird." SMH

Wow! Who steals a police car, and with the cop nearby? Would love to hear more.
(comment deleted)
It's not as exciting as you might expect-- group of meth heads on the street he was attending to, and one insane lady just hopped in and drove off.
> The truck would be stolen something like 5 times a year

Damn, I thought I lived in a bad part of town.

Mind you it didn’t have doors that locked and you started it by twisting a screwdriver.
During the summer when I was 16 I bought a pair of subwoofers and promptly installed them into my mom's Honda Accord.

To make it so that she could drive without bumping Delilah, I wired them to the defrost switch.

It wasn’t long into winter until I was forced to take them out.

My family's little econobox had a few interesting 'features':

The slushbox would shift into high gear and lug the engine unless you drove it like you stole it. The ignition didn't really need the keys unless you purposefully locked the steering column The exhaust split down the middle, giving the car a great sporting growl, and last but my favorite, the radio would often lock itself to the particular station and volume you were last playing. Sorry mom, hope you like metal at 11!

In one of my old cars I reach down under the dash and partially unplug the clutch switch. Prevents any starting because the car thinks you've forgotten to press the clutch in. You'd need to know that one connector is a bit too far out, super stealth.
You had the thief at clutch, of course. But I love this idea.
Depends on where you're living. The US is the only country I've been to where automatic transmission are so ubiquitous
In the UK in WW2 for a period of time everyone had to disable their vehicles when unattended by removing the rotor arm

https://www.britishpathe.com/asset/47622/

(comment deleted)
A local Chevy dealer once got a Silverado pickup with the 454 (7.5 liters) V8 in it. As an anti-theft measure, they disconnected four of the spark plug wires when they parked it on the lot. It got stolen anyway - it turns out that a 454 will still run on half it's cylinders.
Seems it would be more effective to slightly disconnect the coil wire, in addition to being less work to reverse.
Now many Chevy V8s do this by design while you run down the highway.
Which just highlights that if you do something - do it 100%, don’t just do it half-hearted…!
When I was younger here in the Netherlands a lot of us had tweaked motorcycles/scooters that would go much faster than the allowed cap of 50km/h.

Many had a "cop switch". Cops suspecting you messed with the engine would put the scooter on a test belt to measure its maximum speed. The cop switch would instantly cap it to the allowed speed. Mine was hidden in the left mirror, a minor adjustment would activate it.

My last century GTI had kill switch (it was one of those circular keys and a spring loaded button) under the steering wheel. The engine would turn like it was trying to start, but it wouldn't unless it was unlocked. The other thing the switch did which I didn't realize at first was lock the hood. I bough the car used and trying to lift the hood initially I thought the latch was broken..
I wired the cigarette lighter socket in my old MR-2 so that, if the lighter wasn't pushed in, the fuel pump would work for the first half mile. Then, the gas gauge would go to zero and the car would stall. Bonus: I kept a second cigarette lighter in the car with its heater removed, so I could leave it in the socket and there's no way to disable it (unless you brought your own cigarette lighter).

Of course, my system was just a bit flaky, and time and again I'd be on the highway, desperately pumping the lighter trying to keep the car going. I ended up yanking the whole shebang.

Same car had an alarm system, which over the years got triggered several dozen times by yours truly. The one time someone else triggered it by bumping my car, I came outside and thanked them.

I believe this is a story told by comedian and author Adam Carolla.
I used to drive an old ratty Subaru Impreza which was at one point meant to become a racecar (it never did) so the previous owner had removed the key ignition system. Never had it stolen because in lieu of a key it used an obscure sequence of flipping unlabeled switches in a specific order (power, fuel, ignition, then crank) to get it to start. Security through obscurity!
My old Landrover had a tap to swap between the two tanks. Leaving it in the center position saved the day a number of times.
1. It's re-inventing a kill switch.

2. It adds tons of uselees innovation to a kill switch.

3. If your car is antique/valuable/interesting, the people stealing it know the starting diagram/circuit and can easily rip it out/bypass it.

4. IF your car is antique/valuable/interesting you wouldn't add this as it can depreciate the car value/make it more ugly. You're not installing this in a brand new BMW M6, or a new Honda Civic, or a E24/1980's BMW M6 or a 1990's Honda EK Civic.

Solutionism at it's worse. Ignores the whole idea of what a car is. Ignores the innovation in Transponder tech that has been the standard for a while - only Kita/Hyundai in the USA has been avoiding it because if added BOM.

Outside the USA car thefts are not as common and in Domestic Japan/India/Asia a transponder is still pretty rare.

But back to the article - seeing this was sponsored by "University of Michigan- " - WTH is going on there? That is Ford/GM.

Ford has had PATS technology for the longest time - https://en.wikipedia.org/wiki/SecuriLock

GM has PK, same idea.

"Battery Sleuth bypasses both the wireless communication that key fobs depend on and the standardized onboard communication network that’s used in today’s vehicles. Instead, it authenticates drivers by measuring voltage fluctuations in a vehicle’s electrical system. "

Worthless, so it knows the cars resting voltage usage (easy enough) and if theres a drain, it means something is connected and that it can lock it up, but the same as a killswitch, it can be removed or bypassed.

"Battery Sleuth also has defenses to guard against hacking or physical attacks on the device itself, including a siren that sounds if illegitimate activity is detected and a resistor that shuts down the vehicle’s electrical system if an unauthorized power source is connected to the vehicle. "

Very easy to pop hood, pull siren out/disconnect. and lol "resistor" means anything/nothing.

I'd argue your 3rd point is more based in the reality of movies that involve unique cars (Gone in 60 Seconds, etc).

Most unique rides are typically stolen due to owner laziness(leaving keys on top of a tire, keys in the visor, left running, etc.).

I disagree - many cars are kept in parking lots - especially in HCOL. Access is basically whenever - if someone sees it there, and not moved often and such they know they can most likely attack it.

Stripping an security system is also doable, via the can-bus attacks we see of late, but more personalized can just be to replace the ECU. In many cars this can be done in less than 15 minutes.

Car shopping as presented in gone in 60 seconds is somewht common - ask people on any enthusiast forum and you'll see.

Miatas in Bay area, stolen for the hard top/car itself. Skylines Honda Civics - just spare parts basically, though if it's a mint enough model I can see people vin swap because 2000's Honda S2000 - mint models reach 30K now, so it's own market.

And that's just from what I've kept up* in.

Now would someone pull up to someones garage, open that, and drive out? Probably not - but alot of people do drive cars to a parking space for work, or if they live in a condo - have shared/communal parking, and such.

And to add an extra layer of paraonia, it is very inexpensive to attach a GPS/Air tag to a car and track it - within a week or two you can see a pattern of where it goes, for how long and what amount of time its standby.

The VIN number is also viewable from the windshield, meaning if the thief has any sort of connection - they could even just order a replacement key thats preprogrammed with a base code and potentially just turn up to the car and drive away.

But for opportunistic theft, yes - keys left within car/visible and then stolen but there are many different type of thieves for different markets. For unique/"antique" cars or any cars that were in the first three gran turismo - being targeted is a very big thing now in the community.

Thanks for reminding me of the Miata/Civic thefts, I nearly forgot how big that was in the mid 2010s. I recall so many articles of that happening.

I was living in Miami during that time, a friend had his EK hatch stolen, beautiful example too, spent a fortune on that car and it showed. Of course the aftermath was the same ole story of it being stripped, and cut to a near nonexistent state.

Now thinking on this "solution" the amount of social engineering that happens today will defeat this pretty quickly. Most of the thefts for cars like my friends were done by people who knew the owners.

Unfortunately it's happening more now, simply because the value of the 90's/first generation ones are through the roof (haha get it, because it's topless?). Hard tops are now worth $2500-4000 in Miata world. Used to be you couldn't sell one for $500 or so.

Running cars are worth $5000, coupled with a hard top its worth around $7000 easily - mint/very nice ones exceed $10,000. For a 20-30yr old car, it's appreciating to exceed new cost (msrp for a 1990 miata was not even $14,000!)

Over in honda land, same thing, you used to be able to pick up a basic ek no/manual/only option is AC for less than $3,000 now those are the ones in most demand and exceed $15,000-20,000!

> Outside the USA car thefts are not as common and in Domestic Japan/India/Asia a transponder is still pretty rare.

My priors are that car theft inside the USA is fairly rare now, but exceedingly common in Europe. I'm constantly hearing about all kinds of sophisticated electronic attacks on vehicles particularly in the UK, that are simply not an issue in the US.

>At the end of the three-year project, the team aims to have a commercially viable prototype that can be scaled up to commercial production, first as a theft deterrent device, and potentially later as a complete vehicle entry and control system that could replace traditional keys and fobs.

What's the point of this? Modern cars already have engines that are cryptographically tied to keys[1]. They're not perfect, but is adding a whole new rube goldberg machine into your car really better than fixing the existing system?

[1] https://en.wikipedia.org/wiki/Immobiliser

Exactly. What's even worse is that it takes a huge research grant to come up with this.

> With a new $1.2 million dollar grant from the National Science Foundation...

That amount of money is absolutely nothing compared to the waste that goes on in the startup industry. Remember the $445 million self driving pizza oven delivery van?
> Remember the $445 million self driving pizza oven delivery van?

What I find hilarious about our industry is that this could be completely made up ... or not.

>Pizza robot truck startup Stellar snags $16.5M from Jay-Z

https://www.restaurantdive.com/news/Stellar-pizza-robot-truc...

>Stellar, which was founded by former SpaceX employees in 2019, uses a robot to cook mobile ordered pizzas which are then delivered by the truck driver.

That's nowhere near the $445M claimed though. Crunchbase lists them as having only having raised $25.5M. The $445M if real, must be the valuation.

https://www.crunchbase.com/organization/steller-pizza

edit: looks I'm looking at the wrong company, see replies for details

Also, the vehicles have a human driver rather than being self-driving.
whataboutism
Startup waste is generally funded from investors though. This seems like it might be funded by government grants which are funded by taxes.
Investors using 0% interest loans funded by taxpayers.
Are you referring to quantitative easing/ZIRP or specific government programs that give favorable loans to specific industries?
QE
The Fed is the cause of QE/ZIRP, but it's not "funded by taxpayers" in any meaningful sense. The mechanism by which QE is done is that the fed prints money and uses it to buy government bonds and other assets, which pushes bond prices up, and consequently yields (and therefore interest rates) down. All of this doesn't cost the fed anything. The money is printed by them, after all. It's not like they're borrowing money from some other bank at 2%, and then distributing to the wider economy at 0%.
100% of the direct monetary cost of QE is borne by the American people.
And what is the mechanism by which the "direct monetary cost" arises, and is borne by the american people?
Inflation? Devaluation of the dollar? Debt? Current interest rates?
I’ve noticed 10-15 years of almost no innovation, but a ton of wealth transfer… but the FED still says ZIRP was a good idea.
> almost no innovation

The last 15 yrs in Biotech (esp genetics) and ML were more exciting than the previous 50.

Domino's has a near $14B market cap. Disrupting pizza delivery is a worthwhile venture!
If you could get that robot-cooks-as-you-drive idea right, even without the self-driving bit, you can out-compete Dominos by saving half the trips (back to store from delivery address).

The technology was immature but the fundamentals were there, and they'd save a not-insignificant amount of gas.

> they'd save a not-insignificant amount of gas

I wonder the efficiencies of cooking in a vehicle as opposed to a fixed pizza oven.

It all comes down to insulation I'd assume
It will necessarily be worse than the fixed oven.
(comment deleted)
That's easy. Put it on treads, and add a tree cutter/stripper, and a hopper, so that it can pick up all the fuel it needs to wood-fire the pizza off the side of the road before it goes to the next destination.
Vertical integration. Great idea. It could also have a grain mill so it can stop by some wheat fields and make its own flour.
Internal Cooking Engine.
I really can't imagine that. So you save some driver time. They're usually idle before delivery already, there's no driver shortage, and drivers/delivery isn't expensive. So there's only a small amount to undercut. For the profit to become interesting, you'd need a massive volume, but then you'd be forced to maintain a large fleet of mobile ovens. There's no automated driving, so you'd need drivers anyway. You'd have to pay everything from their idle return time, including the increased energy consumption.

Back-of-the-napkin says no.

The fact that Dominos practically begs people to come in and pick up their pizzas themselves undercuts your arguments about driver idle time. Maybe in your market they sit idle, but in mine I'd imagine they are spending 90%+ of their time fulfilling orders. My orders often spend 10min in the "Quality Check" state (waiting for a driver under a heat lamp).

Automated driving is orthogonal to the bake-as-you-drive model. Dominos will also switch to self-driving when they can.

The cost of owning 10 oven-vans vs 1 store + 10 regular cars will be the tough part and will require scale, but pizza is big business.

Arch that "quality check" thing bugs me to no end. It's the lie that bothers me: it's not like they're individually inspecting every single pepperoni or anything. They just don't have a driver available. Don't lie to me!
Wait... so the pizza would be delivered, fresh from the oven?? Is... do you know ... are they taking investors?
Yeah, that startup doesn't sound terrible to me. Like the other comments say, it's a multi-billion dollar industry. If you cook the pizza while you're driving it to the destination, then you change the time 15 minutes cooking + 15 minutes driving to just 15 minutes cooking and driving. Twice as fast.

But of course, you could offer the same latency by having a non-customizable menu and having pizzas ready to go when they're ordered. If it's 6:30PM on a Friday night, odds are someone wants the Pepperoni pizza that just came out of the oven. No fancy hardware required. The pizza is technically less fresh, but are minutes of freshness worth millions in VC? I don't know.

The "waste" in the startup industry has corrective mechanisms built in. Investors can pull their money out and take their business elsewhere.

Taxpayers cannot pull their money out of the NSF and reallocate it to a different government agency.

Sure. In theory, investors can behave as rational actors. In practice, you get all sorts of chasing the Next Big Thing because there’s too much money flowing around to too little fundamental research.

So I’m ok if we spend $1.2M on research. That’s like 5 developers for one year who would otherwise be allocated by the invisible hand into effectively useless endeavors like high frequency trading or ad tech.

Cut to the alternative universe where they’re working at Blackrock and a car thief is driving their car away.

> So I’m ok if we spend $1.2M on research.

I'm not. Where do I opt out of funding government grants?

At least I can decide not invest in something if I don't want to risk losing money.

You don't get to, because you don't get to opt out of the social benefit that they result in.

(remember that government spending basically created transistorized logic, microchips, and computer networking as we know them today. would you have opted out of those too?)

Government funded research gave us computers, the internet, EUV technology, GPS, lasers, and all sorts of other shit.

If you're on HN in the first place, there is an approximately zero percent chance that the few dollars of your tax money spent on this kind of research hold a candle to the benefits you've gained from it.

You didn't lose any money. Nor did the country, the money didn't vanish, it ended up in employees pockets. Given they are probably low paid researchers, it'll all be back in the engine of capitalism by the end of the month. Some of it will even be back in the gov's coffers, where you can pretend it's doing something you prefer, like barely covering maintenance of a single road for a year.
People get irate about government spending here's a big difference between someone wasting your money and someone wasting their own money.
How could one justify the other? Justifying waste by pointing to more waste is insane.
The more politics I see, the more its just grifting.
Wasn't there a rash of thefts of Kia and Hyundai cars recently?
Yeah, they’re targeted specially because they do not have immobilizes.
Because Kia tried to save money by removing said security systems from base models.
That was because the base model of those vehicles didn't have an immobilizer like every other car on the market as a cost cutting measure. They also have ignition switches that are relatively trivial to bypass.

It's possible that some other manufacturer may try it again in the future, but the hit to Hyundai/Kia's reputation has been substantial.

> ignition switches that are relatively trivial to bypass.

The switches themselves aren't bypassed. Their design for the lock cylinder is so crappy that it can be snapped off, exposing the peg that actuates the switch.

This would be nice to retrofit onto my old Honda, which has an easily exploited flaw in its rolling code system.

Modern cars also have new vulnerabilities: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...

> This would be nice to retrofit onto my old Honda, which has an easily exploited flaw in its rolling code system.

There are aftermarket immobilizers systems as well, that also use cryptographically bound keys.

> Modern cars also have new vulnerabilities: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...

If car manufacturers can fuck up implementing today's immobilizer systems, what makes you think they won't fuck up implementing the rube goldberg contraption? Why do we have to switch to it just to get a non-broken cryptographic implementation?

Just like the one from TFA, mass production devices are easily defeated because they are all the same.
So let me get this straight

Modern cars have engines that are cryptographically ties to keys

But the Pentagon couldn’t put biometric locks on their humvees?

https://www.ibtimes.co.in/isis-takes-dozens-captured-us-humv...

They can’t account for trillions of dollars… but we vote them more money they didn’t even ask for

https://www.nytimes.com/2019/03/11/us/politics/trump-budget....

”Mr. Trump’s budget, the largest in federal history, includes a nearly 5 percent increase in military spending — which is more than the Pentagon had asked for“

Let me get this straight -- there is graft, waste, and incompetence in the defense industry??
The men in power always abuse that power, more or less.

We need oversight but politicians are not very interested in doing oversight because corporations use their money as free speech helping their favorite politicians get re-elected, because of the Supreme Court decision that allows that to happen.

So we need a more informed population to stop corruption from happening, but some politicians don't like the idea that people should be able to read whatever books they want.

That's probably true, but tangential to the absurd point made above.

There is almost zero reason to include robust locks or immobilizers on military vehicles. They're either occupied by soldiers with guns. Or in a locked facility, guarded by soldiers with guns. Or abandoned on the battlefield (in which case, they should be scuttled, but shit happens and sometimes you need to GTFO ASAP).

Locks are often intentionally omitted from equipment in environments where high availability is prioritized. They are also often omitted in locations where physical security is provided at a broader level.
Sure, let's intentionally omit locks from equipment that is designed not to fall into enemy hands. Let's not have a kill switch, either. Sure, makes sense for an agency with more money to spend than every corporation in America!
Yes, it does make sense that the DoD is more concerned about their own soldiers' lives than whether or not the Iraqi military has their vehicles stolen from them. These vehicles were already given away, adding some stupid biometric system would increase both the price of the vehicles and the number of lives lost due to failures. Throwing technology at problems is not always a solution. The vehicles typically have better security than a lock anyway, they're occupied or guarded by soldiers with guns.

You might be familiar with locks on vehicles due to your own experiences, but deterrence to unoccupied theft is a requirement that is somewhat unique to civilian passenger vehicles. It is completely normal for many other types of vehicles to have very minimal or zero theft mitigations due to operating in different conditions with different requirements. For example, multi-million dollar jets have no anti-theft systems at all.

> Throwing technology at problems is not always a solution

It's a fine solution to the very pressing "VCs aren't giving me money" problem. You can't have a blockchain or AI startup, say, without throwing technology at random things!

Even if you put the locks on, they would never be used. If you need it you need it right now, and it's usually life or death. If somebody is trying to steal it, you shoot them. The last thing you want to be doing in a gunfight is fucking with a lock.
This is a strawman

All you have to do is have every soldier who is authorized to use your equipment unlock the vehicle through an affirmative phrase — and the vehicle can check their voice for instance, or other biometrics like their fingerprint. Or each of them can wear a beacon or smartphone which does that.

Cars today open with you just getting into the car. This is easy stuff man

Solders in warzones frequently wear gloves, encounter debris, shoot guns, or are exposed to extremely noisy conditions, which would result in an inadequate signal-to-noise ratio for reliably and quickly sensing fingerprints and/or voices. They also tend to avoid unnecessarily emitting RF which would give away their position to enemy forces who have advanced signals intelligence gathering.

Yes, it would be possible to do what you are saying. However, militaries find this undesirable because they find the drawbacks outweigh the benefits.

Voice recognition under combat stress? That shit barely works under optimal conditions.
Not true, now it is very robust
When shrapnel and bullets are flying and your nerves are completely shot, your voice wavering and you're croaking from smoke inhalation, do you really want to entrust your life to voice recognition? Come on dude, you're being absurd. We're talking about military hardware, not tech gadgets for your home.
Or you're wearing your gas mask. Or it's cold so you're wearing a balaclava.
It doesn't matter how robust it is, any voice recognition less than 100% reliable and any more expensive than $0 would put your equipment at an operational disadvantage when put on the battlefield against an opposing military with vehicles that exhibit a 0% rate of authentication failures because they lack authentication.

There is no realistic scenario in which a military has lost physical control of the vehicle, and the situation is mitigated by locks on the vehicle. It is always already too late at that point.

I'm saying what everyone else is trying to tell you 'you have no fucking idea what you are talking about, you are trying to solve a problem that does not need to be solved, that no one has a desire to solve and is in fact not even a problem'.
Can you point me to an example of such a system?
every soldier who is authorized to use your equipment

You do realize that in a war zone, that list of authorized users can change rapidly (as people are injured, die, or rotated out of combat)?

“This is easy stuff man”

Let’s assume for the sake of argument that electronics are perfect, and never fail for any reason (including but not limited to battery drain, battery overcharging, battery age, heat, cold, sudden change between heat and cold, vibration, shock, moisture, dryness, flooding, corrosion, UV degradation, rodent infiltration, wind, wind containing abrasives such as sand and dirt, chemical exposure, fire smoke exposure, fire heat exposure, sabotage due to local exploits, sabotage due to remote exploits, etc.).

Ignoring all those possibilities, you are only left with the problem of key management. You can find an overview of those challenges at https://en.m.wikipedia.org/wiki/Key_management

Managing secrets at a scale beyond people you know personally is extremely difficult to do correctly.

> You can find an overview of those challenges at https://en.m.wikipedia.org/wiki/Key_management

Not a big deal when physical security is provided at the broader level. For example, for any failed access attempt just fall back to TOFU.

(Sorry, I'm just 85% sure the top-level ancestor is trolling and I wanted to help by taking it one level deeper. :)

Does not sound like you have ever been anywhere near a combat situation.

You don't know who is going to need to be able to drive something at the drop of a hat. And the more fiddly and complicated something gets, the more likely it is to fail because of either technological or UX/human reasons in stressful situations. This would cost lives.

> Sure, let's intentionally omit locks from equipment that is designed not to fall into enemy hands.

Slow down there with the sarcasm and think about the actual requirements or use-cases first. Your average operable military vehicle is in one of three situations:

1. Actively occupied or guarded from theft by current owners/operators with guns who will not tolerate strangers getting close.

2. Parked somewhere in the middle of a whole bunch of people who are generally guarding the whole area, and those people may need to be able to operate it very quickly.

3. In some long-term storage which is well-fenced, under surveillance, guarded by people with guns, and typically very far from both overt enemies and opportunistic thieves.

So there's already an access control system tuned to a particular set of needs... and one of those needs includes "using it to escape from something dangerous even if the prior-driver and everything in their pockets got vaporized."

How many tanks and materiel did Ukrainians take from the Russians? On October 2022 it was an estimated 453 Russian tanks. I guess 1, 2, 3 don't work that well in battle

https://www.newsweek.com/how-russian-tanks-captured-ukraine-...

Also for other things too:

https://nypost.com/2023/05/11/ukrainians-strike-russians-wit...

Are you suggesting that locks would have prevented this?
Certainly kill switches would

Every TV show has a self destruct mechanism to prevent a ship from falling into enemy hands and blabla etc

An opposing military capable of leading the Russian military to abandon their tanks would also have the capability of defeating a kill switch once they have unhindered physical access to it.

Scuttling has been a common military practice, for literally millennia. This practice is unrelated to the presence of any locks on the vehicle. Militaries are equipped with explosives and weapons and can perform these actions without them being built into the vehicle. The reason this did not happen is not due to the construction of their vehicles, it is because they did not take action to do so. https://en.wikipedia.org/wiki/Scuttling

The automated self-destruct countdowns you have seen in movies and TV shows are used for dramatic effect. In reality, it is cheaper, more reliable, and safer to scuttle a manned vehicle manually.

So... you're basing your opinion about machines used by soldiers in combat.... on fictional television shows?

Just a question, have you ever worked with soldiers before?

Forget the suspensefully-narrated self destruct sequences, why has the Pentagon not invested in plot armour for every soldier? Make sure the uniforms aren't red and they can only die near series finales.
So what? None of that wall-spaghetti supports an argument for keyed ignition locks as the solution. It's not like those Russian troops had just stepped away to get coffee.

If anything, it suggests other things like:

1. Russia shouldn't have tried a desperate blitzkreig through muddy terrain.

2. The Russian military should have had better policies/equipment to destroy or scuttle the ofabandoned tanks.

3. Russian tank-drivers should have had better training so that they didn't get their vehicles stuck in embarrassing ways.

Plus it's not like the opposing force will be a bunch of joyriding delinquents: Even if you completely remove your abandoned truck's steering-wheel and pedals, your way out, they've got mechanics and tools and factories, they can just fit their own. Truly denying them any valuable salvage is actually a lot of work/damage.

No fucking key is going to stop them from finding that tank in a field, towing it back to a farm behind friendly lines, and bypassing the fucking lock using a fucking hammer or a soldering iron.
My guy, I believe the enemy already knows about our WWII-era "large truck" technology. It's fine.

You don't want either of those things in a widely used military vehicle. Soldiers do not need to die because they're fumbling and dropping keys under fire. They also don't need their truck dying in the middle of a maneuver because the kill switch accidentally went off.

Also, in war, trucks will be getting destroyed left and right. It'll literally be a rounding error.

If the enemy gets physical access to the vehicle that you're going to use to escape, you're already toasted.

And on the other hand, if you are ambushed, you don't want you and your unit to die because the soldier who had the keys just got fragged by the enemy and now you can't escape.

What a nightmare that would be: wearing gloves, fast entry and exit, injury/swapping drivers, sand.

Also those were Humvees taken from Iraqi personnel.

Or: "Our unit was ambushed while setting up camp. We could all have escaped alive in our truck, if not for the fact that the first of us killed by the enemy was Private Jeane, and she was the one with the keys."
Even if you put this device in a car or a biometric device in a car or even a normal keyed system. An enemy who has possession of that car for more than a few hours can easily bypass most locking devices.

This one is nothing more than a relay on the battery line. Simply find the relay and bridge it. Problem solved. Might take you a few hours to dig under the dash to find the damn thing, but once you do 'problem fucking solved'.

But the Pentagon couldn’t put biometric locks on their humvees?

The tanks that were stolen belonged to the Iraqi armed forces, not the US Army.

What about a classical mechanical key? I am referring to a laser cut key, the type that can't be easily lock picked, other than in Hollywood movies.

The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographically signing won't help.

However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute. Upmarket car manufacturers like Mercedes have started to add this. The only reason this is not yet widespread as increased car theft is good for car manufacturers.

Keyless cars top the list for most stolen cars across the UK, with around 93% of all stolen vehicles in 2020 being taken without vehicle keys. Addressing this stupidity would be the first step. It is like projecting your bank account details and security details on the facade of your building, and then being surprised your bank account is drained.

> What about a classical mechanical key?

can be picked

>The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographical signing won't help.

AFAIK the attack you describe only applies to keyless entry systems (ie. you can open and start a car without having to pull your key out), which is related but not the same as an immobilizer. Transponder keys without keyless entry systems still exist on today's models, and is the default on most cars unless you opt for an upgrade.

>However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute.

That helps against someone cloning your key while you're at your desk, but it seems way easier to clone the key while the driver is walking away from the car? That way you know which car to steal and don't have to follow the victim into the building, which might be secured (eg. office building with badge system). Measuring RTT time and/or trilateration (multiple antennas inside car) should be much more reliable.

Picking a laser cut key isn't trivial. Even picking a standard house lock isn't trivial, especially not in the dark.

They don't clone the key, they use an antenna to amplify the signal from your key fob and then drive off. In principle you can do this by following someone, but much safer to do this at 2am at night. Similar to a one time password, the signal is only valid for a short period of time.

Darkness doesn't have anything to do with anything. Once you get the tensioner and pick into the keyway you aren't using your eyes anymore, at that point it's all feel.
If you are that good a lock pick, you are better off as a locksmith. In real life the people send out to steal the car aren't the most talented and brightest, otherwise they would be running the operation safely from an office somewhere.
I spent maybe 2 hours with my first set of picks to unlock my first shitty masterlock padlock. An hour later I was through my front door deadbolt. It's not a hard skill to learn, especially when it comes to typical american door locks (pin tumbler). But this is all non-destructive. I used to keep a set of picks in my desk specifically to open up people personal rolling underdesk drawers/file cabinets, when they lost or forgot their keys.

My understanding that your average ignition is a little more complicated (or at least different .. wafer locks) circa 70s-90s and then they started adding radios and other things into the mix. I dunno, I've never tried to pick one of these.

Destructively bypassing your average old-school ignition is still something you can do blindly with a bent flathead screwdriver and some elbow grease in about 15 seconds flat. As is destructively bypassing any given door lock.. well not bypassing the lockper se, but instead the bolt/doorframe generally.

Bypassing the door locks is not as difficult as you think with the proper tools. See: https://www.youtube.com/watch?v=vLy65ASXuEQ

Standard house locks don't require picking at all - you can bump them in a few seconds in any light conditions.

The fact that the LPL does it, with or without a special tool, doesn't really say much about how easy it is. He is an _extremely_ skilled lockpicker, and the vast majority of thieves, even those with some lockpicking skills/experience, are not going to be able to do what he does, as fast as he does it.

I have no idea how hard it is to do with that tool. I myself have as close to zero lockpicking skills as it's possible to have while still having picked a lock (I messed with a friends clear practice lock one time). But just seeing the LPL do it gives almost no indication of how hard it is to replicate what he is doing.

The modern versions of these keys cannot be cloned, they are challenge response. So you need to relay the challenge from the key, and then relay the response from the key back to the car.

This is often used by thiefs who bring the relay close to the front door, hoping for the keys to be in a bowl or a hook near the door. Then they can open and start the car using the relay. The car then won't turn off when it loses connection to the key (because that is dangerous) which allows stealing of the car.

There are cases where this was done over much larger distance, but those attacks are more easily defeated by having tighter tollerances on the latency of the reply. The latency tollerance does not do much for the 'keys near the front-door' attack, which is what the 'stationary keys do not reply' solution is aimed at.

> (because that is dangerous)

I've always wondered why the car doesn't warn the driver that there's 100 yards left before it will cut the engine (or limit it to idle), keep the power steering, turn on the hazards, and warn the driver that the vehicle won't continue to function because the key is not in range. Doesn't seem dangerous at all...

I dropped my wife off downtown in her car and she had the key in her purse. The car did make a weird beeping noise as I drove away, but I had no idea what it meant and I was pulling onto the highway which would have been a bad time for the car to stop driving on me.
That's still dangerous, and it doesn't matter how far out you warn the driver. The moment the car cuts to idle, the driver will lose some control. Imagine this happens while you're in less-than-ideal road conditions and you need to be able to accelerate. And there are a lot of reasons that the key might lose connection to the car other than the 'not present inside the car' case, like for example, the keyfobs battery running out, or the driver dropping their keys into some kind of shielded bag (my car for example has problems sensing the key when it's in an insulated shopping bag that I have).

I think at most you could do something like have the car go into 'limp home' mode if it senses the key was never present in the car for some amount of time after the car is started.

> The modern versions of these keys cannot be cloned

The persistent rumor, of course, is that this has been cracked for specific models from specific manufacturers, with the help of someone at the dealership, maybe someone who owes large amounts of drug or gambling money to local criminal syndicate types. "All" you'd need to do then is use a valid challenge response pairs off as a cryptographic oracle to brute force the challenge-response algorithm and recover the seed value computation algorithm for the key and the car. Then "all" you need to do is record a challenge-response pair from the real key talking to the vehicle, and maybe the VIN, in order to duplicate the key, in order to steal the vehicle.

If this has been been done, the algorithm and seed-value recovery technique have not been publicly shared over the Internet, so it's only a rumor that it's been done, but given how high-tech thieves are these days, I don't consider it outside the realm of possibility.

What isn't outside the realm of possibility is the Rolling-PWN attack, which can be done with a $32 device and has been demonstrated against 10 years of Honda vehicles, up to 2022.

https://rollingpwn.github.io/rolling-pwn/

I don't know if that completely solves it. People keep keys in pockets.

The full fix is time of flight measurement but as I understand it that's still beyond cheap electronics.

Or just.. you know press a button when you want to unlock your car.

Doesn't the system already check the latency from key fob to car antenna? Better yet, you could use two antennas in the car, and triangulate the key fob.
The latency check is usually not sensitive enough to prevent a car being stolen from the drive-way from a relayed key that lies near the front door.

For reference 20 meters is about 66 nano-seconds.

Why not? A 2GHz is very attainable in modern CPUs and translates to 0.0005ns per cycle. This isn't theoretical either. 802.11mc[1] is a real standard and is accurate to 1-2m.

[1] https://en.wikipedia.org/wiki/IEEE_802.11mc

Aren’t you off by three orders of magnitude? 2GHz translates to 0.5ns per cycle. Or perhaps you meant to write ms.
Whoops, you're right!
UWB is augmenting Bluetooth for car keys solving this exact issue; The Car Connectivity Consortium came up with the Digital Key 3.0 standard that's available today, as implemented by some makes like BMW and the Hyundai/Kia group and Apple, and resists relay and replay attacks through precise ranging.
Why not put a button on the fob, like old car alarms had? Car won't start unless button is pressed on the fob, enabling the embedded radio.
Not great from an accessibility standpoint. For anyone with any sort of arthritis/rsi type issues, doing two things with the same hand at the same time is anywhere between tricky and impossible.

Consider how annoying the modern cigarette lighter is for a non-smoker.

> However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute.

Now I'm wondering how hard it would be for the thieves to shake the ground outside the house enough to fool the motion sensor...

Most thieves try to be quiet to avoid detection. However, one should be open minded to new technologies, and the use of a loud jackhammer on the drive way sound like an excellent solution to this problem.
This is two factor auth but when the "thing you own" is the standard case.

I don't get why it's not a keypad and relay though. Sounds like a complex solution to a fairly simple problem. I might be missing something though.

Edit - ah it's intended to work with many other options like controlling indicators or wipers or something - so you choose some pattern that is your password.

> it's intended to work with many other options like controlling indicators or wipers

I think you're asking exactly the right question though - how is all this not just a more complex, less secure, shittier version of a keypad that you enter a 4-6 digit code on?

It is also not any better than any other immobiliser. Unless it's on the CANBUS talking securely to the ECU, thieves will likely just bypass the module physically if they have the time.

This coupled with a CANBUS integration with the ECU to prevent it from starting would be pretty good though, since no one can wirelessly collect the signals to spoof the code.

> The only reason this is not yet widespread as increased car theft is good for car manufacturers.

Not if your brand is one of the ones known to be easy to steal. I doubt I’d buy a Hyundai in the future given my understanding of their reputation as easy targets.

Don't modern keyless fobs use something akin to TOTPs? A well kept clock can easily prevent relay attacks.
I don't think any of your typical car thieves are actually picking locks. For a traditional mechanical key ignition, generally they're going to break into the steering column and just hotwire the right connections together, or possibly jam a strong tool in the keyway and forcibly twist the cylinder depending on the design of the lock. Obviously that won't spoof a signal from a fob or other electronic signal, but it's why having a traditional mechanical lock on the ignition isn't really worthwhile. If the electronic communication is secure, a mechanical lock doesn't add value.

Maybe it's different for very high-end vehicle thieves, though.

> The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographically signing won't help.

It seems relay theft could be 100% prevented by measuring the response time, and capping it to whatever is the equivalent of say 100 meters + processing time in key fob.

This is a very engineering solution to a very not-engineering problem.

Would this deter thieves? Possibly! Would thieves eventually be able to work around it? Also probably! Would it increase the friction of getting in and driving? Definitely!

Today, your house keys are basically useless for security -- getting into your house is trivially easy both destructively and not. But we all use house keys because they feel safer. Ask people to provide biometrics or long passkeys or keycards and eliminate the existing locks? It's a hassle most folks won't tolerate.

Likewise, people are comfortable with the walk up, push button, leave nature of fobs. Replacing that with "walk up, scan fingerprint" or "walk up, type in password" is going to tick off a lot of people.

Security is always a trade-off. The most effective, and also most costly, way to avoid car theft is to not own a car at all (for example).
How is this the most costly way?
Opportunity cost of the additional travel time[1] that you have to spend because you don't have a car.

[1] Yes, I'm aware of european cities where cars aren't necessary or are actually slower than public transit. That's not applicable to most of the US though.

I wonder how many instacart/uber orders I would need to have to offset the cost of a car, assuming I can bike to most of my needs.

The only reason I have a car is because there are some specialized transportation needs (towing) that I cannot get from my bike. I use my bike for everything from hardware to Costco to groceries to child care to ... lots of stuff.

You're in the minority. Most people cannot use a bike for this stuff. They live too far away or the roads and/or terrain are not suitable for bikes.
> I wonder how many instacart/uber orders I would need to have to offset the cost of a car, assuming I can bike to most of my needs.

Not that much. One site[1] lists the TCO of a compact car at around $33k/year if you drive it for 15k mi/year for 5 years. That works out to $550/month. Of course, if you're comparing this to getting ubers, there's no way that you'll be driving anywhere near 15k mi/year, so the TCO of a comparable car is probably $450/month. That's a lot of money to spend on uber/instacart, but keep in mind that if you have a modest commute of $20 each way, that only works out to 11 round-trips a month, or half the working days. So if your lifestyle is such that you don't need to drive to work most days, and you don't any other similar uses for cars (eg. picking up kids from school and/or driving them to extracurriculars), then by all means uber everywhere rather than owning a car.

[1] https://www.kbb.com/new-cars/total-cost-of-ownership/

I've got an ebike that takes me anywhere within ~10 miles easily, including picking up/drop off kids), and I'm a remote worker (though I could bike to the office easily.)
I have a friend whose only reasonable option to commute to/from work is uber/lyft. He spends more each month on that than I do on my car loan. He can't afford to make a downpayment for a car loan of his own, because he is spending that money on uber/lyft. This is a vicious and familiar cycle in America.
Most locks on most residential facilities are not about security so much as a "tamper evident" seal for insurance purposes.
I guarantee you I, or anyone else with ~30m of training can get into 95% of homes without leaving much evidence that the locks were tampered with. House locks are very easy to pick open.
Most thieves are not trained in covert entry, they aren't lock pickers, they're desperate addicts looking to get some things to pawn for a fix.
Of course. Most thieves break in use the time honored "brick + window" method.

But I was refuting the specific idea that house locks are a tamper evident seal. They are trivially easy to bypass in a tamper evident manner.

And yet, the universal way to break into homes is with brute force, by smashing a window or kicking the door in.
If I know my door is locked, and you get in, I can still shoot you since I know I locked it, thus you'll have the tools somewhere near you showing you broke in.

If it's just a code, tons of legal ambiguity comes up. Can a gf shoot her exbf that she gave the keycode to last month?

> Can a gf shoot her exbf that she gave the keycode to last month?

How is this different from a physical key?

If anything, it might be easier to change a keycode than to change a lock.
This a good point, except that I've found that people with keycode locks on door and garages hand out the keycode like candy for some reason.. way more than anyone else hands out physical keys.
Evidence of what? I can't see how it would prevent fraud, the occupant can damage the "seal" just as well, and a burglary without damage is still a burglary and lock-picking is a thing so it doesn't have much to say about due diligence either.
> This is a very engineering solution to a very not-engineering problem.

True, the solution very obviously to reduce poverty. It's a social problem, not an engineering nor a policing problem.

Land Value Tax would fix this!
We already have a land value tax. It's called "Property Tax"
Property tax is not land value tax. Property tax is a tax on both the improvements and the base value of the land.

Land value taxes are only taxes on the value of the land.

A land value tax would tax a giant residential building and the parking lot adjacent to it the same, which encourages maximizing the value of the lot rather than leaving it for parking.

Agreed. It's surprising how often we are great at post mortem analysis in engineering contexts (asking "why" five times), but we find it uncomfortable to do the same in social contexts. We jump straight to "How" rather than "why", and build locks that inconvenience people in hopes of stopping that one "how" rather than investing in fixing the root causes.
"Today, your house keys are basically useless for security"

They are not useless. Only some people have the skills and tools to open them - so they are useful at keeping most people out, even though they don't provide perfect protection.

Most thieves are not professionals, but for example junkies who look for something easy. A simple automatic light, is already doing wonders to keep them away.

Raking house locks is a) not difficult and b) not expensive. You don't need to be a professional to do that.

But also, bricks through windows are equally not difficult and not expensive, though they do leave a bit more evidence. When my neighbors have been burgled, this is the preferred method of entry I've seen.

"But also, bricks through windows are equally not difficult and not expensive, though they do leave a bit more evidence"

But that would be loud. You don't want attention when breaking in. (Unless you are a fucked up junkie not caring about anything anymore)

But yes, my parents for example are paranoid about always locking the front door 2 times(and get angry if I don't do it when I visit), but have a glass door in the back. There are also glass cutters.

"Raking house locks is a) not difficult and b) not expensive. You don't need to be a professional to do that"

But you do have to make some investment. They are illegal to purchase (in most places), I would not know, where to start looking. And then you have to learn to use them. And I know someone who did play with those a bit - yet he still could not enter my door at all. So it is a barrier.

> They are illegal to purchase (in most places), I would not know, where to start looking.

amazon. Not much of an investment needed https://www.amazon.com/Stainless-Steel-20-School-Toolbox/dp/...

Not avaiable. (at least for me from germany)
If you're interested they're also available on Amazon.de https://www.amazon.de/LockCowboy-Transparent-Practice-Beginn...
I wasn't planning to, but why not pick up a new hobby ;)

(It is indeed cheap)

I got one lockpick kit as a gift, and found out I can open the door of my apartment in 20 sec with it as a complete beginner. The fun part was that it was not possible to open it from the inside. That was how I learned that the lock was mounted with the inside part on the outside (it was a rented apartment).
> They are illegal to purchase (in most places)

Lockpicks are legal almost everywhere in the US.[0] Even in places where they aren't legal, they're not exactly difficult to obtain, given that a perfectly adequate rake can be made from any key that fits the target lock, and there are only ~3 keyways in common residential use.

[0] https://www.toool.us/lockpicking-laws.php

The best locks offer is that you have to plan a break-in in advance; i.e., you have to have your lockpicking tools with you. That said, you can pick master locks with a paperclip; I've done it. So it's not much of a barrier.

That said, just because people have low-security locks on their house doesn't mean that better options aren't available. I have Medeco locks. They are harder to pick than what you get at the hardware store. So far, no break-ins from lockpickers! Also, I'll sell you a rock that keeps tigers away.

> But that would be loud. You don't want attention when breaking in. (Unless you are a fucked up junkie not caring about anything anymore)

Pre-Covid, it didn't matter if you were loud. You and your neighbors were all off at work all day. So long as a thief felt confident there was no alarm to trigger, they could make all the racket they wanted and no one would hear.

Today, it's a little more risky but of the half dozen houses on my street I'd probably only hear one getting broken into and that's only if I were downstairs. Our homes aren't on especially large lots either (7-10k sq ft).

But a thief does not know, if no one is there in the neighborhood, unless he is indeed professional and scouts the area in advance. Also in my area, there are plenty of old people always watching and listening ..
Wait until an awful rainy night, then rock through window changes! Dog hears it and begins to bark per usual practice.

Dog owner gets up, yells at dog to shut up... because rain!

It's funny, I have the opposite problem. I have a particular door lock for which three different locksmiths have all failed to cut usable keys. The originals work fine, but the copies don't. The last set barely works, if you wiggle it around a lot and ram to get it in, but then it gets stuck in there and is nearly impossible to remove.

They've tried various blanks, and I've never gotten a satisfactory explanation from any of them. It's possible all my local locksmiths are inexpert.

Yeah, I have the same problem with some old locks. Impossible to get a copy for a key, because it does not meet some modern standard.
want to post a picture anonymously? it may be that the biting is difficult. It may also be that one or more of the locks pins is sightly out of spec.
Its just a schlage or kwickset?

The pins in new locks have pretty tight tolerances for the first couple years until they wear a bit. Its likely they are just using older equipment which isn't sufficiently precise to cut them. Get a key that is exactly right, and works with a bit of wiggling, use it as your primary key for a couple months and it will work just as well as the originals. The slight variations in the key ways/etc will knock the edges off the pins with enough use. Assuming the key is cut correctly from the right blank, you might just need a bit of lube/oil on the key. If you can see variations by eye in the ramps/etc its likely the key is just wrong.

At least here in the Nordics no one uses easily pickable locks for house or apartment doors. Those kinds of locks are mostly found in cheap padlocks and maybe bike locks. Doors usually have Abloy locks or similar.
> Only some people have the skills and tools to open them - so they are useful at keeping most people out,

No, not really. A large part of the security of locks comes from most people not knowing that they have the tools and skills to open them. It's like if everyone taped their door shut, and we depended on most people not knowing that tape is easily removed.

My kid accidentally locked us out of the house the other day by twisting the knob lock on our garage door. Turns out we never got a key for that lock when we bought the house - oops! And we didn't have keys for the back door, for complicated reasons. No worries, I took my wife's key ring and used the key to her parents' house to open our back door. In my experience, most keys work in most locks, if you just apply a light turning force and then rake the key in and out a bunch of times, ending with the key sticking all the way out except for a millimeter or two.

Erm, maybe the locks in germany(europe) are different - but what you describe I only know from very old or cheap locks, no one would use for a front door (insurance would not accept that).
> (insurance would not accept that).

Which is always hilarious to me considering insurance has no problem with glass windows or fenced in backyards.

haha, well in America, insurance has no idea what kind of locks you have, and the vast majority of home locks are "whatever was cheap at home depot".

My front door is a pricey digital lock with a key for backup, and I don't think I could pick it with this method. That's why my first instinct was to try on our cheapest door.

Well, here they also don't know, but if a break in happens, they might check the lock and refuse to pay if it does not meet a minimum standard.
I haven't had a key for my house in probably 10 years. I used the garage door opener PIN pad to get in. I recently replaced the front door lock with a new one that also has a PIN keypad, but I still mostly enter and leave through the garage out of habit.
A friend of mine was bored and bought a Lishi tool online recently. Within 10 minutes and with no previous lock picking experience he was able to silently pick his house's deadbolt.
This can be true while it still keeping most criminals out. It's going to depend on the location and context. I'd say an analogy for this is engineer thinking versus economist thinking. My observation is that criminals prefer the latter. Rather than doubling down on engineering, they try to move to a more lucrative venture. Getting better at burgling houses doesn't change the upside as much as other crime.

In my suburban area, the biggest problem is unlocked doors on houses and cars. Despite this problem existing for many years, doors are still regularly left open. The criminals don't attempt to exploit the same neighborhood repeatedly. They pass through in waves and then go elsewhere before returning when everyone has let their guard down. When they attempt forced entry, or anything more than casual theft, they get a lot of attention and caught.

They could improve their takings by developing some lock picking skill, but it's also higher risk since they have to spend some more time on each target which increases the risk that an observer will actually notice them. I could easily imagine a dog walker ignoring someone entering a home through an unlocked door, or making it look like they are checking a door is locked when entry fails.

Being in country that uses proper locks... Yep, people aren't picking them in field.

Good locks are expensive, but they also last a long time. And nearly unpickable is good enough. There is wall of window next anyway that then becomes much easier.

Another reason you have locks is to show intent to keep others out.

You can't shoot someone that walks into your home through an open door.

You can shoot someone that rams your door to open it.

You cannot shoot anybody in the largest majority of countries on this planet. Thankfully.
How do you get criminals to obey this nice rule?
By making it hard to obtain weapons. The US thinking to me seams to go along the lines of handing out nuclear weapons to everybody so forces are balanced...
What do you do if two criminals break into your house and you don't have a gun?
I love that this got downvotes but no responses.
A few things:

The number one, by far most effective thing you do comes well ahead of those armed, home entry thieves, and that is you make your home scream "GO AWAY!"

Get a dog

Employ great lighting

Put the home alarm stickers on, actual alarm optional, [3]

Clean up.

Etc...

The criminals work on risk reward. You can bias that equation away from favorable meaning the baddies pick another home, not yours.

From there, should you really feel this scenario could happen, maybe consider a gun. But if you do, please get gun education. One bad scenario is to have a gun, and face experienced users. Your chance of getting you, and or family, hurt go way up!

I do mostly identify with the left, but am gun friendly having grown up rural and well educated about guns.

[3] - no joke! Neighbors had done the sticker thing for roughly a decade. That, plus the other suggestions work well.

For 500 bucks worth of crypto anyone in the world can get a reasonably competent full auto AK with a box of milsurp ammo.

If that's your definition of "hard", I'd say you're setting that bar far too low.

And the overwhelming majority of people, including thieves, don't do this, because the raised barrier to entry makes gun crimes vastly less attractive. Combine that with a broad social safety net that reduces poverty, and you miraculously get homicide rates dropping through the floor: https://commons.wikimedia.org/wiki/File:Map_of_countries_by_...
> because the raised barrier to entry makes gun crimes vastly less attractive.

Is that assertion based on study or "common sense?" It may well be that they don't feel the need to bring a gun because they know their victims are definitely not going to be armed anyways.

The real question would, do the criminals not use a weapon at all, or do they use weapons that just don't happen to be guns?

> broad social safety net that reduces poverty

People aren't being shot in the US because of poverty. The _majority_ of "gun violence" in the US is actually suicides. It's nearly 2/3 of that terrible statistical category. The remainder of murders typically involve alcohol and arguments.

The majority of murder victims in the US know their murderer by name and have been acquainted with them for years. Means. Motive. Opportunity. These things don't change.

Shinzo Abe might disagree with this
He was right leaning so you are probably correct. But I would think his murder might have happened earlier if weapons were legal for most citizens as in the US.
I'm not so sure. The assassin took advantage of the fact that nobody was expecting a gunman. In an armed society, there would have been more defense measures present to prepare for such an attack
> By making it hard to obtain weapons.

If the legal rule is "you can't shoot anybody", which is what the post I responded to said, wouldn't that make it impossible to legally obtain weapons? Why just "hard"?

If, OTOH, you mean make it hard to illegally obtain weapons, where has this actually been done successfully? My reading of human history is that criminals who want weapons have always been able to get them somehow.

> The US thinking to me seams to go along the lines of handing out nuclear weapons to everybody so forces are balanced...

I don't know where you are getting that from. The US thinking is very simple: since it is impossible for governments to prevent all violent crimes or to ensure that police show up in time to protect citizens from being harmed by violent crime, citizens must be allowed to have the means of self defense. The best way to minimize the number of citizens that feel the need to have weapons for self-defense is to extirpate crime--but unfortunately the US in recent decades has been moving in the opposite direction.

This is a lame response. A man with a knife or a bat has the tools he needs to easily kill your whole family. So what is the plan to protect a family since knives and bats will always exist?
I imagine some Non-Americans reading this are horrified.

But Americans know that this (a pre-shooting checklist) isn't a reason for door locks for every American. And I'd guess it only is for a small minority of Americans.

I'm not American and I'm not horrified...if someone breaks into your house seems quite fine to shoot them if you can.
WTF? Do you mean that you can't shoot someone without legal consequence in some US jurisdiction if you have an open door? You can still shoot them...

>You can shoot someone that rams your door to open it.

So somebody destroys a door and that entitles you to take their life?

I think in both situations you should just refrain from shooting at all. Seems to work in most of the rest of the world..

No, you can't legally shoot someone that walks in through an open door. You can ask them to leave, but youre going to have big problems if you shoot them and all they did up to that point was not leave instantly when asked, if they walked through an open door.

If the door is locked, and they break in, you are not shooting them because they broke a lock. You are shooting them because theyve shown criminal intent by forcibly making their way through a locked door.

I'm curious in how many jurisdictions simply "showing criminal intent" is sufficient to mean they're legally a target to be shot at, potentially fatally. I'd be pretty horrified to know I was living in such a jurisdiction. Whereas somebody walking through my open door while clearly posing a threat to my life, or the life of family members (e.g. holding a weapon) I would have no hypothetical qualms over aiming a gun at, and should they continue to approach, firing. Mind you if that did result in their death I'd still expect to be required to provide evidence that it was a reasonable course of self-defence given the circumstances. Are you saying that isn't the case wherever you live?
Instead of trying to catch me making a language error on exactly what criminal intent is... Why don't you think about this like a human.... You are at home with your wife and kids. A large man wearing all black with his face covered has broken your door lock and forced the door open. He is now making his way up your stairs where all your family is. Should you be able to legally shoot this man? If not, what is your plan for protecting your family members from this person?
Not a question of language error, I'm just interested in how different parts of the world have different takes on when taking a life can be legally justified. FWIW, in your scenario, if I simply shot the man and killed him, then I would fully expect to be questioned and possibly charged, and only acquitted if I could demonstrate killing him was a justifiable act of self-defense. I don't imagine whether he'd broken the door lock would be considered particularly relevant. As it happens, I've forced locked doors open with no criminal intent - I'd simply lost my key and needed to get back inside my own house. It's not impossible the man in question had got confused about which house was his and was doing the same thing.
I got it. If a man breaks into your house, begins walking up the stairs while your wife and kids are there, you're going to be cautious to see if stopping him with deadly force is necessary. Maybe first let him strike you in the face too. You wouldn't want to kill him if he's punch only knocks you down and allows you to get up and fight him off like a super hero! And if he punches you so hard you loose consciousness, what's the worst he's going to do? Rape your wife?
Yes, I absolutely would be cautious - if nothing else, attempting to stop him with deadly force may well be what triggers the situation to become violent and life-threatening for my family and myself. But more importantly, all the circumstances I can realistically imagine myself trespassing into somebody's house do not involve me intending any harm to any of the occupants, so I would very much hope most people would approach such scenarios with similar caution.
Are you sure you can run all those calculations while breaking and entering is occurring in your home? It varies quite a bit from place to place, as you can see...

https://en.wikipedia.org/wiki/Castle_doctrine

But the basic idea is that the natural right of self-defense extends to certain areas, including one's home. (That is, you do not have to wait until the intruder has his hands around your neck in order to defend yourself.) If you would prefer to not be allowed to defend yourself, that's you. In many countries (not just the US) invading people's homes makes for a dangerous and short career, as it should.

Thanks for that link, that is pretty interesting and I can't honestly say I know exactly what the law is where I live (in Australia, but not in the state that gets a special mention in that article). And absolutely, if I happened to have access to a lethal weapon and I was sufficiently fearful I might well be tempted to use it on an intruder even well before they posed an immediate threat. But if I really were responsible for taking an intruder's life and the courts determined that they were never a realistic threat to anyone, nor was there any good reason for me to believe they were (e.g. I had a clear view of them, could see that had no weapon, and they weren't acting in any sort of hostile manner), I'd fully expect to go to jail for it.
> getting into your house is trivially easy both destructively and not.

Absolutely not the case. With toughened glass and modern reinforced doors it is very far from trivial. At least in the UK. I understand security standards can be much lower depending on the country.

I simply drive a manual - ultimate theft deterrent these days
Not true. My manual civic was stolen 5 times in 5 years.

Car thieves learn how to break into various makes and models of cars and hotwire them. They have also figured out this thing called a "clutch".

in the last 5 years? thieves these days are young kids who have never seen three pedals
From 2015-2020. I started keeping it locked away since 2020.

You're obviously wrong about the car thieves, because this happened to my car. Two of the thieves were central american gangsters. They left reggaeton and stolen audio systems in the car. Another guy was an old meth-head, who stole and lived in it for a week by the bay. I found all his drug crap in it afterward.

Thus begins the spiral coming back to "physical" security vs abstracted tech. Imagine the sales of a new BMW M5... "Yup this baby has it all. Top of the line security. Worried the thieves will see your finger prints on the keypad no worries. Just manually hit the windshield 3x, run the blinkers so many times. Etc etc. And there she goes..."
I was once told that you can buy on of those realistic baby doll and leave it on the back seat.
Great way to get your windows broken everyday
Commercial immobilizers do that, but with much more sophisticated technique than this amateur hour.

Mine sits straight near the car CPU and is protected by a metal box.

Easier solution: take off one highly visible trim piece from the dashboard or console of your car, and throw a $20 DMM on the passenger seat. A couple random bits of loose wire in various colors for effect, maybe a half roll of electrical tape, and nobody's going to take a second look.

Source: nobody has ever stolen any of the cars I've owned while I've been troubleshooting the ongoing electrical problems.

this is 'cool but stupid'.

Running a relay into the car to a switch thats protected just moves a analog electrical problem somewhere else, it' still just two wires to jump at the end of the day

What you want is what smarter cars have, integration to the ECU. So you put in the wrong key, it does a crypto exchange with the ecu, and the ECU won't crank. Even if you crank it by jumping the solenoid, it won't power the fuel pump, the computer will still say 'I am off' sorry no fuel no timing, nothing.

Right, the image shows it connected to the battery pole. Just pop the hood, bridge the contacts. Any proper solution has to be integrated into some essential part that is difficult to access (like the ECU).

Maybe they want that thing to talk to the ECU? Otherwise, how is it locking the car?

a lot of cars have cutoffs switches for all sorts of stuff, like rollover switches, overboost limiters etc... you could tap into any of those to immobilize a car.

but you need to tuck that shit up under neath in the dash or wherever the ECU is, and that doesn't solve any issues because it's still just one wire to short out. You need something tucked up underneath you can use wireless transponder so theres nothing obvious preventing it from cranking.

Classic man in the middle attack can be easily dealt with PKI. Why go through such a hassle?
Couldn't they just make the car blare non-stop alternating sirens for 10 minutes at a time, 4 times an hour for 12 hours, loud enough to get through drywall and double-paned windows, at the slightest perturbation?

Although I don't own a car, I'm happy when I hear throughout the day and night that my neighbor's cars are well protected.

We had that in the 90's and 00's, cars still got stolen
I lived in Chicago at that time, you heard those car alarms constantly and they were just ignored. I still remember the sequence of beeps, whoops, and buzzers of the popular alarms.

For the device in TFA, I don't see what prevents a thief from just bypassing the thing with a jumper from the battery + terminal.

Do you remember the the birds which adapted their calls to mimic the alarm noises?
The mocking bird in my backyard knows all the car alarm sounds, it's part of his daily routine.
I guess it wasn't only me who mentally associated that sound with "uh oh someone's car was hit by a small branch carried by the wind" and/or "a cat walked over the car".
I've come pretty close to keying "FIX YOUR ALARM" into people's doors for this. In the end left them notes about it, which did result in it getting fixed, so I haven't had to actually do it. Someday, though.

I still think car alarms are a net negative to society. Thousands of hours of disrupted sleep and it prevents approximately no thefts.

Not to mention all of the mockingbirds that have learned the song of the car alarm. It's the most complex birdsong out there, so many mockingbirds picked it up while it was regularly sung, and now it's passed down from each generation to the next.
This approach is not mischief proof and will become an easy way to get back at the owners and/or your neighbors.

All a thief has to do is trigger enough false alarms (directly or indirectly) to annoy you and the neighborhood that you either disable it or learn to ignore it as false alarm.

It also conveniently doubles as a fireworks detector!
I know someone who wired their turn signal / high beam stalk to need to be pulled while turning the ignition key. Back in the early-mid 90s, my dad had a tiny light switch that needed to be toggled before starting the car.

It's ridiculous this sort of thing is needed, but it's sort of...fun?

Maybe I'm missing something, but in some of my international travels, rental cars had a keypad that had to be entered correctly prior to the key working. No key code entry, no run.

Put the keypad in 3 times incorrectly in a row, system blinks rad, you sat for an hour unless you called the rental place for an override key.

Voltage fluctuation aside, it seems like the same system.

I haven't seen a separate keypad immobilizer (the kind where you put key in ignition and turn, but engine wont start until a pin is entered into a separate keypad in the cabin) since I last sat in a Peugeot 205 in the early 90s - I'd be shocked to see one on anything made in the last decade that isn't a weird aftermarket accessory. I've never seen this on a rental car in Europe/US in recent memory.

The pin pads Ford often fit to doors are not the same thing - those are to provide cabin access without a key at places such as worksites or camping trips etc.

Travel to Israel, its in -every- car.
required by insurance
(comment deleted)
In Cyprus, rental cars also have them (of course these are aftermarket).
The GM EV1 had this solved early on: they didn't use keys at all - just a numeric PIN that you entered on the door and on the center console to start. ;)

http://www.kingoftheroad.net/charge_across_america/graphics_...

Slap your PIN in and hit the RUN button and it'd fire right up.

I believe Ford has a patent on keypad entry. Many of their vehicles have it.
I love the keypad on my F150 I seriously wish all vehicles had it.
It used to be that the PIN logic was just a simple rolling buffer and substring(ish) search, such that for a 6 button keypad, an optimized 80ish button sequence would open every single vehicle with those keypads.