CT5-V Theft Attempt

[itzdanielp]

Whelp, they tried. They were not successful, but I'm not entirely sure (based off of other things I've read since) that I'm not just lucky, or they were incompetent.

2 questions;

First, has anyone had to replace the "static" portion of the back door window? I *think* it's GM Part 84933818 but would love confirmation, and approximate timeline / cost.

Second; Do any of you have contacts with GM Engineering? I'm a cyber security engineer and would love to further understand what specifically goes on between the car and the key, and what that negotiation looks like. The thieves did have some sort of computer or scanner plugged into my ODB-II Port before they got spooked and ran, and I'm trying to understand if they were able to gather enough information to come back with a forged key, or if they were just incompetent.

 

[DCV]

They would have to be near you and the FOB when you used it, to clone it.

 

[itzdanielp]

@DCV - I wish that were true, but I'm not sure it is.

There is at least 1 report of a successful theft while the key was stored in a Faraday container; which doesn't necessarily preclude a previous encounter where the key was cloned, but seems unlikely.

Additionally, it is trivial for GM to create a replacement key which means the codes are either documented or otherwise listed and easily programmed. This is what I am most concerned about - were the thieves successfully able to gather enough information from the car's computer to clone a key and come back.

It would be great to understand how specifically the codes operate (e.g. are they static challenge / response, are they a time-bound rotating key, I don't believe they are cryptographic / PKI).

Forum discussing another stolen blackwing - https://www.**************.com/threads/2022-ct5v-blackwing-stolen.1130350



edit; <sigh> apparently links are blocked. The obfuscated portion of the above is "cadillac forums" without the space between the words. Apparently there is beef between this site's owners and them.

 

[CBH]

I am very certain no manufacturer will provide engineering details about their proprietary security.

However, from personal experience I can tell you that Chevy pickups require the dealer to perform an hour long reprogramming procedure to pair a new physical key to the vehicle.

Hard to understand how it could take so long, but it does for '15 full size trucks and the last generation (ended in '22) Colorados. Not sure if the Caddy matches that newer truck or not.

 

[itzdanielp]

There is a difference between providing information around how a protocol operates, and providing inside information that would potentially compromise said protocol. For example I can tell you exactly how the negotiation between your device (computer / phone) and this website operate, how keys are passed, what encryption algorithms are used, and how everything is validated (or you can read about TLS on tens of thousands of websites) without compromising the security of the protocol or your connection to this site.

That said, maybe that is why car security is still a joke. Manufacturers (GM included) would rather bury their head in the sand behind "proprietary" - while simultaneously giving the tools and inside information to any random person working for any of their thousands of independently owned partners worldwide (dealerships, etc.). Security through obscurity does not work, and if you want to at least pretend it does work, make damn sure *no one* knows how it works.

Ranting aside, I really appreciate the additional info about the trucks. I don't think that it "Actually takes that long" due to a slow process, but rather they have safeties built into the reset process that force an extended wait to prevent thefts. That is actually a similar process to FoMoCo, and does definitely help this specific type of attack. The fact that my key still works leads me to believe they didn't even attempt to start phase1.

I'd assume it is at least a similar process, whether it matches directly or not.

My bigger question is honestly; Is there any information that they could gather from ODB or CANBUS information while they were plugged in that would allow them to forge a key offline and return with a working key.

 

[FLYARMY]

Dealerships are a rip-off for a new fob and programming. Here is a hidden camera video about Ford. I'm sure GM is the same. I was at my local Caddy dealer the other day and an old man was in there buying a new #2023 battery for his fob and they charged him $30 to install the battery. They charged him $17 for two batteries. They should be ashamed.

 

[jbawden]

Dealerships are a rip-off for a new fob and programming. Here is a hidden camera video about Ford. I'm sure GM is the same. I was at my local Caddy dealer the other day and an old man was in there buying a new #2023 battery for his fob and they charged him $30 to install the battery. They charged him $17 for two batteries. They should be ashamed.

While I agree dealers are often savages and should sell the battery and install at no charge, I feel like if you can't source a battery from CVS and a YouTube video on how to open the fob (or find a neighbor/friend/family), $47 is an appropriate fee for your lack or resourcefulness. I think we've gone too far down the road for blaming others for our own incompetence, especially when we have so many resources at our disposal to avoid doing stupid stuff.

 

[ernsteeng]

When I took my Lexus in for service over the summer for its first annual checkup they told me they would replace the remote battery as part of the service. I assumed (my mistake) that it would be free of charge. My old Honda dealer always replaced my Odyssey remote batteries free of charge. I thought a Lexus dealer would do the same. They charged me $15 for the battery. I won't be making that mistake again.

 

[FLYARMY]

While I agree dealers are often savages and should sell the battery and install at no charge, I feel like if you can't source a battery from CVS and a YouTube video on how to open the fob (or find a neighbor/friend/family), $47 is an appropriate fee for your lack or resourcefulness. I think we've gone too far down the road for blaming others for our own incompetence, especially when we have so many resources at our disposal to avoid doing stupid stuff.

Note that I said it was an "old man" getting the battery replaced. I'm sure many of us have elderly relatives who are not computer or cell phone savvy. If it was me working the counter....I would have told the old guy to go get a $5 battery at the store, come back and I will put it in for free. That's just me and how I was raised. $47 bucks is a big hit for elderly people on a social security income.