Vehicle security operation: Key programming, immobilizers, and more
Content brought to you by PTEN. To subscribe, click here.
What you'll learn:
- Vehicle security is not only to prevent vehicle theft or unauthorized use, but it's also there to prevent malicious activity taking place in the vehicle network systems.
- Now vehicle security and immobilizers are not one in the same.
- Tools for troubleshooting intermittent issues caused by immobilizers.
Vehicle security has been around for decades. Today, automobile manufacturers have been implementing various strategies regarding security. Many of the anti-theft systems involve the prevention of access into the vehicle and the immobilization of the propulsion system (Figure 1). Vehicle security is not only to prevent vehicle theft or unauthorized use, but it's also there to prevent malicious activity taking place in the vehicle network systems. This is especially true on vehicles that have controls that could effectively inhibit safe operation of the vehicle.
For these reasons, the auto manufacturers are deeply concerned about network communication security (Figure 2). If an unwanted command is issued across the network, it could mean that the messages flying across the various networks upon the vehicle could issue inappropriate commands that would take the vehicle into an unsafe situation. During normal service operations, technicians are tasked with utilizing various diagnostic platform devices that communicate on many of these network platforms. In some cases, there may be initialization, calibration, or reprogramming events that take place that could possibly compromise the vehicle.
Taking this to the next level, vehicle manufacturers are interested in what is happening during service and they do this by creating a log of who accessed the vehicle systems, what was done, when it was done, and where it was done.
This is no different than what you would see in many of the information technology systems that support our everyday operations. If an audit is needed, it would make sense to be able to go back and look at who, what, when, and where services were performed on the vehicle. Doing so can cover the liability aspects of vehicle operations in the case where something went sideways.
As mentioned in a previous article I wrote on vehicle security, Charlie Miller and Chris Valasek, two white-hat hackers, embarked on a side project where they broke into a 2015 Jeep Grand Cherokee’s network and discovered and exploited various security holes on the vehicle.
Their activities generated a lot of reaction by the National Highway Transportation Safety Administration (NHTSA) and Congress, which pushed automakers to place more focus on security. The hack exposed other vulnerabilities including those supporting these systems, such as the wireless connections to cellular network providers. With a little bit of knowledge and the tools needed to push messages onto the CAN bus, one can greatly compromise safe vehicle operation.
The immobilizer systems used on today's vehicles have grown to become quite sophisticated. In basic terms these systems use cryptography by utilizing a challenge response type pattern as an exchange between the key fob and the immobilizer module. There are numerous tools out in the marketplace that have proven to be highly successful in helping the technician during troubleshooting operations.
Now vehicle security and immobilizers are not one in the same. While there may be issues with a vehicle not starting due to a defective key, or key transponder (or something in the immobilizer system), one may find themselves dealing with an immobilizer system after repairing a vehicle, that required the replacement of a module. In such cases, one is typically required to program module and then re-establish proper immobilizer operation.
If one doesn't have the ability to set up the immobilizer, this will likely result in a vehicle that will not start. For those of us in the United States, we are fortunate to have the National Automotive Service Task Force (NASTF). NASTF has a program called the Vehicle Security Professional (VSP). Signing up for a VSP license will require a fee along with required documentation and a background check. Once approved, they will have credentials that they can use to execute numerous vehicle security operations in cooperation with vehicle manufacturers (Figure 3).
I can tell you firsthand that although my shop doesn't do a ton of key and security related repairs, having this credential has surely made life a lot easier. There have been numerous cases where we were replacing a module which required security access into the vehicle, and we were able to securely log into the vehicle manufacturer portal and carry out the steps to complete the repair. In performing such operations, this will require you to fill out a vehicle owner positive identification form (D1) which creates an official record.
Field information
I recently spoke to Matt Fanslow (who’s a shop manager/diagnostician at Riverside Automotive in Redwing, Minn.) about automotive security. He states that he’s been heavily involved in key/key-fob replacement, programming and troubleshooting security systems for the past few years and has acquired an arsenal of tooling to support such services.
We talked about how he’s been able to grow the business and increase his capabilities at the same time. He states that the programming and key cutting is taking place well into double digits per month and continues to grow.
Additionally, he states that now that he has what he considered to be the top-of-the-line CNC key cutter, the Triton+, from XtoolUSA, and that he’s acquired business from a few local car dealer’s parts departments since they’re unable to perform cuts on high security keys.
I asked him for a list of the equipment he’s using and here’s what he shared with me:
- Xhorse Dolphin II XP-005L
- XToolUSA Triton+
- Autel MaxiIM IM608
- Autel XP400Pro
- Autel IMPKA
- Autel G-Box2
- Autel APB112
- TOPDON T-Ninja 1000
- XToolUSA AutoProPAD
- And a variety of EEPROM, board-level tools
He also commented that there are cases where a job will require the use of various tools to complete, since they all have their strengths and weaknesses. Some can save hours on a job by allowing you to quickly assess a situation and formulate a path to success.
For example, if you have a push-button start vehicle whose key fob is inoperative and you’ve already performed the obvious services (like battery and inspection), the Autel APB112, along with the MaxiIM IM608/508 can help to emulate the smart key, to aid in diagnosis. In other cases, he states that the G-Box2 can save you hours on a Mercedes-Benz, where you have an "all keys lost" situation.
I also spoke with Pedro De La Torre, who owns and operates Logic Auto, a mobile diagnostics company in northwest Indiana. He performs a wide variety of services that include security operations. Additionally, he recently began providing a wide variety of instructional and hands-on security training with Michael Christopherson (another mobile technician, located in Utah). Students get to discover various tools and techniques used to address challenges technicians face in the field. They also gain a great deal of knowledge about microchips, EEPROMs, data sheets, soldering techniques, and more. For more information, see eepromicon.com.
De La Torre first shared some information about the key cutting tools he uses. His first key cutting machine was the Xhorse Dolphin but now his main go-to machine is the Triton+ sold by XToolUSA. He also states that when it comes to scan tools, there isn’t a single solution to cover all situations but the Autel MaxiIM IM608 and IM508 cover quite a bit of ground.
Additionally, for troubleshooting intermittent issues caused by immobilizers, he has other tools in his arsenal to help. He described situations such as a Mercedes-Benz that he suspects has a key with an intermittent problem, he can use an emulator device that Xhorse VVDI offers to isolate and test the system. He may end up placing the vehicle back into service for a short period of time to verify that the intermittent issue has subsided, and then knows what replacement components need to be ordered for the vehicle. He reiterated that many of these tools help to save tons of time during the diagnostic process.
Another example he shared is that on keyless entry/push-button start vehicles the Xhorse VVDI can be used to verify both sides of the wireless communication and can emulate the transponder. When it comes to board-level, in-circuit operations, he uses a tool called the AR-32A from Andromeda Research Labs, arlabs.com, and other tools they offer as well.
He also states that his skill and expertise took a lot of work and self-study, to acquire. I asked him where one should start if they wanted to get into the automotive security business. He stated, in addition to first assessing your addressable market, one should start by researching the tools being offered and their capabilities which can be done today, quite easily, thanks to the internet.
And of course, he mentioned training which is where his outlook of vehicle security took off after attending one of Christopherson’s hands-on EEPROMicon events. He also states that learning how to research microchips data sheets will be an essential skill when it comes to board level service (Figure 4).
Sign up for the Professional Distributor e-newsletter today for the latest new product announcements, sales tips, and much more!
Vehicle security can present diagnostic challenges, but it also presents business opportunities. If you’re thinking about getting into this business, it can appear overwhelming. It will indeed take an investment in tooling and training, and I hope that this article has provided some starting points.