Sponsored
Apparent New Theft Tactic
- Thread starter mcd_ovrlnd
- Start date
- Watchers 12
- First Name
- Kolby
- Joined
- Apr 18, 2024
- Threads
- 1
- Messages
- 27
- Reaction score
- 10
- Location
- Calgary Canada
- Vehicle(s)
- 2024 Prius & 2024 Land Cruiser
Ya the $1200 ghost or IGLA or Masterguard - source was the police task force working on stolen cars. Again I’m not trying to argue just relay information. I’d think the police would be relatively objective in something like this vs the businesses selling these things. Seems like there is no sure fire way to stop theft, regardless of what we’re told.
There is always a way around security. If you had unlimited access to a car, you could tear it apart and find the immobilizer. My 2020 Charger Scat Pack was stolen and recovered from a canbus attack. I had it locked down after recovery and there were 4 failed attempts to retake it after that. I eventually sold it but immobilizers do work. The IGLA is tiny and hidden deep in the factory harnesses.
I have a friend who is a Houston PD detective and these are his comments:
I have a friend who is a Houston PD detective and these are his comments:
- First Name
- Sam
- Joined
- Aug 2, 2025
- Threads
- 3
- Messages
- 8
- Reaction score
- 6
- Location
- Montgomery TX
- Vehicle(s)
- 2025 Toyota 4Runner TRD Sport
I wonder if you can put an old fashion kill switch somewhere hidden that even if the vehicle is unlocked and accessed if that kill switch isn’t off then the car can’t be started. Maybe start using biometrics in the start buttons. 
- First Name
- Edward
- Joined
- Apr 6, 2025
- Threads
- 4
- Messages
- 42
- Reaction score
- 26
- Location
- SURREY, BC
- Vehicle(s)
- Rav4
Fight new tech with old tech, i just put steering wheel lock, at least it makes it harder for thieves
- Joined
- Nov 2, 2023
- Threads
- 1
- Messages
- 90
- Reaction score
- 69
- Location
- Calgary, AB, Canada
- Vehicle(s)
- Escape
Yea once into the canbus things aren’t really guarded as they should be. This article does a good deep dive on it. Been considering a ghost 2 for a while now. Thanks for the reminder for me to get off my ass and get er done.
the problem of encrypting the canbus is you lose speed in critical area's were you need speed over security.
and the cost will go up since you need to de/encrypt the signal at both ends so that adds cost to each component.
majority of the general public wont understand the cost increase or balk about it, but the people that understand would gladly pay for it.
the side effect, aftermarket mods will dry up since they couldnt tie into canbus and as an added bonus, you get locked into oem parts since they only can supply or tied into the secure ecosystem.
and the cost will go up since you need to de/encrypt the signal at both ends so that adds cost to each component.
majority of the general public wont understand the cost increase or balk about it, but the people that understand would gladly pay for it.
the side effect, aftermarket mods will dry up since they couldnt tie into canbus and as an added bonus, you get locked into oem parts since they only can supply or tied into the secure ecosystem.
- Joined
- Nov 2, 2023
- Threads
- 1
- Messages
- 90
- Reaction score
- 69
- Location
- Calgary, AB, Canada
- Vehicle(s)
- Escape
I haven’t considered the cost but would be curious as to what it would be in a real world example. I feel increasing the overall total vehicle cost would be offset to the consumer by insurance reductions by having a “harder to steal” ride.
Another commenter noted the cost of wiring being a large factor too but maybe there’s a better way to secure the auth for startup?
You give valid points for locking out 3rd parties and increasing response times in critical systems. Perhaps then they should focus specifically on securing starting the vehicle. It shouldn’t be that difficult to isolate and encrypt the start validation and authorization from everything else, similar to the secure enclave on iPhones.
The article I linked hit the nail on the head: we need the industry to sit down and take a serious look at solving this problem. As of now it’s insurances problem and that’s simple downloaded to consumers thru headache and large premiums
I think the GHOST and IGLA immobilizers are programmed to fuzz out the start signal when its detected on the CAN bus. These devices cost $1200 installed but they are the size of a small USB device and have just a few wires. The article mentions a $5 raspberry pi pico being programmed to do an attack, I bet they can be programmed to fuzz out the start signal like these immobilizers. This should not be an expensive endeavor for vehicle manufacturers. I am sure the car software itself can be programmed to accept authentication via the toyota app, or oem buttons very easily.
i would agree on focusing on the start/unlock command. i mean cellphones have this feature to some degree already using secure boot functions and failed attempts lockouts or system wipes (android has a feature where you attempt a failed login x times and it does a system wipe at least on samsung. it defaults to 15 attempts and reboots into a system wipe to factory default)
but then again. you would have to secure the ecm/ecu to be secure all the time unless the hacker attempts to corrupt the firmware before it goes into encrypt mode and blocks the start command.
its a fine balance between mass production costs of a $5/10/20/50 part on a mass scale whereas a consumer only see's the one time cost.
but most people, i would rather pay the xtra cost than not have it.
the old adage, you get what you pay for
- Thread starter
- #28
Looping back on my original post, found this today and thought I’d offer it up.
Sponsored
