2017+ Chrysler Pacifica Minivan Forums banner
1 - 20 of 33 Posts

·
Registered
2021 Maximum Steel Pacifica Hybrid Limited
Joined
·
60 Posts
Discussion Starter · #1 ·
Sorry if this has been addressed somewhere already. My question is: is there an easy thing to do like pulling a certain fuse or something that would not reset anything on the van but make it much harder to steal?
 

·
Registered
2021 Maximum Steel Pacifica Hybrid Limited
Joined
·
60 Posts
Discussion Starter · #3 ·
That would be why I said "make it much harder to steal."
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
Well it has a built in immobilizer and I don’t believe the current gen FCA wireless key fobs are susceptible to things like replay or retransmission attacks. The hybrid control system is cryptographically linked. Using the Auto Parking Brake will lock up the rear wheels in addition to the front wheels. How do you prevent your van from getting stolen? You’re asking the wrong question. How do you prevent your keys from getting stolen?
 

·
Registered
Joined
·
64 Posts
Somewhere in the Facebook group I had thought I read someone had their minivan taken for an inner state joy ride by relaying the signal from the owners key inside the house. Otherwise, I haven’t read about any of these being stolen. Interesting question.
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
Somewhere in the Facebook group I had thought I read someone had their minivan taken for an inner state joy ride by relaying the signal from the owners key inside the house. Otherwise, I haven’t read about any of these being stolen. Interesting question.
What model year?
 

·
Registered
2021 Touring L AWD
Joined
·
29 Posts
Chrysler (keyless entry) fob signal can be relayed from inside your house, to the outside of your van, by a thief with proper equipment. Once inside the vehicle, the signal is relayed again. And they start the vehicle and drive away. Supposedly if you put your keys in a metal box, a thief cannot relay the signal. Amazon make Faraday boxes for this purpose. Some people store their keys in the fridge.

The easiest way to disable your van is to pull the fuel pump motor fuse (F43) from the power distribution box underwood.
 

·
Premium Member
Joined
·
1,657 Posts
The easiest way to disable your van is to pull the fuel pump motor fuse (F43) from the power distribution box underwood.
You have tested this on a hybrid that doesn't require the ICE to run to drive?
 

·
Registered
2021 Touring L AWD
Joined
·
29 Posts
You have tested this on a hybrid that doesn't require the ICE to run to drive?
No I have not. My van is not a hybrid. So, I started reading up.

It appears, the loss of fuel pressure may be interpreted as out of gas. So the vehicle would enter turtle mode. And still drive. So the other alternatives to immobilize, are the fuses for the trans oil pump or the e-shifter. Warning to the community - if you trial error pulling fuses, you will most likely throw a check engine light when checking to see if the car will run (move). Once you determine which system to shut down for immobilization, pulling the fuse will not throw a check engine light. Unless your forget, and attempt to drive the van away - lol.
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
Chrysler (keyless entry) fob signal can be relayed from inside your house, to the outside of your van, by a thief with proper equipment. Once inside the vehicle, the signal is relayed again. And they start the vehicle and drive away. Supposedly if you put your keys in a metal box, a thief cannot relay the signal. Amazon make Faraday boxes for this purpose. Some people store their keys in the fridge.

The easiest way to disable your van is to pull the fuel pump motor fuse (F43) from the power distribution box underwood.
I haven’t seen any evidence that the current gen key fobs suffer from that problem. Time of flight is used to determine the distance of the fob from the vehicle. If the calculated distance is too far the vehicle won’t open. Replay attacks are not effective on many newer vehicles.
 

·
Registered
2021 Touring L AWD
Joined
·
29 Posts
I haven’t seen any evidence that the current gen key fobs suffer from that problem. Time of flight is used to determine the distance of the fob from the vehicle. If the calculated distance is too far the vehicle won’t open. Replay attacks are not effective on many newer vehicles.
Would you elaborate on how this prevents a relay attack? Modern keyless entry is always putting a low power signal. Once the key fob gets close enough to the vehicle, and a human touches the door handle, the car unlocks. The relay attack jumps the distance from inside your house, to the second thief, standing next to your car.
Relay attack on a Mercedes
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
Would you elaborate on how this prevents a relay attack? Modern keyless entry is always putting a low power signal. Once the key fob gets close enough to the vehicle, and a human touches the door handle, the car unlocks. The relay attack jumps the distance from inside your house, to the second thief, standing next to your car.
Relay attack on a Mercedes
This is true but doesn’t take in to account all the advances in this technology. As I said modern versions are using time of flight to determine where the key fob is. Generally these days the key fobs are silent until they receive a signal from the car, or have another button on them pushed. They will then respond. Their response is encrypted these days. When a key fob is programmed to a vehicle, a secret is exchanged and a cryptographic process takes place. That makes sure that only the vehicle and fob understand each other.
Then the vehicle is using time of flight to position the key fob in space. So the vehicle sends out a poll signal that the fob receives and responds to. Well if you know when you sent a pulse, and you know when you received a reply, and you know what the processing time of the fob is, you can calculate your distance to the fob trivially. This used to be hard, but modern electronics have been doing this cheaply for a while now. Now the vehicle has multiple transmitters and receivers, which means not only do you know distance, you know multiple distances. That allows you to position the fob in 3D space. So how does this fix the retransmission attack? Well we know that the fob and car are linked cryptographically. So you can’t generate a fake unlock signal because you don’t know the secret, so only the fob can do the talking. And the speed of light being constant, even if you’re receiving and retransmitting both signals in each direction perfectly, the van knows that the fob is still 40 feet away, and it shouldn’t unlock if the handle is pulled even though the signal may have been transmitted right beside the vehicle. The signal itself still had to transit the physical distance from the vehicle to the fob and back. And we can easily time that.

Older systems didn’t do any of this and was susceptible to many different attacks. You could even record key fob signals and play them back to the car and get it to open and start and stuff. Modern systems prevent all of those attacks.

I don’t know what year that Mercedes was, but it was either old or Mercedes was using outdated key fob tech. Luxury cars are more about selling an image, not about selling a better car. Especially in their 4 door family sedans.
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
The next step in key fob tech is Ultra Wide Band (UWB) technology. That’s now coming in iPhones and is what Apple is using to enable their car key functionality on compatible vehicles I believe.
 

·
Registered
2021 Pacifica Hybrid Touring L
Joined
·
77 Posts
It is apparently not a brainer to hook up into radar unit at the front grill (CAN connected) and programmed in your "new" key, and therefore has ulimited acces to the car to drive it away... It seems to be quite recent method I have learn someone tried to steel the car. Pacifica in specific. Its probably cheeper than "suitcase method" (the one with aplifying the FOB signal from home to the car on driveway or garage).
You can make a pain in the a** to thiefs, installing some additional, aftermarket, devices. But you will never be able to completely secure your car...
 
  • Like
Reactions: JamesB

·
Registered
Joined
·
45 Posts
This is true but doesn’t take in to account all the advances in this technology. As I said modern versions are using time of flight to determine where the key fob is. Generally these days the key fobs are silent until they receive a signal from the car, or have another button on them pushed. They will then respond. Their response is encrypted these days. When a key fob is programmed to a vehicle, a secret is exchanged and a cryptographic process takes place. That makes sure that only the vehicle and fob understand each other.
Then the vehicle is using time of flight to position the key fob in space. So the vehicle sends out a poll signal that the fob receives and responds to. Well if you know when you sent a pulse, and you know when you received a reply, and you know what the processing time of the fob is, you can calculate your distance to the fob trivially. This used to be hard, but modern electronics have been doing this cheaply for a while now. Now the vehicle has multiple transmitters and receivers, which means not only do you know distance, you know multiple distances. That allows you to position the fob in 3D space. So how does this fix the retransmission attack? Well we know that the fob and car are linked cryptographically. So you can’t generate a fake unlock signal because you don’t know the secret, so only the fob can do the talking. And the speed of light being constant, even if you’re receiving and retransmitting both signals in each direction perfectly, the van knows that the fob is still 40 feet away, and it shouldn’t unlock if the handle is pulled even though the signal may have been transmitted right beside the vehicle. The signal itself still had to transit the physical distance from the vehicle to the fob and back. And we can easily time that.
@SKPacHy I'm going to respectfully disagree. While it's true that technology to measure distance using time-of-flight is now available, I don't think that's incorporated in our Pacifica keyfobs.

Most fobs, including the Pacifica, use a low frequency signal (125 kHz) transmitted by coils at various locations around and in the vehicle to determine where the fob is. The fob has a 3-axis coil that receives the signal, generating enough power to activate the fob, which then sends the "unlock" signal over the usual 433 MHz "garage door" frequency to a receiver in the vehicle. There's no way to do accurate "time of flight" on a 125 kHz signal, whose wavelength is over 2 km long. Time-of-flight UWB (ultra wideband) signals are up above 5 GHz.

To prove my hunch, here's a photo of the innards of the Pacifica keyfob, obtained from the FCC application database:

Circuit component Electronic component Hardware programmer Computer hardware Electronic engineering

The square object on the left is a typical 3-axis LF coil for 125 kHz. If the fob was using UWB, you'd see a very different looking, microwave antenna printed on the PCB.

Bottom line: the Pacifica fob does use signal strength for proximity, not time of flight. It's not completely immune to "relay" attacks, but it is made more difficult by cryptographic encoding of the LF and VHF signals.
 
  • Like
Reactions: JamesB

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
@SKPacHy I'm going to respectfully disagree. While it's true that technology to measure distance using time-of-flight is now available, I don't think that's incorporated in our Pacifica keyfobs.

Most fobs, including the Pacifica, use a low frequency signal (125 kHz) transmitted by coils at various locations around and in the vehicle to determine where the fob is. The fob has a 3-axis coil that receives the signal, generating enough power to activate the fob, which then sends the "unlock" signal over the usual 433 MHz "garage door" frequency to a receiver in the vehicle. There's no way to do accurate "time of flight" on a 125 kHz signal, whose wavelength is over 2 km long. Time-of-flight UWB (ultra wideband) signals are up above 5 GHz.

To prove my hunch, here's a photo of the innards of the Pacifica keyfob, obtained from the FCC application database:

View attachment 48373
The square object on the left is a typical 3-axis LF coil for 125 kHz. If the fob was using UWB, you'd see a very different looking, microwave antenna printed on the PCB.

Bottom line: the Pacifica fob does use signal strength for proximity, not time of flight. It's not completely immune to "relay" attacks, but it is made more difficult by cryptographic encoding of the LF and VHF signals.
I wasn't trying to suggest that the Pacifica fob does UWB, that was more of a forward looking statement. I agree that the pacifica isn't doing UWB style time of flight calculations. I was using "Time of flight" more as a term of art. Although I believe that you can do a form of TOF using LF signals that are frequency modulated. I don't know the exact method but I have it on pretty good authority that they know with a high degree of precision where the fob is in relation to the vehicle especially when it comes to distance, using more than just a signal strength method, and that these vehicles are effectively immune from attacks that retransmit signals from a distant fob.
 

·
Registered
2017 Pacifica Touring L with 35k miles as of fall 2021
Joined
·
12 Posts
Sorry if this has been addressed somewhere already. My question is: is there an easy thing to do like pulling a certain fuse or something that would not reset anything on the van but make it much harder to steal?
Putting in an hidden kill switch would be super easy. Basically you add an extra switch "before" the START button. You'll put that somewhere you can easily reach but not easily visible.
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
Don't worry about the van getting stolen. This is an issue of protecting your keys. If you're worried about wireless attacks, get a faraday box or pouch to keep your keys in. If you're worried about someone in your house stealing it.......well you have bigger problems. This van isn't going to be hot-wired and stolen. It's not a 1987 Oldsmobile Cutlass Supreme.
 

·
Registered
2021 Touring L AWD
Joined
·
29 Posts
In the spring of 2019, a doorbell camera caught the theft of 2014 Town and Country. You could see the thieves using relay equipment. The theft took about 60 seconds, unfortunately I cannot find the news video to share. Short of a tow truck theft, the only way to prevent theft from a relay attack or CANBUS reprogram, is a mechanical interruption to one of the vehicles systems. A hidden switch that breaks the circuit on the fuel pump, or the e shifter, or the trans pump. The idea being the thief will move on when the vehicle does not start. This method saved my father's F250. He found it with a broken window, and dashboard wiring harness unplugged. But at least he did not lose it.. And could still drive it home.

I do not worry about my van being stolen. But I am bicyclist, and bike packing trips sometimes result in my van sitting in a park and ride lot for several days. So I leave it, with few fuses missing..
 

·
Registered
2021 Pacifica Hybrid Touring-L Plus
Joined
·
273 Posts
In the spring of 2019, a doorbell camera caught the theft of 2014 Town and Country. You could see the thieves using relay equipment. The theft took about 60 seconds, unfortunately I cannot find the news video to share. Short of a tow truck theft, the only way to prevent theft from a relay attack or CANBUS reprogram, is a mechanical interruption to one of the vehicles systems. A hidden switch that breaks the circuit on the fuel pump, or the e shifter, or the trans pump. The idea being the thief will move on when the vehicle does not start. This method saved my father's F250. He found it with a broken window, and dashboard wiring harness unplugged. But at least he did not lose it.. And could still drive it home.

I do not worry about my van being stolen. But I am bicyclist, and bike packing trips sometimes result in my van sitting in a park and ride lot for several days. So I leave it, with few fuses missing..
Things have changed since MY2014.
 
1 - 20 of 33 Posts
Top