Keyfob Boosting - Thefts

[FordTechOne]

1. No spare key was left
2.only after market parts connected electronically is the tail gate release, fog lights and winch
3. It was brought to ford 3 months before the theft for an oil change

It's possible that the thief is or was a dealership employee. Did the police provide the thief's information? The theft should have been published in your local police blotter (online). Also, do you keep both keys on your keychain?

 

[Sungod661]

They were not caught

 

[FordTechOne]

One required step in this process is to put a fake key in the under-cupholder passive key reader, correct?

Would adding a "kill switch" for that reader thus be effective in preventing it? If that reader were normally denied power, would the truck be at all upset (e.g. CEL, cluster popups, or other annoyances)?

If that's possible, "simple" solution might be to wire its power through a switch mounted inside a console vault. Don't think there would be any way to work around that without removing/ripping out the console.

I'm only looking for a solution that prevents their "standard script" from working. If someone wants my truck bad enough to engineer a solution to the workaround, that's a problem for the insurance co.

The backup slot antenna/PATS center antenna and it's circuits are monitored by the BCM via a low and high half bridge; one for each antenna circuit. If the connection is interrupted in any way, the BCM will sets DTCs.

 

[FordTechOne]

They were not caught

That makes it that much more difficult to find out what actually happened. Sorry this happened to you; thieves should be hanged.

What fuse number did the perp remove? I'm guessing BCM Fuse F10, which is Hot-At-All-Times power for the TCM. Powering down the TCM disables Ford Pass.

 

[1BAD454SSv2]

I'm thinking best way now is interrupt fuel pump circuit. Ford Tech 1 , your thoughts ?

Is there and fuel inertia cut off switch that can be spliced into to cut fuel ? Looking for something simple that will keep engine from starting , You can turn on and off easily. Add a Switch on brake pedal switch ?

 

[Sungod661]

I added a simple hidden toggle switch

 

[Droid]

Anyone know how the passive key reader attaches to the cupholder...i.e., is it a permanent part of it? I'm now thinking of detaching it and moving it elsewhere (possibly a console vault and putting it there). If it's a component of cupholder, could just buy an entire one of those.

May just go look at mine, but it's kind of a pain to get underneath there IIRC. And it's raining.

 

[FordTechOne]

I'm thinking best way now is interrupt fuel pump circuit. Ford Tech 1 , your thoughts ?

Is there and fuel inertia cut off switch that can be spliced into to cut fuel ? Looking for something simple that will keep engine from starting , You can turn on and off easily. Add a Switch on brake pedal switch ?

The Fuel Pump Relay (controlled by the PCM) supplies power to the Fuel Pump Driver Module (FPDM) through BJB Fuse F50 over circuit CBK01. The FPDM then provides power and ground to the fuel pump motor. The FPDM is controlled by the PCM over the FPC (Fuel Pump Control) circuit and receives feedback status from the FPDM over the FPM (Fuel Pump Monitor) circuit. If the PCM commands the Fuel Pump Relay closed (pre-start prime) and the FPDM doesn't send a feedback signal (no power), the PCM will set DTCs.

These vehicles do not use an inertia switch. When airbag deployment occurs, the Restraints Control Module (RCM) sends a signal over the Event Notification Signal (ENS) circuit to the BCM and PCM, which then initiate Fuel Pump Shutdown. The system uses a dedicated circuit instead of the CAN bus as a failsafe in the event that the bus goes down as the result of a collision.

The Brake Pedal Position (BPP) switch is a dual throw switch with the PCM monitoring one side and the BCM monitoring the other. So if there is a discrepancy between the two signals, DTCs will be set.

 

[FordTechOne]

Anyone know how the passive key reader attaches to the cupholder...i.e., is it a permanent part of it? I'm now thinking of detaching it and moving it elsewhere (possibly a console vault and putting it there). If it's a component of cupholder, could just buy an entire one of those.

May just go look at mine, but it's kind of a pain to get underneath there IIRC. And it's raining.

That would effectively relocate your center PATS antenna, which means that the BCM wouldn't be able to detect the presence of the fob when it's in the center of the vehicle.

 

[JAndreF321]

You could be jammin like Robert Nesta...plagiarized myself from a class discussion post:

Radio Frequency Identification is an old technology which has become very cheap and easy to use. This cheap part means that it is also easy to take advantage of since there are several ways individuals can track and use the information on your RFID device. There are several options to prevent this. The most simple one is simple protective containers. If you use an RFID device for security then you could use an RFID blocking container to prevent anyone from accessing it. You could also employ blocker tags which emit their own frequency and block malicious readers from accessing the correct tag. Another option is mutual authentication cryptography. This requires both the reader and the tag to approve each other using cryptographic keys which are difficult to break. The final option I’ll mention is active jamming. Active jamming would need to be used in conjunction with Blocker tags to prevent unauthorized scanning during the use of active tags. The appropriate scanning device would jam malicious scanners during the interval when blockers are disabled for the use of the actual tag. The jammer would need to be low power and only near the real scanner.



The first line of defense is always people and policies. You should keep your device in a safe location to prevent unauthorized scanning and limit exposure to third parties.



Liu, A. X., Shahzād, M., Liu, X., & Li, K. (2017). RFID Protocol Design, Optimization, and Security for the Internet of Things. The Institution of Engineering and Technology.