What's new
By:

Security: Car stolen in several minutes.

Tâm

Tâm

Active Member
Verified Owner
Joined
Dec 3, 2022
Messages
793
Reaction score
474
Location
Visalia, CA
Cars
Lucid Air Grand Touring
Referral Code
ZAJRISAL
I want to learn how secure Lucid is against car thefts.

This is what I think: If a hacker can physically access the CAN bus in a car, it’s possible to steal, provided there's sufficient time for the job.

The video in the article below recorded how thieves could steal a Lexus RX in 90 seconds by accessing the headlight through the wheel arch.

Headlights are controlled by ECU (electronic control unit). A thief can reprogram the ECU to unlock the door and drive away after accessing a headlight. Thus, it's called CAN Injection.

Watch Thieves Steal an SUV in 90 Seconds, the Key Fob Doesn't Need To Be Nearby

It's unknown if a PIN requirement would prevent a thief from driving away or if the thief could also bypass the PIN.

However, there are quicker ways to steal a modern car: Copying or amplifying the fob's signal can unlock the door and drive away as if the fob is inside the car. The videos show a relay attack where an antenna/tablet can pick up the fob's signal inside the house while the car is outside. The signal is then amplified so the car can pick up a strong fob's signal as if the fob is next to or inside the car:




After these incidents, there's an option for a PIN requirement for this particular brand even when the thief can open the doors. It’s a hassle for an owner to choose the option to enter the PIN at each drive session, but I haven't heard a car with a PIN requirement to drive is stolen by a relay attack.

Lucid does have a PIN option when you leave the card to the valet, but the valet can bypass the PIN by reaching up to the ceiling above the right shoulder where the “Y” is.

qXfw7pw.jpg
 
Tâm said:
I want to learn how secure Lucid is against car thefts.

This is what I think: If a hacker can physically access the CAN bus in a car, it’s possible to steal, provided there's sufficient time for the job.

The video in the article below recorded how thieves could steal a Lexus RX in 90 seconds by accessing the headlight through the wheel arch.

Headlights are controlled by ECU (electronic control unit). A thief can reprogram the ECU to unlock the door and drive away after accessing a headlight. Thus, it's called CAN Injection.

Watch Thieves Steal an SUV in 90 Seconds, the Key Fob Doesn't Need To Be Nearby

It's unknown if a PIN requirement would prevent a thief from driving away or if the thief could also bypass the PIN.

However, there are quicker ways to steal a modern car: Copying or amplifying the fob's signal can unlock the door and drive away as if the fob is inside the car. The videos show a relay attack where an antenna/tablet can pick up the fob's signal inside the house while the car is outside. The signal is then amplified so the car can pick up a strong fob's signal as if the fob is next to or inside the car:




After these incidents, there's an option for a PIN requirement for this particular brand even when the thief can open the doors. It’s a hassle for an owner to choose the option to enter the PIN at each drive session, but I haven't heard a car with a PIN requirement to drive is stolen by a relay attack.

Lucid does have a PIN option when you leave the card to the valet, but the valet can bypass the PIN by reaching up to the ceiling above the right shoulder where the “Y” is.

qXfw7pw.jpg
Click to expand...
some thieves are very smart and sophisticated. My only sure fire way of counteracting this is to have really good insurance.
 
Tâm said:
I want to learn how secure Lucid is against car thefts.

This is what I think: If a hacker can physically access the CAN bus in a car, it’s possible to steal, provided there's sufficient time for the job.

The video in the article below recorded how thieves could steal a Lexus RX in 90 seconds by accessing the headlight through the wheel arch.

Headlights are controlled by ECU (electronic control unit). A thief can reprogram the ECU to unlock the door and drive away after accessing a headlight. Thus, it's called CAN Injection.

Watch Thieves Steal an SUV in 90 Seconds, the Key Fob Doesn't Need To Be Nearby

It's unknown if a PIN requirement would prevent a thief from driving away or if the thief could also bypass the PIN.

However, there are quicker ways to steal a modern car: Copying or amplifying the fob's signal can unlock the door and drive away as if the fob is inside the car. The videos show a relay attack where an antenna/tablet can pick up the fob's signal inside the house while the car is outside. The signal is then amplified so the car can pick up a strong fob's signal as if the fob is next to or inside the car:




After these incidents, there's an option for a PIN requirement for this particular brand even when the thief can open the doors. It’s a hassle for an owner to choose the option to enter the PIN at each drive session, but I haven't heard a car with a PIN requirement to drive is stolen by a relay attack.

Lucid does have a PIN option when you leave the card to the valet, but the valet can bypass the PIN by reaching up to the ceiling above the right shoulder where the “Y” is.

qXfw7pw.jpg
Click to expand...
What would reaching up into the "Y" accomplish?

Also, I would think Lucid could disable the car remotely if stolen. I'm not sure what the process would be for them to verify the request as being authenticated, or even if they have a process established for this purpose. Ideally, the owner could self-service this request thru the Lucid portal (or potentially the app).
 
GMan said:
What would reaching up into the "Y" accomplish?
Click to expand...
Y accomplishment: Bypassing the PIN.

When you give your key card to someone like a valet, you must also give them your PIN. They then can enter it on the Pilot screen to turn on the propulsion and drive the car away.

If they don't know your PIN, they need to stretch their arm to the ceiling to touch the card to the "Y" location to bypass your PIN. It's as if you gave them your fob or phone key without needing a PIN to turn on the propulsion and drive away.

I prefer the system that requires a changeable PIN for propulsion, and the valet or thief can't bypass the PIN even when they have my fob or card with them. For that system, a fob or card can let a vale or thief to the car's interior but not the propulsion. To drive away, a valet or thief must get a changeable PIN from me that I can change anytime.
 
GMan said:
Also, I would think Lucid could disable the car remotely if stolen. I'm not sure what the process would be for them to verify the request as being authenticated, or even if they have a process established for this purpose. Ideally, the owner could self-service this request thru the Lucid portal (or potentially the app).
Click to expand...
Not sure about Lucid but for GM OnStar:

  • First, file a police report, and let the police know you have OnStar.
  • Then call OnStar
  • Using Stolen Vehicle Assistance,*  we’ll help law enforcement recover your car.

By that time, hopefully, the car has not crossed the border into Mexico or Canada or in a shipping container oversea!
 
Your phone will tell you exactly where you car is when it gets stolen. Show that to the cops. That's how I got my eBike back when it was stolen a few years ago.

As Bobby says, if the thieves are more sophisticated than that, and they know how to disable the car from sending its GPS out to the Internet, the only thing that will help you at that point is insurance. The car is gone.

Joyriders are not going to take a Lucid anytime soon. Not unless they are hopped up on something.

Actual car theft, particularly theft of EVs, is very low compared to historical highs in the 70s and 80s. There are far bigger things to worry about, as far as I'm concerned.
 
joec said:
Your phone will tell you exactly where you car is when it gets stolen. Show that to the cops. That's how I got my eBike back when it was stolen a few years ago.

As Bobby says, if the thieves are more sophisticated than that, and they know how to disable the car from sending its GPS out to the Internet, the only thing that will help you at that point is insurance. The car is gone.

Joyriders are not going to take a Lucid anytime soon. Not unless they are hopped up on something.

Actual car theft, particularly theft of EVs, is very low compared to historical highs in the 70s and 80s. There are far bigger things to worry about, as far as I'm concerned.
Click to expand...
the issue is that in the tesla, it is trivial to disable remote access. in the lucid, i'm not sure you can? you may be able to sign out, potentially; or restore to factory settings. that I don't know.
 
Does the facial recognition feature add anything to security here?
 
One possible solution is have 2FA with the drivers profile The Lucid Air is equipped with a camera monitoring the driver for alertness, it could add facial recognition before the car is able to start. This is similar to how Android and Apple allows the phone to be unlocked. The other option is have a finger print scan on the pilot panel.
 
traumaflo said:
Does the facial recognition feature add anything to security here?
Click to expand...
No because it is not necessary to drive. It just sets the profile. I actually don’t use it since I only have one profile set up.
 
I would never trust the facial recognition in the Lucid to be anything resembling secure. It’s based on a camera only. Nowhere near as sophisticated as what Apple is doing with LiDAR on FaceID.
 
borski said:
the issue is that in the tesla, it is trivial to disable remote access...
Click to expand...
Initially, there's no security PIN for Tesla cars. After a series of car thefts and thieves were able to click off the remote access from the car display, Tesla implemented the PIN system. Thieves and friends can no longer click the remote access off if they don't have the PIN. "Friends" mentioned here because some friends borrow a Tesla and used to be able to turn off the remote access but not anymore unless they know the PIN.
 
Tâm said:
I want to learn how secure Lucid is against car thefts.

This is what I think: If a hacker can physically access the CAN bus in a car, it’s possible to steal, provided there's sufficient time for the job.

The video in the article below recorded how thieves could steal a Lexus RX in 90 seconds by accessing the headlight through the wheel arch.

Headlights are controlled by ECU (electronic control unit). A thief can reprogram the ECU to unlock the door and drive away after accessing a headlight. Thus, it's called CAN Injection.

Watch Thieves Steal an SUV in 90 Seconds, the Key Fob Doesn't Need To Be Nearby

It's unknown if a PIN requirement would prevent a thief from driving away or if the thief could also bypass the PIN.

However, there are quicker ways to steal a modern car: Copying or amplifying the fob's signal can unlock the door and drive away as if the fob is inside the car. The videos show a relay attack where an antenna/tablet can pick up the fob's signal inside the house while the car is outside. The signal is then amplified so the car can pick up a strong fob's signal as if the fob is next to or inside the car:




After these incidents, there's an option for a PIN requirement for this particular brand even when the thief can open the doors. It’s a hassle for an owner to choose the option to enter the PIN at each drive session, but I haven't heard a car with a PIN requirement to drive is stolen by a relay attack.

Lucid does have a PIN option when you leave the card to the valet, but the valet can bypass the PIN by reaching up to the ceiling above the right shoulder where the “Y” is.

qXfw7pw.jpg
Click to expand...
"Lucid does have a PIN option when you leave the card to the valet, but the valet can bypass the PIN by reaching up to the ceiling above the right shoulder where the “Y” is."

Nooo, now they know! Hah
 
Tâm said:
However, there are quicker ways to steal a modern car: Copying or amplifying the fob's signal can unlock the door and drive away as if the fob is inside the car. The videos show a relay attack where an antenna/tablet can pick up the fob's signal inside the house while the car is outside. The signal is then amplified so the car can pick up a strong fob's signal as if the fob is next to or inside the car:
Click to expand...
That's why several the very latest cars have mobile key implementations using UWB, not BT: UWB allows the care to precisely locate the key or the phone, and it is not possible to relay UWB signal (ok, let's say "it's practically not possible with current technologies).
AFAIK Air does not use UWB. Maybe Gravity will.
 
I fiddled with CAN a bit for my other cars. Its a very straight forward system, and easy to trick. You can easily spoof packets to make it seem like you are any other device on the network, then spam the network drowning out all other devices. Sniffing the network is also super easy as long as you are willing to put in the time. There is a move towards encryption but I don't know if this is something that can be done on CAN bus or a different network must be used.

The best place to start is to understand the network layout of the Air. Lucid might use several different types of networks. Some of which maybe encrypted. You'll need to determine which module controls the door locks, and start/drive function then determine if it is on an encrypted network. If its encrypted, I'd say most thieves will move on to easier targets.

Service manual? Anyone have a copy?
 
NoseyReporter said:
The best place to start is to understand the network layout of the Air. Lucid might use several different types of networks. Some of which maybe encrypted. You'll need to determine which module controls the door locks, and start/drive function then determine if it is on an encrypted network. If its encrypted, I'd say most thieves will move on to easier targets.
Click to expand...
Lucid uses an Ethernet ring rather than a CAN bus. I asked ChatGPT to summarize this:

Yes, it's true that Lucid Motors, known for their electric vehicle (EV) innovations, uses an Ethernet ring rather than a traditional CAN (Controller Area Network) bus system in their vehicles. Here's a breakdown of the key concepts:

### Traditional CAN Bus
- **CAN (Controller Area Network)** is the traditional communication protocol used in most vehicles. It's a robust, simple, and relatively low-speed system for connecting electronic control units (ECUs), such as engine controllers, sensors, and other components.
- **Limitations**: While CAN is widely used and reliable, it has limitations in terms of data speed and bandwidth, which can be a bottleneck as modern vehicles incorporate more sensors, infotainment systems, advanced driver-assistance systems (ADAS), and autonomous driving features.

### Ethernet Ring in Lucid Motors
- **Ethernet ring topology**: Instead of CAN, Lucid uses Ethernet-based communication, which is much faster and capable of handling larger volumes of data. Ethernet is a networking protocol commonly used in IT and telecommunications, and it's known for its high speed and bandwidth.
- **Ring topology**: Lucid has implemented Ethernet in a ring topology, which means the various ECUs and components are connected in a loop, allowing data to flow in both directions. If there's a break or issue in the ring, the data can still reach its destination via the other direction, ensuring redundancy and reliability.
- **Advantages**:
- **Higher bandwidth**: Ethernet offers much higher data transmission rates than CAN, which is essential for handling the vast amount of data required by modern EVs.
- **Scalability**: Ethernet can support future advancements, including over-the-air updates, autonomous driving, and complex sensor integration.
- **Redundancy and fault tolerance**: The ring topology allows for continuous communication even if part of the network is compromised.

This shift to Ethernet reflects Lucid's emphasis on cutting-edge technology, allowing them to support advanced features and systems in their luxury EVs.
 
Not Lucid but since it's on topic, this video is interesting.


Lucid is probably in the same boat.

I don't see why they wouldn't encrypted packets across their "Ethernet ring". It's probably so much more of a hassle for any would be thief that they'd find and easier target.
 
The Lucid Ethernet system uses 802.1x authentication. The car needs to phone home to allow access to e.g. the tech's laptop.

I would speculate that the really simple components in the car don't use Ethernet. For example the window switch connectors IIRC have only 3 pins, which would make something like LIN bus far more likely.
 
You must log in or register to reply here.

Similar threads

Coho
Frequent pin requests
Replies
5
Views
181
Coho
Coho
rao_94583
  • Question Question
Profile switching is buggy
Replies
11
Views
324
borski
borski
N
Touchscreen sensitivity is very poor
2
Replies
21
Views
1K
MGRMLN
MGRMLN
P
  • Question Question
Lucid Air Pure, Mobile Key FOB, Pixel 7 questions
Replies
7
Views
605
HariK
HariK
N
Anyone else challenged with Apple Car Play Phone Call quality?
Replies
4
Views
2K
Not Sure
N
Back
Top