Key Fob Follies

[SwampNut]

I guess that's another consideration. I stopped carrying any other keys long ago. The house and office are electronically locked, the mailbox, trailer, and other such keys just live in the dash tray. Keys suck.

Sponsored

 

[ShadowsPapa]

I guess that's another consideration. I stopped carrying any other keys long ago. The house and office are electronically locked, the mailbox, trailer, and other such keys just live in the dash tray. Keys suck.

Here things are all still keyed. And if you don't lock things with deadbolts, you find things missing. This neighborhood was known for it when we moved here. over half the homes around us had been broken into - the only things taken - guns. And shop tools - lock the shop.
Hell, we had BRAND NEW expensive and large Christmas decorations right out front, just 20' from the front window, we had just bought most of them the week before - I woke up one morning the week before Christmas - all of the decorations gone, the stakes I had holding them down, the chains were cut. Someone had seen a white van hanging around the week before, and there were tracks at the edge of the road, but that was that.
Electronic locks are fine - but I'd never in a million years connect them to a phone or the web. Code only, no cards, no phone, no outside connections, period. Then, like a key, you have issues with having to change a code if you have a person who needs temporary access, neighbor looking over things while you are gone, contractor needing access. So you either rekey or recode in most cases.

 

[SwampNut]

We're really low crime here, but yes, everything has electronic deadbolts. Even the garage doors, because those are super easy to jack without them. Everything connected to the internet, since it's 2020 and that can be done securely. It's basically impossible for someone to correlate your specific locks/alarm to your location even if they did hack them somehow, which simply isn't happening. I also purposely left the alarm and the rest of the house controls on separate systems with separate passwords. Layers of security. The cameras bridge both, so both systems would have to be compromised to kill them.

I value convenience over absolute paranoid security though.

 

[jimbom]

I do all of my banking, bill paying and most of my shopping over the internet. I haven't had to write a check in over a year. The last thing I'd be worried about is someone hacking the lock to my house.

 

[ShadowsPapa]

We're really low crime here, but yes, everything has electronic deadbolts. Even the garage doors, because those are super easy to jack without them. Everything connected to the internet, since it's 2020 and that can be done securely. It's basically impossible for someone to correlate your specific locks/alarm to your location even if they did hack them somehow, which simply isn't happening. I also purposely left the alarm and the rest of the house controls on separate systems with separate passwords. Layers of security. The cameras bridge both, so both systems would have to be compromised to kill them.

I value convenience over absolute paranoid security though.

I'm sure I can assume you have nailed down your wifi security, changed admin names, secure password that you change now and then, and have the radios turned down so I can't drive by your street with my soupcan and laptop and get into your systems, right?

It's for me not a matter of sitting at home and finding your locks, it's a matter of me cruising around and looking for wifi I can get into. Most I could do from here is mess with ya and lock and unlock things - so what? And not easy if even possible if you've done your part. The weakest link these days is people, not devices. You know exactly what I mean. I read the stolen emails - John Podesta not only shared his personal email account, allowed others on it, he kept his BUILDING SECURITY ADMIN password in a folder in his gmail account - it was there! WOW, what a dope.

Did it at work, man, what I could discover - people bringing in hotspots from home, trying to use their cell phone as a hotspot and router, it was amazing. I got one guy fired and one of the state agencies - believe it or not, the auditor's office, had to change some of their ways after the other network guy and I were done with 'em.

 

[SwampNut]

I do all of my banking, bill paying and most of my shopping over the internet. I haven't had to write a check in over a year. The last thing I'd be worried about is someone hacking the lock to my house.

Yeah, it's silly these days to worry about it unless you're running cheap Chinese hardware with their own sketchy-ass software. Anything integrated with Apple Homekit is 100% trustworthy, have never heard of a hack since it's all encrypted to where even Apple can't see it. Alexa and Google Home aren't quite as private, but also still secure. I tried one cheap Chinese lock controller and watched it send unencrypted data to an IP in China. Um...no.

I'm sure I can assume you have nailed down your wifi security, changed admin names, secure password that you change now and then, and have the radios turned down so I can't drive by your street with my soupcan and laptop and get into your systems, right?

Yes, long password, they didn't have default passwords so they are my own, secure yes change no, all three radios at max so I can use it from far away. That hardly matters anyway since each device and system has its own security also. I allow any of my neighbors and visitors to use my network any time. If you're depending on the network to be secure, you've already lost. Every device needs to be secure.

It's like the Sirius cell control that came with the Gladiator...all encrypted. Why freak out? Some are paranoid about it, as if someone could not only "hack" it, but also know which is YOUR specific vehicle. Crazy. In my JK I had Viper Smartstart, and used their API to write my own software so I could use Siri and the Homepods to control it. The identity of my Jeep was a randomized 32-character letter/number combo.

 

[ShadowsPapa]

I do all of my banking, bill paying and most of my shopping over the internet. I haven't had to write a check in over a year. The last thing I'd be worried about is someone hacking the lock to my house.

We write checks to pay what's left of the house payment because the big bank - get this - charges you a $20 fee per payment to do it online or even automatically! YIKES!
Screw that - we'll send 'em checks. They keep sending us junk mail "pay online, skip the check writing" and I want to tell them - take away those stupid nonsense fees and I will. It's cheaper to do it online, no one sitting opening envelopes and entering the info but no, it's free to pay by check, expensive to pay online.

Otherwise, all bill paying is automated (except for the vehicle license fees and county taxes), but that's online, too - just not automatic like our other stuff. Even health insurance is taken out automatically as needed.

I was network security admin for a state agency and security advisor to a couple of others, and part of the committee at the state level to switch our email over. It was really fun to watch some of the logs and see what folks were trying. It was also fun to hit a web site I knew of that listed open devices on the internet - some of them government items. That web site kept hammering the VPN gateway I set up, could see it in the logs almost every week, but it kept telling them - nothing exists here. The Chinese kept hammering trying to get through our intrusion prevention system to get to the SQL servers. After a while it became almost a hobby to watch traffic to see who was trying to do what. A co-worker even had 4 screens up showing the various logs all at once.
Every year each agency had to go through attempted hacks and audits - and each year, our agency was the only one to pass without issue. Loved it when one of the auditors came into my office and said "did you get a notice yet?" and I asked - what notice? And they'd respond - about the virus on our device! And I said - what device? They responded - the thumb drive we plugged into multiple computers here.
I told them - oh, really? Good luck with that - your thumb drive has been disabled. They won't work here unless I tell the system to let them work - by individual serial number.

 

[ShadowsPapa]

Yeah, it's silly these days to worry about it unless you're running cheap Chinese hardware with their own sketchy-ass software. Anything integrated with Apple Homekit is 100% trustworthy, have never heard of a hack since it's all encrypted to where even Apple can't see it. Alexa and Google Home aren't quite as private, but also still secure. I tried one cheap Chinese lock controller and watched it send unencrypted data to an IP in China. Um...no.



Yes, long password, they didn't have default passwords so they are my own, secure yes change no, all three radios at max so I can use it from far away. That hardly matters anyway since each device and system has its own security also. I allow any of my neighbors and visitors to use my network any time. If you're depending on the network to be secure, you've already lost. Every device needs to be secure.

It's like the Sirius cell control that came with the Gladiator...all encrypted. Why freak out? Some are paranoid about it, as if someone could not only "hack" it, but also know which is YOUR specific vehicle. Crazy. In my JK I had Viper Smartstart, and used their API to write my own software so I could use Siri and the Homepods to control it. The identity of my Jeep was a randomized 32-character letter/number combo.

I like and use the cell uconnect options. I can check on the vehicle, start it, lock it, I don't worry about that bit. Jeep/FCA got into an issue years ago with the CANbus and have since been really tough on security. That part doesn't bother me. I installed bluestacks on my laptop so I can even use it from there.
It was nice to have when my wife borrowed it Monday to help a friend move - I knew it was low on gas - I forgot to check before she left. I grabbed my phone and saw it was 1/8 tank. Suggested she not leave town, get gas. Nice, her friend paid for the whole tank! I knew what station she was at as it was next to the coffee shop on the map. I even saw when it was filled up.

"Endpoint protection" - secure each and every individual device. I helped define "endpoint" with the state so they could write their security policies. Allow any one device to be less than protected, there's your danger. Secure every attached device, you are fine.
I still won't let anyone outside use my network. My son, yeah, but then he's a mega-geek, anyway. He worked for a big media conglomerate, now works for a big insurance company - security is uber-tough now that he's there. He got them off of the video conferencing they were using, and talked them into some other changes.
I have a different wifi device in my shop - and the shop and house are on different networks with router between them.

 

[jimbom]

We write checks to pay what's left of the house payment because the big bank - get this - charges you a $20 fee per payment to do it online or even automatically! YIKES!
Screw that - we'll send 'em checks. They keep sending us junk mail "pay online, skip the check writing" and I want to tell them - take away those stupid nonsense fees and I will. It's cheaper to do it online, no one sitting opening envelopes and entering the info but no, it's free to pay by check, expensive to pay online.

Otherwise, all bill paying is automated (except for the vehicle license fees and county taxes), but that's online, too - just not automatic like our other stuff. Even health insurance is taken out automatically as needed.

I was network security admin for a state agency and security advisor to a couple of others, and part of the committee at the state level to switch our email over. It was really fun to watch some of the logs and see what folks were trying. It was also fun to hit a web site I knew of that listed open devices on the internet - some of them government items. That web site kept hammering the VPN gateway I set up, could see it in the logs almost every week, but it kept telling them - nothing exists here. The Chinese kept hammering trying to get through our intrusion prevention system to get to the SQL servers. After a while it became almost a hobby to watch traffic to see who was trying to do what. A co-worker even had 4 screens up showing the various logs all at once.
Every year each agency had to go through attempted hacks and audits - and each year, our agency was the only one to pass without issue. Loved it when one of the auditors came into my office and said "did you get a notice yet?" and I asked - what notice? And they'd respond - about the virus on our device! And I said - what device? They responded - the thumb drive we plugged into multiple computers here.
I told them - oh, really? Good luck with that - your thumb drive has been disabled. They won't work here unless I tell the system to let them work - by individual serial number.

Which one is "the big bank?"

 

[SwampNut]

Jeep/FCA got into an issue years ago with the CANbus and have since been really tough on security.

Only sort of, the problem was way overblown and mostly hype, and the CANbus was still accessible to me on the 2016. I installed a bus to serial controller and was able to see and control most of the vehicle. I think and hope that FCA just basically appeased those attention whoring idiots and did mostly nothing.

If I'm reading the Sirius Guardian pricing correctly, I'll probably not renew it, and opt to install another system if I can still access the bus. I haven't researched it yet. It looks like remote start is part of their $250 package which includes a pile of horseshit I don't need. Remote start for six months a year is literally the only thing I will ever use.

The status stuff on mine hasn't worked for months and nobody knows how to fix it.

 

[jimbom]

Only sort of, the problem was way overblown and mostly hype, and the CANbus was still accessible to me on the 2016. I installed a bus to serial controller and was able to see and control most of the vehicle. I think and hope that FCA just basically appeased those attention whoring idiots and did mostly nothing.

If I'm reading the Sirius Guardian pricing correctly, I'll probably not renew it, and opt to install another system if I can still access the bus. I haven't researched it yet. It looks like remote start is part of their $250 package which includes a pile of horseshit I don't need. Remote start for six months a year is literally the only thing I will ever use.

The status stuff on mine hasn't worked for months and nobody knows how to fix it.

I only renewed the Uconnect subscription on my 2014 Ram one time, realized I never really used those features much, then dropped it for good. IIRC, it was about half that price back then. I did give up a little break on my insurance when I lost the tracking service. The only thing I really missed was a slick Yelp app that was far better than the standard services database with the Nav. A couple years later I had to do a Uconnect update that addressed GPS issues and I got my Yelp back again.

 

[SwampNut]

Oh, yeah, I should check on the insurance thing. Mine is ludicrously cheap, partly because of the ACC and auto braking stuff. Believe it or not, $46/mo with $500k liability and $500 deductible. I don't know how much the theft thing plays into that.

Viper is less than 1/4 the price for basic, and less than half the price for full service. And they reverse the packages, so remote start is ALWAYS included and stuff like the tracking that I don't care about is extra.

 

[ShadowsPapa]

The status stuff on mine hasn't worked for months and nobody knows how to fix it.

Odd thing - mine didn't used to work - for the first few months, it failed. Now oddly it works great. Weird.
I get you on the CANbus bit. And I find it funny that all the harping on security and you can STILL by pass things and get into it with stuff bought from Amazon LOL

Too bad there wasn't someone like you to work with when I was with the state - or Compressor Controls........ sound like a fun geek.

 

[ShadowsPapa]

Oh, yeah, I should check on the insurance thing. Mine is ludicrously cheap, partly because of the ACC and auto braking stuff. Believe it or not, $46/mo with $500k liability and $500 deductible. I don't know how much the theft thing plays into that.

Viper is less than 1/4 the price for basic, and less than half the price for full service. And they reverse the packages, so remote start is ALWAYS included and stuff like the tracking that I don't care about is extra.

Hmmm, I need to check with my agent!

 

[SwampNut]

I've tried to balance fun and geek for ... shit, 35+ years!

I confirmed, at least via the Viper site, that you can still access the bus enough to start, control locks and lights, and get status. This thread prompted me to consider paying for a pro to help me, I really want to have a motion sensor for when the top and doors are off. I haven't figured out how to add that to the existing system.

On insurance, I'm with Progressive, online quoted and booked. The JK was with American Family at around $90, and they wanted a little more for the Gladiator. They did NOT give any discounts for ACC and emergency braking, Progressive had a huge discount for them. Duh, you almost can't hit anything, and it's so much more relaxed and alert driving with ACC.

Sponsored