[wallaBBB]

Not really. At least not for those immobilizers that don't use "proprietary" ciphers. Automotive loves security through obscurity until it bites them in the ass. Today most manufacturers have moved to AES128, which is not cheap to brute force, especially if there is a rolling code (should be the case for many)

But you are right that there are many (older models) that use ciphers with know quick exploits: TI's DTS40/DTS80 (40/80bit, proprietary cipher, in many cases terrible entropy), models from Toyota, HKMC, Tesla. About 6s to crack in many cases.

NXP's HTAG2 - most commonly used one in the '00s - 48bit proprietary cipher, a lot less exploited in the wild than the TI's disastrous two variants.

[mozman]

you can just reprogram a new seed via canbus, don’t need to brute force it

[wallaBBB]

Those type of attacks (CAN injections) are very OEM specific, and come from deep insider knowledge, not something you fuck around and find out. I’m assuming you’re referring to Toyota, but anyways please give direct reference to the attack you’re referring to.

Keep in mind any need for expensive equipment is already a deterrent for many.

[gregmac]

We have a phrase for that, "security by obscurity" https://en.m.wikipedia.org/wiki/Security_through_obscurity

[ethbr1]

Probably why great grandparent used that phrase. ;)

[hnav]

1-4k for the tools that they then amortize across many cars stolen and stripped or shipped overseas.

[dmoy]

Idk what the pattern is where you are, but the majority of stolen cars where I am are not sold or stripped or anything like that. They're used for N days and then ditched somewhere. Used either for joyriding, living in, crash&grab, or whatever.

One of my old neighbors had their same car stolen like 2-3 times, always ditched and found after some number of days missing.

[acdha]

That was the big shift here for the Kia mess. Normally the thieves tend to be professionals so the stolen ones are at a port or being stripped soon afterwards, but when that hit TikTok there were a lot more joyrides and brief use for theft/robbery because it was a bunch of teenagers who didn’t have much of a plan.