Jump to content
CaddyInfo Cadillac Forum

Man admits scamming car dealers and buyers


Recommended Posts

Man admits scamming car dealers and buyers

Friday, August 29, 2008

BY PETER J. SAMPSON

Staff Writer

A Monmouth County man is facing up to three years in federal prison after admitting his role in a ring that rolled back the odometers of hundreds of used cars sold throughout North Jersey, scamming auto dealerships and consumers alike.

Robert “Bobby Cars” Fiorello, 58, of Jackson pleaded guilty Thursday in Trenton to a charge of altering odometers. He acknowledged he was a central figure in a conspiracy that authorities say led to more than $1 million in losses from 2001 to 2003.

The ring bought late-model, high-mileage cars at auctions in nearby states and took them to shops in Hackensack and Brooklyn to have digital odometers electronically rolled back — sometimes by as much as 100,000 miles. The cars were then sold to dealerships — or, in some cases, directly to buyers through newspaper ads or car lots operated by ring members.

In addition to recruiting participants in the scheme, Fiorello owned or managed seven auto sales businesses in Garfield, Bloomfield and Keansburg that were licensed by the state to buy and sell used autos.

Through the years, the ring used at least 16 such business, including several in Hasbrouck Heights and Teterboro, “to avoid detection by law enforcement officers,” Assistant U.S. Attorney Lee D. Vartan said.

The ring specifically targeted high-mileage cars with no motor vehicle histories so that after the odometers were “clocked” there would be no way for consumers to check their true mileage, he said.

The FBI busted the ring in 2004, arresting 17 people after a 15-month probe dubbed Operation Rollback. All but two have since pleaded guilty. Anthony Laduca II of Little Falls, who allegedly forged the cars’ titles to reflect the lowered mileage, and Jose “Kubie” Perez of Wayne were indicted in March and are awaiting trial, Vartan said.

The investigation was launched after Lynnes Auto Group in Bloomfield, one of the dealers hit hardest by the scheme, reported tampering of odometers on 45 cars to police. The dealer, whose former used car manager also pleaded guilty in the scheme, took back all of the affected vehicles from customers at a loss of about $375,000, Vartan said.

U.S. District Judge Freda L. Wolfson allowed Fiorello to remain free on $50,000 bond pending sentencing Dec. 5.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites


This can easily happen in New Jersey because of the inspection system operated by the State. When you buy a new car in New Jersey the car is issued a FOUR YEAR inspection sticker. So four years can roll by before the car gets its first inspection. At that point in time, the car could already have over 60,000 miles on it but since there are no prior year inspections, there's no way to tell for sure what the mileage history is for the car, CARFAX would only pick up the first mileage listing for the car which would be whatever mileage is showing on the odometer at the time the car rolls into the state inspection station. The moral of this story is simple, don't buy a used car if it comes from New Jersey and the previous owner can't produce PROOF, such as oil change records, of what that car's mileage truly is.

If other states also have this funky, four year inspection system for new cars then those cars are also at risk of having their odometer tampered with.

P.S. Used cars from New Jersey usually are sent to Pennsylvania for sale at auction at which time they are sold and returned to the State of New Jersey for retail sale at used car lots. So the cars essentially "move in a circle" when they are bought and sold.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

I've posted this before; in 1986 we were looking for a car for my wife in the Los Angeles area. In a "miracle mile" area called the Irvine Auto Park, we went through this cycle:

  • There were about 50 used cars in the lot; I ascertained that all of them had their odometers altered to read 32,000 to 34,000 miles, but my wife liked one of them that appeared to have about 50,000 miles on it.
  • The salesman said that I could pick any car on the lot for $3,000 so I wrote him a check and asked my wife to pick one.
  • Anita picked the car that I had vetted and asked for it. The dealer wanted another $1,000. After looking over the car again, more thoroughly, I wrote another check for $1,000.
  • The salesman had a conference while I thought that they were drawing up the paperwork, and came back and asked for another $1,000.
  • I asked for my checks back. Everybody evaporated and no one would talk to me.
  • I spent 20 minutes trying to find someone who would speak with me.
  • I went to the middle of the office area, surrounded by booths filled with salesmen doing closing paperwork with the marks, and said loudly, to no one in particular, "I WANT MY CHECKS BACK!"
  • I kept repeating that I wanted my checks back, gradually increasing the loudness, until someone came running up with my checks.
  • One of the salesmen followed us back to the car, yammering away, trying all the street-smarts tricks to find out why we were paying cash.
I never did get around to calling the Orange County Sheriff.

This was the used car lot of a new car dealership of an American make of car. I have lots of other, less humorous, stories, from various states, such as another dealer, this one a GM marque, who laundered the title of an Avis car. Caveat emptor.

CTS-V_LateralGs_6-2018_tiny.jpg
-- Click Here for CaddyInfo page on "How To" Read Your OBD Codes
-- Click Here for my personal page to download my OBD code list as an Excel file, plus other Cadillac data
-- See my CaddyInfo car blogs: 2011 CTS-V, 1997 ETC
Yes, I was Jims_97_ETC before I changed cars.

Link to comment
Share on other sites

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

I don't understand why the odometer is permitted to be changed. It should be non volitile and not allow changes.. I mentioned a while back that my neighbor regularly has her mileage changed back on her LEASED cars, how it is so easy to do is beyond me.. it should NOT be easy to do..

Pre-1995 - DTC codes OBD1  >>

1996 and newer - DTC codes OBD2 >> https://www.obd-codes.com/trouble_codes/gm/obd_codes.htm

How to check for codes Caddyinfo How To Technical Archive >> http://www.caddyinfo.com/wordpress/cadillac-how-to-faq/

Cadillac History & Specifications Year by Year  http://www.motorera.com/cadillac/index.htm

Link to comment
Share on other sites

I don't understand why the odometer is permitted to be changed. It should be non volitile and not allow changes.. I mentioned a while back that my neighbor regularly has her mileage changed back on her LEASED cars, how it is so easy to do is beyond me.. it should NOT be easy to do..

The digital odometers apparently are very easy to change. The old mechanical odometers were easy too but most of the time they left a trace of evidence of the rollback. You're right, car manufacturers should make the digital odometers non volitile with non-flashable memory.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

If the odometer is non-volatile, it can't be incremented, either.

The neighbor that is turning back the odometer on leased cars may be committing a crime, and perhaps a second crime if the lease cost is based on the odometer and the changes affect the cost of the lease. I would think that most leasing outfits have ways to detect this. It doesn't strike me as a very good idea. I think I recall that you mentioned to the neighbor that this is a bad idea. Hearing about these things is a bit like watching train wrecks from a great distance. Let us know when the inevitable happens.

I would think that some electronic odometers are easier to change than others. I would be surprised if a GM odometer could be turned back short of a Tech II, and perhaps not even then, except to program a new PCM.

CTS-V_LateralGs_6-2018_tiny.jpg
-- Click Here for CaddyInfo page on "How To" Read Your OBD Codes
-- Click Here for my personal page to download my OBD code list as an Excel file, plus other Cadillac data
-- See my CaddyInfo car blogs: 2011 CTS-V, 1997 ETC
Yes, I was Jims_97_ETC before I changed cars.

Link to comment
Share on other sites

Based on the 10 page complaint, here are some of the cars that were tampered with:

2000 Buick Century, VIN 2G4WS52J6Y1176439, which had an odometer reading of approximately 20,296 miles at

the time of the sale. This vehicle had previously been purchased, in or about September 2001, at an auto auction in Maryland, at which time it had an odometer reading of approximately 70,296, and thereafter this vehicle was transported to New Jersey.

sold to a third party in New Jersey a Ford F-250 truck, VIN 1FTPX28L8WNA54730, which had an odometer reading of approximately 51,000 at the time of the sale. This motor vehicle had been purchased in or about January 2003 at an auto auction in Tennessee, at which time it had an odometer reading of approximately 150,145 miles.

sold to a third party in New Jersey a 2001 Chevrolet Impala, VIN 2G1WF55E219137855, which had an odometer reading of 17,083 miles at the time of the sale. This motor vehicle had been purchased in or about June 2002 from an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 80,867 miles.

sold to a third party in New Jersey a 2000 Dodge Durango, VIN 1B4HS28N8YF224146, with an odometer reading of approximately 26,423 miles at the time of the sale. This motor vehicle had been purchased in or about September 2002 at an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 94,990 miles.

sold to a third party in New Jersey a 2001 Chevrolet Impala, VIN 2G1WH55K919167547, with an odometer reading of approximately 22,826 miles at the time of the sale. This vehicle had been purchased in or about March 2003 at an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 89,271 miles.

sold to a third party in New Jersey a 1999 Dodge Caravan, VIN 2B4GP44G0XR394184, with an odometer reading of approximately 35,609 miles at the time of the sale. This vehicle had been purchased in or about June 2002 from an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 95,609 miles.

sold to a third party in New Jersey a 2000 Ford Expedition, VIN 1FMRU1669YLB36081, with an odometer reading of approximately 43,520 miles at the time of the sale. This vehicle had been purchased in or about March 2003 at a New Jersey car dealership, at which time it had an odometer reading of approximately 76,121 miles.

caused the registration in New Jersey of a 2002 Oldsmobile Intrigue, VIN 1G3WS52H4YF192486, with an

odometer reading of approximately 28,005 miles at the time of the sale. This vehicle had been purchased in or about May 2002 at an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 68,629 miles.

sold to a third party in New Jersey a 2000 Dodge Caravan, VIN 2B4GP45RXYR826894, with an odometer reading of approximately 28,241 miles at the time of the sale. This vehicle had been purchased in or about December

2002 at an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 68,106 miles.

sold to a third party in New Jersey a 1999 Ford Explorer, VIN 1FMZU34X6XUB58734, with an odometer reading of approximately 47,333 miles at the time of the sale. This vehicle had been purchased in or about May 2003 at an auto

auction in Pennsylvania, at which time it had an odometer reading of approximately 137,096 miles.

a 2000 Dodge Caravan, VIN 1B4GP45GXYB558023, with an odometer reading of approximately 34,050 miles at the

time of the sale. This vehicle had been purchased in or about August 2002 at an auto auction in Pennsylvania, at which time it had an odometer reading of approximately 84,046 miles and thereafter was transported to New Jersey.

There was also a 2000 BMW that had it's odometer rolled back.

What really pissed me off about this situation is that these cars were sold to people who can't afford a new car. In other words, they are sold mostly to poor or low income, working people who are depending on that low mileage reading to have a good, dependable car. No one buys a car with the intention of having to end up spending thousands of dollars on premature repairs and these schmucks thought nothing about ripping off mostly poor and low income people. What I find even more outrageous is the three year jail sentence this creep received. This was basically a white collar crime and he only received three years in jail. If you steal a car you get more jail time. This punk will be out of jail in less than three years and you know what, he'll do it again.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

Some of the laws that cover odometer rollback:

APPLICABLE FEDERAL LAWS

In 1972, in recognition of the magnitude of the odometer rollback problem, Congress enacted the Motor Vehicles Information and Cost Savings Act (MVICSA), seeking to eliminate odometer tampering. This act established certain safeguards to protect consumers because they often rely heavily on the odometer reading to determine the vehicle's value, safety, and reliability. The act made it a Federal violation to disconnect, reset, or replace an odometer for the purpose of disguising a vehicle's true mileage.

Depending on the circumstances, the primary Federal statutes that may be used in odometer-related prosecutions are Title 18, U.S. Code, Section 2314, Interstate Transportation of Stolen Property (ITSP) and Title 18, U.S. Code, Section 513, Possession of Forged or Altered Securities. Section 513 contains two extremely desirable features, the first being that the interstate transportation of the forged, altered, or counterfeited document is not a requirement for prosecution (unlike section 2314); rather, it makes the mere possession of such a document illegal. It defines forged and counterfeit documents as any which purports to be genuine but is not because it has been falsely made, falsely altered, or falsely completed. The Federal statutes contained in Title 18 of the U.S. Code pertaining to Mail Fraud, Section 1341; Conspiracy, Section 371; False Statements, Section 1001; and Fraud by Wire, Section 1343,

are also cited in the indictments.

In October 1986, the Truth in Mileage Act of 1986 (TIMA) was signed into law, modifying MVICSA. The primary features of TIMA dealt with title security, mileage disclosure, lease vehicle disclosure, dealer record retention, and lessor and auction record retention. It also increased the criminal and civil penalties applicable to MVICSA.

The Racketeer Influenced and Corrupt Organizations (RICO) Statutes were originally intended for use in organized crime prosecutions. However, the RICO statutes can be interpreted to also include odometer rollback and title laundering activity. Sections of the statutes contain offenses that Congress defined as constituting acts of racketeering and are the primary statutes traditionally used to prosecute odometer crime.

The combined provisions of MVICSA, TIMA, and RICO legislation and other traditional criminal statutes form an

intimidating platform from which to base antiodometer fraud strategy. These statutes allow for substantial civil and

criminal penalties against, and/or forfeiture from, those dealers who continue to engage in such criminal enterprises.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

At least there are no Cadillacs on the list, although with the 2000 Chevrolet speedometer rollback, I suspect that the same technique would work on a Cadillac speedometer. I had thought that the electronic speedometer made rollbacks unlikely, not not so. I suspect that if a CarFAX reveals that a car went through an auction, the speedometer reading cannot be trusted.

Hey, my car is a one-owner with nearly 140,000 miles on it. If I trade it, it's too old to be on a dealer lot unless he simply *must* have an Eldorado around, so it would likely be wholesaled -- which probably means put in an auction with the rest of the trade-ins. I do believe that state inspections every two years keep track of the odometer reading, though. However, when I finally do move on to a used STS-V or some such, someone will get a nice low-mileage ETC with a killer exhaust note. <_<

Maybe I'll find another way to move it to its next station in life. My plans now are to keep it another few years, so I have time to think about it. :mellow:

CTS-V_LateralGs_6-2018_tiny.jpg
-- Click Here for CaddyInfo page on "How To" Read Your OBD Codes
-- Click Here for my personal page to download my OBD code list as an Excel file, plus other Cadillac data
-- See my CaddyInfo car blogs: 2011 CTS-V, 1997 ETC
Yes, I was Jims_97_ETC before I changed cars.

Link to comment
Share on other sites

At least there are no Cadillacs on the list, although with the 2000 Chevrolet speedometer rollback, I suspect that the same technique would work on a Cadillac speedometer. I had thought that the electronic speedometer made rollbacks unlikely, not not so. I suspect that if a CarFAX reveals that a car went through an auction, the speedometer reading cannot be trusted.

Hey, my car is a one-owner with nearly 140,000 miles on it. If I trade it, it's too old to be on a dealer lot unless he simply *must* have an Eldorado around, so it would likely be wholesaled -- which probably means put in an auction with the rest of the trade-ins. I do believe that state inspections every two years keep track of the odometer reading, though. However, when I finally do move on to a used STS-V or some such, someone will bet a nice low-mileage ETC with a killer exhaust note. <_<

Maybe I'll find another way to move it to its next station in life. My plans now are to keep it another few years, so I have time to think about it.

I assume you meant odometer, not speedometer. :rolleyes:

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

At least there are no Cadillacs on the list, although with the 2000 Chevrolet speedometer rollback, I suspect that the same technique would work on a Cadillac speedometer. I had thought that the electronic speedometer made rollbacks unlikely, not not so. I suspect that if a CarFAX reveals that a car went through an auction, the speedometer reading cannot be trusted.

Hey, my car is a one-owner with nearly 140,000 miles on it. If I trade it, it's too old to be on a dealer lot unless he simply *must* have an Eldorado around, so it would likely be wholesaled -- which probably means put in an auction with the rest of the trade-ins. I do believe that state inspections every two years keep track of the odometer reading, though. However, when I finally do move on to a used STS-V or some such, someone will bet a nice low-mileage ETC with a killer exhaust note. <_<

Maybe I'll find another way to move it to its next station in life. My plans now are to keep it another few years, so I have time to think about it.

Yes, yearly inspections or inspections every two years is a very good deterrent against odometer tampering. The problem is New Jersey puts a four year sticker on all new cars. This means that mileage is not officially recorded by the State for the first four years the car is driven. Most leases are two or three years long which means the car is returned to the dealership within the four year time frame so the mileage is never officially recorded with the State inspection agency so it's never reported to CarFax. If the car is serviced at the dealership the mileage is recorded but that information is not turned over to CarFax or other agencies either that track information about cars so these cars that come off two or three year leases are the best targets for odometer fraud.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

That means that I can't trust the odometer reading of my used STS-V if the CarFAX says that it is being sold by a dealer other than the one that leased it. If it goes through the auction system, the odometer reading is likely sweetened. Hey, that's just what I need in my golden years -- a high-mileage STS-V. :fighting0025:

CTS-V_LateralGs_6-2018_tiny.jpg
-- Click Here for CaddyInfo page on "How To" Read Your OBD Codes
-- Click Here for my personal page to download my OBD code list as an Excel file, plus other Cadillac data
-- See my CaddyInfo car blogs: 2011 CTS-V, 1997 ETC
Yes, I was Jims_97_ETC before I changed cars.

Link to comment
Share on other sites

That means that I can't trust the odometer reading of my used STS-V if the CarFAX says that it is being sold by a dealer other than the one that leased it. If it goes through the auction system, the odometer reading is likely sweetened. Hey, that's just what I need in my golden years -- a high-mileage STS-V. :fighting0025:

Auction houses are supposed to record the odometer mileage when they receive the car but apparently many of them don't and/or didn't. There's always going to be someone out there who wants to make a fast buck at the expense of someone else and when you find an entire chain of people who are willing to do this type of fraud it can take the FBI YEARS before they figure the whole system out and arrest everyone involved. In the meanwhile, innocent people end up hurt and the crooks get a slap on the wrist.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

Upon reading about this odometer rollback problem a bit more, a clear picture and probably a good solution appeared inside my thoroughly twisted mind. Digital odometers apparently store their information as a hexadecimal number. I located literally a cornucopia of software on the Internet that makes it possible to read this hexadecimal number and change it, thus making it very easy to alter a digital odometer.

Obviously, either digital odometers have no encryption or whatever encryption is inside these odometers, it's easily cracked. 128 bit encryption can also be cracked but it takes a long time. Skype uses a military grade encryption key that's 2,048 bits long and is impossible to crack, in fact, the sun would explode before a 2,048 bit key would be cracked.

Why have car manufacturers not employed military grade encryption that are at least 2,048 bits long to protect the hexadecimal mileage information inside the odometer? Skype does it on the fly usually within seconds, when a call is connected to another Skype user. Public key encryption is one of the safest and probably the strongest forms of encryption and it could actually be connected to the odometer encryption. The vehicle's starter key could contain one part of the encryption key, the public key, and the odometer would contain the private key. Both the public key and the private key would be encrypted to military grade levels (at least 2,048 bits long) thereby making it impossible for either key to be cracked and thus rolling back a digital odometer would become impossible. At that point, only physical tampering would be possible and this type of tampering is more easily detected and possibly deterred.

Rolling back an odometer not only hurts the buyers, it hurts the manufacturers. If I bought a used car with only 36,000 miles on it and that car started breaking down and costing me a fortune in what appeared to be premature repairs, you can bet I'd never buy another car from that manufacturer ever again. It would only make sense to a manufacturer who is willing to protect the consumer and their own reputation that they do a better job of protecting what turns out to be for most consumers, a hefty investment.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

If the odometer is non-volatile, it can't be incremented, either.

The neighbor that is turning back the odometer on leased cars may be committing a crime, and perhaps a second crime if the lease cost is based on the odometer and the changes affect the cost of the lease. I would think that most leasing outfits have ways to detect this. It doesn't strike me as a very good idea. I think I recall that you mentioned to the neighbor that this is a bad idea. Hearing about these things is a bit like watching train wrecks from a great distance. Let us know when the inevitable happens.

I would think that some electronic odometers are easier to change than others. I would be surprised if a GM odometer could be turned back short of a Tech II, and perhaps not even then, except to program a new PCM.

She already turned back the mileage on a Pontiac and a Dodge that were leased. And we are not talking about small amounts here we are talking about 20K miles at a time and multiple times and yes, it was to save additional costs on the lease.

Its just not right

I guess its human nature to do stuff like this, but its up to the manufacturers to devise a way to stop it. I am sure that stuff like ON STAR and Black boxes will stop it going forward.

Pre-1995 - DTC codes OBD1  >>

1996 and newer - DTC codes OBD2 >> https://www.obd-codes.com/trouble_codes/gm/obd_codes.htm

How to check for codes Caddyinfo How To Technical Archive >> http://www.caddyinfo.com/wordpress/cadillac-how-to-faq/

Cadillac History & Specifications Year by Year  http://www.motorera.com/cadillac/index.htm

Link to comment
Share on other sites

If the odometer is non-volatile, it can't be incremented, either.

The neighbor that is turning back the odometer on leased cars may be committing a crime, and perhaps a second crime if the lease cost is based on the odometer and the changes affect the cost of the lease. I would think that most leasing outfits have ways to detect this. It doesn't strike me as a very good idea. I think I recall that you mentioned to the neighbor that this is a bad idea. Hearing about these things is a bit like watching train wrecks from a great distance. Let us know when the inevitable happens.

I would think that some electronic odometers are easier to change than others. I would be surprised if a GM odometer could be turned back short of a Tech II, and perhaps not even then, except to program a new PCM.

She already turned back the mileage on a Pontiac and a Dodge that were leased. And we are not talking about small amounts here we are talking about 20K miles at a time and multiple times and yes, it was to save additional costs on the lease.

Its just not right

I guess its human nature to do stuff like this, but its up to the manufacturers to devise a way to stop it. I am sure that stuff like ON STAR and Black boxes will stop it going forward.

OnStar only works if you push the blue button to subscribe. Granted, GM gives you the first year of OnStar free but you still have to push that button to subscribe to the free year. As with odometers, black boxes only work as well as the encryption that protects the data. I'm bewildered as to why manufacturers don't encrypt the data for the odometer to stop hackers from altering the numbers. Hackers are not only breaking the law, ripping off consumers, they are ruining the reputations of the manufacturers when they roll back an odometer. It's so easy to implement I'm bewildered as to why it's not been done.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

I've done my share of embedded processor work on various levels. I think that if the program memory can be read, then the program memory can be duplicated and used in another program to control the odometer value, no matter what the encryption. Thus a facility that is capable of reverse-engineering a chip with non-volatile program memory can provide the basis for cracking this code. These facilities exist legitimately because of the need to support products using embedded processors where documentation for the original code is not available for whatever reason, and in fact this occurs most of the time in non-military software, even in in-house development.

The key to solving this problem is to make turning back an odometer more expensive than the increase in price of the car. This is a simple thing to figure: if a $60K car depreciates to $40K in 4 years but high mileage makes the sale price $25K, then the value of the odometer rollback is $15K. With bodybyfisher's input, the cost of the rollback is $1000 max, and it's a no-brainer that it will be done on some cars, no matter how diligent the enforcement.

Figure the cost of the odometer rollback operation is $200 per hour in incomes and overhead. We need to make it take 75 hours to make the operation unprofitable.

Encryption schemes can add 10-50 hours onto the cracking operation if different codes are used on each vehicle, and both the public and private codes are encrypted. Adding an internal checksum on the program that complicates making changes to the program adds another 10 hours or so to get the new checksum, program it, and test the result.

A simple thing that could complicate things would be to keep the odometer reading on several modules, not just the PCM. If they disagree, a code is set; this can be a "stealth" code visible only on a Tech II or not. Changing the odometer on several buried modules instead of just one readily accessible PCM would multiply the time to do the rollback by a large factor. Candidate modules are the IRC, MMM, IPC, ACM, SDM, PZM, and MSM. Add one that requires welding to get to and that can't be rolled back by electrical inputs, and you have an indelible fingerprint if someone accesses it. This could get you to over 75 hours right there.

Another layer could be keeping other logs, such as engine revolutions in each gear and while stopped, total time of system "on" and such. Some of this data is collected to tune the transmission shifts to individual driving styles in the Northstar system. Cross-checking of mileage with this information provides a sanity check that, if failed, could set a code that is seen by the dealer on a Tech II but not anywhere else. Cheating this would add another 20-60 hours onto the task of odometer rollback, and it also would add risk that this code would be set later after the car was driven by the consumer for a few days.

Another layer could be added by having a rolling stack of numbers, such as total system on time at 1,000 mile increments, with encrypted hash code. This could add another 30-60 hours on the rollback task.

With the cost of processors that can do this at about $5 each, it's doable.

CTS-V_LateralGs_6-2018_tiny.jpg
-- Click Here for CaddyInfo page on "How To" Read Your OBD Codes
-- Click Here for my personal page to download my OBD code list as an Excel file, plus other Cadillac data
-- See my CaddyInfo car blogs: 2011 CTS-V, 1997 ETC
Yes, I was Jims_97_ETC before I changed cars.

Link to comment
Share on other sites

Encryption schemes can add 10-50 hours onto the cracking operation if different codes are used on each vehicle, and both the public and private codes are encrypted. Adding an internal checksum on the program that complicates making changes to the program adds another 10 hours or so to get the new checksum, program it, and test the result.

If you use a 2,048 bit encryption key, you can add another 100 million hours to the job of trying to crack the code. :lol:

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

A simple thing that could complicate things would be to keep the odometer reading on several modules, not just the PCM.

BMW does this, it keeps the odometer reading on several modules and if you try to roll back the odometer, once you start the car after the odometer has been tampered with, you get a row of flashing "00000000" on the odometer and a code is set.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

I need to expand this from post #18:

I think that if the program memory can be read, then the program memory can be duplicated and used in another program to control the odometer value, no matter what the encryption.
Doing this doesn't require that you find the key, or even disassemble the code. However, if you do disassemble the code, you can get the private key, even if it too is encrypted. Thus even a 2048-bit RSA encryption can be cracked if you have a running chip to work with. Of course, you need to get inside the chip and tap into the data bus, which is a 10-40 hour task in a clean room with microelectronic tools, but again this type of facility exists legitimately in lots of outfits that are set up to support existing products without documentation.

Nothing is foolproof to a sufficiently talented fool.

CTS-V_LateralGs_6-2018_tiny.jpg
-- Click Here for CaddyInfo page on "How To" Read Your OBD Codes
-- Click Here for my personal page to download my OBD code list as an Excel file, plus other Cadillac data
-- See my CaddyInfo car blogs: 2011 CTS-V, 1997 ETC
Yes, I was Jims_97_ETC before I changed cars.

Link to comment
Share on other sites

I need to expand this from post #18:

I think that if the program memory can be read, then the program memory can be duplicated and used in another program to control the odometer value, no matter what the encryption.
Doing this doesn't require that you find the key, or even disassemble the code. However, if you do disassemble the code, you can get the private key, even if it too is encrypted. Thus even a 2048-bit RSA encryption can be cracked if you have a running chip to work with. Of course, you need to get inside the chip and tap into the data bus, which is a 10-40 hour task in a clean room with microelectronic tools, but again this type of facility exists legitimately in lots of outfits that are set up to support existing products without documentation.

Nothing is foolproof to a sufficiently talented fool.

What these fly by night operations are using to change these odometer readings were lap tops and software. I found jaw dropping amounts of these programs readily available on the Internet. But what this tells me is that these people are just plugging into the car, "seeing" the odometer reading as a very simple hexadecimal, and then making the changes in just a few short minutes. This is just waaaaaaaay too easy and the car manufacturers need to make it as difficult as possible to change these odometers.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

found this video of someone changing the mileage on a Chrysler 300C. Took less than 2 minutes.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

Way too easy to use based on the video. Makes it increasingly important to purchase vehicles with a known history I guess.

Bruce

2023 Cadillac CT4-V Blackwing

Follow me on: Twitter Instagram Youtube

Link to comment
Share on other sites

Way too easy to use based on the video. Makes it increasingly important to purchase vehicles with a known history I guess.

I watched a few different videos and ALL of them were just as easy. Car manufacturers NEED to really address this problem and SOLVE it.

If you really want to make people safe drivers again then simply remove all the safety features from cars. No more seat belts, ABS brakes, traction control, air bags or stability control. No more anything. You'll see how quickly people will slow down and once again learn to drive like "normal" humans.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...