Ask a question

3592 questions

4090 answers

3024 comments

34757 members

Ask a question
0 votes
1,518 views
in Vehicle tracking by
Dear Teltonika,

I would like to inform you about a security issue what I noticed after the firmware update.

The problem is noticed at the FMB units which assembled with RFID readers.
When the driver stops, but doesn't getting out of the car immediately, but it stays close to the RFID tag reader for a while, the unit goes to "Online sleep" mode.

Afterwards, even the driver leave the car together with the RFID tag, when it sits back, the unit immediately enables the ignition of the car(it means the immobilizer function doesn't work as it should)

The problem supposed to have close connection with the "1 wire" versus "online sleep" mode issue which has been mentioned previously by others.

 

1 Answer

0 votes
by

Hello,

Thank you for your question,

Could you please confirm that this issue did not occur using the older version of firmware? Could you state the version used before?

Could you specify the current firmware version?

Please check your configuration - the time period settings of your sleep modes. The device will go to "online sleep mode" when conditions are met

  • FMB120 is configured in Deep Sleep mode and sleep timeout is reached;
  • Device time must be synchronized with GPS satellites. From Firmware 03.18.15 version, this condition depends on “Records saving/sending without TS” parameter:
  • After Position Fix - FMB120 time is synchronized with GNSS satellites and GPS fix is obtained;
  • After Time Sync - FMB120 time is synchronized over NTP, NITZ or GNSS satellites;
  • Always - FMB120 will enter sleep mode without time synchronization and GPS fix.
  • Ignition (configured ignition source) is off;
  • Movement is not detected by the accelerometer or configured movement source;
  • Min. Record Saving Period (Data Acquisition Mode settings) must be larger than Open Link Timeout parameter, so that FMB120 could close GPRS link;
  • The difference between Send Period (Data Acquisition Mode settings) and Open Link Timeout must be more than 90 seconds, so that FMB120 could close GPRS link within at least 90 seconds;
  • There are no SMS messages being received;
  • Data socket(s) are closed;
  • Data sending is not in progress;
  • FOTA is not in progress.

Online Deep Sleep - In this mode the device works as in deep sleep mode, but without deregistering from GSM network. GSM part stays powered so this increases power consumption. In this mode device should send/receive SMS and make/accept calls. It does not close GPRS context if one was previously opened. Conditions to enter online deep sleep mode are the same as entering deep sleep mode.

FMB120 exits online sleep mode if ONE of following conditions is true:

  • Movement by accelerometer or configured movement source is detected;
  • Ignition (configured ignition source) is turned on.
Please also make sure that:
Ignition timeout for immobilizer is already passed before trying to use the scenario for immobilize function. Check the value at configuration, the ignition will be blocked again after the timeout passed
Waiting further for your response,
Regards, Teltonika.
by

Hello,

Thanks for your answer.
Old firmware: 03.10.xx – Unfortunately I don't remember exactly.
New firmware: 03.25.05, 03.25.07 The problem occurs with both versions.
I didn’t change the device settings. This problem did not occur before the firmware upgrade, only afterwards.

I refining the error description because I may not have spelled it out clearly in the earlier post:

1. Ignition
    [+12V > DIN1]
2. The GNSS’s immobilizer is activated
     [DOUT1 > Relay turns on]
3. The driver places the RFID tag near the RFID reader and the authentication is performed.
     [DOUT1 > Relay turns off]
4. Starting the engine > Travel > Arrival
     [DOUT1 > Relay turns off]
5. Stopping the engine.
     [0V > DIN1]
     The driver will not leave the car immediately.
     During this time the RFID tag will remain near the RFID reader.
6. Meanwhile the GNSS goes into “Online Deep Sleep” mode 15 minutes later.
     [GNSS: Online Deep Sleep]
7. The driver (with RFID tag) leaves the car 30 minutes after arrival.
     [GNSS: Online Deep Sleep]
8. The driver returns to the car but does not put the RFID tag on the RFID reader.
     [GNSS: Online Deep Sleep]
9. Ignition
     [+12V > DIN1]
10. The GNSS’s immobilizer is NOT activated
     [DOUT1 > Relay does NOT turns on]
 

So it is possible to start the engine without RFID authentication!

I uploaded picture of the settings:

by

Hi Support Team,

The root cause of the problem reported by Dvid is the same as what I reported 3 months ago:
Based on our analysis we identified, the problem is at "online sleep" mode beacuse on the 1-Wire data connection the synchronization doesn't work.

https://community.teltonika-gps.com/6492/fmb120-does-not-send-sms-about-the-temperature-since-update


In our case the temperature data does not change, while for David RFID data does not change.
Therefore the RFID information which has been readed at normal mode the unit stores it in "online sleep mode" as well, so when the unit wakes up the authentication data is present so the immobiliser enables the start of the engine - I assume this is a serious security issue!


Hi Dvid,

Please check iButton status in the "I/O Info" menu when the device enters in "Online Deep Sleep" mode.

Until they fix the problem:
(Though, I am waiting since 3 month of fix because the new firmware not solved it)

This could be solved by disabling the "online sleep" mode ;) or increasing the activation time when the driver surely leave the car together with the RFID tag.
However disabling the "online sleep" mode or increasing the activation time can cause higher current consumption which can be bad for the car battery.

Regards,

by

Hello Everyone,

Thank you David for your help, you were right!
I checked the iButton status when the device entered online sleep mode and the identification number was still visible even after I removed the RFID tag from the reader. So the RFID (1-wire) data freezes when the device enters sleep mode.
Based on these, I will expand the description to the current status of the iButton and await the Teltonika's response:

1. Ignition
    [+12V > DIN1 ; iButton: 0x000...]
2. The GNSS’s immobilizer is activated
     [DOUT1 > Relay turns on ; iButton: 0x000...]
3. The driver places the RFID tag near the RFID reader and the authentication is performed.
     [DOUT1 > Relay turns off ; iButton: 0x01E...]
4. Starting the engine > Travel > Arrival
     [DOUT1 > Relay turns off ; iButton: 0x01E...]
5. Stopping the engine.
     [0V > DIN1 ; iButton: 0x01E...]
     The driver will not leave the car immediately.
     During this time the RFID tag will remain near the RFID reader.
6. Meanwhile the GNSS goes into “Online Deep Sleep” mode 15 minutes later.
     [GNSS: Online Deep Sleep ; iButton: 0x01E...]
7. The driver (with RFID tag) leaves the car 30 minutes after arrival.
     [GNSS: Online Deep Sleep ; iButton: 0x01E...]
8. The driver returns to the car but does not put the RFID tag on the RFID reader.
     [GNSS: Online Deep Sleep ; iButton: 0x01E...]
9. Ignition
     [+12V > DIN1 ; GNSS: Exited sleep mode ; iButton: 0x01E...]
10. The GNSS’s immobilizer is NOT activated
     [DOUT1 > Relay does NOT turns on > Engine can be started ; iButton: 0x01E...]

11. 10-15seconds after ignition (Point 9)
     [+12V > DIN1 ; DOUT1 > Relay does NOT turns on > Engine has already started ; iButton: 0x000...]
 

So it is possible to start the engine without RFID authentication!

Regards,

Dvid

by

In some cases, I misspelled - I re-write because I can not edit my comment

Hello Everyone,
Thank you Pepe for your help, you were right!
I checked the iButton status when the device entered online sleep mode and the tag’s identification number was still visible even after I removed the RFID tag from the reader. So the RFID data freezes when the device enters „online deep sleep” mode. (According to these all data frezes which comes from "one-wire" connection)
Based on these, I expand the description to the actual status of the iButton and await the Teltonika's response:

1. Ignition.
    [+12V > DIN1 ; iButton: 0x000...]
2. The GNSS’s immobilizer is activated.
     [DOUT1 > Relay turns on ; iButton: 0x000...]
3. The driver places the RFID tag near the RFID reader and the authentication is performed.
     [DOUT1 > Relay turns off ; iButton: 0x01E...]
4. Starting the engine > Travel > Arrival.
     [DOUT1 > Relay turns off ; iButton: 0x01E...]
     (RFID tag stays near reader)

5. Stopping the engine.
     [0V > DIN1 ; iButton: 0x01E...]
     The driver will not leave the car immediately.
     During this time the RFID tag will remain near the RFID reader.
6. Meanwhile the GNSS goes into “Online Deep Sleep” mode 15 minutes later.
     [GNSS: Online Deep Sleep ; iButton: 0x01E...]
     (RFID tag stays near reader)
7. The driver (with RFID tag) leaves the car 30 minutes after arrival.
     [GNSS: Online Deep Sleep ; iButton: 0x01E...]
     (RFID tag is not near the reader)
8. The driver returns to the car but does not put the RFID tag on the RFID reader.
     [GNSS: Online Deep Sleep ; iButton: 0x01E...]
     (RFID tag is not near the reader)

9. Ignition.
     [+12V > DIN1 ; GNSS: Exited sleep mode ; iButton: 0x01E...]
     (RFID tag is not near the reader)

10. The GNSS’s immobilizer is NOT activated.
     [DOUT1 > Relay does NOT turns on > Engine can be started ; iButton: 0x01E...]
     (RFID tag is not near the reader)

11. 10-15seconds after ignition (Point 9).
     [+12V > DIN1 ; DOUT1 > Relay does NOT turns on > Engine has already started ; iButton: 0x000...]
     (RFID tag is not near the reader)

That is, the device updated the RFID data 15 seconds after ignition/wake-up (iButton: 0x01E... > ; 0x000...)


So it is possible to start the engine without RFID authentication!


Regards,
Dvid