Vehicle immobilizers are fitted as standard to modern cars and heavy goods vehicles. Antitheft mechanisms have become more sophisticated but so have the methods employed by crooks. Nowadays once the thief has gained access to a vehicle they will most likely use an electronic deactivation tool which seeks to disable the immobilizer, once this has been accomplished a blank transponder key/card can be used to start the engine. In many cases, communication with the immobilizer is made using the OBD-II diagnostic connector.
Although the OBD-II protocol itself does not support the immobilizer, the vehicle manufacturer is free to use the interface as necessary for communication, either the standard OBD-II signals or unused pins in the OBD-II connector (i.e. those undefined in the OBDII standard). Using one of these pathways the immobilizer can usually be electronically disabled.
This may be unsettling news for owners of expensive vehicles but when professional car-thieves call, armed with the latest OBD-II hacking equipment this simple low-cost low-tech solution may be all that you need. The idea is very simple: if all connections to the OBD-II connector are disconnected there is no possibility for any equipment, no matter how sophisticated to gain access via the vehicle’s wiring.
The OBD-II connector is usually located underneath the dashboard on the passenger side; once its wiring loom has been identified a switch can be inserted in line with the wires. The switch should be hidden away somewhere that is not obvious. In normal operation, you will be protected if the vehicle is run with the wires to the socket disconnected. Make sure however that you throw the switch reconnecting the socket before you next take the vehicle along to a garage for servicing or fault diagnosis.
The diagram shows the ISO K and ISO L wires switched. To cover all bases it is wise for every wire to the socket is made switchable except the two earth connections on pins 4 and 5 and the supply voltage on pin 16. Almost every vehicle manufacturer has their own method of vehicle immobilization, by disconnecting every wire it ensures that no communication is possible (even over the CAN bus). Now the innermost workings of your vehicle will be safe from prying eyes. When a hacker plugs in a deactivation tool it will power up as normal but probably report something like ‘protocol unrecognized’ when any communication with the OBD port is attempted.