All your cars are belong to us

Spectre

The Deported
Joined
Feb 1, 2007
Messages
36,671
Location
Dallas, Texas
Car(s)
00 4Runner | 02 919 | 87 XJ6 | 86 CB700SC
All your cars are belong to us

That's a garage door remote, which are notoriously easy to hack and have a tiny keyspace, 4096 possible 'combinations' in this case. Almost all of the Viper/DEI/ex-CodeAlarm Audiovox units from the 90s on are rolling code units where the code changes each time you use it (unlike most garage door openers though more are starting to come with it) and have a keyspace well into the millions.

All this guy has done is reverse engineer the 'code grabber' attack of the 80s and 90s, the one that caused rolling codes to be implemented in the first place.

Edit: Yup, he basically says so himself-

It appears to me that a lot of gates and garages that serve as primary means of entry to buildings/homes in South Africa are running on fixed key systems rather than rolling codes. These keys can be trivially sniffed out of the air and replayed to gain access. On top of that fixed key systems using small key spaces can be brute forced, and all of this with a ~R560 investment ($70) ? For the RTLSDR and the CC1111EMK.
 
Last edited:

headcrash

Member
Joined
Mar 11, 2007
Messages
70
"A Survey of Remote Automotive Attack Surfaces" - a paper which was presented at this year's Black Hat security conference in las Vegas. Pretty interesting, but of course, they only surveyed a limited number of car models.

Condensed findings (page 88):

Most Hackable:
1. 2014 Jeep Cherokee
2. 2015 Cadillac Escalade
3. 2014 Infiniti Q50

Least Hackable:
1. 2014 Dodge Viper
2. 2014 Audi A8
3. 2014 Honda Accord

(No, I don't know why they call the i8 the i12 in the paper)
 

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,187
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.

Another day, another ISAC -- and this time it's the automobile industry.
Bit late to be only taking it seriously now...

UK Police Recover ?1.2m Haul of Stolen Porsches, BMWs and Range Rovers Hidden in Shipping Containers

Methods often used to steal vehicles include keyless thefts, taking keys during burglaries, or the use of fraudulent documentation and cloned credit cards to hire vehicles or obtain them on finance.
http://www.ibtimes.co.uk/uk-police-recover-1-2m-haul-stolen-porsches-bmws-range-rovers-hidden-shipping-containers-1471131




http://www.darkreading.com/analytics/threat-intelligence/automobile-industry-accelerates-into-security/d/d-id/1297313
 
Last edited:

Matt2000

Disco Stu-pour
DONOR
Joined
Feb 17, 2006
Messages
14,543
Location
Country smells, England
Car(s)
'01 Disco 2 V8, '90 Disco 1, '05 Smart Roadster
Those Defenders don't look stolen, more like custom built ones to go to the US with false documentation. They look very similar to ones produced by a company I know.
 

LeVeL

Forum Addict
Joined
Jun 16, 2007
Messages
12,744
Those Defenders don't look stolen, more like custom built ones to go to the US with false documentation. They look very similar to ones produced by a company I know.
It still annoys me that DC bureaucrats get in the way of us enjoying awesome Euro and JDM cars :(
 

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,187
car-makers who say the problem is not a weakness in car security ? but the failure of law-makers to ban the general sale of the devices which allow the thieves to gain entry to the vehicles before driving them away.

A spokesman for Watchdog said: ?A demonstration for the programme shows how a BMW X6 key can be programmed in just 12 minutes, an Audi A5 in just 40 seconds and a Range Rover Evoque in just 10 seconds.?

BMW had promised to contact owners of pre-September 2011 X5 and X6 cars and said that none of their cars produced since then could be stolen in this way.

But it produces customer witnesses who say they have not been contacted and whose cars were subsequently stolen.
http://www.thisismoney.co.uk/money/cars/article-2812962/How-car-thieves-use-hi-tech-scanners-reprogramme-electronic-keys-steal-luxury-cars.html

a major security weakness leaving hundreds of thousands cars of around 30 different models vulnerable to theft. Is yours safe?
http://www.bbc.co.uk/programmes/b04nchtj
 
Last edited:

GRtak

Forum Addict
Joined
Sep 6, 2008
Messages
18,824
Location
Michigan USA
Of course the car makers are going to deflect the blame. But if laws against stealing vehicles is not enough to stop thieves from stealing vehicles, what makes them think that the devices just won't be made off the grid so to speak when they are made illegal?
 

AiR

Forum Addict
Joined
Dec 19, 2005
Messages
11,985
Location
Suecia
Car(s)
Bulgogi Knedliky 1.6 GDI (Hyundai i30)
TLDR: Bunch of German car companies pretend there is no problem and blame the people who highlight their failures. That's never happened before.

post-128138-0-40657300-1398956840.jpg

"The test was rigged and there was nothing wrong with the car" - Mercedes.
Mercedes also threatened to sue public broadcaster SVT for showing the footage on the news. Guess they never learn.
 
Last edited:
Top