All your cars are belong to us

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,245
BBC Watchdog report mentioned above
starts about 17m 30s
[video=youtube;dKr3nXC-tB8]http://www.youtube.com/watch?feature=player_detailpage&v=dKr3nXC-tB8[/video]
 

Dr_Grip

Made from concentrate
DONOR
Joined
Jul 8, 2008
Messages
13,994
Location
Germany
Car(s)
1979 Opel Kadett | 1972 Ford Country Sedan
I got a promo call from o2 today, trying to sell me the o2 Car Connection. A GSM-enabled dongle plugged directly to the ODB-II port? What could possibly go wrong?
 

Interrobang

Forum Addict
Joined
Mar 5, 2007
Messages
8,145
I wonder, when we?ve reached the time when a Car using an physical Key and a physical lock can be considered safer than the Cars with "smart" keys. At some point the number of car-thieves actually being able to "work" a lock will be smaller than those using computers.
 

Interrobang

Forum Addict
Joined
Mar 5, 2007
Messages
8,145
Maybe someone can give us a good translation of the important bits:

[*]link[*]
It?s a bad article full of implications and speculations, so I will not bother. They?ve been to a security-expo in poland and half the article is spend going "not all of the people here at the Expo seem like registered professionals from the security-buisness" *wink**wink*. Then they are speculating about a libanese company not showing one of their products that claims to open any car locked with a smart-key at the expo.

No new information in there.
 

narf

Sgt. Maj. Buzzkill
DONOR
Joined
Feb 1, 2008
Messages
18,153
Location
Kiel/Wherever, Germany
Car(s)
'19 BMW M240i
Additionally, some of the actual tech-level facts are plain wrong. They go on about keyless entry systems being particularly weak (plausible) because the key is constantly sending signals (bullshit). The relay tech they talk about might work, but not in the way they describe it.
 

jack_christie

Well-Known Member
Joined
Aug 1, 2006
Messages
4,245
Last edited:

Dr_Grip

Made from concentrate
DONOR
Joined
Jul 8, 2008
Messages
13,994
Location
Germany
Car(s)
1979 Opel Kadett | 1972 Ford Country Sedan
An in-depth analysis of the BMW hack reveals some quite shocking details:
At least the messages sent to a vehicle are checked with regard to which car they are addressed to. This check is done with a VIN (Vehicle Identification Number) included in the message. If the VIN does not match the car in question, it will not execute the command it is sent. This is no hurdle to a potential attacker, though, since the Combox is very helpful in this regard: If it does not receive a valid VIN, it actually sends back an error message that contains the correct VIN in order to identify the sender of the message.
 

Spectre

The Deported
Joined
Feb 1, 2007
Messages
36,726
Location
Dallas, Texas
Car(s)
00 4Runner | 02 919 | 87 XJ6 | 86 CB700SC
Regular keys aren't any better at keeping out thieves, I'm afraid.
Depending on which type of mechanism it is, it can at least take longer - assuming they don't just break the glass. :p
 

DanRoM

Forum Addict
Joined
Feb 27, 2009
Messages
8,040
Location
Ruhr Area, Germany
Car(s)
MX-5 ND, CBF1000 & two bikes
Regular keys aren't any better at keeping out thieves, I'm afraid.
At least it takes an effort every time you steal a car that way, and not just once for making an electronic master key opening and starting practically every car of a particular brand like with (some) current keyless entry systems (what a fitting term).

I'm certainly not able to program a secure electronic entry system myself, but I'm pretty sure the mistakes I'd make would at least be more sophisticated...
 

narf

Sgt. Maj. Buzzkill
DONOR
Joined
Feb 1, 2008
Messages
18,153
Location
Kiel/Wherever, Germany
Car(s)
'19 BMW M240i
A key difference :drums: is that picking a lock or breaking the glass at least appears suspicious. Unlocking a car remotely as if it were unlocked from the keyfob doesn't even have a chance of raising suspicion.

- - - Updated - - -

I'm certainly not able to program a secure electronic entry system myself, but I'm pretty sure the mistakes I'd make would at least be more sophisticated...
A start would be open algorithms up for peer review, and using unique keys/certificates - doing things the way regular old encryption on the web would do.
That might require more sophisticated hardware though, and potentially a need to charge your keyfob instead of swapping the batteries at a service to support that hardware. Combined with induction charging at home and in the car though that could be worked around.

Hell, go install an sshd on the car, store public keys of your keyfobs on there, and have your keys run ssh with a private key in each fob. Want to run any commands, such as unlocking? Log in first. If it's good enough to be exposed to the web, it's good enough to be exposed to a supermarket car park.
 
Last edited:

DanRoM

Forum Addict
Joined
Feb 27, 2009
Messages
8,040
Location
Ruhr Area, Germany
Car(s)
MX-5 ND, CBF1000 & two bikes
I would like to see the insurance companies raise hell over this. Like sueing BMW (and other carmakers, where applicable) for installing sub-standard security in their cars, leaving them to be stolen much too easily. Or refusing to insure cars with remote unlocking systems that haven't don't use open, proven-to-be-secure (as per state-of-the-art) technology.
Won't happen, of course.
 

Spectre

The Deported
Joined
Feb 1, 2007
Messages
36,726
Location
Dallas, Texas
Car(s)
00 4Runner | 02 919 | 87 XJ6 | 86 CB700SC
I would like to see the insurance companies raise hell over this. Like sueing BMW (and other carmakers, where applicable) for installing sub-standard security in their cars, leaving them to be stolen much too easily. Or refusing to insure cars with remote unlocking systems that haven't don't use open, proven-to-be-secure (as per state-of-the-art) technology.
Won't happen, of course.
You're right, they won't sue. At least over here, what's about to happen is that the insurance rates for theft and comprehensive on such vehicles will skyrocket as a result of this. When the customers complain, they will be told why and this will put pressure on the sales of BMWs etc., so hopefully the manufacturers in question will then be compelled to fix the problem.
 
Last edited:

Cobol74

Forum Addict
Joined
Mar 21, 2006
Messages
17,507
Location
The banana republic of Ukania
Car(s)
Honda Accord 2.2 i-Dtec Sport Estate.Hyundai Ix20
Something must be done!

Ban cars. (Would be a UK Politician's classic fix. ...)

Too much cheap beer is being bought in supermarkets - enforce price controls.

Supermarkets must charge for bags - for the environment. ...

Etc, etc. ...
 
Last edited:

DanRoM

Forum Addict
Joined
Feb 27, 2009
Messages
8,040
Location
Ruhr Area, Germany
Car(s)
MX-5 ND, CBF1000 & two bikes
You're right, they won't sue. At least over here, what's about to happen is that the insurance rates for theft and comprehensive on such vehicles will skyrocket as a result of this.
I also don't have a problem with that less radical solution. As long as the car makers are forced to put some security worth calling it that on their cars.
 
Top