All your cars are belong to us

Last edited:
All your cars are belong to us

That's a garage door remote, which are notoriously easy to hack and have a tiny keyspace, 4096 possible 'combinations' in this case. Almost all of the Viper/DEI/ex-CodeAlarm Audiovox units from the 90s on are rolling code units where the code changes each time you use it (unlike most garage door openers though more are starting to come with it) and have a keyspace well into the millions.

All this guy has done is reverse engineer the 'code grabber' attack of the 80s and 90s, the one that caused rolling codes to be implemented in the first place.

Edit: Yup, he basically says so himself-

It appears to me that a lot of gates and garages that serve as primary means of entry to buildings/homes in South Africa are running on fixed key systems rather than rolling codes. These keys can be trivially sniffed out of the air and replayed to gain access. On top of that fixed key systems using small key spaces can be brute forced, and all of this with a ~R560 investment ($70) ? For the RTLSDR and the CC1111EMK.
 
Last edited:
"A Survey of Remote Automotive Attack Surfaces" - a paper which was presented at this year's Black Hat security conference in las Vegas. Pretty interesting, but of course, they only surveyed a limited number of car models.

Condensed findings (page 88):

Most Hackable:
1. 2014 Jeep Cherokee
2. 2015 Cadillac Escalade
3. 2014 Infiniti Q50

Least Hackable:
1. 2014 Dodge Viper
2. 2014 Audi A8
3. 2014 Honda Accord

(No, I don't know why they call the i8 the i12 in the paper)
 
bad link.
 

Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.

Another day, another ISAC -- and this time it's the automobile industry.

Bit late to be only taking it seriously now...

UK Police Recover ?1.2m Haul of Stolen Porsches, BMWs and Range Rovers Hidden in Shipping Containers

Methods often used to steal vehicles include keyless thefts, taking keys during burglaries, or the use of fraudulent documentation and cloned credit cards to hire vehicles or obtain them on finance.
http://www.ibtimes.co.uk/uk-police-...nge-rovers-hidden-shipping-containers-1471131




http://www.darkreading.com/analytic...stry-accelerates-into-security/d/d-id/1297313
 
Last edited:
Those Defenders don't look stolen, more like custom built ones to go to the US with false documentation. They look very similar to ones produced by a company I know.
 
Those Defenders don't look stolen, more like custom built ones to go to the US with false documentation. They look very similar to ones produced by a company I know.
It still annoys me that DC bureaucrats get in the way of us enjoying awesome Euro and JDM cars :(
 
car-makers who say the problem is not a weakness in car security ? but the failure of law-makers to ban the general sale of the devices which allow the thieves to gain entry to the vehicles before driving them away.

A spokesman for Watchdog said: ?A demonstration for the programme shows how a BMW X6 key can be programmed in just 12 minutes, an Audi A5 in just 40 seconds and a Range Rover Evoque in just 10 seconds.?

BMW had promised to contact owners of pre-September 2011 X5 and X6 cars and said that none of their cars produced since then could be stolen in this way.

But it produces customer witnesses who say they have not been contacted and whose cars were subsequently stolen.
http://www.thisismoney.co.uk/money/...gramme-electronic-keys-steal-luxury-cars.html

a major security weakness leaving hundreds of thousands cars of around 30 different models vulnerable to theft. Is yours safe?
http://www.bbc.co.uk/programmes/b04nchtj
 
Last edited:
Of course the car makers are going to deflect the blame. But if laws against stealing vehicles is not enough to stop thieves from stealing vehicles, what makes them think that the devices just won't be made off the grid so to speak when they are made illegal?
 
TLDR: Bunch of German car companies pretend there is no problem and blame the people who highlight their failures. That's never happened before.

post-128138-0-40657300-1398956840.jpg

"The test was rigged and there was nothing wrong with the car" - Mercedes.
Mercedes also threatened to sue public broadcaster SVT for showing the footage on the news. Guess they never learn.
 
Last edited:
Last edited:
Top