All your cars are belong to us

http://abcnews.go.com/Politics/wireStory/report-automakers-fail-fully-protect-hacking-28828275
Automakers are cramming cars with wireless technology, but they have failed to adequately protect those features against the real possibility that hackers could take control of vehicles or steal personal data, a member of the U.S. Senate is asserting.

Basing his argument on information provided by manufacturer, Sen. Edward Markey has concluded that "many in the automotive industry really don't understand what the implications are of moving to this new computer-based era" of the automobile.

The Massachusetts Democrat has asked automakers a series of questions about the technologies ? and any safeguards against hackers ? that may or may not have been built into the latest models of their vehicles. He also asked what protections have been provided to ensure that information computers gather and often transmit wirelessly isn't used in a harmful or invasive manner.

Appearing Monday on "CBS This Morning," Markey said motorists should be asking questions because "there really aren't any clear guidelines on the books."

Markey said the movement of the automobile from the combustion engine era to the computer era carries wide implications. "No longer do you need a crowbar to break into an automobile," he said in the interview. "You can do it with an iPad."

Markey posed his questions after researchers showed how hackers can get into the controls of some popular cars and SUVs, causing them suddenly to accelerate, turn, sound the horn, turn headlights off or on and modify speedometer and gas-gauge readings.

The responses from 16 manufacturers "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," a report by Markey's staff concludes.[...]

Now we can all stop worrying, the Us-Senate is on it! (Irony, duh.)
 
Keeping Your Car Safe From Electronic Thieves


Last week, I started keeping my car keys in the freezer, and I may be at the forefront of a new digital safety trend.

Let me explain: In recent months, there has been a slew of mysterious car break-ins in my Los Feliz neighborhood in Los Angeles. What?s odd is that there have been no signs of forced entry. There are no pools of broken glass on the pavement and no scratches on the doors from jimmied locks.

But these break-ins seem to happen only to cars that use remote keyless systems, which replace traditional keys with wireless fobs. It happened to our neighbor Heidi, who lives up the hill and has a Mazda 3. It happened to Simon, who lives across the street from me and has a Toyota Prius.

And it happened to our Prius, not once, but three times in the last month.

The most recent incident took place on a Monday morning 10 days ago. I was working at my kitchen table, which overlooks the street in front of my house. It was just after 9 a.m., when one of my perky-eared dogs started to quietly growl at something outside.

I grabbed my coffee cup and wandered to the window, where I saw two teenagers on bikes (one girl, one boy) stop next to my 2013 gray Prius.

I watched as the girl, who was dressed in a baggy T-shirt and jeans, hopped off her bike and pulled out a small black device from her backpack. She then reached down, opened the door and climbed into my car.

As soon as I realized what had happened, I ran outside and they quickly jumped on their bikes and took off. I rushed after them, partly with the hope of catching the attempted thieves, but more because I was fascinated by their little black device. How were they able to unlock my car door so easily?

When the police arrived, they didn?t have much of an answer. (The thieves didn?t get away with anything; after all the break-ins, we no longer keep anything in the car.) I called Toyota, but they didn?t know, either (or at least the public relations employee didn?t know).

When I called the Los Angeles Police Department?s communications desk, a spokesman said I must have forgotten to lock my car. No, I assured him, I had not. But his query did make me question my sanity briefly.


I finally found out that I wasn?t crazy in, of all places, Canada.

The Toronto Police Service issued a news release last Thursday warning that thieves ?may have access to electronic devices which can compromise? a vehicle?s security system. But the police did not specify what that ?device? actually was.

Thieves have been breaking into and stealing cars with the help of electronic gadgets for several years now. Jalopnik, the car blog, has written about a ?secret device?used to unlock cars. And dozens of other websites have told stories about burglars hacking into cars. As these reports illustrate, and videos online show, in some instances thieves are able to drive away with the cars without needing a key.


Still, I continued my search. Diogo M?nica, a security researcher and chair of the Institute of Electrical and Electronics Engineers Public Visibility Committee, said that some sophisticated thieves have laptops equipped with a radio transmitter that figures out the unique code of a car?s key fob by using ?brute force? to cycle through millions of combinations until they pick the right one.

The most famous case, he said, was in 2006 when thieves were able to steal David Beckham?s $100,000 BMW X5 by using such a rig.

Security researchers I spoke with said that most cars with a keyless entry system can be hacked.

But none of the contraptions Mr. M?nica or others told me about seemed to be what those teenagers used.

A more likely answer came from the National Insurance Crime Bureau, a trade group for auto insurers and lenders, which issued a warning last month about a ?mystery device? that can emulate a key. In one YouTube video, the group compiled surveillance footage that showed thieves using the gadget to open doors with ease.


Similar reports have surfaced on The Register, a technology news site, and on car message boards, about a simple $30 device made in China and Eastern Europe that allows thieves to break into and steal BMWs. Since I don?t own a BMW, that wasn?t right, either.

I finally found what seems like the most plausible answer when I spoke to Boris Danev, a founder of 3db Technologies, a security company based in Switzerland. Mr. Danev specializes in wireless devices, including key fobs, and has written several research papers on the security flaws of keyless car systems.

When I told him my story, he knew immediately what had happened. The teenagers, he said, likely got into the car using a relatively simple and inexpensive device called a ?power amplifier.?

He explained it like this: In a normal scenario, when you walk up to a car with a keyless entry and try the door handle, the car wirelessly calls out for your key so you don?t have to press any buttons to get inside. If the key calls back, the door unlocks. But the keyless system is capable of searching for a key only within a couple of feet.

Mr. Danev said that when the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter. And just like that, open sesame.

?It?s a bit like a loudspeaker, so when you say hello over it, people who are 100 meters away can hear the word, ?hello,? ? Mr. Danev said. ?You can buy these devices anywhere for under $100.? He said some of the lower-range devices cost as little as $17 and can be bought online on sites like eBay, Amazon and Craigslist.


Mr. Danev said his company was in talks with several car manufacturers to install a chip that can tell how far the key is from the car, thereby defeating the power-amplifier trick.

While I can?t be 100 percent certain this is the device they used to get into my car, until car companies solve the problem, he said, the best way to protect my car is to ?put your keys in the freezer, which acts as a Faraday Cage, and won?t allow a signal to get in or out.?

Which is why my car key is now sitting next to a tub of chocolate ice cream.
 
^as mentioned above


Toronto Police Service

Public Safety Alert,
SUV theft investigations,
Safety advice provided


Broadcast time: 15:09
Thursday, April 9, 2015

53 Division
416-808-5304


Since January 1, 2015, investigators from 53 Division's Major Crime Unit have noticed a spike in theft of Toyota and Lexus SUVs from driveways of homes in the Division. In all of the thefts, there have been no signs of damage at any of the scenes.

Investigators believe that the suspect(s) may have access to electronic devices which can compromise an SUV's security system.

Investigators are asking members of the public to be vigilant when securing their SUVs, even in their driveways. Using a locked garage is recommended and any spare keys for SUVs should be secured in a safe location.

People are reminded to call police and report any suspicious activity or suspicious person(s) near their vehicles.

For further information on securing your property, please contact 53 Division Community Safety Officers at 416-808-5337.

http://torontopolice.on.ca/newsreleases/31529
 
I was just talking to a friend about this and he says that if you can afford the car and not the garage you deserve this. I don't agree, but I think that is how many do feel, sort of a FU to the privileged. But isn't the keyless entry and start becoming more wide spread?
 
All your cars are belong to us

I was just talking to a friend about this and he says that if you can afford the car and not the garage you deserve this. I don't agree, but I think that is how many do feel, sort of a FU to the privileged. But isn't the keyless entry and start becoming more wide spread?

Keyless entry and ignition has spread downmarket so far that it is now standard on the Accord and optional on the Elantra. So, yeah, in addition to being an idiot, he's an asshat SJW.

Edit: The irony is that the preferred car brand of people of similar evident beliefs, the Prius, now comes with keyless standard. Even on the C model, which makes it the cheapest car in America with keyless standard at about $24K.
 
Last edited:
Yeah. I have keyless on my bog standard $30k BRZ. And I have a garage the size of a house. But I don't use it to park overnight because that would be stupid.
 
Ford has had the password entry on their cars since the mid 90s I believe. Nobody else has adopted similar tech. Is it just as easy to break in with that versus the piss poor set up they have now?

Also, what bonehead thought using the VIN as part of the security confirmation is a moron. Every car places the VIN number in plain sight.
 
All your cars are belong to us

Actually, there were several other makes that adopted keypad entry - it just was optional and few wanted it.

It is possible to enter any of those systems by entering one humongously long number, but that takes about 5-10 minutes.

More to the point, Ford's keypad doesn't also turn the ignition on.
 
Tesla Plans To Open Car Doors To All Hackers This Summer, Claim Sources

Last year, hackers competed to exploit the connected parts of a Tesla Model S to win $10,000. Researchers from Chinese security, search and app store giant Qihoo 360 won. But that competition was not exactly Tesla-approved.

Later this year, however, at the Defcon convention in Las Vegas, Tesla plans to open one of Elon Musk?s sleek electric cars to the hacker attendees, allowing them to tinker with the connected parts of the vehicle, according to sources close to Tesla?s security team, who wished to remain anonymous. The benefits for Tesla will be twofold: they will be made aware of any bugs in the vehicle and of any hackers who are worth hiring. At Defcon last year, Tesla scouts were on the prowl, finding plenty of talent whilst meandering the halls of the Rio Hotel & Casino.

After publication, having first said it had no comment, Tesla claimed it was not going to have a Model S open for testing, going against the claims of the sources, who are very close to the firm?s security operations. ?We do plan to have a presence at the conference (and Model S will be on display) as part of our recruiting efforts. Members of Tesla?s security look forward to attending to talk about the security of our cars the work the team does,? a Tesla spokesperson said. There will be a ?car hacking village? at Defcon, FORBES understands, and Tesla will have a booth there, even though it?s claiming there won?t be any kit ready for people to test. (N.B. I am 100 per cent confident in the validity of my sources? comments).

There will be a good deal of focus on digital security in cars at Defcon and BlackHat 2015, another conference that takes place days earlier in Las Vegas. Perennial automotive mischief-makers (and helpful hackers) Chris Valasek and Charlie Miller have promised to show off a car hack, which will remotely exploit the Control Area Network (CAN) of an automobile ? something that?s only been done a handful of times in recent memory.

The blurb for their talk reads: ?Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we?re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle.

?Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle?s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.?

Though Valasek declined to offer more on what was going to be revealed at the talk, the following tweets hint at what vehicle will be targeted and just what the pair will achieve through their attacks:

With a range of open source car hacking tools, from CANard to CANCat, hitting the web in recent months, and scores of researchers trying to expose flaws in vehicles, the security of modern cars is under intense scrutiny. That?s why groups like I Am The Cavalry have emerged, pressuring lawmakers and manufacturers to spur on the betterment of cars? protections from malicious hackers before something cataclysmic happens.

Some on Capitol Hill are listening, including Senator Markey, who, after requesting more information from manufacturers on their security efforts, claimed many were failing to protect drivers adequately and were leaking private data too.

A handful of car makers have responded too. The likes of Tesla, BMW and GM, which is currently on a recruiting drive, with jobs such as vehicle cybersecurity testing engineer on offer, have set up initiatives to drive better security. But many continue to ignore the problem, hence the hacker drive to push them towards safer practices.

Article updated to add Tesla comment and note that sources did not suggest all bits of the car will be open to hackers, just the connected parts.
 
[offtopic]

Ah, my belowed fully-mechanical diesel with oneway starter relay...

They should try hacking this.
j9OP3eG.jpg


Why? Because despite my renovations and upgrades, a lot of the car was still provided by these people:
tested-quality.jpg


Yeah, they'll be lucky if their computer or hacking device doesn't instantly burst into flames. :mrgreen: Even if it doesn't they probably won't be able to drive away with it because Lucas. Hail Lucas, Prince Of Darkness! :evil:
 

:lol: sort of the "Home alone" approach to theft protection.

I?ve sort of been doing that with my bike for decades after I had a couple of nice ones stolen, I only bought crappy looking ones (that were still mecanically sound). The logic being of course that if you have the worst looking bike in a bike stand, all the other bikes will be stolen before yours. And for the last decade or so that has worked a charm for me. I just have to calm my jealousy every now and then when someone I know gets a really cool and awsome bike ... but I just have to keep telling myself "It will be gone soon" ...
 
Last edited:
Last edited:
There absolutely has to be complete separation between any Internet-connected components and critical vehicle functions. It baffles me that this isn't always the case.
 
Obviously there isn't....

Yeah, clearly not. It's appalling. But it seems to be possible, according to the same researchers:

The researchers point to Audi?s A8, by contrast, as an example of a strong network layout. Its wireless features were separated from its driving functions on its internal network, with a gateway that would block commands sent to steering or brakes from any compromised radios.

http://www.wired.com/2014/08/car-hacking-chart/
 
Top