What is Digg?97 Comments
- regyt, on 10/12/2007, -1/+21Well, now 99.3 people on digg can get them now.
- elamr, on 10/12/2007, -0/+19Computers breaking into cars isn't scary.. I drive a Toyota Corolla... Hangers scare me..
- Dag_Yo, on 10/12/2007, -0/+19I'm not sure what they're reverse engineering, exactly. Another article here:
http://www.autoexpress.co.uk/news/67132/thieves_key_in_laptop_threat.html
According to this second article, "Experts believe the gangs first acquire details on where a car's security data is stored - information that only the manufacturer is supposed to know. They then track a vehicle until they know it will be parked in a secluded area, because they need the time to connect their laptop to the car's computer via cable."
So let me get this straight... you still have to somehow breach the car's shell/perimeter/whatever you want to call it so that you can then hook up a glorified serial/usb/firewire/magical cable to the computer/pcb/OBD II/mystery box and then proceed to "hack" it by getting it to spit out the encrypted/unencrypted key, then turn around and use the same key to start the car and drive off?
I'd really be interested in reading an article that WASN'T written by the writing staff behind the movie Firewall (or "The Net" and "Hackers," for that matter). There are some serious logical inconsistencies in the way the facts are presented. They make it sound like Gary the Geek just stands outside your car for 20 minutes and types away until your car magically starts itself, unlocks the doors and sings show tunes. - strictnein, on 10/12/2007, -0/+16@ImOscar
V Dub stealing all the cash in your house! - Dag_Yo, on 10/12/2007, -0/+16Evidently David Beckham.
- JMartin13, on 10/12/2007, -1/+15I'll make sure to put "Sell Ferrari and Buy Jetta" on my to do list.
- Bhima, on 10/12/2007, -1/+14@swanny... back in the '80s I had a '68 lincoln continental convertible whose key worked on my best friend's dad's black '73. We saw a black Lincoln parked at his favorite diner and thought it would be funny to move it.
I had the car started & out of the parking space before we figured out it was the wrong one! - blueovalracer, on 10/12/2007, -1/+14Actually you can get the Toyota Camry with a keyless starter according to the article
- rolypolyman, on 10/12/2007, -1/+13"Souček faces up to 12 years in prison."
Imagine what it would be if they'd found downloaded movies on his laptop. - LeDopore, on 10/12/2007, -0/+12Please explain this to me: It's possible to have really strong crypto these days, especially if you can use pre-shared keys. Nobody's going to break AES 256 this century, even if quantum computers get invented. Still, car companies decide they can get away with ***** crypto that even today's computers can hack in 20 minutes. Why? How come they didn't hire a security nerd for one day, and guarantee that the keys will be unbreakable for as long as the car is expected to last? Did they honestly expect their "security through obscurity" would last even a decade?
- merreborn, on 10/12/2007, -0/+11"While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands."
.... What's that they say about "security through obscurity" again?... - OneZeroZeroOne, on 10/12/2007, -0/+10I agree. Scary? More like inevitable.
Digital and computer technology has its time and place. Why would you use something like this to protect an automobile?
Furthermore why wouldn't you learn your lesson from previous mechanical locking technologies? I remember reading an article about how a key for a certain manufacturer's car had a certain chance of being able to open any other car of the same model. The keys weren't 1:1 with the locks out there. With an electronic system, there are a limited number of keys out there (the search space) and your computer is able to generate them all very quickly...it's just a matter of time. - NewEvolution, on 10/12/2007, -0/+9Gives a whole new twist to the term "wardriving."
Wonder how much knowhow it would take to build a car-jacking "gun" using some PDA a high gain antenna and some snazzy software... - pencilneck, on 10/12/2007, -0/+9That story is along the same lines of any "MySpace" or "child preditors on the internet" stories... overblown and not really much truth to it. Can a car be stolen with a rigged up laptop... sure, why not. However, why bother with that part when the any car can be towed away in under 2 minutes... even less if the car is a front wheel drive and you don't set the parking brake (rear wheels will roll freely... back up, lift front, drive off.... 15 seconds).
- DoctorWhohaa, on 10/12/2007, -0/+960 seconds was 20 seconds more than I needed to steal most Dodges in the K-car era. When they went to the glow rings around the ignition, you could do the whole job in 30 seconds*. Dodge thought that they stopped that with the radio-keys. Then guys just started breaking into the house to get the keys. You can't prevent your car from being stolen, no matter what you do. This one is high-tech, but not likely worthwhile. In the time it takes you to get this car started, you could have stolen ten others that aren't like this. It only makes sense on the top end models.
*)Other cars were similar, but I only owned Dodges, so that's all I got to work on. - PantherX, on 10/12/2007, -1/+8This is also why a lot of people won't get garage door openers... with a bit of equipment and know-how you can get into them in like 5 mins.
- znsh18, on 10/12/2007, -0/+7I agree with you. It's like Beckham's one car got stolen. He went & got another one. It's always about the money...You wont hear Beckham giving ***** to BMW for weak keys that can be decrypted so easily.
- diecastbeatdown, on 10/12/2007, -1/+7universal garage openers are available for purchase. so for a little cash you can open any automatic garage door if it is unlocked.
- DoctorWhohaa, on 10/12/2007, -0/+6Sorry, I wasn't clear on the moral. Cars are easy to steal, mostly due to the fact that they are designed to be mobile. No amount of technology can stop a car theif. If they want your car, they will take it. This one however, takes too long, and there is too much risk of being caught. This is solely a 'steal to order' type of attack. If you just needed a ride across town, or wanted to go joyriding, there are much easier cars to steal, you can do it much quicker, and there is less risk of being caught. For example, you can steal most cars with a coathanger, a flathead screwdriver and a big hammer. Jimmy the door open, put the screwdriver in the ignition, and smash it in with a hammer. Vroom-vroom.
- lbdwag, on 10/12/2007, -0/+6we all know that reverse engineering is almost a challenge to certain people.
- jonnyeh, on 10/12/2007, -0/+5@OneZeroZeroOne
A mere 512 bit sized key/lock can have 1.34078079 × 10^154 possible keys. If you use 1024 bits, then don't double that number, but square it.
In other words, there are so many possible keys, that you'll never 'accidentally' unlock someone else's car. Digital locking is not flawed, if it is done right. - priapo, on 10/12/2007, -0/+5Being keyless doesn't mean they're not safe from thieves, in fact most of them are harder to hotwire than common cars.
- Marku$, on 10/12/2007, -0/+5i've locked my keys in my car one time. i went to the corner, ripped out a piece of yellow pages. wrote down the VIN off the windsheild. took it accross the street to the toyota dealership. Handed the lady the VIN and a 5 dollar bill and she had a key re-cut. No ID needed or verification. they just gave it to me.
craziness. - Dag_Yo, on 10/12/2007, -0/+5These use RFID technology if I understand correctly... passive antenna carried in your pocket gets read by a reader in the car. Though I have been wrong in the past :-)
I could also see an active transmitter type idea, but that makes for a bigger keyfob. In either case, I can't imagine that it's anything like WiFi networks where you can actively "interrogate" the car until it spits out something useful (as is the case with WEP and WPA key cracking).
If anybody knows for sure, please reply! I freely admit that I'm not the foremost authority on wireless keys for high-end luxury cars. :-) - joshHighland, on 10/12/2007, -1/+5my moms acura rl has a similar set up. It wont allow the key to be closed in the trunk. I thought that was pretty cool. The entire keyless thing is scarry.
- fahrvergnuugen, on 10/12/2007, -0/+4@DonalNY
VWs have an immobilizer system. The system has three parts, the immobilizer (which is built into the gauge cluster), the ECU and the key. The key is inserted into the tumbler just like a normal key. But it also has an RFID tag inside of it which transmits a signal to the pickup coil (a ring around the ignition) which is sent to the immobilizer. There needs to be a three way match.
So the system prevents conventional thieves from slim jimming the door and hotwiring the car and it also prevents these new age thieves because you need a physical key to unlock the steering wheel and start the car. - theschitzobob, on 10/12/2007, -1/+5And Ferraris don't. Not that it's strictly relevant, but Ferrari makes performance cars with as little additional weight as possible. This is more a concern for luxury cars. If I were you I'd hang on to the Ferrari and switch the Mercedes for a Honda.
- longterm, on 10/12/2007, -0/+4Here's a story about the level of safety with keys in new cars:
I was with a friend in Texas; we borrowed someone's brand-new Cadillac Escalade to get our luggage and some musical gear from the airport. Then, three days later when we were leaving the airport, someone said, "Just load the gear in the Escalade in front of the hotel. We went out to the hotel entrance, used the key we were given, opened the Escalade, put some guitars in the back of the car, locked it, and went in to have lunch.
Then, when we arrived at the airport, the back of the Escalade was completely empty. Here's the funny part: it turns out that the mother-in-law of the guy who loaned us his Escalade, has an Escalade exactly like his. We'd unknowingly put the guitars in the back of HER Escalade, which opened with the exact same key as her son-in-law's. So we had to track her down at the mall, get her to drive to the airport with the guitars (which she'd not noticed in the back)... Very funny! - wizalt, on 10/12/2007, -3/+7Gone in 20 Minutes... great sequel. I think they stole almost six cars.
Get it? It's a math joke. See... movies are typically around 2 hours... so you could steal about 6 cars in those two hours.
:::crickets::: - matthewsr2000, on 10/12/2007, -0/+4actually, if the thief really knows what he's doing, mechanical keys don't offer any more protection. fact is I'd say that they offer less.
several devices exist to either a) pop the lock cylinder right out of the tumbler (a little harder on newer cars) or b) vibrate the pins of the lock while applying force to turn it.
either device works rather well, and is very quick if the thief is skilled. i would say that you car is MORE at RISK with mechanical locks because more people have the TOOLS to do it with.
i once watched an inmate with his locksmith tools and a guard have a race to see who could get into one of the transports (patty wagons!) and get it started fastest. the guard had the correct two keys in his pocket mind you. the thief won. (he was also in the slammer for grand theft auto mind you, so i don't know how big a winner he really was. . .)
if that guy could do it I'm sure there are tons more out there.
just goes with the old adage, there isn't any lock that cannot be picked.
i guess for this story it would be "there isn't any encryption that can't be broken. . ." - retawd, on 10/12/2007, -0/+3Yeah, VW Rabbits from the same period opened up pretty easily if you just whapped the key mechanism on the hatch. The lock would fall in the car and the door would pop open.
- inactive, on 10/12/2007, -0/+3Thats what I was thinking. With all the new cars with BlueTooth capability, would I be able to install some software on my Treo650 and have myself a brand new Aston Martin?
- rewritable, on 10/12/2007, -0/+3Honestly, who didnt see this coming?
- Lounger540, on 10/12/2007, -1/+4When I was a little kid, I saw a car that had the same 5 button number combo system on the door as my dads Lincoln. So I just walked up and pressed the same combo, door opened.
- jimmy8091, on 10/12/2007, -1/+4@fahrvergnuugen
You're right. Most 'keyless' cars use a passive RFIDs. It's great because the fob never needs to have the battery replace.
However, passive RFIDs have been hacked, and I assume that's how the thieves got Beck's SUV. The hack goes something like this:
1. All Passive RFID fobs (the key) have their the power is supplied by the reader (the car).
2. The car transmits radio waves at a specific frequency.
3. The key is tuned to receive waves on that frequency, and when the radio waves intersect with the key the coiled antenna within the key forms a magnetic field.
4. The key draws power from this field and transmits the "unlock code" to the car.
---
Now the fun part.
When the car receives the code, the 'return signal' can be measured. If the unlock code is incorrect, then the energy signature is greater than if the unlock code was correct. This energy signature can be easily be measured. Now, IIRC RFID readers process the unlock code one bit at a time. You cycle through the bits, logging the low energy frequencies. and you can unlock whatever RFID you want. If the reader doesn't process one bit at time, run a brute force program, log the low energy signature, and unlock your RFID.
Although, this is pure speculation.
--j - karamba_kid, on 10/12/2007, -1/+4I don't think it's neccessary the crypto which is the poblem here. It's the fact that the device which is decrypting the information ( so the owner can use there key ) is also available to the thief. It's the same reason why CSS didn't work to actually protect dvd's from being copied because the hackers have access to the key!
- chil2c5, on 10/12/2007, -1/+4Sounds like a funny story, but I'm having trouble following the chain of events
- znsh18, on 10/12/2007, -0/+3You dont have to necessarily hook up any cable to the car's computer to get the key. Remember, wireless?!
- ShadowRelic, on 10/12/2007, -0/+2actually right now is the perfect time to own a software based car, only 3 people in America are capable of stealing it!
they're going to need to find a way to combine software security with physical security. - Snuffkin, on 10/12/2007, -0/+2karamba: CSS is security through obscurity. It failed. This scheme is security by obscurity. It failed.
Crypto systems that don't rely on security by obscurity are not only well known, they are ubiquitous. It's the car makers fault entirely that they chose to use security through obscurity, even though it failed time and time again. - gukid, on 10/12/2007, -6/+8I lolled.
Another reason why expensive cars are a complete joke. We need affordable cars, with low emmisions, low-cost insurance and easily attainable parts for repair, good fuel-economy, great sound system...
I don't feel bad for these people at all. - deesine, on 10/12/2007, -0/+2Theft insurance = minor inconvenience to owner. Well, I guess the current market (blue book) value of the vehicle v.s. amount still owed could mean you end up in the negative.
I had an '84 CJ7 stolen in '96 and ended up actually making money. Insurance premium did not go up. - retawd, on 10/12/2007, -1/+3Buy whichever car you want, just be proactive about safety. When you leave the car, shoot anyone on a laptop within 1000ft. Especially people on Macs in front of Starbucks.If they're wearing a beret and speaking HS french shoot them twice, then pistol whip them till they stop twitching. And the will, those twitchy bastards.
- znsh18, on 10/12/2007, -0/+2why not just setup the security such that eventually you can break in after trying for 20 minutes. Once the system detects that someone entered the password (key) after 20 minutes of trying, it will shut itself off, maybe even alert the police (if they care enough to show up). And then only another certain lock or something will start the car.
- OneZeroZeroOne, on 10/12/2007, -0/+2@jonnyeh
That's what one would think. In theory you are correct. However, in practice, this is not how it is done for many reasons. Economics, required processing power, convenience, etc, etc, etc. - Rosewood, on 10/12/2007, -0/+2I lost my keys to my 89 Blazer back in 99 and I did the exact same thing.
- Genma, on 10/12/2007, -0/+2that was before they came out with the roaming code openers like 5 years ago. where your remote shares a particular hash of the same from the receiver which constantly cycles the key. not unbreakable of course but much more secure than the old ones and much harder to crack. in order to program a remote for these you have to synchronize with a hash mode from the receiving unit now. with the older ones all you had to do was trail the owner and steal the code with a programmable transceiver, or easily brute force it real quick. still I'm sure there's plenty of houses that have yet to upgrade.
- spyrochaete, on 10/12/2007, -0/+2I read about a disturbing trend in Asia concerning cars with fingerprint scanner door locks. Let's just say it involves thieves, sharp knives, and increased difficulty in nosepicking.
And another fun fact! Click your keyless entry in a telephone and have someone aim their phone at your car. It really works! (sometimes) - williamhelmick, on 10/12/2007, -0/+2go away spammer
- LoungeActx, on 10/12/2007, -1/+3I drove an '88 Corvette that had a resistor in the key. The ignition would check the resistance of the key, then complete the circuit. The problem is, after a while the housing on the resistor would get worn, and it wouldn't make a decent connection in the ignition, and it would set off a "silent alarm." The silent alarm would disable the ignition system for 15 minutes. Which I guess was to deter the thief long enough to lose interest.
But I guess that was the best they could do in the late 80's... -
Show 51 - 95 of 95 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is