RFID-enabled Vehicles: Pinch My Ride
Billosaur writes "Wired has an excellent article on the problems with the theft of
RFID-enabled vehicles and how insurance companies are so over-confident in the technology, they are denying claims when such vehicles are stolen. Example: "Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been. The 38-year-old truck driver and former reserve Los Angeles police officer did what anyone would do: He reported the theft to the cops and called his insurance company. Two weeks later, the black SUV turned up near the Mexico border, minus its stereo, airbags, DVD player, and door panels. Wassef assumed he had a straightforward claim for around $25,000. His insurer, Chicago-based Unitrin Direct, disagreed." Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started, despite the evidence that the ignition lock had been forced and the steering wheel locking lug had been damaged."
romanians Star trek nemesiss tar-trek-nemesis.html
http://sport.pixelrage.ro/cm-2006/ultimele-stiri/
A local man who was the victim of a Home Invasion was shocked to learn that his insurance claim was denied because "As all of his home keys were still in his property, no one could have entered the house". Shard of broken glass, the robber's blood, his conviction in court and a lucky passerby's videotapes were also dismissed as "clever fakes". InsuranceCo stock jumped another 3 points today...
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
This is similar to the assumption that if your DNA is present at a crimescene, you must by default be guilty.
I mean if I had a gas guzzling SUV, I'd sure as hell break apart the steering column and leave it on the border then report it stolen.
Breaking the column of a computer chipped car isn't going to get you anywhere.
Personally I think this guy was committing fraud then reported to the media when he failed.
The man in the headline should clearly be bending his insurer over a barrel and giving them a good legal fucking...
-*The above statement is printed entirely on recycled electrons*-
...to deny claims. That's what they do. Insurance companies aren't in business to pay for people's losses, they're in business not to pay for people's losses, because the less they pay out, the greater profit they make. The portrayal in The Incredibles was just about dead-on. So getting them to fork over is often like trying to squeeze blood from a stone even at the best of times.
Editor Emeritus and Senior Writer, TeleRead.org
Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started, despite the evidence that the ignition lock had been forced and the steering wheel locking lug had been damaged."
So? You can steal a car without starting the engine: use a tow truck.
There's no way to prevent a thief from towing a car while allowing police to tow a car.
Lloyd's of London denied the Cunard line's claim for the loss of ocean liner Titanic, because "God himself could not sink this ship."
If you're going to be elitist, it would help to be elite.
"I didn't get rich by writing a lot of cheques."
"Emad Wassef", eh? Sounds Arab. Wonder if they checked the truck for BOMBS?
They didn't bother to steal the plus-sized, chrome spinny wheels?
--- What?
Whatchu talkin' 'bout, Willis?
If the car can't (according to the insurance company) be stolen, then by accepting premiums for insurance which covers loss due to theft (without any intention of ever paying said claims), they are comitting fraud. Sounds like some insurance company executives need to go to jail.
Throw away one of your keys before you call the insurance company? :)
I'm assuming the car has a logfile which says when it was started, etc. Stupid just read the logs, and call somebody.
Insurance companies will, and always have screwed people.
There is a pure evil greed within said companies that drives them to become judge and jury. Unfortunately the verdict is favourable to the company.
There has always been a drive within the companies to find any way to stop that payout. I had my car stolen 3 times, and the third time they wouldn't put the locks back in as "the previous repair was not up to (company name)'s standard, and therefore not up to insurable level.". The funny part is they repaired it each time.
As the contracts by these companies are as long as my arm, and cover anything including "we don't want to pay out" clause, there is no real legal recourse against them.
More and more companies will use the supposed "infallible product, and therefore not possible" argument, which not only is a very very bad thing (tm), but also something we are going to have to get used to.
These people presume guilty before innocent
bottom line, you are screwed.
Signature v3.0, now with 42% less memory usage.
...which is what I really think is going on here, it's at least partly a classic case of turning off reasoning and common sense wherever technology is involved. The same amazingly intelligent people who can't operate the clock on the VCR are running the world and denying your claims.
Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been.
Big space = 3 normal parking spots
I hope they scrap his SUV and use it to build 3 Civic-sized cars.
Developers: We can use your help.
Excuse my ignorance but could somebody explain to me what is so magical about these refid vehicles as to cause one to expect the impossibility of starting them after they are broken into?
Exactly what parts of the car are disabled when refid token is not present?
More over how do those parts KNOW it isn't present?
I mean unless the refid reader is somehow coupled to the spark control computer so that it is impossible to interpose between the refid receiver and the spark control computer I don't see what would stop someone from simply jumpering around the detector.
Even if the spark control computer was in fact coupled tightly to the refid receiver in one apoxy sealed unit so you couldn't interfere, last time I checked replacing the spark control computer could be done in under 15 min if you were good at it. I mean it's not that much different then replacing a hard drive. Even a less compatible control computer would probably allow the vehicle to run (poorly) for a while if I'm not mistaken.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
The European Union currently conduct a consultation on rfid. I really would like to know what the role of governments should be. Governments are lobbied like hell on rfid. Some civil rights groups call them spychips. And lobbyists approach governments. And the question is why? Shouldn't markets decide?
Anyway, I suggest you to fill out the questionaire.
Other intresting consultation links can be found here and here. It is important to get more people involved in these political procedures and legislature who actually know what they are talking about. And I would like to spam politicians with the request for 'better interoperability'. Here the regulator has to take measures. I found it very nice that the EU already considered it. "Interoperability, standardization, governance, and Intellectual Property Rights (1 June)"
So maybe it makes sense to report cases like these to the authorities to avoid madness. I guess they do not read Slashdot.
A judge has the final word on whether or not the company has to pay a claim. If the judge decides that the insurance company is being really unreasonable, extra damages can be awarded. The trouble is that the initial outlay for the lawyer is really expensive. Maybe the AAA or Consumer's Union can be persuaded to take an interest. If there are enough of these cases, maybe a class action is in order.
The guy who had his vehicle stolen already has one thing going for him; the insurance company is now getting lots of unfavorable publicity. By denying his claim, they are basically accusing him of criminal complicity. They should have to put up or shut up. Accusing him of being a thief or of abetting a thief without being able to prove it is libel. The ex-prime minister of Canada, Brian Mulroney sued just because one police force asked another police force for information about his financial transactions. He won millions. This guy's case seems similar and since the private slander has been published, it is now libel.
If we had RFID aware gas pumps it would be possible to have a sliding scale of federal gasoline tax. Tax those Lincoln Navigators et al at $1.50 a gallon and let the efficient sippers off with $0.25 per. I guess that would make too much sense.
Listed below, from best to worst, are the tested cars listed by name, points and, where applicable, time taken to gain entry.
"What Car?" Security Supertest League Table
The 26 Cars they Couldn't get into:
1-3: Lexus IS300, Lexus LS430 and Lexus SC430 (100).
4-7: BMW 318i SE, Nissan Maxima QX 3.0 SE+, Skoda Superb 2.5 TDi Comfort, Toyota Camry CDX V6 (95)
8-15: Audi A4 1.9 TDi SE, BMW 735i, BMW X5 3.0d, Citroën C3 1.4 HDi Exclusive, Jaguar S-type, Mazda Tribute, Nissan Primera 2.0, VW Passat V6 4motion (90).
16-23: Audi A2 1.4 TDi SE, Audi A6 Avant 4.2 quattro, Audi TT 180 Coupé, Ford Fiesta 1.4 Ghia, Seat Ibiza 1.4 Sport, Toyota Previa D-4D GLS, VW Golf GT TDi PD, Volvo S80 2.4T S. (85).
24-26: Nissan Almera 2.2 Di Sport, Nissan Almera Tino 2.0 SE+, Nissan X-Trail 2.0 SE+ (80).
The Cars they Could
27: BMW 520i (75) 1min 12sec
28: Saab 9-5 Aero 2.3 HOT (75) 1min 5sec
29: Renault Vel Satis (75) 58sec
30: Jaguar X-type 2.5 (70) 1min 30sec
31: Renault Clio 1.6 16v Initiale (70) 1min 15sec
32: BMW 325i Compact (70) 1min 4sec
33: Fiat Stilo 1.2 16v Active 5dr (70) 1min
34: Mazda Premacy (70) 32sec
35: Honda Jazz 1.4 SE Sport (70) 29sec
36: Renault Avantime (70) 25sec
37: Mazda MX-5 (70) 20sec
38: VW Polo TDi PD Sport (65) 1min 50sec
39: Volvo V70 T5 (65) 1min 36sec
40: Honda Civic Type-R (65) 1min 34sec
41: Mercedes C220 CDi Sports Coupé (65) 1min 20sec
42: Ford Mondeo TDCi (65) 1min 11sec
43: Volvo S60 T5 SE (65) 1min 7sec
44: Toyota Yaris T Sport (65) 57sec
45: MG ZT 190 (65) 50sec
46: Ford Focus ST170 (65) 45sec
47: Honda CR-V SE Sport (65) 43sec
48: Range Rover 4.4 V8 HSE (65) 38sec
49: Peugeot 307 SW 2.0 HDi SE (65) 33sec
50: MG TF 135 (65) 30sec
51: Mercedes SL500 (65) 29sec
52: Peugeot 206 HDi D Turbo (65) 20sec
53: Mini One (60) 50sec
54: Ford Maverick V6 XLT 3.0 (60) 32sec
55: Suzuki Liana 1.6 GLX (60) 28sec
56: Vauxhall VX220 (60) 18sec
57: Jeep Cherokee 3.7 Ltd (60) 9sec
58: Toyota Corolla T Sport (60) 8sec
59: Suzuki Wagon R+ 1.3 GL (50) 48sec
60: Daihatsu YRV F-speed (50) 12sec
I am personnally very confident in that system. To the point that I don't think that we should automatically dismiss some foul-play by the victim right off the bat.
I think that the insurance company should pay the victim and investigate what went wrong with the system. It may be that it doesn't work as well as expected. If this is true, it must be made known. And if the investigation turns up evidence of foul-play, the insurance company can always call the cops.
BTW, the real problem with this excellent anti-theft system is that it may lead to more car-jacking.
Linux violates 235 Microsoft patents.
Why is it that most people automatically assume technological solutions to problems are infallible, and don't create any further problems? This certainly isn't limited to insurance adjusters and stolen cars, just another convenient reminder that when faced with something they don't understand, the average person seems to just shut down their brain and move on.
Person files claim, looking for $20000. Insurer suggests a settlement of $0. There's a disagreement about an appropriate settlement.
When there's a disagreement on settlement, you go to court. It happens all the time. One dumb adjuster/investigator can make your time as a claimant difficulty - but by moving to court you can ensure a due process.
Let's not stir that bag of worms...
Homer wants to get rid of a trampoline but can't until Bart puts a bike lock on it, then Snake shows up right away to steal it.
Monstar L
FTA: ...performed the specific series of pumps, interspersed with rotations...I had just jacked my own car.
heh.
What year was that published? And what model years are those cars? Without knowing the model year of the car tested, we don't know if it is at the end of a 5 or 7 year run, and is saddled with an old security design, or is a brand new design.
A friend of mine works in a very large dealership of Germand made cars.
New cars all come with a little plastic keyring with a tab attached to it. You scratch the surface of this tab to reveal a "Master Key".
This key is akin to the RFID code needed to start the car, the dealer is supposed to give it up to the customer so that he can order a new set of keys, reprogram the other ones etc..
This dealer has some people scratch all of these tags before they are given to the client, because as we well know, joe client will lose this in a blink.
Without this key you need to contact the factory, wait two weeks, pay a fee and than program some new keys.
On this particular brand, you can program/pair up to 5 keys per car if I remember correctly; only 5 keys can have the same code, I you lose one, you can only have four more etc.. After you've lost these you will need to reprogram all keys once again.
My point is that at any level in this process you could have an insider job from the dealer, the manufacturer, or even some thief which goes through the dealer's bin picking these tabs if they aren't securely destroyed.
Forensic evidence for this kind of theft is nearly impossible to tell, the cars ECU don't usually keep a whole lot of historical data.
Nevermind that, if you get ahold of a dealer's servicing computer and a new ECU worth only a few thousand dollars you can actually reprogram the keys without need for the master key (plus you get to keep the ecu and put the old one back in when you abandon the car).
The difficulty with this method however is not damaging the stering column or the physical lock.
Artificial intelligence is no match for natural stupidity
They can even be brute forced, however almost every car which has a system like this embedded in the car, has an imobiliser integrated into the engine. While it used to be a case of just disconnecting the immobiliser, they're now very tricky to disable. If you force the ignition without an RFID, the imobiliser would activate before the car got down the road. If the thieves were able to clone the RFID key system they wouldn't need to force the ignition in that way. If they forced the ignition without the code, the imobiliser would have gone off. Sounds like either a defective imobiliser or insurance fraud to me.
One not-so-obvious answer may be that the owner had fitted the vehicle with a remote-start system or a 3rd party alarm. In most cases when this is done with RFID enabled vehicles, they have to override the RFID system. The hack to get around this high-tech security? Stick a key under the dash within range of the receiver. This would allow most remote start systems to then work.
If the owner had done this and perhaps the perps had witnessed the victim using the remote-start vehicle, then they had a good target.
Yes, I read the article and read about the back doors, but there's another situation where owners are willfully overriding security systems in order to get the functionality that they want and the manufacturer doesn't give them. Sound familiar?
Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started,
And if not all the keys had been accounted for, the insurance company would have refused to pay because the guy was careless with his keys.
I hope the victim will be able to recover both his loss and penalties from the insurance company.
quoth imdb:
Bob: Did I do something illegal?
Gilbert Huph: [begrudgingly] No.
Bob: Are you saying we shouldn't help our customers?
Gilbert Huph: [pacing back and forth] The law requires that I answer, No.
Bob: I thought we were supposed to help people.
Gilbert Huph: You're supposed to help *our* people! Starting with our stockholders! Who's helping them out, Huh?
Is it just my observation, or are there way too many stupid people in the world?
Bypass kit, ~10 minute install 'nuff said.
-William
God is everything science has yet to explain.
This makes no sense. The car could easily have been towed away even if it couldn't be driven. Heck, folks expect tow-trucks to be in a parking lot hooking up cars and if the owner comes out and objects the "operator" can "let him off with a warning" and drive away with no one ever realizing that a car was almost stolen.
If anyone sees anything, its a non-descript tow truck with a generic company name and a guy wearing a baseball cap, hooded sweater and sunglasses so you can't tell anything about him except skin color, height and build.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
A poll a while back found 1/4 of americans approve of insurance fraud
y n%5Cdynamicpressrelease_577.xml
http://www.accenture.com/xd/xd.asp?it=enweb&xd=_d
So yeah, not a bad assumption to make.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
In the news:
Half baked insurance companies deny auto claims by default - news at 11p
You are checking your backups, aren't you?
US carmakers and auto-mobile insurers are unshakably certain that vehicles protected by "transponder immobil-izers" can't be driven without the proper keys - or, at least, that circumventing those transponder systems takes more sweat and money than most auto thieves are willing to expend.
I think these companies are seriously fooling themselves. It's not like every crook has to go through the trouble of cracing the system - only one does - they can then sell their crack to everyone else.
Who wants to bet that right now, as we speak, car thieves know more about these systems than the insurance company forensic investigators do?
I don't even know anything about them and I know how this could be done. These systems work like any other public key encryption, they rely on the fact that there is a **private key** in the car that no one knows about. One leak in the system, either in the plant, or in the chip in the car, or in a disgruntled employee at a dealership, and the system falls apart. Boom, it is now trivial to make fake RFID "keys" that respond with the right handshake to private keys sent from the car.
how could the keys "match" if the person reported it stolen with at least one in his hand? If the insurance company is citing Ford serial number, or engine computer records, they are dangerously incompetent. If the keys in Ford records matched the set driving the car, then somebody inside the dealer illegally transfered those keys and is helping organized theft of vehicles. That the insurance agent did't immediately present that info to the police is negligent.
Time to gain entry???
When my car was stolen they broke the window. Time to gain entry: 2 seconds.
Don't want to be too much of a pedant, but did they
Don't blame me, I voted for Baltar.
Link?
After playing with RFID tags and readers for the past year-or-so, I am floored at the blind eye many companies are adopting when it comes to the (so called) "security" of RFID devices. How can anything that, when activated, broadcasts it information, even when encrypted, be considered "secure". I'll stick with my low-technology key, thank you.
In terms of security, the best RFID can provide is augmentation to more secure authentication methods, not substitute for them.
How does an RFID prevent the car from being stolen by a tow truck? Here is Chicago illegally parked vehicles are moved all the time -- RFID be damned.
Interesting article. I wonder how much of this has been brought on by the insurance companies themselves. Things like denying all your claims or making it a PITA to get your money eventually start to leave a sour taste with people. Eventually even honest people start to think that the insurance companies deserve to get get screwed once in awhile sine they are usually the ones being the PITA. Now of course all this just leads to higher premiums, but if the insurance companies at least acted like they were on your side rather than against you, it could go along way to changing the public opinion.
When I was in college, there were groups going around telling women that "you may just not know you were raped." They had a clear goal of blurring the line between the words "rape" and "regret". It is nieve to believe that EVERY woman who claims rape really was raped. If it wasn't, we wouldn't need courts. Just a woman pointing a finger, and the man could be hauled off to jail.
en tee
I cannot believe people are still pushing passive RFID as some sort of security magic bullet. Passive RFID is great for inventory, but for security it is quite possibly the least secure "key" ever conceived. With the proper equipment, a thief can read keys at a distance of maybe a dozen feet and thus can go trolling for key codes with ease in high-class neighborhoods/establishments. There are literally thousands of other options for electronic keys--why on EARTH would someone want to use the only method that can be spied on from many feet away while the keys are still in your pocket? A USB key would be more secure. A magstripe would be more secure. Hell, a fucking barcode stamped on the side of the key would be infinitely more secure.
I'm not saying that this was necessarily how the alleged thieves stole his SUV, but this continued obsession with passive RFID for security (see also: passive RFID home door locks and that company that actually REQUIRED its engineers to implant passive RFID chips in their forearms for access to the server room) is quite possibly the worst example of buzzwords trumping common sense that I've ever seen. A thief need only spend a few thousand dollars on the RFID sniffing/spoofing equipment and he'll have the ability to troll for keys (for cars worth at minimum $20,000+) and clone them with ease. Active (powered) RFID is quite another matter--with a sufficiently large key and a challenge/response mechanism, it can be very secure indeed, but passive RFID blithely broadcasts its code for the entire world to see. RFID of any sort doesn't even make sense in this case--the key has to make contact with the keyhole, so why the hell is there any need to BROADCAST anything? Stick some contacts on it running to a small flash memory chip, or like I said you could even stick a barcode on the damn thing. I guess people simply prefer an expensive, laughably insecure solution over a cheaper, very secure solution so long as the former uses some sexy new technology.
Because they're penalizing the rest of us by
a) making out atmosphere hotter for the rest of us
b) driving up the cost of gasoline for the rest of us
c) spewing more pollution, making the air dirtier for us
where their contributions to a) b) c) are much higher PER MILE OF FORWARD MOTION than the rest of us.
They are more responsible for penalties inflicted on society than the driver of a Prius; why is your response to this going to be "but they are not responsible"? Isn't personal responsibility a cornerstone for laissez-faire flag waving free market libertarianism? Or is this post subject to moderation by "I want to do whatever I want without consideration of my effect on others" right wingers?
The RFID key doesn't matter. Any car, suv, truck, minivan, or box with wheels can be stolen with a tow truck. End of story it can be stolen just pay the man.
That's the real crime.
Those stats would be great, if only they were applicable.
Those stats are clearly based on european cars - note the vehicles that are on the list which are not available here (such as peugot and skoda, to name only a couple.
Being as even cars of the same model name are differently equipped on opposing sides of the pond, you really can't take this list and compare it to the case of a stolen Navigator in California.
Looks like I found the next thing to sell on ebay. A small piece plastic to conceal the VIN number.
At least then they have to break in first then call the dealer.
Hopefully dealers will take note and say "sorry sir/ma'am we can come tow the vehicle in and do it here".
I laughed at the bit where they say the key's RF signal only goes 7 inches. I get the same laugh when I read about those RF credit card transponders only going 11 inches.
Tell that to the guys who do 100 kilometer 802.11.
Wiggum: We'll track down Simpson with your vehicles anti-theft system.
System: Car gone! Car gone!
Wiggum: Yeah, we know that. Where has it gone to?
System: Cargon! Cargon! Cargon!
What is this "Security Supertest League Table"?
The only thing Google turned up was this:
Lexus: What Car? Uncovers the key to new car security
just drag the damn thing away, so much for rfid
Don't you realize that without those little speedboats we'd never have doctors? Nobel prizes are won by monster truck SUV makers. What world do YOU come from?
[sarcasm off]
Where is my Dodge Caravan with cracker crumbs and baby puke stains?
I'm proudly one of those people. The insurance comapnies actually made money in a year that saw the worse natural disaster in US history. Yes Katrina and Wilma thrashed the gulf coast and New Orleans and now hundreds of thousands of people who've paid into the insurance industry's pockets for years are being left with pathetic resolutions to their claims.
That kind of clause is rare - especially in personal lines. Even where such clauses exist, they're usually not enforceable.
Let's not stir that bag of worms...
The Cunard Line didn't own the Titanic. The Titanic was part of the White Star fleet, and sank 22 years before the White Star/Cunard merger.
When our name is on the back of your car, we're behind you all the way!
Bob: Are you saying we shouldn't help our customers?
Gilbert Huph: [pacing back and forth] The law requires that I answer, No.
because they couldn't afford the $75 (25 gal x $3/gal) in Mexico to fill it up.
if (!sig) { printf("Signature Unavailable\n"); }
Whatever. Like any other corporation, the sole purpose of the insurance company is to Jew people out of their hard earned money.
State laws do very to some degree, however, the way a auto policy is written is to cover certain perils. Such perils are usually theft, water, fire, stupidity (leaving the car running in the winter and it's stolen...) ect. When damage is done to your auto by a covered peril the policy pays, simple as that. However, an exclusion is in most policies that will allow a company to not pay if an insured inflicts the damage on purpose. Thus, in a court of law if the insurance company can prove that the insured did said damage, they wouldn't have to pay. On the other hand proving that is quite the feat unless video documentation is present.
OK, so you have a signed letter from the loss adjuster at the insurance company saying that any car that goes missing that has an RFID in the ignition was not stolen. In that case there's only one thing to do: spend $500 on a private eye, find out where they live and what car they drive, and then take it. After all, you have a signed letter from the owner saying that it wasn't theft!
If intelligent life is too complex to evolve on its own, who designed God?
I thought it was accepted practice to stall, misrepresent, impose legal costs, hide behind obscure terminology in a contract, and employ countless other ways to avoid rendering its primary service.
a) if a clean environment isn't important enough for rich people and the working class to protect, it isn't worth saving.
b) if all businesses are required not to pollute then businesses will move overseas to free market nations like China that allow them to pollute and keep their overhead costs low.
ergo,
c) what is a pristine environment worth if you don't have a job?
Long ago I heard from a vintage car restorer in the midwest that Rolls-Royces suffer a disproportionate amount of hail damage. Why would a Rolls be more likely to be damaged by hail? A ball-peen hammer is cheaper than payments on a Rolls.
I don't mean to imply that the guy in the article was a criminal. I don't have enough info to judge, although I do wonder that the car was recovered at all, since it seem that people professional enough to defeat these systems would have the car disposed of before it was reported stolen.
p.s.
Not directed at the parent, but to a larger group: What is more revolting than SUVs? Mocking people for the car they drive. Congratulations! You have picked the single most pointless social protest possible. Thanks for nothing. If you want to feel better, do something besides masturbating and hooting.
You were a funny monkey at first. Now we're just grossed out and tired of the noise.
Assembly is the reverse of disassembly.
You sir are confused. Although the article mension RFID it does not mention the variation of the protocol used. In this instance the keys are not naive keys that can only send identifiers, but also have a small processor capable of encryption. *In Case* you are misinformed, the purpose of encryption is to allow an on looker to have complete access to a conversation and still have no idea of its real content. It works like this: 1. Car sends a randomly generated number. 2. Driver's key hears this and runs an algorithm (sequence of shifts, loops, and other transpositions) defined a an encryption key (K) and returns the result. 3. Since the key (K) was negotiated at the factory, only the ECU and the drivers physical key contain it, and thus they are the only 2 devices which know what the response should be.
Since the random number is different everytime, it is *almost* impossible to know what is going on by listening in to the conversation. At least it is as impossible as breaking RSA-256 encryption. Broadcasting has nothing to do with how secure it is.
What data was on the blackbox I'm curious speed data excetra....
So the best thing you can do to avoid fights with your insurance company is either to have the transponder removed or disabled and to have it documented, or just not buy cars with that kind of anti-theft protection.
I had my Integra Type R stolen out of my driveway while I was gone for the night. It was found two days later (minus the engine, suspension, brakes, and interior). The person from State Farm handling the claim clearly thought that I was somehow involved in the vehicle's disapearance, and it took more than two months for me to get a check (while I was still making payments on the car). It turns out that my rental coverage stopped after one month, leaving me soaking the expense while the guy from State Farm drooled on himself.
The steering-wheel lock had been forced, but that wasn't enough. They had to be sure that I wasn't involved before they'd pay me for the car. The immobilizer functions are either tied to the ECU or inline on the way to the ECU. The guys at Sport Compact Car know more about this, and have said that it is laughably easy to just pop in and take the car. For those who want to take a look, I think the ECU is under the passenger-side floorboard.
A neighbor of mine (who also had a yellow Type R) had his car stolen from a mall parking lot while security guards watched. They later told him that the thieves drove up, slim-jimmed the door to get in, popped in an ECU, and drove off in under two minutes.
It's worth noting that I'm normally quite happy with State Farm. I totalled a car on my own, and my wife was driving when we got hit by an uninsured (and drunk, and high, and without a license, and with a warrant out for his arrest, with a cop watching... Seriously, not a joke...) driver, totalling her car. In each case, things were handled quickly, without issue. It likely comes down to the individual handling your claim.
If the insurance denies the claim on the basis of all the keys being accounted for, then does the car thief get plausable deniability based on the same?
Any security person worth their mettle know any system can be overcome given time or worth.
In the 1980's they had satellite technology to track vehicles so the local police department placed one in a SUV. They left it where there was many vehicle where stolen so that night the SUV was stolen but there was no signal from the SUV. One week later the signal appears in Baja California and SUV in pieces. It appears that the thieves put the SUV in shipping container, like one of those big thing they put on ships, and signal can't get though metal.
In short if they really want it there is no way to stop them with passive technology.
1000^4 / 2000^4 = (1/2)^4 = 1:16
"You're everywhere. You're omnivorous."
... then the insurance should be free.
There are no tiger attacks in my area and it's all because this rock I'm holding keeps the tigers away.
http://www.wired.com/wired/archive/14.05/rfid_pr.h tml
There's some nice videos online of a couple guys starting a vehigle that uses RFID security system.. I think they were made over a YEAR ago..
SO apparently this Research that has been documented and filmed is meaningless to the insurance company ehh ? It looks like this research was done by some Johns Hopkins University students in cooperation with RSA in January of 2005.. I'd say the vehicle owner should present some more evidence to the inurance company and get his claims check..
http://rfidanalysis.org/
This site is worth taking a look at..
far...out
Unless you meant "if they can't find any evidence the car was broken into/hotwired", of course. And that's probably what you meant, so sorry about the noise.
uh. What about collison?
- haha, your big ass SUV was stolen. the target parking lot was slightly safer that day.
- auto insurance is a scam to begin with, mandated by gov't.
- goto 10
Well... that's a lot better - but the end part (which is all that was in the original definition) still feels a bit tacked on. Insurance and litigation are only tangentially related. There's plenty of other sides of insurance where there's no party at fault. If a meteor falls on your car, who are you keeping out of court? You and God?
Like you say at the beginning, insurance is about distributing the burden of risk.
Let's not stir that bag of worms...
Sure insurance companies do their best not to pay on claims when they can. This is, unfortunately, part of our current uncivil society. For every legitimate claim made against them, there is problably more than one frivolous claim. If you could count on all your customers being honest, this wouldn't be an issue. As a provider of insurance, they have to find the middle ground between two options: pay out on every claim and have premiums that reflect this (read: ridiculously high) or make it impossible to claim and have everyone leave for another insurer.
Those who go with "Fly-by-night Inc" get low rates and a high bar to claims. When I had a big national insurer, I had high premiums but the claims process was never an issue: the customer service was pretty darn good.
Of course, for those interested in a better model, I'd suggest AAA. My wife and I have AAA's auto and home insurance and this month we recieved a "dividend" check of $60. That's the difference between what we paid into the system and what AAA paid out in claims. Our insurance cost is significantly less than what it was with our last insurer, and the claims process is reasonable.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
It has been widely reported that David Beckham has had two BMW X5 vehicles stolen by professional thieves. Basically, they reached under the bonnet and plugged a laptop into the computer service interface port and told the computer to unlock the car. That's probably the same way they stole the vehicle in the OP story too.
As the technolgy gets better the thieves learn to circumvent it.
The immobilizer cuts off the starter circuit. It has a manual transmission, and hence can be push-started easily anyways. Thanks, BCAA, real useful.
I'm sorry sir, you see, your policy clearly states that any claim made by you will not be paid by us.
How's the naked lady?
Did you ever notice that *nix doesn't even cover Linux?
-b.
I equipped my Audi A4 with a hidden GPS transmitter, as well as a hidden camera hooked to a hidden Blackberry, that transmits a video feed of the driver's face to my own Blackberry.
Just kidding... but I thought it would be a fun thing to set up.
If you think cars are bad, read ahref=http://www.crypto.com/papers/safelocks.pdfre l=url2html-5078http://www.crypto.com/papers/safelo cks.pdf> for article entitled Safecracking for the computer scientist. The scary bit is that the highest UL rating for a mechanical safe lock delays the intruder by an hour!
It just goes to show you, that if you shop around for the cheapest insurance you can get--don't be shocked when you go to file a claim and run into this kinda BS. Stick with one of the major players, and you're less likely to run into these problems.
In that case, they are using active RFID and my rant is misplaced. However, since they already have contacts on the key for power (since we're talking about the ignition key here and not a wireless keyfob, it's obviously tapping into the car's power), I don't see why they couldn't include a contact for challenge/response and thus avoid all this nonsense of broadcasting. True, this system should be secure (if what you say is true), but the implementation could be broken--e.g. the random number generator isn't random at all--and this would lead to the possibility of cracking the code from a considerable distance using a parabolic antenna. A lot of effort, yes, but it could be worth it if your targets are $40k+ luxury cars and you want to cause as little damage as possible and/or make your getaway as quickly as possible.
There ARE many examples of passive RFID locks (the house door lock and the implanted server room lock I mentioned were both passive RFID), so I just assumed this was one of them. But even if it is not, I still maintain that it is an example of pointless RFID broadcasting when a direct data transfer would make much more sense. If they can make contacts for the power, they can make contacts for the data tranfer.
I would assume they must mean getting into the car, and getting it started. Unless those 26 "couldn't get into" cars had bulletproof glass, I would assume even the crudest of theives could break a window to gain entry.
See, you proved that you are, statistically speaking, prefer parking car in places where it is more likely to be hit. So they charge you more. There are no many clear indications to place a person in a particular risk group (age, sex, place of living?), they have to be inventive and use indicators such as tickets and accidents, even those which may not be directly your fault.
Disclaimer: I don't work for insurance company, and I don't like them either.
My other Beowulf cluster is... er...
Also if you wish to get a quote make sure you buy at least one policy your credit is affected by insurance quotes as well
If there were any REAL way to drive without insurance, I would've done it from the very begining.
(And no, a $10K bond with the DMV is NOT a viable option.)
When my alarm-equipped car, parked on private property, behind a locked fence, surrounded by security motion-triggered flood lights, isn't (in the InsCo's opinion) parked in a "secure enough" location.
And given that there were SEVEN acts of vandalism / attempted theft in a year, with nothing resulting from the police except a shrug, and my InsCo raising my rates through the freakin roof, my faith in the police & my InsCo very, VERY quickly plummets into the toilet.
And my neighbors now wonder why there's a pistol sillouhette in the rear window with a caption:
"If you're close enough to read this, you're close enough to die."
Sorry for the rant, but you hit a VERY sore nerve. =J
Last summer a BMW Z3 was stolen, which was parked next to our congress house (got the right word?), owner was away for less than 10minutes.
;) I've seen cops just smiling at my direction when driving it, and probably not even checking anything. I've had it for almost 6 months now, and driven nearly 10,000km with it, and i haven't been stopped even once, even if i've been driving they way that could possibly endanger others. (Drifting, no grip on rear and going sideways at higher speeds.)
There's proof that the Z3 alarms were disabled and then taken onto a trailer, car was never found.
- Insurance company refused all claims because:
* This car is one of those "you cannot steal"
* Car was never found
- Insurance company neglected all the evidence that it is possible to steal cars such as BMW Z3
Owner complained about it and there was much of debate over it, i'm not sure what happened in the end.
Teaching of the story:
- Never buy newer than 15years old car
- Never have a car alarm if you wish to get something in case of robbery
In other words, they totally neglect the fact that nothing is burglar proof, you can even steal congress house if you have enough resources and enough information & knowledge.
Oh yeah, i drive a over 20years old Toyota, for which they refuse to give theft insurance because supposedly these cars are too easy to steal. Nevermind the color of my car which works as anti-theft insurance: it's Pink, it's one of the few cars on it's color & looks, you steal it, cops will DEFINATELY find the car if it's on open sight. (I know, color has nothing to do with possibility of giving a theft insurance, it's my own anti-theft measure)
Fortunately, thieves doesn't know that also because of the color, cops never stop you, even the car type & looks are otherwise that you would think cops would stop you and inspect it at every 2nd block.
Pulsed Media Seedboxes
These insurance companies know quite well that they are not fooling themselves. They are fooling the customers/claimants. They are fooling the courts when the claimants try to pursue the money they are owed. They are making fools of a lot of people, but not themselves. But if they are, then they are rich fools.
The instuance adjuster and most posters here are ignoring the obvious.
The man never claimed the engine was started, just that the car was gone.
Suppose the crooks pulled up in their (probably stolen) tow truck, broke the steering and ignition lock so they could put the car in neutral and winch it onto the flatbed, and then took it away.
Bonus points if the crook who broke the locks was dressed in a suit like he owned the car and the truck's driver wore coveralls like he was hired to help the owner of the 'broken down' vehicle.
Consider, if you saw a man in a business suit (minus jacket perhaps) pacing impatiently near a car (not yours), then a tow truck pulls up, the man talks to the driver a moment, gets in the car and does stuff you can't see, then the car is winched up and driven away, would you likely report a theft in progress? Would you likely even watch long enough to see all of that happen? If the owner walks up during the pacing part, just take the car next to the one you wanted.
It's all perfectly plausible (and in fact, known to happen). Sounds like another case of an insurance weasel to me.
Uhm, this is offtopic, for sure. But it looks like the only way of contacting you. Besides, it's an old thread :)
You used to read my journal, but you haven't posted to it in a couple years. Would you please read this entry?
tasks(723) drafts(105) languages(484) examples(29106)