Slashdot Mirror
RFID-enabled Vehicles: Pinch My Ride
Billosaur writes "Wired has an excellent article on the problems with the theft of
RFID-enabled vehicles and how insurance companies are so over-confident in the technology, they are denying claims when such vehicles are stolen. Example: "Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been. The 38-year-old truck driver and former reserve Los Angeles police officer did what anyone would do: He reported the theft to the cops and called his insurance company. Two weeks later, the black SUV turned up near the Mexico border, minus its stereo, airbags, DVD player, and door panels. Wassef assumed he had a straightforward claim for around $25,000. His insurer, Chicago-based Unitrin Direct, disagreed." Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started, despite the evidence that the ignition lock had been forced and the steering wheel locking lug had been damaged."
A local man who was the victim of a Home Invasion was shocked to learn that his insurance claim was denied because "As all of his home keys were still in his property, no one could have entered the house". Shard of broken glass, the robber's blood, his conviction in court and a lucky passerby's videotapes were also dismissed as "clever fakes". InsuranceCo stock jumped another 3 points today...
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
This is similar to the assumption that if your DNA is present at a crimescene, you must by default be guilty.
The man in the headline should clearly be bending his insurer over a barrel and giving them a good legal fucking...
-*The above statement is printed entirely on recycled electrons*-
...to deny claims. That's what they do. Insurance companies aren't in business to pay for people's losses, they're in business not to pay for people's losses, because the less they pay out, the greater profit they make. The portrayal in The Incredibles was just about dead-on. So getting them to fork over is often like trying to squeeze blood from a stone even at the best of times.
Editor Emeritus and Senior Writer, TeleRead.org
Lloyd's of London denied the Cunard line's claim for the loss of ocean liner Titanic, because "God himself could not sink this ship."
If you're going to be elitist, it would help to be elite.
They didn't bother to steal the plus-sized, chrome spinny wheels?
--- What?
You don't think the issue here is RFID spoofing, perhaps?
Argh.
If the car can't (according to the insurance company) be stolen, then by accepting premiums for insurance which covers loss due to theft (without any intention of ever paying said claims), they are comitting fraud. Sounds like some insurance company executives need to go to jail.
Throw away one of your keys before you call the insurance company? :)
Both of these methods are not only possible, but are common and becoming more common every day, especially on high dollar cars which are a big time target for theft, cadillac escalades and lincoln navigators are high on the list in my neck of the woods...
I question your methodology for assesing this man's involvment as well, you remarks smack of ad-hominem attack fueled by your distaste for his choice of driving a "gas guzzling SUV", however you seem to be suffering from the same shortsightedness that many of the savagely anti-SUV crowd does, you neglect to account for the possible neccesity of such a vehicle, perhaps this many has a large family and a boat which he frequently tows? Oh, but then you'd have to get off your high horse ;)
-*The above statement is printed entirely on recycled electrons*-
...which is what I really think is going on here, it's at least partly a classic case of turning off reasoning and common sense wherever technology is involved. The same amazingly intelligent people who can't operate the clock on the VCR are running the world and denying your claims.
The European Union currently conduct a consultation on rfid. I really would like to know what the role of governments should be. Governments are lobbied like hell on rfid. Some civil rights groups call them spychips. And lobbyists approach governments. And the question is why? Shouldn't markets decide?
Anyway, I suggest you to fill out the questionaire.
Other intresting consultation links can be found here and here. It is important to get more people involved in these political procedures and legislature who actually know what they are talking about. And I would like to spam politicians with the request for 'better interoperability'. Here the regulator has to take measures. I found it very nice that the EU already considered it. "Interoperability, standardization, governance, and Intellectual Property Rights (1 June)"
So maybe it makes sense to report cases like these to the authorities to avoid madness. I guess they do not read Slashdot.
Listed below, from best to worst, are the tested cars listed by name, points and, where applicable, time taken to gain entry.
"What Car?" Security Supertest League Table
The 26 Cars they Couldn't get into:
1-3: Lexus IS300, Lexus LS430 and Lexus SC430 (100).
4-7: BMW 318i SE, Nissan Maxima QX 3.0 SE+, Skoda Superb 2.5 TDi Comfort, Toyota Camry CDX V6 (95)
8-15: Audi A4 1.9 TDi SE, BMW 735i, BMW X5 3.0d, Citroën C3 1.4 HDi Exclusive, Jaguar S-type, Mazda Tribute, Nissan Primera 2.0, VW Passat V6 4motion (90).
16-23: Audi A2 1.4 TDi SE, Audi A6 Avant 4.2 quattro, Audi TT 180 Coupé, Ford Fiesta 1.4 Ghia, Seat Ibiza 1.4 Sport, Toyota Previa D-4D GLS, VW Golf GT TDi PD, Volvo S80 2.4T S. (85).
24-26: Nissan Almera 2.2 Di Sport, Nissan Almera Tino 2.0 SE+, Nissan X-Trail 2.0 SE+ (80).
The Cars they Could
27: BMW 520i (75) 1min 12sec
28: Saab 9-5 Aero 2.3 HOT (75) 1min 5sec
29: Renault Vel Satis (75) 58sec
30: Jaguar X-type 2.5 (70) 1min 30sec
31: Renault Clio 1.6 16v Initiale (70) 1min 15sec
32: BMW 325i Compact (70) 1min 4sec
33: Fiat Stilo 1.2 16v Active 5dr (70) 1min
34: Mazda Premacy (70) 32sec
35: Honda Jazz 1.4 SE Sport (70) 29sec
36: Renault Avantime (70) 25sec
37: Mazda MX-5 (70) 20sec
38: VW Polo TDi PD Sport (65) 1min 50sec
39: Volvo V70 T5 (65) 1min 36sec
40: Honda Civic Type-R (65) 1min 34sec
41: Mercedes C220 CDi Sports Coupé (65) 1min 20sec
42: Ford Mondeo TDCi (65) 1min 11sec
43: Volvo S60 T5 SE (65) 1min 7sec
44: Toyota Yaris T Sport (65) 57sec
45: MG ZT 190 (65) 50sec
46: Ford Focus ST170 (65) 45sec
47: Honda CR-V SE Sport (65) 43sec
48: Range Rover 4.4 V8 HSE (65) 38sec
49: Peugeot 307 SW 2.0 HDi SE (65) 33sec
50: MG TF 135 (65) 30sec
51: Mercedes SL500 (65) 29sec
52: Peugeot 206 HDi D Turbo (65) 20sec
53: Mini One (60) 50sec
54: Ford Maverick V6 XLT 3.0 (60) 32sec
55: Suzuki Liana 1.6 GLX (60) 28sec
56: Vauxhall VX220 (60) 18sec
57: Jeep Cherokee 3.7 Ltd (60) 9sec
58: Toyota Corolla T Sport (60) 8sec
59: Suzuki Wagon R+ 1.3 GL (50) 48sec
60: Daihatsu YRV F-speed (50) 12sec
Why is it that most people automatically assume technological solutions to problems are infallible, and don't create any further problems? This certainly isn't limited to insurance adjusters and stolen cars, just another convenient reminder that when faced with something they don't understand, the average person seems to just shut down their brain and move on.
you neglect to account for the possible neccesity of such a vehicle, perhaps this many has a large family and a boat which he frequently tows?
Large families and boats are both lifestyle choices as well. Choices which it's perfectly valid to criticize.
That's no excuse. If he has a boat and so many kids, then he should just make the kids push the boat around while he drives next to them in his two-seater hybrid yelling at them to put their backs into it.
-mrxak
Onions Will Kill You
When the RFID token is not present, the computer prevents the car from starting. Without the ECU, your engine can't run. It is vital to the operation of your car. If the software in the ECU actively prevents operation of the car, there isn't anything you can do about it except to load new software onto the ECU that you cooked up (good luck).
Homer wants to get rid of a trampoline but can't until Bart puts a bike lock on it, then Snake shows up right away to steal it.
Monstar L
No. In fact, it doesn't make sense.
Can you explain to me why we need a sliding scale? The gas-guzzler drivers are already buying more fuel and thus paying more tax. Do you like having the government tell you what and how to drive? Do you want to penalize contractors, limousine companies, and boat owners for buying a vehicle that meets their needs?
Gamingmuseum.com: Give your 3D accelerator a rest.
A friend of mine works in a very large dealership of Germand made cars.
New cars all come with a little plastic keyring with a tab attached to it. You scratch the surface of this tab to reveal a "Master Key".
This key is akin to the RFID code needed to start the car, the dealer is supposed to give it up to the customer so that he can order a new set of keys, reprogram the other ones etc..
This dealer has some people scratch all of these tags before they are given to the client, because as we well know, joe client will lose this in a blink.
Without this key you need to contact the factory, wait two weeks, pay a fee and than program some new keys.
On this particular brand, you can program/pair up to 5 keys per car if I remember correctly; only 5 keys can have the same code, I you lose one, you can only have four more etc.. After you've lost these you will need to reprogram all keys once again.
My point is that at any level in this process you could have an insider job from the dealer, the manufacturer, or even some thief which goes through the dealer's bin picking these tabs if they aren't securely destroyed.
Forensic evidence for this kind of theft is nearly impossible to tell, the cars ECU don't usually keep a whole lot of historical data.
Nevermind that, if you get ahold of a dealer's servicing computer and a new ECU worth only a few thousand dollars you can actually reprogram the keys without need for the master key (plus you get to keep the ecu and put the old one back in when you abandon the car).
The difficulty with this method however is not damaging the stering column or the physical lock.
Artificial intelligence is no match for natural stupidity
They can even be brute forced, however almost every car which has a system like this embedded in the car, has an imobiliser integrated into the engine. While it used to be a case of just disconnecting the immobiliser, they're now very tricky to disable. If you force the ignition without an RFID, the imobiliser would activate before the car got down the road. If the thieves were able to clone the RFID key system they wouldn't need to force the ignition in that way. If they forced the ignition without the code, the imobiliser would have gone off. Sounds like either a defective imobiliser or insurance fraud to me.
One not-so-obvious answer may be that the owner had fitted the vehicle with a remote-start system or a 3rd party alarm. In most cases when this is done with RFID enabled vehicles, they have to override the RFID system. The hack to get around this high-tech security? Stick a key under the dash within range of the receiver. This would allow most remote start systems to then work.
If the owner had done this and perhaps the perps had witnessed the victim using the remote-start vehicle, then they had a good target.
Yes, I read the article and read about the back doors, but there's another situation where owners are willfully overriding security systems in order to get the functionality that they want and the manufacturer doesn't give them. Sound familiar?
Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started,
And if not all the keys had been accounted for, the insurance company would have refused to pay because the guy was careless with his keys.
I hope the victim will be able to recover both his loss and penalties from the insurance company.
quoth imdb:
Bob: Did I do something illegal?
Gilbert Huph: [begrudgingly] No.
Bob: Are you saying we shouldn't help our customers?
Gilbert Huph: [pacing back and forth] The law requires that I answer, No.
Bob: I thought we were supposed to help people.
Gilbert Huph: You're supposed to help *our* people! Starting with our stockholders! Who's helping them out, Huh?
Is it just my observation, or are there way too many stupid people in the world?
Bypass kit, ~10 minute install 'nuff said.
-William
God is everything science has yet to explain.
A poll a while back found 1/4 of americans approve of insurance fraud
y n%5Cdynamicpressrelease_577.xml
http://www.accenture.com/xd/xd.asp?it=enweb&xd=_d
So yeah, not a bad assumption to make.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
US carmakers and auto-mobile insurers are unshakably certain that vehicles protected by "transponder immobil-izers" can't be driven without the proper keys - or, at least, that circumventing those transponder systems takes more sweat and money than most auto thieves are willing to expend.
I think these companies are seriously fooling themselves. It's not like every crook has to go through the trouble of cracing the system - only one does - they can then sell their crack to everyone else.
Who wants to bet that right now, as we speak, car thieves know more about these systems than the insurance company forensic investigators do?
I don't even know anything about them and I know how this could be done. These systems work like any other public key encryption, they rely on the fact that there is a **private key** in the car that no one knows about. One leak in the system, either in the plant, or in the chip in the car, or in a disgruntled employee at a dealership, and the system falls apart. Boom, it is now trivial to make fake RFID "keys" that respond with the right handshake to private keys sent from the car.
When the RFID token is not present, the computer prevents the car from starting. Without the ECU, your engine can't run. It is vital to the operation of your car. If the software in the ECU actively prevents operation of the car, there isn't anything you can do about it except to load new software onto the ECU that you cooked up (good luck).
To elaborate, cars nowadays have their engine computer-controlled by an Engine Control Unit (ECU). It often does everything from telling the spark plugs to fire to regulating the amount of fuel injected into the engine. When the key hasn't been properly authenticated, the ECU simply refuses to allow the engine to do anything.
The station wagon is probably better for a number of reasons:
1. Less likely to run out of gas while sitting at the gas pump.
2. Less likely to cause you to exceed credit limit while refueling.
3. Less likely to roll over while on highway exit ramp.
4. Less likely to be targeted by thieves.
5. Less likely to use so much disposable income you have to shop at Target.
VOICEOVER: Adrian Brody. Mel Gibson. Dave Navarro. What do these people have in common? They all suffer from L.B.S. -- in fact, one in every one-hundred Americans are diagnosed with L.B.S., or "Large Boat Syndrome", every day. And it gets worse: L.B.S. victims routinely have to cope with Sports Utility Vehicle fees and marina docking rental costs just to make it through, day-to-day, with their disease. For just $130 dollars a day --the cost of a single Nintendo DS Lite! -- you can help these fellow Americans. Won't you donate, today?
~jeff
Towing your family? That, good sir, is utterly barbaric! Won't someone please think of the children?!? With an SUV that big, there should never arise an occassion where it becomes necesary to tow your family behind you! I am outraged!
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
When I was in college, there were groups going around telling women that "you may just not know you were raped." They had a clear goal of blurring the line between the words "rape" and "regret". It is nieve to believe that EVERY woman who claims rape really was raped. If it wasn't, we wouldn't need courts. Just a woman pointing a finger, and the man could be hauled off to jail.
Where is my Dodge Caravan with cracker crumbs and baby puke stains?
I laughed at the bit where they say the key's RF signal only goes 7 inches. I get the same laugh when I read about those RF credit card transponders only going 11 inches.
Mine does 13 inches...
I'm always amazed by the tricks car workers and car theifs know. It just goes to prove that saying "locks keep an honest man honest", or however that goes. Once I locked my keys in my car just outside of Detroit. I found a guy to help me out in the yellow pages, who happened to be a recently laid off autoworker, in about 3 minutes he had my entire door panel off and actually took the lock out of the door to make a new key, and I was given a new working key within 10 minutes of him arriving.
Computers allow humans to make mistakes at the fastest speeds known, with the possible exception of tequila and handguns
Yep. Odds are, they found something not unlike this, and an ECU is mostly modular, with cable jacks
in the device housing to allow the manufacturers to easily install the things on the new vehicle and
to easily install a new one if the thing fails (which they do occasionally do...)- all it takes is
is knowing where the ECU is on the vehicle, develop a procedure for swapping it out that takes 10 or
less minutes to execute.
You break in, break the column cover to get the ignition switch access without the key, you swap the
ECU out with power tools and practice behind you and just go. It's not QUITE "Gone in 60 Seconds"
speeds, but it's still within the timeframe of doing the deed and not getting caught speed.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
OK, so you have a signed letter from the loss adjuster at the insurance company saying that any car that goes missing that has an RFID in the ignition was not stolen. In that case there's only one thing to do: spend $500 on a private eye, find out where they live and what car they drive, and then take it. After all, you have a signed letter from the owner saying that it wasn't theft!
If intelligent life is too complex to evolve on its own, who designed God?
I thought it was accepted practice to stall, misrepresent, impose legal costs, hide behind obscure terminology in a contract, and employ countless other ways to avoid rendering its primary service.
The wear and tear on a road surface is proportional to the fourth power of it's weight(see the section on maintenance) so actually a light fuel efficient vehicle should have to pay a lower price per gallon of fuel, or large vehicles pay a higher price per gallon.
eg. if you have a 1000 kg car compared to a 2000 kg car, then the 2000 kg car is causing 32 times as much wear on the road surface, so the road will need repairs much sooner. a 4000 kg car would be causing 256 times the wear.
A piggy back is not a ECU. They do significantly less than a real ecu (which is why that piggy back cost you ~$300 while a AEM engine management will run you ~1500), all the piggyback is doing is altering the input from the engine's sensors(maf,o2,etc..) to make the real ecu make adjustments based on it's own algorithms and unless you had that piggyback dynotuned you are probably not helping your performance and possibly hurting it, because I am sure you could figure out in about an hour better air/fuel maps than those nissan engineers.