RFID-enabled Vehicles: Pinch My Ride

Billosaur writes "Wired has an excellent article on the problems with the theft of RFID-enabled vehicles and how insurance companies are so over-confident in the technology, they are denying claims when such vehicles are stolen. Example: "Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been. The 38-year-old truck driver and former reserve Los Angeles police officer did what anyone would do: He reported the theft to the cops and called his insurance company. Two weeks later, the black SUV turned up near the Mexico border, minus its stereo, airbags, DVD player, and door panels. Wassef assumed he had a straightforward claim for around $25,000. His insurer, Chicago-based Unitrin Direct, disagreed." Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started, despite the evidence that the ignition lock had been forced and the steering wheel locking lug had been damaged."

In other news

[BlackCobra43]

A local man who was the victim of a Home Invasion was shocked to learn that his insurance claim was denied because "As all of his home keys were still in his property, no one could have entered the house". Shard of broken glass, the robber's blood, his conviction in court and a lucky passerby's videotapes were also dismissed as "clever fakes". InsuranceCo stock jumped another 3 points today...

DNA

[chevman]

This is similar to the assumption that if your DNA is present at a crimescene, you must by default be guilty.

Re:DNA

[damiangerous]

If your DNA is found inside of a rape-victim's vagina, however, then yes, you probably are guilty.

You're guilty of having sex with her around the time she was raped, yes. Is that enough to convict you of her rape? Not by a long shot.

Re:DNA

[vux984]

Uh, if the sex was consensual I doubt you'd even be in court in the first place. All she would have to do is say...

That also assumes she's still alive.

Wired had a bit about this last month

[dfn_deux]

Seems that there are at least a handful of commonly known/used methods for circumventing rfid embedded key/security systems in cars. Several of these are documented by the manufacturers of the cars. It is a ridiculous notion that if say all the keys to the car had been lost that it would then be impossible to somehow replace the keys or reprogram the system for another set. Any insurance company making such claims is obviously letting the smell of money overwhelm their senses and has overlooked what is quite simply the fact of the matter...

The man in the headline should clearly be bending his insurer over a barrel and giving them a good legal fucking...

Re:Wired had a bit about this last month

[MindStalker]

And none of these methods involve breaking the steering column as well as take some serious planning as well as obtaining manufacuring codes.

Re:Wired had a bit about this last month

[dfn_deux]

Actually all of these methods require the steering column to be opened in order to disable the steering lock detent mechanism. And they do require preplanning, but if you are targetting a specific make/model fo car then the planning isn't too difficult. It is foolish to assume that theives are just going about this willy nilly and stealing in the heat of the moment when they are overcome with desire. Often times thefts are carried out by highly organized gangs with the specific intent of picking specific targets with high resale of stolen parts and then carrying out well planned thefts where-in their chances of getting caught are signifigantly lowered and their probability of getting a big pay day are likewise raised.

Tis a foolish man who assumes that dishonesty goes hand in hand with stupidity (and vice versa for that matter) high technology secuirty systems just encourage theives to be much more sophisticated...

Re:Wired had a bit about this last month

[rworne]

It is certainly possible to get new keys. The reason there is an "urban legend" that it's impossible is because of the dealers - who charge ridiculous amounts to replace said keys: typically $80-$120US.

I find that odd, since key blanks are really cheap. That and the RFID industry is claiming the technology is so cheap they can put these tags on merchandise for mere pennies.

Honda can reprogram the immobilizer system even if you have no keys. It does require the dealer's help - just because they have access to the HDS (Honda Diagnostic System) that is required to perform the task:

REPLACING ALL PROGRAMMED IGNITION KEYS
If your customer has lost all of the programmed ignition keys, you need to replace all of the keys and rewrite the ECM/PCM with the HDS. The HDS clears all transponder codes from the memory of the ECM/PCM and stores the transponder codes of the replacement ignition keys.

Each manufacturer does this differently, so there are some manufacturers that have immobilizer systems that cannot be reprogrammed without an ECU change if the master/learning key is lost.

Insurance companies will seek any excuse...

[Robotech_Master]

...to deny claims. That's what they do. Insurance companies aren't in business to pay for people's losses, they're in business not to pay for people's losses, because the less they pay out, the greater profit they make. The portrayal in The Incredibles was just about dead-on. So getting them to fork over is often like trying to squeeze blood from a stone even at the best of times.

Re:Insurance companies will seek any excuse...

[Phreakiture]

Insurance companies aren't in business to pay for people's losses, they're in business not to pay for people's losses, because the less they pay out, the greater profit they make.

Insurance companies are corporate gamblers. They are betting you are a good driver and that your car won't get stolen or damaged. Your insurance premium is reflective of how good of a bet this is.

That said, when they lose the bet, they will try to weasel out of paying it.

Re:Insurance companies will seek any excuse...

Insurance companies are corporate gamblers.

No they are not. No more than the casinos are gamblers. They operate within a designed system that ALWAYS works out to their advantage. They know how many cars get stolen per year in Palo Alto, and charge you accordingly.

If your car gets stolen, they are still ahead.

Insurance takes the risk of one individual and spreads it across an entire population.

Denied

[fuzz6y]

Lloyd's of London denied the Cunard line's claim for the loss of ocean liner Titanic, because "God himself could not sink this ship."

Re:Denied

[Overzeetop]

She is made of iron, sir. I assure you, she can. And she will. It is a mathematical certainty.

Without a doubt, my favorite line from the movie. Though, to be honest, it's not high on my "what to watch" when I've got three hours to kill. A close second would have been a hearty "Game over, man!" from Bill Paxton, but it just never appeared.

Re:Denied

[dankstick]

I would hope that Lloyd's denied the claim due to the fact that Cunard Lines had no insurable interest in the HMS Titanic. White Star Lines owned the ship. Hull and Machinery Insurance was paid by several Insurers who reinsured with Lloyds'.
http://www.abc.se/~pa/publ/titan-own.htm
http://en.wikipedia.org/wiki/Marine_insurance

I call bullshit

[sjonke]

They didn't bother to steal the plus-sized, chrome spinny wheels?

Re:Who really telling the truth

[HugePedlar]

You don't think the issue here is RFID spoofing, perhaps?

Insurance fraud....

[russotto]

If the car can't (according to the insurance company) be stolen, then by accepting premiums for insurance which covers loss due to theft (without any intention of ever paying said claims), they are comitting fraud. Sounds like some insurance company executives need to go to jail.

Re:Insurance fraud....

[tdvaughan]

You can still steal the car by towing it away which is insurable against. If, however, they find evidence that the car was driven then they assume that the owner was complicit in the car's theft as they believe that the car is only drivable with the keys in the ignition.

Re:Insurance fraud....

[Akaihiryuu]

I used to work at a convenience store in Charlotte, NC as an assistant manager a few years back. Back in early 2003 there was an ice storm that took out power to 75% of the city for almost a week. My store was without power for 4 days. The insurance company denied the claim for the perishable stuff that had spoiled, because it turned out the policy stated that the only way they would pay for such a thing was if the transformer was completely removed from the poll and was on the ground. The transformer had not fallen off the pole, so they denied the claim, even though the entire area was without power for at least 4 days. I actually read the policy myself, couldn't believe it. I guess you should read the fine print of a policy before you get it.

Moral of the story is...

[Cpoff]

Throw away one of your keys before you call the insurance company? :)

Re:Who really telling the truth

[dfn_deux]

Obviously you have no clue as to what you are speaking about. The column would steal need to be opened in order to remove/disable the wheel lock detent. The computer portion of the anti-theft system is often over ridden by clever theive who are either privy to the manufacturers over ride methodology (I.E. a prius allows a certain pattern of engaging and disengaging the parking brake to over ride the security system and other systems will be disabled by simply removing a specific fuse from underhood) OR they simply aquired an ECU with the secuirty system already diusabled and then swapped the computers to allow starting w/o the "correct" rfid embedded keys.

Both of these methods are not only possible, but are common and becoming more common every day, especially on high dollar cars which are a big time target for theft, cadillac escalades and lincoln navigators are high on the list in my neck of the woods...

I question your methodology for assesing this man's involvment as well, you remarks smack of ad-hominem attack fueled by your distaste for his choice of driving a "gas guzzling SUV", however you seem to be suffering from the same shortsightedness that many of the savagely anti-SUV crowd does, you neglect to account for the possible neccesity of such a vehicle, perhaps this many has a large family and a boat which he frequently tows? Oh, but then you'd have to get off your high horse ;)

Apparent InsCo greed aside...

[CrazedWalrus]

...which is what I really think is going on here, it's at least partly a classic case of turning off reasoning and common sense wherever technology is involved. The same amazingly intelligent people who can't operate the clock on the VCR are running the world and denying your claims.

Re:Apparent InsCo greed aside...

[TubeSteak]

...which is what I really think is going on here, it's at least partly a classic case of turning off reasoning and common sense wherever technology is involved.

Or the insurance companies find it convienent to buy the tech hype, irregardless of whether they actually believe the system is undefeatable.

Maybe the policy got set from up high: We do not pay out claims on immobilizer equipped cars unless they meet [X, Y, Z] criteria.

Don't forget, there is always a disconnect between the Marketing Dept & the Engineers who design a security/safety system.

You really wanna secure your car?
Install a fuel cutoff switch somewhere non-obvious. Yes, it is security through obscurity, but most thieves don't have the time to troubleshoot a car that won't start.

Re:Apparent InsCo greed aside...

[tomhudson]

Read "The Rainmaker" by John Grisham for an account of some of the dirty practices of insurance companies in denying claims.

FTFA summary: "Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started"

Since when do you need the keys to steal a vehicle? And if all the keys WEREN'T accounted for, the claim would have been denied because "obviously the claimant was negligent and someone else got a key from them."

Re:Apparent InsCo greed aside...

[tomhudson]

RTFA a little closer. The car had RFID keys and shouldn't be able to start without the physical key being present, making theft considerably more difficult. While new in the US, such technology has been fairly common in Europe for over a decade.

Read what I wrote a little closer. I said "since when do you need the keys to steal a car?" The answer is simple - you don't.

Two words ... Tow Truck.

Shove that Navigator into a nearby container and even a lojack can't find it (the condainer makes a nice faraday cage, blocking all radio signals).

Q: What do you call someone whoo thinks a key is perfect protection against theft?
A: A pigeon.

Re:Apparent InsCo greed aside...

[IAmTheDave]

Insurance - especially car insurance, which one is required by law to carry - is forced extortion. I have seen denied claims, paid claims with increased premiums that beyond-covered the paid-out claim, my own insurance premiums rise after my car was hit while parked, etc., etc., etc.

Insurance companies are evil, ladies and gentlemen, and will do everything in their power to stop from having to pay out a dime. While I'm now paying $35 copay for prescriptions through Aetna, they also have a new thing called "precertification" whereby the doctor has to call the insurance company and "approve" the use of a drug. Now, if the doctor hadn't wanted me to have the drug, I'm sure I wouldn't be at CVS with my prescription. Nonetheless, yet another roadblock to actual payout of insurance coverage.

You think Pharma = evil? Check out insurance. Especially in the case of Katrina. Home insurance doesn't cover flood insurance. Flood insurance doesn't cover mud damage. Etc.

Makes me sick.

Re:Apparent InsCo greed aside...

[Fastolfe]

... paid claims with increased premiums that beyond-covered the paid-out claim

The goal of bumping up your premium is not to compensate the insurance company. By having an accident, you have shown your insurance company that you are now in the class of people that have recently had an accident. Statistically speaking, you are more likely to have another accident than someone who has not recently had an accident. Your premium is adjusted to match their new information, not to compensate them for the amount they paid out.

Once you are no longer in this class, your premium will drop back down. Your premium isn't dropping because you've "paid them back"; it's dropping because you are now in the class of people that haven't had an accident in a long time. Statistically speaking, you're less likely to have an accident than you were before, so your premium is adjusted.

RFID madness?

[Elektroschock]

The European Union currently conduct a consultation on rfid. I really would like to know what the role of governments should be. Governments are lobbied like hell on rfid. Some civil rights groups call them spychips. And lobbyists approach governments. And the question is why? Shouldn't markets decide?

Anyway, I suggest you to fill out the questionaire.

Other intresting consultation links can be found here and here. It is important to get more people involved in these political procedures and legislature who actually know what they are talking about. And I would like to spam politicians with the request for 'better interoperability'. Here the regulator has to take measures. I found it very nice that the EU already considered it. "Interoperability, standardization, governance, and Intellectual Property Rights (1 June)"

So maybe it makes sense to report cases like these to the authorities to avoid madness. I guess they do not read Slashdot.

'oh-my-god-stats-can-kill' dept. SA's theft stats

[tradingfire]

Listed below, from best to worst, are the tested cars listed by name, points and, where applicable, time taken to gain entry.
"What Car?" Security Supertest League Table

The 26 Cars they Couldn't get into:

1-3: Lexus IS300, Lexus LS430 and Lexus SC430 (100).
4-7: BMW 318i SE, Nissan Maxima QX 3.0 SE+, Skoda Superb 2.5 TDi Comfort, Toyota Camry CDX V6 (95)
8-15: Audi A4 1.9 TDi SE, BMW 735i, BMW X5 3.0d, Citroën C3 1.4 HDi Exclusive, Jaguar S-type, Mazda Tribute, Nissan Primera 2.0, VW Passat V6 4motion (90).
16-23: Audi A2 1.4 TDi SE, Audi A6 Avant 4.2 quattro, Audi TT 180 Coupé, Ford Fiesta 1.4 Ghia, Seat Ibiza 1.4 Sport, Toyota Previa D-4D GLS, VW Golf GT TDi PD, Volvo S80 2.4T S. (85).
24-26: Nissan Almera 2.2 Di Sport, Nissan Almera Tino 2.0 SE+, Nissan X-Trail 2.0 SE+ (80).

The Cars they Could
27: BMW 520i (75) 1min 12sec
28: Saab 9-5 Aero 2.3 HOT (75) 1min 5sec
29: Renault Vel Satis (75) 58sec
30: Jaguar X-type 2.5 (70) 1min 30sec
31: Renault Clio 1.6 16v Initiale (70) 1min 15sec
32: BMW 325i Compact (70) 1min 4sec
33: Fiat Stilo 1.2 16v Active 5dr (70) 1min
34: Mazda Premacy (70) 32sec
35: Honda Jazz 1.4 SE Sport (70) 29sec
36: Renault Avantime (70) 25sec
37: Mazda MX-5 (70) 20sec
38: VW Polo TDi PD Sport (65) 1min 50sec
39: Volvo V70 T5 (65) 1min 36sec
40: Honda Civic Type-R (65) 1min 34sec
41: Mercedes C220 CDi Sports Coupé (65) 1min 20sec
42: Ford Mondeo TDCi (65) 1min 11sec
43: Volvo S60 T5 SE (65) 1min 7sec
44: Toyota Yaris T Sport (65) 57sec
45: MG ZT 190 (65) 50sec
46: Ford Focus ST170 (65) 45sec
47: Honda CR-V SE Sport (65) 43sec
48: Range Rover 4.4 V8 HSE (65) 38sec
49: Peugeot 307 SW 2.0 HDi SE (65) 33sec
50: MG TF 135 (65) 30sec
51: Mercedes SL500 (65) 29sec
52: Peugeot 206 HDi D Turbo (65) 20sec
53: Mini One (60) 50sec
54: Ford Maverick V6 XLT 3.0 (60) 32sec
55: Suzuki Liana 1.6 GLX (60) 28sec
56: Vauxhall VX220 (60) 18sec
57: Jeep Cherokee 3.7 Ltd (60) 9sec
58: Toyota Corolla T Sport (60) 8sec
59: Suzuki Wagon R+ 1.3 GL (50) 48sec
60: Daihatsu YRV F-speed (50) 12sec

Insurers have I got news for you..

[OlivierB]

A friend of mine works in a very large dealership of Germand made cars.
New cars all come with a little plastic keyring with a tab attached to it. You scratch the surface of this tab to reveal a "Master Key".
This key is akin to the RFID code needed to start the car, the dealer is supposed to give it up to the customer so that he can order a new set of keys, reprogram the other ones etc..
This dealer has some people scratch all of these tags before they are given to the client, because as we well know, joe client will lose this in a blink.
Without this key you need to contact the factory, wait two weeks, pay a fee and than program some new keys.
On this particular brand, you can program/pair up to 5 keys per car if I remember correctly; only 5 keys can have the same code, I you lose one, you can only have four more etc.. After you've lost these you will need to reprogram all keys once again.

My point is that at any level in this process you could have an insider job from the dealer, the manufacturer, or even some thief which goes through the dealer's bin picking these tabs if they aren't securely destroyed.

Forensic evidence for this kind of theft is nearly impossible to tell, the cars ECU don't usually keep a whole lot of historical data.

Nevermind that, if you get ahold of a dealer's servicing computer and a new ECU worth only a few thousand dollars you can actually reprogram the keys without need for the master key (plus you get to keep the ecu and put the old one back in when you abandon the car).
The difficulty with this method however is not damaging the stering column or the physical lock.

Remote Start

[Slayback]

One not-so-obvious answer may be that the owner had fitted the vehicle with a remote-start system or a 3rd party alarm. In most cases when this is done with RFID enabled vehicles, they have to override the RFID system. The hack to get around this high-tech security? Stick a key under the dash within range of the receiver. This would allow most remote start systems to then work.

If the owner had done this and perhaps the perps had witnessed the victim using the remote-start vehicle, then they had a good target.

Yes, I read the article and read about the back doors, but there's another situation where owners are willfully overriding security systems in order to get the functionality that they want and the manufacturer doesn't give them. Sound familiar?

Bypass kit

[kd5ujz]

Bypass kit, ~10 minute install 'nuff said.

Ummm..

[brunes69]

US carmakers and auto-mobile insurers are unshakably certain that vehicles protected by "transponder immobil-izers" can't be driven without the proper keys - or, at least, that circumventing those transponder systems takes more sweat and money than most auto thieves are willing to expend.

I think these companies are seriously fooling themselves. It's not like every crook has to go through the trouble of cracing the system - only one does - they can then sell their crack to everyone else.

Who wants to bet that right now, as we speak, car thieves know more about these systems than the insurance company forensic investigators do?

I don't even know anything about them and I know how this could be done. These systems work like any other public key encryption, they rely on the fact that there is a **private key** in the car that no one knows about. One leak in the system, either in the plant, or in the chip in the car, or in a disgruntled employee at a dealership, and the system falls apart. Boom, it is now trivial to make fake RFID "keys" that respond with the right handshake to private keys sent from the car.

Re:Who really telling the truth

[jeffehobbs]

VOICEOVER: Adrian Brody. Mel Gibson. Dave Navarro. What do these people have in common? They all suffer from L.B.S. -- in fact, one in every one-hundred Americans are diagnosed with L.B.S., or "Large Boat Syndrome", every day. And it gets worse: L.B.S. victims routinely have to cope with Sports Utility Vehicle fees and marina docking rental costs just to make it through, day-to-day, with their disease. For just $130 dollars a day --the cost of a single Nintendo DS Lite! -- you can help these fellow Americans. Won't you donate, today?

~jeff

Not necessarily...

[Belial6]

When I was in college, there were groups going around telling women that "you may just not know you were raped." They had a clear goal of blurring the line between the words "rape" and "regret". It is nieve to believe that EVERY woman who claims rape really was raped. If it wasn't, we wouldn't need courts. Just a woman pointing a finger, and the man could be hauled off to jail.

Re:Not necessarily...

[TrentC]

When I was in college, there were groups going around telling women that "you may just not know you were raped." They had a clear goal of blurring the line between the words "rape" and "regret".

No, they had a clear goal of making women understand that having a guy cornering them in their room and not letting them out until they "give it up" isn't something they should be expected to live with, or that waking up in a frat house with no clothes on and no memory of last night, isn't just something that "just happens".

Women have an impressive double-standard to live with; if they get assaulted or raped, well, obviously they should have known better. But if they assume that a man might try to rape her if they are alone together, or doesn't want to be in a position where she can be overpowered or outnumbered, well, then she's obviously a man-hater/feminist/dyke. Nowhere in either of those equations is the man's behavior held to any standard.

It is nieve to believe that EVERY woman who claims rape really was raped.

The staistics for false claims of rape are in line with false claims for other crimes. (Well, it depends on who you ask and what time period the study in question covers; the numbers seem to swing from 1 percent to 25 percent of claims, with each end of the range having its defenders.) Also, many rapes go unreported, which would make the percentage of false claims vs. actual rapes even smaller still. But of course, any attempt to raise awareness or to encourage women to talk about what happened to them is "blurring the line between 'rape' and 'regret'".

By your reasoning, we should assume that any person who claims they were robbed or assaulted is lying just because some people lie about it, or live in fear that we could be sent to jail by having someone pointing a finger at us and saying "he stole from me" if we don't defend the reputation of accused thieves.

List incomplete

[stormy_petral]

Where is my Dodge Caravan with cracker crumbs and baby puke stains?

Re:7" RF Fallacy

[Enigmafan]

I laughed at the bit where they say the key's RF signal only goes 7 inches. I get the same laugh when I read about those RF credit card transponders only going 11 inches.

Mine does 13 inches...

Re:Who really telling the truth

[c_forq]

I'm always amazed by the tricks car workers and car theifs know. It just goes to prove that saying "locks keep an honest man honest", or however that goes. Once I locked my keys in my car just outside of Detroit. I found a guy to help me out in the yellow pages, who happened to be a recently laid off autoworker, in about 3 minutes he had my entire door panel off and actually took the lock out of the door to make a new key, and I was given a new working key within 10 minutes of him arriving.

Re:RFIDs can be cloned..

[Svartalf]

Or a swapped out ECU. Don't for a moment think that the crooks stealing the expensive
vehciles don't have access to resources to glom onto a hacked or tuner's ECU somewhere
that doesn't DO the RFID check. If it doesn't have an alarm system, it's very believeable
that someone could have busted into the vehicle, swapped out ECUs, busted the column
lock and cover and drove off in about 10 minutes or so- less if they've got more than
one thief working in parallel.

Re:Don't be so hard on the insurance company

[symbolic]

I thought it was accepted practice to stall, misrepresent, impose legal costs, hide behind obscure terminology in a contract, and employ countless other ways to avoid rendering its primary service.

Re:Here's an idea

[vivian]

The wear and tear on a road surface is proportional to the fourth power of it's weight(see the section on maintenance) so actually a light fuel efficient vehicle should have to pay a lower price per gallon of fuel, or large vehicles pay a higher price per gallon.

eg. if you have a 1000 kg car compared to a 2000 kg car, then the 2000 kg car is causing 32 times as much wear on the road surface, so the road will need repairs much sooner. a 4000 kg car would be causing 256 times the wear.