Slashdot Mirror
New Cars Vulnerable To Wireless Theft
tkrotchko writes "In a story published by Technology Review, researchers have demonstrated multiple times that they can bypass the security of wireless entry and ignition systems to take a car without the owner's permission. As researchers in the article point out, car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away. Although this article is light on technical details, a companion article shows how the researchers accomplished the security bypass. An interesting read, and certainly something that will no doubt be the subject of a new movie any day now."
An interesting read, and certainly something that will no doubt be the subject of a new movie any day now.
How about "gone in 60 microseconds"?
Well sort of. I couldn't disable smash-the-window entry.
I'm sure pretty much anybody who even remotely understands anything about tech saw this one coming.
If my car comes with a wireless key fob to unlock the car, can that function be disabled?
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Apparently my mother in law used to have a civic with keyless entry ... in a small town of <30,000 there was another Civic of the exact same color which used the same code.
They found out one time at the mall that they could each open the other's car.
I bet there's not nearly enough uniqueness and security in these things.
Lost at C:>. Found at C.
Check your manuals. At least in my car, this feature could be turned off. In fact, I turned it off before I even drove it off the dealer's lot, due to this exact concern.
Wireless communications are vulnerable to spoofing, news at 11.
Also, cloned cell phones!
I mean, if they're going to take the car anyway...
It's already been shown on TV, an NCIS episode has one guy using an iPhone app plus the VIN of an OnStar equipped car to unlock the car.
Thats why we have insurance. And i assume they'll use the nav system to go to your house and rob it and kill your family and pets too right. Gimme a break.
This may become a problem for high-end cars. But to be honest lower to middle class folks only typically go so far as wireless entry. You still have to get the ignition going in these cases. Those systems have already been exploited, and yet most car thieves still simply result to smashing or picking something. Tech overhead on low end crime doesn't usually work well.
Where genius and insanity become confused true wisdom is found
Ross Anderson's security engineering textbook discusses this problem, as well as how cryptographic systems like Keeloq might be attacked, and some other related topics. I am going to guess, though, that the manufacturer's view is that a thief with the technical skills needed to take advantage of these vulnerabilities is rare (not saying I necessarily agree) and that most thieves will just smash the window and try to steal the radio before the cops arrive (do people still steal car radios?).
Palm trees and 8
This was how the lead character in Ghost Dog stole his cars. Great movie, BTW.
SJW: Someone who has run out of real oppression, and has to fake it.
That's really weak. That's barely a security hole at all. Someone has to be near me to have a system to talk to my car key?
Also, the explanation article isn't an explanation at all, it talks about tire pressure monitoring systems and how to spoof readings from those to the dash. It also makes the mistake of saying that the TREAD Act requires you have a wireless tire pressure monitoring system. That's not true at all, the requirements for tire pressure monitoring can be done completely passively by monitoring the effective circumference of the tire (rotation speed) and is done so in many makes.
http://lkml.org/lkml/2005/8/20/95
I'm pretty sure that was staged for entertainment purposes. Most cars require that the key be *inside* the car, or very close to it in order to start. A guy sitting in a diner with a wall/window and several feet of parking space/sidewalk/restaurant between him and his car probably wasn't close enough.
"I disagree with you" does not equal "flamebait."
Some clever Russian(s) are going to start building these devices and selling them online for say $2000 a pop much like they sell spamming/botnet toolkits. Stealing a car will require 0 real effort and will be much safer (since you just walk up to it, get in and drive away, no need to fiddle with the door locks/ignition for a few minutes). Good luck fixing all the affected cars.
these types of solutions detract from the convenience that makes passive keyless entry systems worthwhile.
But when the key is not even a key, that detracts from the thing that causes it to exist, so it might as well not.
So I was drinking a wine cooler and watching Knight Rider last night and Some dude totally hacked Kit using a TI computer and an ATARI joystick. This tech has obviously existed since the 80s. Sheesh.
Does the line: "car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away." seem to imply car thievery is a new thing? Thieves have been stealing cars since you had to hand crank the engine. Sure the techniques in 1911 were different from the techniques in 2011 but this is a a bit hysterical isn't it? Criminals are always getting better than security which leads to better security which leads to more cunning thieves, like any living system, it will continue to evolve.
There are two kinds of fool. One says, This is old, and therefore good. And one says, This is new, and therefore better.
The article doesn't say which models and brands were attacked. I'd be curious to see which ones they got.
These keys are certainly extremely useful. The key on mine detects if its inside or outside the car, and can even open the trunk if I touch a button by the tail lights. The fact that the manufacturers haven't considered the security ramifications of these keys is unsettling.
From the description, this seems to be a variation on the standard man-in-the-middle attack. These manufacturers should know better.
These people are all just doing replay attacks (due to the rolling code systems used), so if you turn off your transmitter, they'll never find the way into your car.
http://lkml.org/lkml/2005/8/20/95
Is a stick shift. Even if they get into your car & manage to get it started, your average car thief has no idea how to drive a stick shift.
This just sounds like they build a range extender for the key fob, allowing the fob to be MUCH farther away from the car than it would normally have to be. This is nice to allow access to the car and to get it started, but once you've driven the car out of range of the (range-extended) fob, you'll never get the car started again. Maybe it doesn't matter if they're just taking the car to a chop shop. Still scary, though.
If only we had a word that meant taking something without the owner's permission...
The reason I came to this conclusion is reading the famous Chula Vista Residential Burglary Reduction Project report. Only 4% of burglars pick locks. Now why is that? Is it too hard for the average burglar to learn, or was it too hard to learn how to pick locks when that was written? I'm guessing the former was the deciding factor.
If I have seen further it is by stealing the Intellectual Property of giants.
My prius doesn't need a key in the ignition at all. It just needs the transceiver to be close.
I leave it in my pocket when I drive.
Surround the fob with foil (or a more custom-designed solution) while away from the car, and problem solved.
the companion article only mentions hacking the tire pressure monitors which are wireless sensors in the wheels. it makes no mention of starting the car and driving away.
This patent presents a locking system for automotive vehicles that can not be snooped by a nearby wireless hacker. This approach eliminates the need for problem prone wireless receivers and transmitters, whose signal can easily be captured by a third party in the vicinity. This devices presents an opening in the door of about 2mm x 5mm and requires the use of a specifically shaped piece of metal This piece of metal would be unique to each owner. Activation and deactivation is accomplished by a rotational action in either clock-wise or anti-clockwise directions.
This patent is truly ground-breaking since it eliminates the need for an electronic system to function.
Jumpstart the tartan drive.
The key to a Chevy Charger
A what?
The morning news in SF Bay Area showed home security footage of someone just walking up to a supposedly locked up car (Toyota) and looting it without using a key or smashing windows. Apparently there has been a bunch of car robberies of this nature around the Bay Area.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
In my old car I had the wireless stolen. I just put another one in.
Once I was a four stone apology. Now I am two separate gorillas.
Good thing i refuse to have those options in my car.
---- Booth was a patriot ----
If they are going to take your car they are going to take your car. It might be easy, it might be hard but as long as cars can be towed you'd better kiss it goodbye if someone wants it bad enough.
The biggest theft deterrent around is probably title registry and money laundering laws, the locks just protect you from the joyriding kids.
This one guy showed me he could do the same with a screw driver and a hammer when he stole my car. And he didn't have any research grants..
Tiger Blooded Bi-Winning Machine
LOL I wish I had mod points. I thought the same exact thing when I read that.
Tiger Blooded Bi-Winning Machine
If this technology became more commonplace, and car theft becomes easy as downloading an ap for your iphone we may have to reverse our slogans. Start an anti car-theft promotion, You wouldn't download a song would you?
That would be "copyright infringement" right?
Once I was a four stone apology. Now I am two separate gorillas.
When your car is stolen with no obvious sign of forced entry. They consider it to be a fraudulent claim and that you were the one that stole your own car.
Um, yeah. I think you need to do a little field research.
Proverbs 21:19
Hey, it's not theft, it's copyright infr- wait...okay, yeah, that's stealing.
The companion article talks about something entirely different, namely security issues with wireless Tire Pressure Monitoring Systems. Neither the main article nor the "companion" article talk about the TPMS hack having anything whatsoever to do with vehicle theft or sabotage at the current time.
I drive a car that nobody wants to steal. In fact, so few people wanted my car that Volvo stopped selling it in the US.
No, no, no... "stealing" is taking without permission. "Copyright infringement" is setting fire to someone's house, kicking their puppy, selling their child off for medical research, punching them in the nose, and then taking something without permission.
Oh come on. Cheap technology exists to uniquely validate the identity of a key, without revealing any secrets or allowing impersonation by onlookers.
The reason car manufacturers will never sell you a secure car is that they have no problem whatsoever with car theft. They benefit from car theft. That is why in 2011, car manufacturers are still shipping cars that are easily started without a key even though really cheap technology to prevent this has existed for decades. (New car employee: "Hey, If we validate the key outside the steering column, or change from using a simple voltage line to the starter that can't be easily tricked by crossing a couple wires, theft will be MUCH harder. His Manager: "You're fired!".)
HEY CAR EXECS: I WILL NEVER BUY A CAR WITH KEYLESS IGNITIONS UNTIL I AM 100% SURE THEY ARE SECURE.
That requires an new design.
This is the same reason I avoid WiFi.
Get rid of your mother-in-law and maybe collect insurance and big settlement because some sensor or CPU 'malfunctioned'.
Not saying the tech is there yet, but I'd wager it will be soon enough --and that someone will attempt it eventually (possibly successfully --how would anyone know?).
You really blew it with the subject line there, sunshine
Are they making cars without steering-wheel locks requiring physical keys now? I thought it was federal law that you couldn't do that--but maybe that was just an assumption.
I have remote door locks and remote start, but getting into the car isn't that hard anyway (Brick authorized entry works as well as it always has)--getting past the steering wheel lock requires SOME kind of solution...
How will the car know? It's the fact that the key isn't very strong that determines the range. If I get a more powerful antenna, there's no way the car could tell that it was coming from outside the car versus inside.
My blog. Good stuff (when I remember to update it). Read it.
Oh yeah, the three hosts took a Chevy Charger, a Ford Camaro, and a Chrysler Mustang on a cruise. Great episode that one! ;)
PS: The car was actually a Dodge Challenger, so grandparent can't even claim part marks on it. Owch.
It's not necessarily theft.
Off the top of my head here are some non-theft reasons:
firemen moving the car out of the way of a fire
a repo
parents surreptitiously retrieving their car from an out of bounds kid
But you're right, probably mostly for theft...
__ Someday, but not this morning, I'll finally learn to use the preview button.
Another potential danger of unauthorized remote auto-start is carbon monoxide poisoning of the car owner, if the car (in particular, those with traditional combustion engines) is parked near living areas, such as in an attached garage.
Do cars with remote auto-start have safety features to prevent it from being misused, such as excessive idling?
Ron
firemen moving the car out of the way of a fire: they moved it; they didn't take it
a repo: the repo is the owner
parents surreptitiously retrieving their car from an out of bounds kid: it's the parents' car, not the kid's
No. There's a big difference between "taking" and "copying."
I for one will never be caught driving a Gibson...
My solution is to put a big steel bracket around my brake pedal that would take more than a few minutes of cutting to get through before you can drive away. It doesn't prevent a determined party from taking the car if he really wants to, but it's a layer of actual physical security that prevents someone from duplicating a software key and riding away, just like it prevented someone from picking the lock and hotwiring the ignition and riding away on an older model.
An interesting read, and certainly something that will no doubt be the subject of a new movie any day now.
Yeah. But in the movie the hacker will have to maneuver around some vector graphic blocks popping up on a green laptop screen, in order to "bypass" the system.
After bypassing the last cipher "block" the screen will change to a CAD-drawing of a car highlighting various control systems. At which point the car doors will pop open (not unlock, pop open!) and the hacker will shout "I'm in!"
In other news today, the Chinese government buys 300 Container "Super Ships" preparing for some type of boon industry. Speculation abounds.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
I just bought a new Rav 4 and it didn't come with a physical key, only a fob. The only physical key I was given was for the glove box.
At the same time I'd prefer a hackable fob then a keying system that cannot be broken, i.e., you have to have the key.
The reason for this is that cars will continue to be desirable and be stolen, and I'd rather have the thief take without bothering me, than have a car jacking which could put me (and/or family) in danger. A car is only a car, and I have insurance, so while inconvenient it's just a thing.
Really, look it up. I know, I know, shocking news. Did you know that all those killings you see on shows, they apparently are PRETENDING to die? Supposedly some pretense they refer to as "acting". And many of those stories and plots and situations? COMPLETELY MADE UP! Whodathunkit?!?
If any of you have ever installed a remote start on a car with a chip-in-the-key security, you'd realize this isn't that exciting or unexpected. In the earlier days of bypassing the chips in the keys, this is the exact technique we used. It was analog-to-analog too. The key was placed into a winding of wire (maybe 11 to 60 loops), one end of the loop connected to a relay. Then, at the ignition cylinder, there was another loop of wires, again typically anywhere from 5 loops to 30 loops, with one end of that loop connected to a relay, and the other end of each loop connected to each other. When the relay was activated, and the ignition powered up, the antenna loops would allow the power from the antenna in the ignition to power the chip in the key, and allow the now powered chip to relay it's code back to the antenna at the ignition cylinder.
It wouldn't have been hard to increase the sensitivity of this setup to get a longer range (both in terms of how far the wire loops could be spread apart, but also how far away the one loop could pick up the key, and the other loop the ignition cylinder) using a bi-directional amp and possibly more windings.
The fact this was done to a system DESIGNED to have longer range (as the intelli-key systems are active and not passive in the RF signals) it's no real surprise. They didn't technically hack the system, they just extended the range of the wireless communications. It's a big deal to people who didn't know this could be done, or those who could have their car stolen using this technique, but it's really not that shocking to people who should or do know better than to think it's fool proof.
As a side note, on the earlier Ford's with the chip-in-key system, you could disable the system by pulling a certain fuse under the hood, and instead of defaulting to a "no code, no start" mode, the car would failsafe into a "you can start without the chip". And to those asking about the steering wheel lock.. they aren't THAT hard to break or remove if you really want to break or remove one.
I have a Porsche, and the key comes with an RFID chip to unlock the sterring column, so even if the theives wirelessly unlock my doors, they still aren't going to start it.
Probably just towing it away on a flatbed is much easier, and less conspicuous.
Many cars now come with pretty good factory stereos - reducing the risk. Many stereos also have pretty good anti theft tech as well. I rarely hear of anyone anymore having a stereo stolen.
..........FULL STOP.
1) Would-be thief uses gizmo to cause the TPMS light to display on the dash. 2) Unwary driver pulls over, gets out and begins to inspect the tires. 3) Thief jumps in and takes off. 4) Profit. This not only takes technical expertise, but also stealth and a high level of physical fitness.
The wireless in my car was stolen years ago. But I think the kids today call them "radios" or "steroes"
So they can relay the handshake between the keyfob and the car allowing them to enter the car and turn on the ignition. The question is how far away can they drive once the keyfob is no longer in range?
If the car manufacturer didn't build a security measure shutting down ignition after sometime of the car being off-range then I would be worried. Otherwise robbers just ran away a few hundred meters and maybe could steal some stuff from the car without having to break into it.
I will ask that question before buying my next car if it comes with keyless ignition.
HTML is obsolete. It's time for a new, simpler and richer markup language.
This technology was clearly the inspiration for the freak wormhole that started the war between the Vl'hurgs and G'Gugvuntts
make imaginary.friends COUNT=100 VISIBLE=false
Well, the Anon Coward was talking about Top Gear, which used a stock vehicle with the normal keyfob, so the transmitting strength of the sending unit was not enhanced as you propose.
Additionally, at least in my car, there are several antenna receivers. Some are on the outside, some are on the inside, and one is in the trunk (in case I close the trunk with the key inside, it will automatically open it up again).
Plus, the signal strength of the transmitter is irrelevant for actually starting the car. The transmitter strength only determines how far away you can be and still unlock the doors. The key itself is chipped with an RFID, and the car scans for it when you try to start it. It's pretty unlikely that the RFID detector can detect one when the car's in the parking lot and the key is in the pocket of someone inside a restaurant.
At any rate, if the thief has the spoof key/RFID identifier, range doesn't matter. He just gets in the car, fires up the spoofer, and goes on his way.
"I disagree with you" does not equal "flamebait."
Not to mention a dirty commie practice. Better dead than red!
There is no reason this has to be so complicated or proprietary.
All you need is a secret in the keyfob and the same secret in the car. There are published cryptographic protocols that exist that allow 2 endpoints to verify that both of them have a matching secret but in a way that does not allow someone listening in to steal the secret. (and since these are published they have presumably been exposed to more analysis by people looking for flaws than the proprietary solutions).
Most common thieves aren't that smart. I have no doubt they will continue to rely on smash and grab or armed car-jacking as their primary means but the net effect of the advanced security systems will reduce "whole auto theft". That's great for the insurers, but as drivers, we'll continue to see B&E and content theft. As far as actual car-jacking, one wonders if violence won't become more deadly since a police report will likely result in a remote disable and likely capture for the criminals. I hope not.
In the UK, we had to create the crime "Taking Without Owner's Consent" (TWOC) as a common defence in car theft was "I was only borrowing the car, I would have returned it!" Apparently, it worked at least once. Hence, now the act of taking the car is a crime, as opposed to depriving the owner of it permanently (as was previously the case). TWOC may well be the correct term for these cases.
Finally had enough. Come see us over at https://soylentnews.org/
This patent presents a locking system for automotive vehicles that can not be snooped by a nearby wireless hacker. This approach eliminates the need for problem prone wireless receivers and transmitters, whose signal can easily be captured by a third party in the vicinity. This devices presents an opening in the door of about 2mm x 5mm and requires the use of a specifically shaped piece of metal This piece of metal would be unique to each owner. Activation and deactivation is accomplished by a rotational action in either clock-wise or anti-clockwise directions using a computer.
I'm going to be rich!
That's how it works, right? Right?
Finally had enough. Come see us over at https://soylentnews.org/
TWOCing was invented to prosecute joyriders. A skilled joyrider who opened and started a car without damaging it hadn't committed any offence. His previous escapades were strong evidence he had no intention of keeping the car.
Here's the actual research paper if anyone is interested: http://eprint.iacr.org/2010/332.pdf
Give that man a prize!
If he returned the car with a full tank of petrol and £10 to cover maintenance (as long as he didn't thrash it from cold), I wouldn't mind at all. Yes, I know this is an internet joke, but it's still true.
Finally had enough. Come see us over at https://soylentnews.org/
is to have a crappy car. You couldn't pay a car thief to steal my old Pontiac J(unk) 2000. I know because I tried to.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Remember kids. Jesus did it.
Luke 9:16
Mark 6:41
I find being offended by me offensive.
Ok so i'm not here trying to blatantly give a promo out to the product that i just spent a year developing so i won't say the name. I'll just say that is from one of the leading alarm company manufacturers and you can find it on the net. The gist of the product is this: why should you have to have a separate device that you put on your keyring that allows you to start your car when you already have a smartphone (well most people do, or at least most people who can currently afford keyless entry on their car). What our product does is allows you to open your car door (and lock the door and start the engine/warm it up) right from your phone. The good thing about this is that on top of each account being password protected, they are also linked to the particular identification code for your exact phone so there is no way that anyone is going to hack this (in theory). The way it works is via a cellular device not a radio wave emitting from the car so its much more difficult to intercept (in theory). Also the best part about it is that because it's a cellular device we can also track the exact location of the vehicle so in the case that someone does steal your car we will find them right away. The trick to protecting yourself from thieves and criminals is to stay one step ahead of them. 15 years ago this was with keyless technology, but now this is old school, we simply need to switch to the latest gadget.
When I bought my car, I was hoping that the signals sent between key and car were not identical every time, since it's an obvious attack method to just detect/copy the signal and extremely easy to put e.g. a few 1000 random "keys" in the sender and receiver that need to be used sequentially (makes it harder to have multiple keys, but there are ways to fix that). I guess I was wrong ...
"I love my job, but I hate talking to people like you" (Freddie Mercury)
First of all, there's no wormhole here. The signal still goes through Euclidean space. You're not beating spacetime here, you're just beating signal attenuation (r^3 falloff due to radiation).
No, this doesn't spell any utter doom. This attack is complicated to pull off and also requires a person be near you to do the attack. If they're going to get that close, they might as well steal my key off me.
There are many handsfree systems that are very sophisticated about locating the key. The one on my car only opens the door you are standing next to. If I stand by the driver's door, the passenger door won't be unlocked. And vice-versa. I have to stand near the trunk to open it (or press the button). If I leave the key inside the car, it will refuse to lock its down doors, as far as I can tell, it is impossible to lock the key in the car, including in the back.
A system like this which is locating the key spatially is less likely to be fooled by trying to pretend the key is in a location other than it is by relaying signals. I am of course not saying it is unfoolable.
Either way, before electronic keys, all someone had to do was take a picture (or impression) of your car key and they could replicate it and steal your car. Now they need to have two people, a lot more sophisticated equipment for rebroadcasting signals and to tail you constantly to get in the car to open.
So I fail to see how we're approaching utter doom. Things were worse before and we still survived and most cars were not stolen.
Besides, the easiest way to steal a car now and then is still to just use a tow truck. You don't need to find the owner and rebroadcast his signal to do that.
http://lkml.org/lkml/2005/8/20/95