Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Cars Vulnerable To Wireless Theft

Posted by timothy on from the unauthorized-driver-detected dept.

tkrotchko writes "In a story published by Technology Review, researchers have demonstrated multiple times that they can bypass the security of wireless entry and ignition systems to take a car without the owner's permission. As researchers in the article point out, car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away. Although this article is light on technical details, a companion article shows how the researchers accomplished the security bypass. An interesting read, and certainly something that will no doubt be the subject of a new movie any day now."

13 of 280 comments (clear)

  1. A movie, you say by jeffmeden · · Score: 4, Funny

    An interesting read, and certainly something that will no doubt be the subject of a new movie any day now.

    How about "gone in 60 microseconds"?

  2. Duhhhh by phantomcircuit · · Score: 5, Insightful

    I'm sure pretty much anybody who even remotely understands anything about tech saw this one coming.

  3. Nor surprising ... by gstoddart · · Score: 5, Interesting

    Apparently my mother in law used to have a civic with keyless entry ... in a small town of <30,000 there was another Civic of the exact same color which used the same code.

    They found out one time at the mall that they could each open the other's car.

    I bet there's not nearly enough uniqueness and security in these things.

    --
    Lost at C:>. Found at C.
    1. Re:Nor surprising ... by boom1shot · · Score: 4, Informative

      I guess it is possible, but it is human error; nothing else. I acquired certifications for 25+ sales people and finance managers at a dealership that sold 4 different manufacturer's lineups. It is possible to sync those keyfobs to two vehicles, as the keyfob itself is the actual authenticator to unlock the vehicle, in the communication between car and keyfob; and then car just authenticates that, "yes, you have sync'd me to this key before." Unlocking two cars with the same keyfob, regardless of whether or not it is a proximity fob with a continuous signal or a regular old push-button-to-unlock-fob, is only a matter of sync'ing both cars to that fob. It just means at some point in time, there was a cruddy mechanic who didn't decide to wipe the key because, "woops, I just sync'd this key to the wrong car... I wonder what I need to do." They leave the car to go ask someone, and then discover the key is still opening the car it belongs to. Works for them. Those keys didn't come from the OEM ready to open both cars. No way, no how.

    2. Re:Nor surprising ... by whoever57 · · Score: 4, Informative

      In true slashdot fashion I shall pontificate without RTFA.

      And you would be completely, 100% wrong.

      The keys rely on proximity. What the "attackers" did was to provide a boost to the signals sent out by the car, causing the key to respond at much larger distances from the car than normal. The near-proximity requirement only works one way (from the car to the key), so the key will respond to the boosted signals and the car will pick up the reply if the key is within 100 meters. This attack would allow a key inside a house to unlock and start a car on the driveway.

      --
      The real "Libtards" are the Libertarians!
  4. Ross Anderson by betterunixthanunix · · Score: 4, Interesting

    Ross Anderson's security engineering textbook discusses this problem, as well as how cryptographic systems like Keeloq might be attacked, and some other related topics. I am going to guess, though, that the manufacturer's view is that a thief with the technical skills needed to take advantage of these vulnerabilities is rare (not saying I necessarily agree) and that most thieves will just smash the window and try to steal the radio before the cops arrive (do people still steal car radios?).

    --
    Palm trees and 8
    1. Re:Ross Anderson by fuzzyfuzzyfungus · · Score: 5, Insightful

      The problem with the manufacturer's view(banks seem to approach ATM skimmers with the same naivete) is that it only takes somebody with technical skills to do the actual cryptoanalysis, followed by some opportunist with a shady supply chain to "productize" the hack into something that you'll be able to buy over the internet for a few hundred or thousand dollars and operate with about as much difficulty as the average MP3 player...

      Obviously, if every thief had to make his own tools, the intersection between people who can analyze novel(if flawed) cryptosystems and then build attack hardware that puts out sufficiently clean RF output exploiting whatever vulnerabilities exist and the people who steal cars for a living is pretty much zero. Stealing cars just isn't lucrative enough, unless times are very hard for engineers of reasonable talent.

      That isn't the way it works, though. The guys doing the break-n'-grab are just peons using tools created by others(apparently, with ATM skimmers, there are even "franchise" style setups, where you get access to the hardware in exchange for uploading a percentage of your skims to your sponsor...) And, building sophisticated electronic tools is a perfectly fine business, definitely worth the time of talented people, particularly ones in locales with weakish rule of law and relatively low local wages...

      Analyzing a system's security by saying "eh, how many carjackers are cryptoanalysts?" is sort of like dismissing the risks of a bad neighborhood by saying "Eh, how many muggers are machinists and gunsmiths?" It is true that the answer is "Not many, possibly zero"; but that won't exactly keep you from getting shot.

  5. I saw this happen last Knight by Anonymous Coward · · Score: 5, Funny

    So I was drinking a wine cooler and watching Knight Rider last night and Some dude totally hacked Kit using a TI computer and an ATARI joystick. This tech has obviously existed since the 80s. Sheesh.

  6. Take without permission, otherwise known as steal by noidentity · · Score: 5, Funny

    they can bypass the security of wireless entry and ignition systems to take a car without the owner's permission

    If only we had a word that meant taking something without the owner's permission...

  7. New patent: Unsnoopable car lock by Midnight+Thunder · · Score: 5, Funny

    This patent presents a locking system for automotive vehicles that can not be snooped by a nearby wireless hacker. This approach eliminates the need for problem prone wireless receivers and transmitters, whose signal can easily be captured by a third party in the vicinity. This devices presents an opening in the door of about 2mm x 5mm and requires the use of a specifically shaped piece of metal This piece of metal would be unique to each owner. Activation and deactivation is accomplished by a rotational action in either clock-wise or anti-clockwise directions.

    This patent is truly ground-breaking since it eliminates the need for an electronic system to function.

    --
    Jumpstart the tartan drive.
    1. Re:New patent: Unsnoopable car lock by TheL0ser · · Score: 5, Funny

      I can find no fault nor prior art with regards to your patent application. Your application is hereby approved. Please note that on the way out the door intent to sue forms are on your left, and a directory of lawyers on your right. For your convenience, we have also supplied a list of the largest companies that may be possible targets for your legislation. Thank you for visiting the Lawsuit-o-matic Patent Office, and have a nice day.

  8. Re:Take without permission, otherwise known as ste by thewils · · Score: 5, Funny

    That would be "copyright infringement" right?

    --
    Once I was a four stone apology. Now I am two separate gorillas.
  9. Re:I disabled keyless entry on my car by dgatwood · · Score: 4, Funny

    Yeah, and I might not post this.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.