War Texting Lets Hackers Unlock Car Doors Via SMS

alphadogg writes "Software that lets drivers unlock car doors and even start their vehicles using a mobile phone could let car thieves do the very same things, according to computer security researchers at iSec Partners. Don Bailey and fellow iSec researcher Mathew Solnik say they've figured out the protocols that some of these software makers use to remote control the cars, and they've produced a video showing how they can unlock a car and turn the engine on via a laptop. According to Bailey, it took them about two hours to figure out how to intercept wireless messages between the car and the network and then recreate them from his laptop. Bailey will discuss the research at next week's Black Hat conference in Las Vegas, but he isn't going to name the products they've hacked — they've looked at two so far — or provide full technical details of their work until the software makers can patch them."

Pathetic

[Anrego]

I can understand small keychain devices being breakable but with all the power you’ve got available in a cell phone to not be able to come up with a secure challenge/response system seems ridiculous.

Re:Pathetic

[MozeeToby]

Indeed, how hard would it be to have a one time pad setup? Most banks will give you a secureID fob for $5, similar techniques would make this kind of thing almost impossible. It's just pure laziness in my opinion.

Re:Pathetic

This reminds me of a time back in the late 90s when I borrowed a friend's Corvette. He had one of those IR keyfobs for unlocking the doors and I was able to capture the signal from it using my old Palm III and a programmable universal TV remote application. He was pretty surprised when I showed him I could open his car.

Re:Pathetic

What, do you think that hmac-sha1 grows on trees? You cannot just go out and make up a new pass code you know.

Re:Pathetic

[Anrego]

Most banks will give you a secureID fob for $5

Not here in Canada! :(

Seriously.. anyone knows a bank in Canada (that services NS) that does this chime in! Paypal does it.. WoW does it.. why the hell won't the banks here do it!

RBC will do it if you are a corporate customer.. which is even more baffling. "We have it implemented... just not for you".

Re:Pathetic

[mlts]

With some alarm systems having two-way remotes, it would be nice if more car makers just went with a cryptographically sound setup. It isn't that hard -- pairing could be done via some type of NFC communication, and the communication could be three way -- remote sends a request for a challenge ID, car sends a nonce, remote sends the command the user wants and the nonce, both signed with the remote's key. Of course the downside of this method is having to have a remote with the CPU power to deal with RSA, especially larger keys, because the compute power to sign/decode goes up by the cube of the keylength (which means a 2048 bit key takes eight times as long to do stuff than a 1024 bit key.)

Re:Pathetic

[Anrego]

Of course the downside of this method is having to have a remote with the CPU power to deal with RSA, especially larger keys, because the compute power to sign/decode goes up by the cube of the keylength (which means a 2048 bit key takes eight times as long to do stuff than a 1024 bit key.)

This is why it was excusable for keychain devices running off watch batteries to lack such measures. Any cell phone however could easily handle this.

Re:Pathetic

[mlts]

What is ironic is that if one looks at cell phone CPUs, anything since the old TI OMAP chips almost certainly have special instructions to deal with the needs of array shifting (for AES), or for exponentiation (for RSA).

Maybe the CPU in the car might be different, but common sense says that dropping a low power ARM chip in to handle this would be the best thing for car makers.

In these days where security is actually being tried by blackhats constantly, it is inexcusable to not take reasonable measures.

Re:Pathetic

[AJH16]

Honestly it is even easier than that since you can use a challenge response mechanism that the car always asks a slightly different question so that the previous answer is worthless. It's effectively an automated version of the same concept that the secureIDs provide by verifying that a valid private key is held by the device requesting authentication.

Re:Pathetic

Well, that would be a perfect solution, as long as you only planned using the car once.

Re:Pathetic

[TheLink]

But how many car thieves steal cars in "clever" ways? Would such measures actually reduce the theft rates and decrease the average cost (factoring risk * impact of theft etc)? Think more expensive locks, more expensive calls to locksmiths when they can't break into their own cars coz they lost or forgot the "keys" ;).

So far thieves use bricks, and/or they just tow the entire car away (or put in a truck). Or hijack the car (either directly confronting you, or by crashing into your car so that you get out).

Thieves could resort to this: http://www.youtube.com/watch?v=2r9VW0nTTrk

But I doubt most would even bother.

Re:Pathetic

[mlts]

Very true. A thief can always chuck a brick through a car window and get in. However, a lot of European cars have deadlocking mechanisms where a thief is going to have to try to scramble in and out through the broken window... while the inside alarm is blasting at 120+ dB.

However, the thing with car remotes is that a method of compromise merely means a thief just hits the remote, locks pop open, and all items in the vehicle are theirs.

Another thing is that if there is zero signs of forced entry, insurance is not going to cover stolen goods. With forced entry (and a police report to go with it), one has a lot higher chance of getting their claim approved and money back, as opposed to just a story with no real evidence that something was there, then it isn't. This is the same reason why it is important to use high security locks -- so if an intruder gets in, there are telltale signs left.

Re:Pathetic

[F.Ultra]

You don't need to use computing intense algos like RSA, since this is data send over the air and not typed in by the user you simply can use a 256-bit nonce and reply which is encrypted with AES or simply hashed with SHA-256.

Re:Pathetic

[wintertargeter]

They don't even use a salt? or a KDF? seriously people....

Re:Pathetic

Honestly it is even easier than that since you can use a challenge response mechanism that the car always asks a slightly different question so that the previous answer is worthless. It's effectively an automated version of the same concept that the secureIDs provide by verifying that a valid private key is held by the device requesting authentication.

You should have looked up the definition of a "one-time pad" before you posted.

Re:Pathetic

[drinkypoo]

For valuable cars, no, the thief cannot just throw a brick through a window. Even on even some American cars costing around $40k, there is a security module locked to the PCM which must be engaged before the engine will be started. You have to change the PCM and the security module (which is attached to the column which may actually have to be dropped to replace it) before you can drive such a car away, if you can't simply defeat the locking system. Luckily for thieves, there is a thriving Chinese market in producing vehicle unlock tools. Even systems with rotating keys have been compromised and all that is needed is to be in range during one use of the key fob to unlock, after which you can use the tool to perform the subsequent unlock. You can buy several of these tools from DealExtreme.

That's all well and good, but...

[theillien]

what does war sexting unlock?

Re:That's all well and good, but...

Your mom.

Re:That's all well and good, but...

[kingsqueak]

Pay toilets...but keep your stance narrow my friend.

Re:That's all well and good, but...

[dragon-file]

Caught an episode of modern marvels about toilets and they discussed the pay toilets of new york. They actually didn't seem that bad, but then again, i don't have a smell-o-vision.

Re:That's all well and good, but...

[theillien]

I think I saw that. It had a pay toilet with one-way glass for walls in the middle of a city. It allows people to see out, but people can't see in.

Re:That's all well and good, but...

[dragon-file]

was the rest of it made from what looked like brushed stainless steel? Than yes, that was it.

Re:That's all well and good, but...

[davester666]

That's exactly what you want people using a public washroom doing. Losing focus on the task at hand because of what's going on around them.

Stealing a car? There's an app for that!

[leetrout]

How long until someone makes an app for that? Shouldn't be hard to work up an antenna for i* 30 pin port...

Apologize, to, the, CARRRRRRR

I'm sorry I tried to steal you!

only took 2 hrs

[luther349]

and my brick takes a second.

Re:only took 2 hrs

2 hours...the first time. And your brick is slightly more conspicuous.

Re:only took 2 hrs

and my brick takes a second.

I've love to see you start the engine with your brick

Re:only took 2 hrs

[bws111]

Other than wasting some fuel, what good does starting the engine do?

Re:only took 2 hrs

It's rather a necessity if the vehicle doesn't happen to be exactly where you want it. For example few drivers park inside of the chop shop.

Re:only took 2 hrs

If the things they are hacking use the remote start feature built into most modern cars, it will start the car to warm up, but you can't actually drive it without the key. Without the key, as soon as you step on the brakes to shift into gear, the engine shuts off.

It's not a good thing that they are so weak they were broken quickly, but this isn't "everybody panic, you car is going to be stolen" time.

Re:only took 2 hrs

[bws111]

Nowhere did they say they could drive the car, just start the engine. My car has a remote start key fob. You can start the engine with it. Theoretically, someone else could also start the engine if they have the correct code. However, if you don't have the physical key in the ignition, as soon as you touch any control, including the brake pedal, the engine shuts off. It does no good to start the engine if you can't actually use it to move the vehicle.

Re:only took 2 hrs

[shoehornjob]

Laugh my motha fkkin a$$ off. That was funny. Sorry I don't have any more mod points.

Re:only took 2 hrs

[spamking]

That might be the case where vehicles are equipped with remote start, but what about those with the push button start? Once you get them started do you need the fob to actually put it in gear?

Re:only took 2 hrs

[Thud457]

I drive a stick, you insensitive clod!
that's OK, I didn't really want my car stolen anyway...

Re:only took 2 hrs

[dwreid]

You can warm up your car in the winter before going out to sit in an unbearably cold car. Orrrrr.... you can waste your cheating wife by putting her drugged self in the car in the garage and then taking the train downtown. Start up the car once your alibi is established and voila... suicide. Just saying...

Re:only took 2 hrs

[kelemvor4]

Nowhere did they say they could drive the car, just start the engine. My car has a remote start key fob. You can start the engine with it. Theoretically, someone else could also start the engine if they have the correct code. However, if you don't have the physical key in the ignition, as soon as you touch any control, including the brake pedal, the engine shuts off. It does no good to start the engine if you can't actually use it to move the vehicle.

That would take some getting used to. I always hit the brake before I turn the key. Habit, I guess.

Re:only took 2 hrs

[bws111]

Yeah, me too. I manage to kill the engine just about every time I use the remote start.

Re:only took 2 hrs

[Cramer]

YES. And the electronic ignition system won't leave idle.

Re:only took 2 hrs

[peragrin]

depends on the system. With Nissan's the answer is no. the FOB doesn't need to be present that way you can use the valet key. however it will then only restart with the valet key unless you walk out and walk back into range.

Re:only took 2 hrs

[luther349]

its true no car thefe is gonna sit on his laptop for 2 hrs to hack the remote start. hes gonna smash and grab it and be gone in 30 seconds or less.

Re:only took 2 hrs

I see they have Internets in jail, mr Reiser. Too bad you didn't try this one.

War texting?

How does texting figure into this?

How?

[Qwell]

How would a manufacturer force people to upgrade the unlock mechanism in the cars?

Re:How?

[Tekfactory]

Send a Recall Notice, you make an appointment, you go back to the dealer and they update the Firmware.

Re:How?

[Abstrackt]

How would a manufacturer force people to upgrade the unlock mechanism in the cars?

"If you don't upgrade your car will be a lot easier to steal."?

Re:How?

[Qwell]

They won't send such a notice unless they're told to by a court (or the lawsuit vs. recall formula).

Re:How?

The real fix....

Insurance won't cover out of date security measures.

Re:How?

[Cramer]

And how exactly would they know? They aren't going to waste the money in sending an agent out to actually check the car. (which is the only way to be 100% sure.)

Re:How?

They aren't going to waste the money in sending an agent out to actually check the car. (which is the only way to be 100% sure.)

Seems the quote slashdot decided to show me just beneath your comment disagrees. It said "I say we take off; nuke the site from orbit. It's the only way to be sure."

Re:How?

[drinkypoo]

And how exactly would they know? They aren't going to waste the money in sending an agent out to actually check the car. (which is the only way to be 100% sure.)

They send an agent out for every significant claim; in particular vehicles are "totaled" by an agent. If the vehicle still turns on they could find out with a simple scan tool. I believe these people are called "claims adjusters" ... ah yes, and in some places, "loss adjusters". That's a particularly more honest name for them because that's what the insurance company sees when it pays: a loss. And that's what they see you as the minute you actually need the services for which you've been paying.

Re:How?

[Cramer]

This is completely different than the issue of anti-theft devices. It's hard to verify the software *after* the car has been stolen.

Once the insurance company has agreed to cover the car and is taking your money, they cannot show up at an accident and retroactively cancel your coverage. (esp. for something that has nothing to do with an accident -- i.e. an outdated anti-theft system.) Now, if they can prove your car was stolen because of the anti-theft junk, then they may refuse your claim.

Not surprised

Is there anybody that saw this "feature" and didn't immediately assume it was implemented in a really stupid and easily hackable way?

Re:Not surprised

[Tekfactory]

No, I saw the commercial with the two guys calling the guy's wife on the plane and asking for her to unlock the car with OnStar from her iPhone. I immediately thought that my wife does not have an iPhone, or a smartphone of any kind. And that I would not be able to do it until they wrote an app for my Droid.

I was passed a story on something like this a monthy ago, and was reminded of the kids in the 90s using Palm Pilots to copy and replay InfaRed signals from people remotes to steal cars.

So the real assumption is all consumer electronics are hackable, you get dissappointed less that way.

How long before someone bricks an expensive car

[djl4570]

Hacking these features to steal cars is one possibility. How long before some vindictive prat uses this tech to brick the cars on the lot at a dealership.

Re:How long before someone bricks an expensive car

Substantially less time, now that you've published the idea. It's all your fault!! I can't believe you gave away the secret!! The password is Swordfish!!

Re:How long before someone bricks an expensive car

[DeadCatX2]

Or someone bricks your car on the highway while you're driving it because you cut them off.

Re:How long before someone bricks an expensive car

[MacGyver2210]

This. I want this. Must shutdown asshole drivers.

Re:How long before someone bricks an expensive car

[BitterOak]

Or someone bricks your car on the highway while you're driving it because you cut them off.

Is that necessarily a bad thing?

Re:How long before someone bricks an expensive car

I probably wouldn't want to brick any cars who JUST cut me off...

It would be much safer to brick cars that YOU just cut off...

Re:How long before someone bricks an expensive car

I dunno, how often does someone needs to get out of their car, lock the door, and need to unlock their door to get back in-- while on the highway.

Re:How long before someone bricks an expensive car

[silas_moeckel]

Can I just auto brick the drivers that tailgate me. Bricking the car that just cut me off seems like a bad idea. Smart4two (or whatever ya call those tiny things) think that 6 feet is enough distance when I'm doing 75 down hill between the 3.5 ton me/vehicle and a semi in front of me, I disagree with there assumption.

Re:How long before someone bricks an expensive car

[SleazyRidr]

That's the beauty of it, they don't even realise anything's wrong until hours later! You're then lost among the thousands of people who've been close enough to the car to do it.

Re:How long before someone bricks an expensive car

[Amouth]

add this to northstar - where remotely they can turn the engine on and off - then it gets interesting.

Re:How long before someone bricks an expensive car

[Dan541]

That really is a tempting idea.

Re:How long before someone bricks an expensive car

[AmberBlackCat]

If the car's system has a way to completely shut down the car while you're driving at high speed then they have bigger problems than people figuring out the protocol they used.

Re:How long before someone bricks an expensive car

[DeadCatX2]

I think you and some other commenters misunderstand my point. Bricking is not a "feature" of hardware, it's a bug that is exploited by an attacker. Of course the hardware engineers designing this tech aren't going to include a "click here to brick your car!" button.

Have you ever heard of the CAN bus? CAN stands for "Controller Area Network". It's how all the MCUs in a car talk to each other. For instance, the door lock's MCU communicates with other MCUs in the car using the CAN bus.

A malicious attacker could exploit a flaw in the door lock's MCU to shut down the CAN or even potentially reprogram the ECU. Cruise control could be turned on and told to accelerate to max speed. Windows could be put down or up. Windshield washers could be told to activate. An automatic engine could be told to switch to first gear. etc.

Re:How long before someone bricks an expensive car

[djl4570]

Your thoughts are along the lines of my original comment. I don't know all the bits of the technology, only that someone who does know will eventually hack the equivalent of root access to the technology. This access could be used for theft or just to annoy owners by reprogramming the radio presets or temperature controls to bricking the electronics by corrupting the firmware.

Re:How long before someone bricks an expensive car

You do realize that if they just cut you off they're going to be right in front of you?

Re:How long before someone bricks an expensive car

[seanvaandering]

Or someone bricks your car on the highway while you're driving it because you cut them off.

You mean with a real brick?

Re:How long before someone bricks an expensive car

[sorak]

ssh <<license number>>
login: admin
password:

shutdown -h now

Re:How long before someone bricks an expensive car

[RivenAleem]

You need to be stationary for that to properly work. Sure you'd do a bit of damage, perhaps startle the driver, but you don't have the force of a car moving at 60mph+ helping you out. You really want to be standing on the side of the road and throwing the brick into the oncoming traffic.

And I'm totally not speaking from experience. No, not at all.

New 2011+ Chevy owners beware...

[madhatter256]

Chevy's (GM) OnStar system provides an app for Android/Iphone that lets you start your car halfway around the world if you have their premium service....

I'm sure Chevy will release a TSB out to all their dealerships once they have a patch...

When SkyNet comes...

It will be worse than in fiction.

Predicted by Star Trek

[devjoe]

An episode of Star Trek (I think it was on Voyager) has them end up on then-present-day Earth and when they need it, they steal a car this way. Anybody remember which one?

Re:Predicted by Star Trek

[Marc+Madness]

Didn't they also do this in Gone in 60 Seconds (the modern Nicholas Cage version). Sometimes truth is stranger than fiction.

Re:Predicted by Star Trek

[MacGyver2210]

I recall they did something similar in an episode of Enterprise when Tepal and Archer needed to steal a car. Unfortunately, I think the car was like a '70s Challenger or something that would never have had automatic locks, much less iPhone control.

Re:Predicted by Star Trek

It was a Dodge Ram, '96 or '97 model. (The episode was ST:VOY 308 "Future's End".)

They did this in Enterprise's time-travel episodes too.

I still don't get the point of the thing, though. How is pulling out your phone, tapping "car", entering a password, etc. any more convenient than "stick key in lock, turn"? It's more expensive, there's more to go wrong, it's harder to fix when it does go wrong, there's no clear benefit, there are many possible downsides. This is what mechatronics profs used to call "bad engineering".

Re:Predicted by Star Trek

[Kirin+Fenrir]

I hate myself for remembering this, but they actually stole a truck, and a pretty modern one. So it is reasonable.

Feature bloat vs. the KISS principle...

[taiwanjohn]

While unlocking my car with a txt msg is nifty and cool, I don't see the point. If I want to unlock the car, presumably I want to drive it. For that I'm going to need a key anyway, so...??

Sure, you can imagine a weird scenario where this would be useful... you locked your keys in the car, etc... but every time they add a new convenience (electric locks, electric windows) that's another failure point to deal with. Is it even possible to buy a new car without electric windows these days?

It's bad enough when the nifty features are analog devices, but when they cross the line into network-aware digital tech, the hazards increase exponentially.

Re:Feature bloat vs. the KISS principle...

[ilo.v]

If I want to unlock the car, presumably I want to drive it. For that I'm going to need a key anyway, so...??

My car doesn't have a key, just a button to press. (Volkswagon, not a Ferrari or something else fancy). It just has a fob that needs to be in range for the "start" button to be enabled. This would be more convenient if my cell phone could be the fob, but only if it can't be hacked like this.

Re:Feature bloat vs. the KISS principle...

What if you wanted to kill yourself from carbon monoxide poisoning? An unventilated garage and a sms sent via laptop to the car and ohh no!
Then sue the manufacturer for creating an unsafe product.
Win.

Re:Feature bloat vs. the KISS principle...

While unlocking my car with a txt msg is nifty and cool, I don't see the point. If I want to unlock the car, presumably I want to drive it. For that I'm going to need a key anyway, so...??

It would be my guess that the vehicles that support this technology also support the new way of starting the engine: a push button. The assumption is that once you're in, you don't need any further "authorization."

Re:Feature bloat vs. the KISS principle...

You don't live somewhere cold. Remote car starters are nice but they don't have enough range. In addition, you don't have to walk back to your desk to get your keys to start your car when you have a cell phone with you.

I don't know from personal experience. My car is 15 years old and doesn't even have power locks.

Re:Feature bloat vs. the KISS principle...

[Compaqt]

Speaking of KISS, it's hard to understand what the need for the new press a button thing on cars was supposed to be. (Fulfill a nonexistent need?)

Were there people crying out they were unable to start their cars with keys?

And the dead simple and foolproof way of turning the engine off if you need to? Now it's hold for 3 seconds to turn off?

Re:Feature bloat vs. the KISS principle...

You can steal things from inside the car when it's unlocked though. And if you're unlocking it with a phone, you're far less conspicuous than breaking the window, and look like the owner of the car legitimately grabbing something you need from the back seat.

Re:Feature bloat vs. the KISS principle...

[bws111]

Bad assumption. You still need a physical 'key' to drive the car (the key may be a chip on your keyring in your pocket, but it still needs to be there).

Re:Feature bloat vs. the KISS principle...

[Jeng]

Would have to be a rather old car, modern emission systems don't put out enough carbon monoxide to kill you.

Re:Feature bloat vs. the KISS principle...

[nabsltd]

Speaking of KISS, it's hard to understand what the need for the new press a button thing on cars was supposed to be. (Fulfill a nonexistent need?)

The advantage isn't so much in being able to start the car, but to unlock the doors without even having to touch your key (which is useful if your hands are full, especially in bad weather). That feature was then extended to starting without the key in the ignition (the "no turn" interlock on the ignition switch is disabled by the proximity of the key). This then led to the completely useless push-button start.

The reason push-button start is useless is that you still need the other features of the ignition switch (steering wheel lock, accessory position, etc.), which means that a push-button doesn't reduce complexity in any way.

Re:Feature bloat vs. the KISS principle...

[SleazyRidr]

The start buttons are just cool. That's all the reason you need.

Re:Feature bloat vs. the KISS principle...

[NonSequor]

I've seen a commercial for this and the way they presented it was as a means of letting a teenager to use the car, but requiring them to request permission to unlock and start it.

Re:Feature bloat vs. the KISS principle...

I didn't know you can sue after you died of carbon monoxide poisoning.

Re:Feature bloat vs. the KISS principle...

[Cramer]

The steering lock is a solenoid -- or at the most basic, turning off the power steering. The ACC position is a matter of pushing the start button without touching the break.

My VW (traditional key) has no "ACC". If you want the radio on with the car off, simply trurn it on. (it'll run for about an hour and shutoff again.) The windows / sunroof won't work without the key in the run position -- or you can use the open/close trick with the key in the door lock.

Re:Feature bloat vs. the KISS principle...

[Cramer]

I've thought about the same thing with my hybrid. Everything about the car is computer controlled... steering is electric assist (without that motor, you aren't driving), breaks are electronic (mechanical if you push them all the way to the floor), accelerator 100% electronic, transmission 100% electronic... it's one rogue program away from driving itself around the neighborhood. (and with the parking sensors, it can avoid people.) Killing the car requires getting in the trunk and pulling the big orange plug.

Re:Feature bloat vs. the KISS principle...

[Compaqt]

>The advantage isn't so much in being able to start the car, but to unlock the doors without even having to touch your key

Yeah, the thing that keeps popping into my head is car jackings:

A guy's waiting somewhere in the 5-acre Walmart parking lot. When you get near your car, he opens the door and hustles you inside, too. He can open the door because the car so helpfully just unlocked everything when you walked by.

Scenario #2: You've got your laptop (or something else) on the passenger seat. You so much as walk near your car, and the guy opens the door and grabs your stuff and runs.

Re:Feature bloat vs. the KISS principle...

[Compaqt]

It's like this: would your trust driving a car on software you wrote yourself?

Yeah, ok, so the guys who write embedded are a different breed of programmer, never make mistakes, etc.

The problem is, we're losing all concept of fail-safe.

And with the new push for touch-screen games on windows (!), and in-dash either entertainment or navigation plus the inevitable iPhone and Android integration, we're setting ourselves up for car viruses. The funny this, most people will just shrug and say you should've updated your automobile anti-virus.

Re:Feature bloat vs. the KISS principle...

[Cramer]

the guys who write embedded are a different breed of programmer...

That used to be true. Today, on average, they're just as horrible and short sighted as everyone else -- fast and cheap are the rule. (and I started out in that world... writing assembly. but in those days, every byte and every cycle mattered, because you had very little of either.) Even NASA and medical systems are starting to show fault.

Re:Feature bloat vs. the KISS principle...

[Osgeld]

"Is it even possible to buy a new car without electric windows these days"

yea look at kia, they have better gas mileage more airbags, more horse power, and can cost as little at 10 grand brand new, but for that price you not only give up power windows and locks but also power steering, AC and sometimes a radio

Re:Feature bloat vs. the KISS principle...

[Osgeld]

yea that fob is just a signal being broadcast to anyone with a 434Mhz receiver and usually ends up being less secure than that wheel lock thing that came on your free airline rewards bag.

good night!

Re:Feature bloat vs. the KISS principle...

[Osgeld]

nah its just like your computer, there is a hidden switch in the trunk

Re:Feature bloat vs. the KISS principle...

[vonart]

Is it even possible to buy a new car without electric windows these days?

My brand new GMC Sierra pickup has manual windows, manual door locks and no cruise control. If you look around, you can find things without easily enough.

Re:Feature bloat vs. the KISS principle...

[nabsltd]

Scenario #2: You've got your laptop (or something else) on the passenger seat. You so much as walk near your car, and the guy opens the door and grabs your stuff and runs.

All the cars I have seen with proximity keys allow you to config what happens when you get close (nothing, unlock driver, unlock all), so this shouldn't be a problem with the correct config.

The worse problem is the relay of the signal. If you know a car has no option other than a proximity key, you simply have your confederate follow the driver into the mall, and the two-way radios you each have will extend the distance of the key signal. Then, you climb in the car and drive away to the chop shop.

Not black hat at all

but he isn't going to name the products they've hacked or provide full technical details of their work until the software makers can patch them.

Well that's not black hat at all.

Car & Hacker insurance?

[BetaDays]

When I bought my last car in 2008 the insurance company guy asked me if it had anti-theft devices in the car. I said yes, it has a microchip in the key. So he says I get a discount because of it. Great news in my mind a discount. But now does this mean I go to buy my next car will I not get a discount because I will have to buy Car Hacker insurance? Or will I have to LoJack it too.

Re:Car & Hacker insurance?

[statusbar]

No, it means when a your anti-theft device is compromised via a hack and your care is stolen, the insurance company will not believe you and will tell you that you are trying to defraud the insurance company by faking a theft - since the anti-theft device is, by their analysis, "unbreakable". There is already precedence for this.

--jeffk++

Re:Car & Hacker insurance?

There is already precedence for this.

[citation needed]

Re:Car & Hacker insurance?

[Cramer]

That anti-theft devices do nothing to stop someone from pulling your car onto a low-boy and hauling it away. (Repo men do this every day.)

Re:Car & Hacker insurance?

[Stray7Xi]

If an insurance company can't correctly assess risks on their internal books, then they're out of business. But they can still do whatever they want to try and weasel out of things.

Old news.

I remember in the early unencrypted days of this a client of mine looking particularly smug when he showed me how he could start his car with his remote keychain back when starting cars without being in them was all the rage. He waxed poetic about how bleeding edge he was, and while I let him have his epeen hard-on, I pointed my pda out the window and turned off his engine, promptly wiping the smug off his face.

Re:

[taiwanjohn]

Interesting, I've heard about these, but haven't used one yet. Still, one could argue that the "fob" is a key of sorts. In any case, you still need to "be there" to drive the car, and if a thief can open the door with a cell phone, he could probably drive away as well.

I wouldn't mind having a keypad/PIN-code system to use the car, but I'd want it to have at least an 8-digit password, and definitely NOT be accessible by wireless.

Replay attack?

[Lord+Grey]

From TFA:

With these mobile car apps, the phone connects to a server that then sends secret numerical keys to the car in order to authenticate itself, but the iSec researchers figured out ways to get around this by looking at the messages sent between the server and the car over the mobile network, Bailey said in an interview. "We reverse-engineer the protocol and then we build our own tools to use that protocol to contact that system," he said.

Without knowing the details, this sounds a lot like a replay attack. Or possibly a version of one of the attacks used against ATMs, back when ATMs were new and relatively unguarded. You could tap into an ATM line and basically send commands like, "eject five $20 bills" over and over again, without too much trouble.

I have a 2010 Camaro SS, which has the older version of the OnStar firmware that is not compatible with their mobile app. Now I'm relatively happy about that. One less attack vector to worry about.

Re:Replay attack?

[gv250]

From TFA:

With these mobile car apps, the phone connects to a server that then sends secret numerical keys to the car in order to authenticate itself,

So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

Re:Replay attack?

[seanvaandering]

I have a 2010 Camaro SS, which has the older version of the OnStar firmware that is not compatible with their mobile app. Now I'm relatively happy about that. One less attack vector to worry about.

Yeah isn't it great? Actually, I've got a little older model, it looks and runs like the same car from The Flintstones, and doesn't have any of those fancy electro-gizmos like an "engine". Just good ol' feet power my baby, so they they want to come along and steal it, they're welcome to!

Re:somewhere cold

[taiwanjohn]

Not at the moment, but I grew up in Iowa, so I know all about cold winters. But I never thought it was that big a deal to run out and fire up the engine. Chances are you're going to have to scrape the windows anyway, so that's plenty of time to get the heater working. It might not be "toasty" in such a short time, but it'll be a lot better than being outside.

For that matter, what if it's so cold that your car doesn't start on the first try? Does it retry on its own, or do you have to send it another text msg? As you no doubt know, an older car often needs a little TLC to get started... does the software handle that for you?

My friend has an SUV with a phone-enabled car alarm system that calls him whenever the alarm gets tripped. Unfortunately, the alarm is so sensitive it often goes off whenever a heavy vehicle like a dump truck rumbles past. They've taken it to the dealer several times to get the thing adjusted, but it never seems to work.

I acknowledge that this "feature" would be useful for some people sometimes, but implementing it via SMS just screams all kinds of stupid.

High tech twist on ancient KISS

[Quila]

Long ago on cars you didn't have to fumble with keys, you cranked the car.

Then came self-starters. You turned a key to enable the ignition system, then pushed a starter button. Key-as-starter-button came much later.

This goes back to the old time, simply push the starter button. Only now the key is high-tech wireless and you don't even have to insert or turn it, just have it in your pocket.

Security Researchers

I have always wondered how many hackers and bad guys get their info from what security researchers reveal.

Well, it looks like

[Khyber]

downloading a car is now possible!

I don't understand.

[ahecht]

This article seems to technical. Can someone summarize using a car analogy?

Copyright Infringement and Cars

[tekrat]

So, whenever there's a debate on Slashdot about "piracy" or copyright infringement, SOMEONE always makes the tired analogy about "stealing your car", and then someone else always corrects them about COPYING your car, leaving your original car behind.

Well now the pirates *can* steal your car!

And when the technology improves, there will be an app to COPY your car! And when anyone can COPY a car, what dinosour business model with the car manufacturers be forced into? Suing their own customers like the RIAA?

What a world!

Re:Copyright Infringement and Cars

Yo dawg, we herd you like cars so we put rapid prototyping in your car so your car can make cars that also make cars.

Re:Copyright Infringement and Cars

I really want to mod this redundant.

Anti theft device

[PPH]

My car has an anti theft device that is nearly foolproof. Its a knob on the dashboard labeled 'Choke'. If you don't know what to do with it (and most people with no business on my lawn don't) that car isn't going anywhere. Heck, kids these days are stopped cold attempting to carjack a stickshift.

WHITE HAT SCUM

"or provide full technical details of their work until the software makers can patch them."

If those people claim to be blackhats they are doing it wrong.

Only two hours?

[RapmasterT]

It only took them two hours to figure out how to open the car with a laptop? And that's more frightening than the old fashioned way that takes 2 seconds with a brick?

On lawns.

Get off mine!

People now make locks that

Physical locks now can have a new key by a digital id. Thanks .

In other news ...

[RockDoctor]

Software that lets drivers unlock car doors and even start their vehicles using a mobile phone could let car thieves do the very same things,

... is an excessively constricted form of the problem. A less-wrong form would be :

[Anything] that lets [anyone] [do anything] and even [anything else] using [anything] could let [anything] thieves do the very same things,

No, seriously ; if you can do anything, then the bad guys can do it too. The only hope of preventing the bad guys from doing it is to make it more expensive for them to do it than would allow them a reasonable return on the effort, thus persuading them to fuck off and find somewhere easier to steal from.

Has someone posted the obligatory XKCD? I can't get to the site - blocked by my ISP/ employer - to remember the cartoon number. The one with the billion dollar code-breaking machine (and the nerd) being beaten by the five dollar kneecap-breaking machine.

I suppose it might be considered a compliment that XKCD is blocked at the ground station, but it probably just gets hit on a brought-in list of not-work domains.

3 Guesses

[bmcraec]

My selection bias suggests the two targets identified will be General Motors, Ford, or Chrysler. I wouldn't rule out Mazda or Toyota either.