Slashdot Mirror
War Texting Lets Hackers Unlock Car Doors Via SMS
alphadogg writes "Software that lets drivers unlock car doors and even start their vehicles using a mobile phone could let car thieves do the very same things, according to computer security researchers at iSec Partners. Don Bailey and fellow iSec researcher Mathew Solnik say they've figured out the protocols that some of these software makers use to remote control the cars, and they've produced a video showing how they can unlock a car and turn the engine on via a laptop. According to Bailey, it took them about two hours to figure out how to intercept wireless messages between the car and the network and then recreate them from his laptop. Bailey will discuss the research at next week's Black Hat conference in Las Vegas, but he isn't going to name the products they've hacked — they've looked at two so far — or provide full technical details of their work until the software makers can patch them."
I can understand small keychain devices being breakable but with all the power you’ve got available in a cell phone to not be able to come up with a secure challenge/response system seems ridiculous.
what does war sexting unlock?
How long until someone makes an app for that? Shouldn't be hard to work up an antenna for i* 30 pin port...
and my brick takes a second.
How would a manufacturer force people to upgrade the unlock mechanism in the cars?
As of 10/06/03, I hate COBOL developers.
Is there anybody that saw this "feature" and didn't immediately assume it was implemented in a really stupid and easily hackable way?
Hacking these features to steal cars is one possibility. How long before some vindictive prat uses this tech to brick the cars on the lot at a dealership.
Chevy's (GM) OnStar system provides an app for Android/Iphone that lets you start your car halfway around the world if you have their premium service....
I'm sure Chevy will release a TSB out to all their dealerships once they have a patch...
Previewing comments are for sissies!
An episode of Star Trek (I think it was on Voyager) has them end up on then-present-day Earth and when they need it, they steal a car this way. Anybody remember which one?
If I want to unlock the car, presumably I want to drive it. For that I'm going to need a key anyway, so...??
My car doesn't have a key, just a button to press. (Volkswagon, not a Ferrari or something else fancy). It just has a fob that needs to be in range for the "start" button to be enabled. This would be more convenient if my cell phone could be the fob, but only if it can't be hacked like this.
When I bought my last car in 2008 the insurance company guy asked me if it had anti-theft devices in the car. I said yes, it has a microchip in the key. So he says I get a discount because of it. Great news in my mind a discount. But now does this mean I go to buy my next car will I not get a discount because I will have to buy Car Hacker insurance? Or will I have to LoJack it too.
Paul: Father... father, the sleeper has awakened! - Dune
I remember in the early unencrypted days of this a client of mine looking particularly smug when he showed me how he could start his car with his remote keychain back when starting cars without being in them was all the rage. He waxed poetic about how bleeding edge he was, and while I let him have his epeen hard-on, I pointed my pda out the window and turned off his engine, promptly wiping the smug off his face.
Interesting, I've heard about these, but haven't used one yet. Still, one could argue that the "fob" is a key of sorts. In any case, you still need to "be there" to drive the car, and if a thief can open the door with a cell phone, he could probably drive away as well.
I wouldn't mind having a keypad/PIN-code system to use the car, but I'd want it to have at least an 8-digit password, and definitely NOT be accessible by wireless.
XML is like violence. If it doesn't solve your problem, you're not using enough of it. --AC
Speaking of KISS, it's hard to understand what the need for the new press a button thing on cars was supposed to be. (Fulfill a nonexistent need?)
Were there people crying out they were unable to start their cars with keys?
And the dead simple and foolproof way of turning the engine off if you need to? Now it's hold for 3 seconds to turn off?
I'm not a lawyer, but I play one on the Internet. Blog
From TFA:
Without knowing the details, this sounds a lot like a replay attack. Or possibly a version of one of the attacks used against ATMs, back when ATMs were new and relatively unguarded. You could tap into an ATM line and basically send commands like, "eject five $20 bills" over and over again, without too much trouble.
I have a 2010 Camaro SS, which has the older version of the OnStar firmware that is not compatible with their mobile app. Now I'm relatively happy about that. One less attack vector to worry about.
Bad assumption. You still need a physical 'key' to drive the car (the key may be a chip on your keyring in your pocket, but it still needs to be there).
Would have to be a rather old car, modern emission systems don't put out enough carbon monoxide to kill you.
Don't know something? Look it up. Still don't know? Then ask.
Not at the moment, but I grew up in Iowa, so I know all about cold winters. But I never thought it was that big a deal to run out and fire up the engine. Chances are you're going to have to scrape the windows anyway, so that's plenty of time to get the heater working. It might not be "toasty" in such a short time, but it'll be a lot better than being outside.
For that matter, what if it's so cold that your car doesn't start on the first try? Does it retry on its own, or do you have to send it another text msg? As you no doubt know, an older car often needs a little TLC to get started... does the software handle that for you?
My friend has an SUV with a phone-enabled car alarm system that calls him whenever the alarm gets tripped. Unfortunately, the alarm is so sensitive it often goes off whenever a heavy vehicle like a dump truck rumbles past. They've taken it to the dealer several times to get the thing adjusted, but it never seems to work.
I acknowledge that this "feature" would be useful for some people sometimes, but implementing it via SMS just screams all kinds of stupid.
XML is like violence. If it doesn't solve your problem, you're not using enough of it. --AC
Long ago on cars you didn't have to fumble with keys, you cranked the car.
Then came self-starters. You turned a key to enable the ignition system, then pushed a starter button. Key-as-starter-button came much later.
This goes back to the old time, simply push the starter button. Only now the key is high-tech wireless and you don't even have to insert or turn it, just have it in your pocket.
Speaking of KISS, it's hard to understand what the need for the new press a button thing on cars was supposed to be. (Fulfill a nonexistent need?)
The advantage isn't so much in being able to start the car, but to unlock the doors without even having to touch your key (which is useful if your hands are full, especially in bad weather). That feature was then extended to starting without the key in the ignition (the "no turn" interlock on the ignition switch is disabled by the proximity of the key). This then led to the completely useless push-button start.
The reason push-button start is useless is that you still need the other features of the ignition switch (steering wheel lock, accessory position, etc.), which means that a push-button doesn't reduce complexity in any way.
downloading a car is now possible!
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
This article seems to technical. Can someone summarize using a car analogy?
The start buttons are just cool. That's all the reason you need.
Is 1563649 a prime number?
I've seen a commercial for this and the way they presented it was as a means of letting a teenager to use the car, but requiring them to request permission to unlock and start it.
My only political goal is to see to it that no political party achieves its goals.
So, whenever there's a debate on Slashdot about "piracy" or copyright infringement, SOMEONE always makes the tired analogy about "stealing your car", and then someone else always corrects them about COPYING your car, leaving your original car behind.
Well now the pirates *can* steal your car!
And when the technology improves, there will be an app to COPY your car! And when anyone can COPY a car, what dinosour business model with the car manufacturers be forced into? Suing their own customers like the RIAA?
What a world!
If telephones are outlawed, then only outlaws will have telephones.
The steering lock is a solenoid -- or at the most basic, turning off the power steering. The ACC position is a matter of pushing the start button without touching the break.
My VW (traditional key) has no "ACC". If you want the radio on with the car off, simply trurn it on. (it'll run for about an hour and shutoff again.) The windows / sunroof won't work without the key in the run position -- or you can use the open/close trick with the key in the door lock.
I've thought about the same thing with my hybrid. Everything about the car is computer controlled... steering is electric assist (without that motor, you aren't driving), breaks are electronic (mechanical if you push them all the way to the floor), accelerator 100% electronic, transmission 100% electronic... it's one rogue program away from driving itself around the neighborhood. (and with the parking sensors, it can avoid people.) Killing the car requires getting in the trunk and pulling the big orange plug.
My car has an anti theft device that is nearly foolproof. Its a knob on the dashboard labeled 'Choke'. If you don't know what to do with it (and most people with no business on my lawn don't) that car isn't going anywhere. Heck, kids these days are stopped cold attempting to carjack a stickshift.
Have gnu, will travel.
It only took them two hours to figure out how to open the car with a laptop? And that's more frightening than the old fashioned way that takes 2 seconds with a brick?
>The advantage isn't so much in being able to start the car, but to unlock the doors without even having to touch your key
Yeah, the thing that keeps popping into my head is car jackings:
A guy's waiting somewhere in the 5-acre Walmart parking lot. When you get near your car, he opens the door and hustles you inside, too. He can open the door because the car so helpfully just unlocked everything when you walked by.
Scenario #2: You've got your laptop (or something else) on the passenger seat. You so much as walk near your car, and the guy opens the door and grabs your stuff and runs.
I'm not a lawyer, but I play one on the Internet. Blog
It's like this: would your trust driving a car on software you wrote yourself?
Yeah, ok, so the guys who write embedded are a different breed of programmer, never make mistakes, etc.
The problem is, we're losing all concept of fail-safe.
And with the new push for touch-screen games on windows (!), and in-dash either entertainment or navigation plus the inevitable iPhone and Android integration, we're setting ourselves up for car viruses. The funny this, most people will just shrug and say you should've updated your automobile anti-virus.
I'm not a lawyer, but I play one on the Internet. Blog
That used to be true. Today, on average, they're just as horrible and short sighted as everyone else -- fast and cheap are the rule. (and I started out in that world... writing assembly. but in those days, every byte and every cycle mattered, because you had very little of either.) Even NASA and medical systems are starting to show fault.
... is an excessively constricted form of the problem. A less-wrong form would be :
No, seriously ; if you can do anything, then the bad guys can do it too. The only hope of preventing the bad guys from doing it is to make it more expensive for them to do it than would allow them a reasonable return on the effort, thus persuading them to fuck off and find somewhere easier to steal from.
Has someone posted the obligatory XKCD? I can't get to the site - blocked by my ISP/ employer - to remember the cartoon number. The one with the billion dollar code-breaking machine (and the nerd) being beaten by the five dollar kneecap-breaking machine.
I suppose it might be considered a compliment that XKCD is blocked at the ground station, but it probably just gets hit on a brought-in list of not-work domains.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
"Is it even possible to buy a new car without electric windows these days"
yea look at kia, they have better gas mileage more airbags, more horse power, and can cost as little at 10 grand brand new, but for that price you not only give up power windows and locks but also power steering, AC and sometimes a radio
yea that fob is just a signal being broadcast to anyone with a 434Mhz receiver and usually ends up being less secure than that wheel lock thing that came on your free airline rewards bag.
good night!
nah its just like your computer, there is a hidden switch in the trunk
Is it even possible to buy a new car without electric windows these days?
My brand new GMC Sierra pickup has manual windows, manual door locks and no cruise control. If you look around, you can find things without easily enough.
The American Dream has too much grinding and the leveling makes no sense. -GameboyRMH (1153867)
My selection bias suggests the two targets identified will be General Motors, Ford, or Chrysler. I wouldn't rule out Mazda or Toyota either.
"Sufficiently complicated financial instruments are indistinguishable from fraud." --bmcraec
Scenario #2: You've got your laptop (or something else) on the passenger seat. You so much as walk near your car, and the guy opens the door and grabs your stuff and runs.
All the cars I have seen with proximity keys allow you to config what happens when you get close (nothing, unlock driver, unlock all), so this shouldn't be a problem with the correct config.
The worse problem is the relay of the signal. If you know a car has no option other than a proximity key, you simply have your confederate follow the driver into the mall, and the two-way radios you each have will extend the distance of the key signal. Then, you climb in the car and drive away to the chop shop.