Slashdot Mirror
The Future of Hi-Tech Auto Theft
NicknamesAreStupid writes "Over the past twenty years, car theft has declined as new models incorporated electronic security methods that thwarted simple hot-wiring. The tide may now be turning, as cars become the next Windows PC. The Center for Automobile Embedded Systems Security has posted an interesting paper from UCSD and UW that describes how modern cars can be cracked (PDF). Unlike the old days of window jimmies, these exploits range from attacks through the CD or iPod port to cellular attacks that take inventory of thousands of cars and offer roaming thieves Yelp-like choices ('our favorite is mint green with leather') with unlocked doors and running engines."
Yes I would download a car.
one of the reasons auto theft declined is police busted and closed chop shops that took and resold the parts. and you can now buy cheap off brand parts for any car as well. not like anyone stole cars back in the day for personal use
What a stupid fucking statement about Windows PC. What is that even supposed to mean? How is a modern car comparable to a computer running Windows? What version of Windows are we talking about here?
It's not clear to me why the CD player should even be on the same network as the engine-related microcontrollers.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
With the capability for devices to do remote start, or ONSTAR to do things like remotely unlock your doors, as well as wireless keyfobs. I figured we'd already have people with devices that can fake these signals to gain access to and start automobiles. Much like how there exist DIY RFID readers where you can just walk through a crowd and read all their passport RFIDs and so on.. CD, iPod, Bluetooth, and Cellular attacks. That's clever too.
So the other day I was on the bus and I saw this hot woman driving a car. I pulled out the iPhone, SSH'd into home and ran nmap on her license plate.
LOL, stupid woman didn't notice her gas cap was left off from the last fill but nmap caught it. Used nc to push 'fire.jpg' into her tank and she blew up.
True story, fucker.
Trolling is a art,
In many many ways we've been opening more security holes in our cars as time progressed, the wireless unlockers. Even if we pretend that wireless isn't heaven to sniff and spoof. People leave their keys out in all sorts of public places, not everyone locks them up at the gym, most people leave them unattended at a waterpark or beach etc... before wireless that was reasonable, no-one is going to steal my keys because there are 500 cars in the parking lot, nobody can try each one. now with wireless, if you steal someones keys, you can just walk around the lot and push a button to make it beep and find out where the car is.
I seriously doubt this will have much effect on car thievery. A jimmy and hotwiring are things pretty much anyone can do. On the other hand, hacking a car's PC is not a skill generally held by people who have an actual desire to steal cars. I expect a few very expensive cars will be stolen via high-tech means, but I wouldn't expect this to cause a noticeable change on cat theft rates for non luxury cars.
Help I'm a rock.
We need a car analogy here.
Ever watch bait car? They steal cars left and right!
Most cars except for Benz, are really easy to bypass there immobolizations. You just have to open the car's ECU and rip out the immobolization chip. You just get a check engine light on after the chip has been removed.
I'll stick with my trusty MagnaVolt System.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Which is why police love lojacks, often times they not only get the car back, but they catch the thief red handed.
Your car has been uploaded to iCloud and the criminal can now access it from anywhere!
Were in Vancouver when a theft ring wants a car they just show up with a flatbed and take it away. It doesn't even arouse suspicion.
They already own the car.
Dont worry about a thief stealing the car by using the CD player. All of these articles are pure FUD. they cant do a "Shadowrun" style unlock and start from standing outside the car and using their Uber haxor toolkit.
Do not look at laser with remaining good eye.
I have a Nissan with an Intelligent Key, so I can walk up to the car, push a button on the door handle, and the door unlocks. This is theoretically vulnerable to a relay station attack, where Mallory can put a radio in the next cubicle over and his accomplice stands outside with another radio, this "simulating" my key.
I doubt this would happen. If my car is even stolen, it will be by one of the following methods:
- Taking the physical key, whether by force (robbery/carjacking) or TWOC. TWOC is highly unlikely, since I keep my keys in my pocket, and at home, I have no roommate or teenage child to decide to take my car. My wife obviously has permission to drive my car.
- Towing. This would be quite easy, as people tend to ignore wreckers, assuming the car owner has requested towing, or that the car is parked illegally. This would most likely happen away from home, as I have a garage at home. This is also not very common.
I live in Tallahassee, FL, which was recently ranked the USA's 8th most dangerous city. LoJack isn't available here, but if it was, I'd most likely get it for both our cars, especially since it's a one-time cost.
Now, the Nissan Intelligent Key has one interesting quirk that I hope to never find out about. Assume a typical carjacking where the perp approaches my car with a gun and makes me get out, while he gets in and drives away. The Intelligent Key is in my pocket, so assuming the carjacker does not kidnap me or search my pockets, the first time he turns the ignition switch to off, he will be unable to restart the car without the key.
I used to have a car with the ultimate anti-theft device, and when my car is no longer worth maintaining, I will most likely get another one: a standard transmission. My current anti-theft device is that my car is a non-luxury mid-size, 5 years old, with 52,000 miles on the odometer, making it less appealing. Most effective if I park near an almost-new luxury SUV.
They have a movie about his. If you havent seen it, rent/download Ghost Dog : The way of the samurai. One of my best. Main guy steals Lexus with electro device he built himself.
http://www.imdb.com/title/tt0165798/
-- Home is where you eat your heart out.
I have a friend of mine with a Jeep Wrangler. The glove box is left open, there is no radio, and there is obviously nothing in the vehicle. Still, thieves will hop in, and upon finding nothing to steal, will vandalize things, be if defecating on the seats or whatnot. So, having nothing to steal won't help things.
The ONLY thing I've found which actually helps against car theft is a car alarm that I had custom installed. Upon going off (and so far, I've never had a false alarm), it spews pink fog into the vehicle's interior while flashing strobe lights and having a distinct siren. I've had my truck broken into, but usually the break-in is pretty quick, and few thieves will be trying to crack into a strongbox welded to the frame while the vehicle is billowing fog. (In parking garages, it disperses quickly, but the fog machine can make the interior opaque in 3-5 seconds.)
Well, here is the same, but in our case if a theft ring wants your car they just show up with a .22 on your window...
You must not live in a right-to-carry state, if thieves are carjacking folks with pea-shooters...
'Round these parts, that's the fastest way to get your ass blown off by someone with a real gun.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
On the Internet, nobody knows you're not a badass with a .44 at the ready under the driver's seat. (suppressed laughter). Yes we do. (open laughter).
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
To reboot the car trun key to off (soft switch)
If that does not work open hood and unhook battery
If you do not think a .22 is a worthy gun, then why not come down to the range and hold up my targets while I shoot mine?
.22 is plenty deadly, and I would not bet my life on rimfire cartridges not being less reliable than centerfire. If someone already has a gun pointed at you from a foot away, you are not going to get your gun out of the holster before they shoot you, and that is regardless of what caliber they are packing.
A
Palm trees and 8
Get ready to say good buy to any non dealer car repair place. And if they want to be real dicks about dealer oil changes at 3000 miles.
Another thing about towing - people might assume the car is being repossessed. The 'not very common' thing might not be common, but it's a fairly well known method, as you don't have to break jack to do it. More appropriate when it comes to top end vehicles.
Personally, I'm tempted to install a hidden kill-switch.
I don't read AC A human right
Lo-Jack freq is 173.075 if you want to DF one of these guys.
mfwright@batnet.com
Seems like the obvious next step in vehicle security is to be more pro-active in the defenses, i.e., reliance on tracking systems to show where the car is, built-in webcam to take pictures of people approaching and occupying the car (yeah, he can wear a mask, but that makes him obvious to onlookers), etc. Your car should be pretty safe if, in addtion to jimmying the doorlock (by electronic means or otherwise), the thief needs to disassemble the engine block and pull out the module that is transmitting the car's GPS coordinates. Hard to do casually in an open area.
Doh... MS Security Essentials - it's free. ;)
Questions raise, answers kill. Raise questions to stay alive.
I always wondered about the legality of installing a pepper spray car alarm system. Is it considered a bobby trap?
No, it's a boobs trap.
Questions raise, answers kill. Raise questions to stay alive.
Nope... but Lord (and Janis) willing, you might have a Mercedes.
Questions raise, answers kill. Raise questions to stay alive.
Aww, beat me to it.
Sure, you can have a big gun that will atomize their entire skull for all it matters. All the attacker needs however is to have the drop on you. Your arms move downwards even slightly? Well, you may still have a skull, but there's going to be a nice, neat hole in the front of it, and you may have difficulties after that drawing your own elephant-exploding pistol.
Having a big gun is fine and all if you need to overcompensate the hell out of yourself, but when it comes down to it, being threatened with even the smallest of guns is going to make 99.999% of people do exactly as their told, no ifs ands or buts. The remaining .001% have that aforementioend neat, small hole in their forehead.
The only anti-theft system I'd consider putting on a car is a DIY lojack. Basically like a smartphone you can reverse-SSH into and get the GPS coordinates from, and provide a web interface for law enforcement if the car is stolen. The only downside is that your full travel history could be pulled up by the telco...I can't think of a simple way to detect if the car is started by hot-wiring. But any car I own will be either not worth stealing or too strange and complex to steal.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I'd agree that going for a gun when someone already has one directed at you is silly. But that doesn't mean you can't fight back very effectively, especially if they are within arms reach.
Somewhere I saw a video of a guy disarming an armed assailant. From the time he decided to disarm the guy it took 12 thousandths of a second for him to do it. I'd like to see what percentage of street thugs have a reaction speed quicker than that. People can move very quickly when motivated, even an overweight person with a knife can close 20 feet of seperation before the person he's charging can draw and fire reliably.
So yes going for your gun is stupid but make no mistake, beating another persons reaction time is not hard.
How well does a .22 penetrate car windows/doors?
After my father's 1963 Chevy was stolen, he installed a car kill switch kit. You can get them for modern cars too. Since you put the switch where ever you want, it would take a thief time to find it, and they won't be bothered. You can sometimes get a lower insurance rate too.
"Be grateful for what you have. You may never know when you may lose it."
Wouldn't that make the amount of crime inversely proportional to the length of prison sentences?
I've heard this mentioned other places. It was said by one person and kept repeating.
Can anyone locate a proof of concept attack using a special burned cd? Sure everything is connected but I don't think its possible.
Only the State obtains its revenue by coercion. - Murray Rothbard
Getting into a gunfight over an insured car is not good security thinking.
always wondered. you can pretty much drive by some OBD-II ports... bmw can be started even by my old obd-I.
and lots of people buy those bluetooth dongles just so they can have an extra tachometer on their iphones on the dash.
may not be so usefull for stealing the car... as i doubt it has power when the car is off... but may very well be the case, i don't know. But imagine sending the acelerate signal on the highway to everyone around you that has such device
Certain model Fords from the late 90's had the alarm (PATS) system in a separate module in the trunk. If you could jimmy the trunk open, all you needed to do was disconnect one harness.
This eliminated the need for the transponder key and disabled the alarm completely. Hot wiring the car from there is rather conventional and trivial.
Wasn't till the 2000s that they at least had the thought to add a bit in the ECU ROM or a bit switch (don't recall which) that told the ECU to require the security module.
A few other car makers had similar easy to defeat modular systems, but I'm not sure about years and makes from that time.
Of course not. Ordinary repo work.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I wasn't really trying to debate criminology. I was just questining OP's use of "directly".
This is one of the best articles place on Slashdot in a long time. Its a pity that very few of the above posters have actually read it.
Firstly, it details the methods of accessing the car. Surprisingly, the CD was most effective. They found vulnerabilities in parsing MP3's and WMA's. They reverse engineered the firmware, - found a buffer overflow and exploited it. From there, they then exploited the Dealer tools used to analyse vehicle faults.
So, infect and mp3 and upload it via sharing. That infects cars, which then infect their dealer tools. The infected dealer tools can then reprogram ecu's and other devices on the cars themselves.
This is only the start. They then proceed to find more in depth vulnerabilities and propose possible wholesale models of theft that become possible. For anyone with an interest in hacking (and true hacking, not just script kiddy stuff) then have a good read of this article...
In Soviet Russia the insensitive clod is YOU!
Honestly, you should just get a lojack, chances are that the insurance company will pick up the tab on it, and unlike a smarthphone there's a sensor for it on just about every cop car out there.
Personally, I'm not sure that I'd get one, but if one is concerned with recovering ones car it's one of the few options that actually works. The one you're suggesting is unlikely to actually work if it comes to it.
I wish my latests cars were not so security thigh, most notably not codded and/or RFID key.
Security devices only levels up the barrier for the lifters to get a car, forcing them to take cars when the driver is in the vehicle.
In the good old days they could lift a car with a jumper cable to the ignition coil and get away in two minutes, now they need to take it from you at gun point, between two or more thefts and most of the time getting away with you in the car for a couple of miles or even take the opportunity for an ATM raid.
I much prefer the old way, really.
http://www.youtube.com/watch?v=jTOqLtI4Aro
"The dew has clearly fallen with a particularly sickening thud this morning"
also: http://www.youtube.com/watch?v=hxQVUV0oa_0
The film absorbs one shot. Doubt it would take two (they don't demonstrate). I imagine unprotected glass wouldn't withstand one shot.
and: http://www.youtube.com/watch?v=Sq_3STLnSe0&feature=related
"The dew has clearly fallen with a particularly sickening thud this morning"
Security systems, fancy locks, or anything else doesn't deter pros. They just drive up with a flatbed or tow truck, scoop the car up, and drive away.
The car is purely incidental. What you are gambling is a civil society versus one where a person can threaten physical violence to take anothers property at will. Whether it's my car, watch or wallet, you can bet I'll resist if I think it is reasonably possible I'll succede. I'm a male of larger than average size, I have some wrestling and martial arts experience along with plenty of gun handling. In a fight I'll do what is necessary to survive and I'll be doing it right up front rather than doing it by degrees.
When someone sticks a gun in your face and threatens you they have obviously not decided to kill you yet. So long as you don't mull over the decision too long and telegraph your intent obviously, you can easily deflect their weapon and execute your own attack before they can react. So the real question is whether or not you can attack and follow through well enough to survive. Not everyone can or is willing to and expecting them too would be silly, but those of us that can, should.