Slashdot Mirror
BMW Cars Vulnerable To Blank Key Attack
Techmeology writes "Thieves have discovered how to steal BMW cars produced since 2006 by using the onboard computer that is able to program blank keys. The device used — originally intended for use by garages — is able to reprogram the key to start the engine in around three minutes. The blank keys, and reprogramming devices, have made their way onto the black market and are available for purchase over the Internet."
Not only would Google's self-driving car be vulnerable to this attack, it would start driving around itself! And you would be responsible for everything the hacked vehicle did.
I agree with the previous note. It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.
Amazingly, the blank keys and the device are both available to buy at a bit of a price on the internet.
And the question is: how many BitCoins does those cost?
Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!
Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.
Ze Atomic Device! It iz Ztolen!
http://news.slashdot.org/story/12/07/10/1657203/hackers-steal-keyless-bmw-in-under-3-minutes
Cars are expected to last at least 10 years, many last much longer, well into mid 20s.
Such timescales are 'forever' in the sense of IT security. Just look at 'recent' examples - WEP was rolled out around 2000 and is now broken in just a couple minutes. Most cars made in 2000 are still on the road.
I'd go as far as saying that it is impossible to secure your car for its expected useful life without the use of physical security.
(Since its a duplicate post, I'm going to include my reply from the last time it was posted)
The basic design flaw is how key duplication/recovery is handled.
On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key, to tell the computer "hey, this is the new key to use". The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!
But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.
Test your net with Netalyzr
They cost between 17,000 and more than 100,000 thousand pounds.
£100,000,000 is too much for any car, let alone one that allows anyone to steal it.
--
I'm not surprised.
Essentially no one thinks about security, or more accurately, while one team is thinking about security, another team is thinking about something that totally and completely bypasses that security.
And as for Ford, there was an article in Wired several years ago about the possible failure of immobilizer systems in various Ford/Lincoln vehicles.
In my opinion, if there's a legitimate way to make the vehicle move, there's a way to make the vehicle move. If you don't want the vehicle to move then you need to remove something from it that makes it move, preferably something that a thief wouldn't normally bring with them, like a coil wire on a vehicle with a distributor, or a fuel pump relay or ASD relay, or something like that. Come to think of it, one could probably relocate such a relay to the passenger compartment to allow one to use the relay itself like a key, removing it to immobilize the vehicle.
Either way though, relying on an electronic means from an automaker is foolish.
Do not look into laser with remaining eye.
There is that, or use security by obscurity. For example, on Ford PATS systems, one can put a switch in on the circuit of the ignition antenna which reads the key's RFID chip.
Flip the switch, and even if a thief was able to clone a 40 (S) or 80 bit (SA) PATS key, they will still be stuck scratching their head as the ignition still wouldn't start.
Of course, this doesn't mean that the thief will not resort to vandalism, but it will mean the vehicle most likely will remain in the same spot unless towed.
All you have to do in the BMW is to tell te computer "This is a blank key, please put one of the legible, unencrypted 10 passwords you have in you on the blank key". The other keys already issued would still work and you could even program keys with them as well, just not using the car itself.
I was promised a flying car. Where is my flying car?
Why so complicated? a simple $3.29 switch that interrupts the power to the fuel pump. Works on 99.98765% of all cars and will foil any thief.
Flip switch under seat, and leave the car. Thief tries to start car and it acts like it is out of gas. No thief will look under the seat for a switch they have less than 30 seconds to get in and get the car moving or they risk getting caught, so if they cant do a fast smash and grab they move on.
Do not look at laser with remaining good eye.
Hell, the old R series motorcycles from the late 60s/early 70s had ONE key for every model! Want someone else's R60? Just use your key and start 'er up.
It doesn't mean much now, it's built for the future.
Or security by economy of effort. As it is, it takes 2 minutes to access the port to reprogram keys. If that port and its wires were buried in the engine so that you had to put the car on a lift and take it half apart to access, they'd move on to easier targets.
Being able to create duplicate keys from the car itself is great. The lock doesn't have to be unbreakable, just more trouble to break than it's worth.
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
If you're too much of a lazy fat ass to crank-start your engine and you need to turn a metal key, you deserve to get your car stolen.
Go green: turn off your refrigerator.
So put the switch different places in different installs. Under the seat, in the glovebox, and under the dash (above the accelerator) all come to mind. Better yet, repurpose an unused factory switch, or find a factory switch you don't really use, put that elsewhere, and hook the old switch up to the fuel pump. Maybe you have to push the tire pressure monitoring system reset button before the car will start...
This is security by obscurity, but when it's different and non-obvious on each car, it's good stuff.
No, that's not "security through obscurity," it's "security through ridiculously circuitous nonsense."
Most modern cars, i.e. the type to have a tyre pressure monitoring reset button, don't like it when people start hacking up their wiring harnesses. And by "don't like it," I of course mean "will refuse to start until a professional technician fixes all the wiring you fucked up."
Not that a fuel pump cut-off switch is a bad idea, but your suggestions on placement and operation indicate a fundamental lack of knowledge concerning modern automotive systems.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
True story. Some years back in N.Y.C. thieves stole a restored vintage car, not knowing the owner had installed his own homemade anti-theft deterrent system. As they're tooling around in Manhattan, the thief who's driving sees a large unlabled red button mounted all by itself in the dash. The guy says to his buddy, "Hey,I wonder what this does...", and presses it. In the middle of a block the engine shuts down, the horn blares, and the car's lights keep flashing on and off. Unable to restart it, the thieves abandon the car, and that owner was laughing when he got it back, unscathed, the same day. So this story shows how you don't always need an expensive complicated alarm system to get the job done.
I had a friend who's car had to have the headlights turned on or else it would honk if you tried to turn the ignition. That was a wacky way to keep people from stealing your car.
"All tyranny needs to gain a foothold is for people of good conscience to remain silent." [Thomas Jefferson]