Latest Samy Kamkar Hack Unlocks Most Cars

msm1267 writes: Samy Kamkar has built a new device called Rolljam that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on her key or remote, the device grabs the unique code sent by the remote and stores it for later use. The device takes advantage of an issue with the way that vehicles that use rolling codes for unlocking produce and receive those codes. Kamkar said that the device works on most vehicles and garage doors that use rolling, rather than fixed codes.

Or just use the key

[glitch!]

I have never had a car with a remote lock/unlock device. I suppose it might be handy at night, but I don't have any trouble using a key by feel, either. So it seems to me the easiest way to prevent a problem is just not to use the electronic unlock.

Or don't worry about it. What are the odds that some bad guy will target your vehicle?

Re:Or just use the key

[timrod]

The real question is, what are the odds that a car thief is going to spend the money (likely more than $30 if they're buying from someone who knows how to make one) or the time to learn how to make one of these? The barrier to entry just to get one of these working (having to have technical knowledge to put one together, having to hide it under the car and get the owner to open it first and potentially notice the device when it jams their unlock signal) means that thieves will stick to the tried-and-true $5 wrench method rather than try one of these.

Re:Or just use the key

I agree. Here you basically store the device under car or close to car. It will record exactly 1 code that can be only used once to attempt next car unlock. Than thief would need to pick the device up and follow the car. When owner leaves the car, the thief would be able to unlock. Pretty stupid.

But garage doors on the other hand...

Re:Or just use the key

I've never had a car where I regularly used the key that the lock didn't end up freezing on me. Even recent cars have this issue. If you're anywhere that regularly receives freezing weather a remote can be the fastest way into your car.

Re:Or just use the key

A more important question is why does remote need that range? All these attacks are only possible because of the range of car remote.
You wouldn't be able to easily intercept and jam codes if unlocker device used NFC.

Re:Or just use the key

And then you keyfob goes from lasting for 3 to 4 years down to 1 year at best. Nissan uses RFID and it makes a hell of a lot of sense. That way I can still get into my car even if the keyfob is dead.

Re:Or just use the key

[lgw]

A thief will just smash a window or pop a lock. A detective, OTOH, will find this quite appealing, if they need to do a "sneak and peek". Want to search someone's car and leave no sign that you did?

Re:Or just use the key

Dislaimer: I didn't read TFA.

Could you just attach the device to the car and leave? Next time you see the car, the device should have a code stored from the last unlock.

Re:Or just use the key

Convenience is key (LLOLOLLOLOLOLOLO).

Depends on the value of your car.

Re:Or just use the key

[sjames]

For cars, it would need to be a regular location. Stake out a place of business for a few days, stick transmitter under a target vehicle. The next day, steal the car.

But it's still more trouble that other methods, so it isn't likely to happen.

Re:Or just use the key

[TWX]

The best theft is one where the victim doesn't know that they were stolen from.

The second best theft is one where the victim doesn't know when they were stolen from.

The ability to quickly gain access to a locked place without leaving any sign that one gained access would be incredibly useful, especially in environments where valuables are routinely left in cars. Laptops and technical service tools would be big targets in-general, and some people in certain occupations would also be excellent targets for the privileged information that might be in a briefcase in an otherwise-securely-locked trunk.

Then there's the issue of people that leave things in their cars, like copies of their housekeys, that could let a thief in to somewhere else that's more lucrative, or those that leave extra vehicle keys in vehicles so that once a locksmith would let them back-in to the car after they lose their primary keys, they could drive away.

I can see this being an incredibly big problem depending on proliferation. It should at least require people to stop keeping expensive things in trunks that might have been somewhat safe through being hidden.

Re:Or just use the key

[mjwx]

The real question is, what are the odds that a car thief is going to spend the money (likely more than $30 if they're buying from someone who knows how to make one) or the time to learn how to make one of these? The barrier to entry just to get one of these working (having to have technical knowledge to put one together, having to hide it under the car and get the owner to open it first and potentially notice the device when it jams their unlock signal) means that thieves will stick to the tried-and-true $5 wrench method rather than try one of these.

Considering most cars are stolen to be parted out, if it only costs $30 to get $5000 odd of parts, even the dumbest crims will figure the economics of that one out.

This is a bigger problem in Europe where the car can simply be driven over the border and resold. It may cost 600 Euro to put a new lock and immobiliser system in, but you can sell it for thousands of euro in a variety of places in eastern Europe (not to mention the illegal car export industries that exist in these places).

If you honestly dont believe that this technology will find its way into the mainstream criminals hands, just look at the number of card skimmers out there.

Re:Or just use the key

[TWX]

People want long range.

I have a mid-nineties GM with a remote. Despite changing the batteries in the remote I can only get about 30' range at the max on a good day. On a bad day I'm damn near standing next to it to get it to unlock the doors or open the trunk. Honestly it's a little too short.

Re:Or just use the key

[OverlordQ]

Or 1 smart ringleader gets a few of these and gives them to his street thugs.

Re:Or just use the key

[Trogre]

I disagree. A car with no visible signs of forced entry will sell better on the black market.

Re:Or just use the key

Genuine question - does stealing cars for parting out actually happen on a regular basis in some places? I live in Canada's car theft capital, and nearly all of our car thefts are for quick joyrides until the gas runs out. The cars are then abandoned or crashed into a river bank.

Re:Or just use the key

[demonlapin]

My 2009 Lexus uses something like this - there's a small sensor in each of the door handles to detect a hand being put into the gap (probably optical interruption). It can clearly tell the difference when I'm standing at the driver's door vs the driver's side rear door - in fact it doesn't work if the key is in a bag strapped to my back. If my key is in a bag it needs to be up front and close to the lock to work.

I lock remotely a lot, but I almost never unlock without using this mechanism. Slip your hand in, hear the beep(s), pull the handle. And the handle and the key have to match - if I'm standing with the key at the driver's door but you're on the opposite side and put your hand in, it will not unlock.

If the battery fails, you have to pull a physical key out of the fob to open the door, but then the ignition runs on short-range RFID where you press the start button, it tells you to put the fob up against the start button, and it does its thing and you can start the car.

Re:Or just use the key

[LinuxIsGarbage]

I've never had a car where I regularly used the key that the lock didn't end up freezing on me. Even recent cars have this issue. If you're anywhere that regularly receives freezing weather a remote can be the fastest way into your car.

Even with remote entry I've had both front door locking mechanisms freeze up. Thankfully I could get in the back door. Even once I got to work (with the heat blasting the whole time) I had to get out the back.

Re:Or just use the key

Most cars on the black market are on the black market as car parts.

Since the manufacturers discovered that at retail, a consumer will pay three to four times (or more) for a part than could be charged when attached to an entire vehicle, the parts market is ideal. You discard the parts that carry serial number identification or just damage the serial numbers, and convert a car into twice or thrice it's former value.

Only chumps sell stolen cars assembled. Without a plan, it's far too easy to trace the entire car, even if you move it out of country.

Re:Or just use the key

[Aighearach]

No, that is just damage, the same as any other damage to a used car. Stolen cars are rarely sold, they're usually driven by the thief for a few days and abandoned. There is almost no "black market" for stolen cars. Most of them get parted out, and the parts are then sold on the "grey market" because individual parts are not traceable and don't require paperwork. Cars that are sold on the black market have to have all their numbers changed, which requires a "chop shop" that is actually just a regular auto shop. They can fix any damage. It would be minor, like a door window, or some door trim.

A car stereo, now that sells better without damage. There is a significant black market because the parts are marked with serial numbers. A car stereo sells better without damage, because it is small enough that if it looks normal, maybe nobody checks. A whole car? The bucket seats are each worth more than the car stereo, because they don't have serial numbers. You get full used price for seats. And almost the whole car. The car stereo gets thrown out, it has little value.

Re:Or just use the key

It's dumber than even that. This technique can only work in the very, very narrowest of scenarios.

Owner presses button -> device grabs code
Owner presses button again -> device grabs second code and plays the first
Car opens. Device theoretically has the next code.

But there's a serious problem with this... the owner is GETTING IN THE CAR. The likelihood of the attacker being able to recover the device and use that one code before the owner presses the button on their fob again is almost zero.
 

Re: Or just use the key

Yeah there's just absolutely no chance that guy is ever coming home or to work again.
Not everyone is a transient hobo like you.

Re:Or just use the key

Poland here ;) If a car is to be sold somewhere and not for parts it would have to leave EU. Inside it would be quite difficult to register a car that is in the database as stolen somewhere. One thing that could be done buying a written off car that is very much the same as the one that was stolen. Still it is quite difficult, I guess.

So most cars are stolen for parts, joyriding is quite uncommon. Two of my friends had their cars stolen last year, none of which were recovered. Maybe some really expensive cars are stolen and moved out of country/EU.

Re:Or just use the key

> A thief will just smash a window or pop a lock.

There are a ton of news reports over the last two years like this one:

"Recently, he was looking out his window and saw a girl hop off her bike and pull out "a small black device from her backpack. She then reached down, opened the door and climbed into my car." He ran outside and the girl split, but he was curious about the black device she used to open his Prius."
http://www.networkworld.com/ar...

Re:Or just use the key

[AmiMoJo]

This method has the advantage of not looking suspicious. The thief simply acts as if they were the car's owner and can rob it in broad daylight, and no-one will blink an eye. Car park security won't react like they would if the window was smashed. No car alarm going off. It's definitely attractive.

Having said that, in the UK there have been a spate of thefts where people steal car body parts at night. They come along in the early hours of the morning, pop the bonnet open and simply remove the entire front of the car body, bits of the engine and anything else they can get at with normal tools. It doesn't make much noise but it's pretty blatant, happening in public streets in residential areas.

Re: Or just use the key

And there's the Porsche 911 and other $ix figure models. Each wheel is worth $1200 not including performance 15" disc brakes about the same. $2500 per wheel if we throw in the lo-pro Pirelli tires, add $1k. Retail over $3k per wheel. Black market 50% off - makes a thief $6k in a day easy. The one time access code = chop shop while the victim runs into Starbucks.

Re:Or just use the key

WRONG.

Oh, so very, very wrong.

The best thief is one who not only convinces their victim to give them the item, but also that doing so rights some sort of long-standing wrong and the victim should be ashamed of themselves for ever having had said item in the first place.

"Citizen, having this locked up is a blow for TERROR, but if you unlock it for me I will ignore it -- just this once."

That's how you do it, sonny.

Re:Or just use the key

[lgw]

There is actually a market for stolen cars - cars expensive enough to ship overseas after being stolen. Those cars are stolen with tow trucks, however. Tow trucks are rarely questioned - sometimes the spouse will even open up the garage door.

I hear the practice is common enough that a Ferrari that is lifted to a certain angle (without a security code first being entered) will blow e-fuses and need carefully tracked replacement parts. (I have no idea how that works out in hilly areas, making me wonder how true it is.)

Re:Or just use the key

[michelcolman]

That's exactly how it works. Just leave it under the car, and it will always have a code ready for you to use. Every time the owner unlocks the car, it replays the previous code and stores the latest one.

Re:Or just use the key

[michelcolman]

The attacker doesn't have to open the car right away. The car can drive around for days, being opened and closed multiple times by the owner. The device remains attached to the car. Whenever the owner presses the button, the device plays the previous code and stores the latest one, so it always has a usable code ready for the attacker to use.

Re: Or just use the key

Dipshit. Once they successfully use the next couple rolling codes (they're going out) the captured one won't work anymore. They're rolling codes for a reason.

Re:Or just use the key

[Aighearach]

All you need to detect tow condition is an attitude sensor. Anti-roll will engage when a modern vehicle is pulled onto a tow truck while in gear, based on the wheel movement; if the car can detect the vehicle angle then it can easily note that it is "rolling" uphill and engage an anti-theft fuse or other lock-out.

You could probably add that aftermarket to most modern vehicles if you can get the anti-roll activation off the data bus.

Re:Or just use the key

[RockDoctor]

I suppose it might be handy at night, but I don't have any trouble using a key by feel, either.

You can get these little torches that fit on your key ring too. If you can't do it by touch. If you don't have a torch in your normal day-sack anyway (I do ; I'm a caver, I learned that lesson long ago).

Far the bigger use of the remote (by my wife) is locating the car in the car park, because the remote also causes the car to flash it's lights. Then again, it's over 20 years since I had a car stolen or broken into, so my attitude to security isn't particularly paranoid.

Misread

For a second I thought it said Sammy Hagar Hack

Re:Misread

[turkeydance]

well, Hagar does, too.

This device needs to record the code first.

It is a jammer that blocks car remote transmissions reaching car's receiver and records two subsequent unlock codes, then it stops jamming and replays the first code received. The second rolling unlock code it stored is still good for one unlock attempt later.

And of course it will work with fixed codes too. Obviously. That part in summary is wrong.

Nothing Novel Here

This appears to be a long known attack, bundled up with a cute name and small hardware package. Nothing to be (newly) concerned about. Here's a blog post from a year and a half ago, for example: http://spencerwhyte.blogspot.ca/2014/03/delay-attack-jam-intercept-and-replay.html

Aside: I don't know any professional or academic security researcher who takes Samy seriously. His work is almost entirely of this style, packaging prior knowledge and selling it with panache.

Re:Nothing Novel Here

[buckfeta2014]

yeah fuck this guy.

Well you still need some sort of key.

[Stonent1]

Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

Re:Well you still need some sort of key.

[David_Hart]

Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

Most cars have a manual method of switching to neutral. This is necessary because it simply doesn't make sense to cause thousands of dollars of damage to a car while towing simply because of an electrical problem.

Re:Well you still need some sort of key.

[hawguy]

Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

Most cars have a manual method of switching to neutral. This is necessary because it simply doesn't make sense to cause thousands of dollars of damage to a car while towing simply because of an electrical problem.

Even if you can't get the car in neutral, it only takes a few seconds to jack up the car and put dollies under the wheels.

Re:Well you still need some sort of key.

And you need to unlock car to do this exactly why?

Re:Well you still need some sort of key.

[hawguy]

And you need to unlock car to do this exactly why?

If you're a legitimate tow truck driver, you try to open the car because you're too lazy to get the dollies off the truck and there's a small additional risk if you don't strap them on securely. If you're an illicit driver, then if you can you partner to unlock the car and get it in neutral, you don't even need to get out of the truck to hook it up, just set the wheels on the wheel lift and go - no need to help him lift the car and set the dollies.

Re:Well you still need some sort of key.

[mjwx]

Most cars now have active (chipped) keys that will not let you start or sometimes even turn the key unless it sees the signal from the key. Those keys may also be necessary to put the car in neutral for towing.

Most cars have a manual method of switching to neutral. This is necessary because it simply doesn't make sense to cause thousands of dollars of damage to a car while towing simply because of an electrical problem.

Even if you can't get the car in neutral, it only takes a few seconds to jack up the car and put dollies under the wheels.

Also most cars are 2 wheel drive. Even most "all wheel drive" cars are just front wheel drive with a transfer box that is disengaged until the electronics detect the front wheels slipping. So all you do is jack up the front and take the handbrake off.

Re:Well you still need some sort of key.

Which is why I panic at the thought of some tow truck driver trying to move my all-wheel-drive car without me being there. It has three differentials and all wheels are always connected to the output of the transmission.

Re:Well you still need some sort of key.

[ArylAkamov]

Volvo's had this since at least 1998. I just got done dealing with replacing it, the antenna goes out after awhile and even though the key is correct nothing will happen.

The funny thing is after I replaced the antenna the security system needed to be reset. Dealership wanted $xxx and a week to do the work.

A few minutes on google showed me all you do is lock/unlock the door 5 times to reset it. A week my ass.

Personally I just install a hidden kill switch to every car I own. Difficult to start the car if there is no power going to either the ignition coil or starter relay.

Re:Well you still need some sort of key.

Bonus points if you have a transfer case that also needs to be put in neutral for towing.

So I guess it's time....

[bobbied]

For automobile manufacturers to start factoring in the time of day and keeping the "key" hidden...

It works this way... You have an pre-shared key and you encrypt an ever changing sequence of messages, say something related to the current time of day or the "rolling code" thing they use now only the code rolls over time not when it's used. Then the "code" that worked 5 seconds ago, won't work in the future. That ends the "record and playback" messages from being seen as valid and all you need to have is a reasonably accurate scheme to advance time on both the car and the key fob. I imagine that regular resyncing of the clocks might be necessary, but I'm sure we can work something out where you "program" your key fob by inserting it into a port on your car or by using some RF backscatter power process the fob and the car can get into sync.

It doesn't stop brute force attacks to recover the key, but it does make it time consuming and unlikely to be accomplished by some thief walking though the parking lot.

Re: So I guess it's time....

The professional car their will do the same thing as the repo man. He will hook the car up to a flat bed tow truck and snatch it up. Then he will have physical access and we know that leads to game over. No real their will use a gimmick tool like this when he can make a fake sign for a tow truck and have no one look twice.

Re:So I guess it's time....

[msauve]

So, a remote becomes like one of those security fobs (e.g. SecurID) which instead of displaying a number on the LCD, transmits it to the car.

Re:So I guess it's time....

[bobbied]

Exactly!

Re:So I guess it's time....

[paulpach]

For automobile manufacturers to start factoring in the time of day and keeping the "key" hidden...

A much more secure method would be a challenge/response protocol, the car sends an encrypted random challenge to the key, the key decrypts it, calculates a response to the challenge and sends the response back to the car. The car checks the response and if valid, it unlocks.

There is no way to replay messages as long as the challenge is randomized, and the car obviously should not unlock if it receives a response to something other than the last challenge. There is no way to get the encryption key since it never goes over the air, it is just used internally by the car and the key to encrypt/decrypt the message.

The only problem with this is that it requires 2 way communication between the key and the car, so your solution would be cheaper and simpler.

Re:So I guess it's time....

[bobbied]

I agree, the solution you suggest would be MUCH safer, but as you point out, this makes the fob a whole lot more complex (and power hungry).

In fact both of the suggested solutions are not new concepts, but have been used in networks for years.

Re:So I guess it's time....

Actually a challenge response system is less power hungry than a clocked ticket, because the device only needs to wake up to send a request for a challenge, listen for the challenge and send the response. And less complex too. High accuracy clocks are expensive, ellipttic curve cryptography can be implemented on pretty much any low-end microcontroller.

In fact both of the suggested solutions are not new concepts, but have been used in networks for years.

Both of these techniques have been used in RFID building access control systems for years too.

Must slow down...

[JustNiz]

I need to slow down reading stuff... I quickly scanned the headline and saw:
Latest Sammy Hagar track unlocks most cars...

Re:Must slow down...

Right? He can't drive 55 either, damn him!

Can it get past engine-kill too?

[mark-t]

If not, then ho-hum...

Breaking into cars is easy... driving off with one without a proper key, when they have sophisticated anti-theft systems in place is considerably less so.

Re:Can it get past engine-kill too?

being able to enter a car and alter it's contents without leaving a trace or triggering an alarm is not ho-hum.

you're an idiot.

Re:Can it get past engine-kill too?

[ArchieBunker]

So you are inside the car, now what? You can't start it. Are you going to steal the radio and loose change?

Re:Can it get past engine-kill too?

Stealing the radio and my cell phone was good enough for at least one car thief.

Re:Can it get past engine-kill too?

No. But it would let them enter my car at night surreptitiously, so they can leisurely smash the steering column to break the steering wheel lock and try to hot-wire the car. Except that hot-wiring didn't work for them, so all they did was cause thousands of dollars of damage to my car that took weeks to get fixed. They were one of fifteen resistors away from stealing my car.

Re:Can it get past engine-kill too?

My thief was satisfied with stealing my GPS and radar detector and smashing the hell out of the steering column.

Re:Can it get past engine-kill too?

[drinkypoo]

So you are inside the car, now what? You can't start it. Are you going to steal the radio and loose change?

You do know that a lot of these immo codes have been broken wide open, right? For example the defeat on the one on the Bosch ME7 series is well-known. You don't need to log in or anything, you can get access to the flash without doing that, without even cracking the case. So an educated attacker, or someone carrying a tool made by an educated attacker who knows their way around an ELM327 can recode the immobilizer on a whole range of vehicles, including a lot of very spendy (if now somewhat older) VAG products, including the Audi S8.

Re:Can it get past engine-kill too?

[mark-t]

Thousands of dollars in damage that will only cost me a phone call to my insurance company and a two hundred dollar deductible to take care of, and I will be able to use a rental car while mine is getting fixed.

Re:Can it get past engine-kill too?

It's not worth stealing a GM product.

I don't understand.

Why don't these electronic keys use a public/private key authentication system with nonce signing to avoid replay attacks?

This is simple to implement and is very strong against this kind of attack.

Re:I don't understand.

Maybe because public/private keys method require extensive software and therefore expensive hardware. Just emitting some code is a lot simpler and cheaper.

In Other news...

In Other News, Samy Kamkar was contacted by local officials about a job to help fight terrorists.

This is why I have manual locks

Not only don't they have remote unlock but the locks are fully manual. Even if you p0wned my car's computer you couldn't lock or unlock the doors or for that matter roll the windows up and down.

Re:This is why I have manual locks

[PPH]

My alarm has remote locking. I disabled the unlock function so one still needs the key to get in. Go ahead and chirp the alarm all you want. In fact, this will screw up Kamkar's system as it will have expended its one good code. Yes, the alarm is off and a thief could just break a window. But having a system behave in a manner that they don't expect is probably enough to discourage them.

U2?

I quickly scanned the headline and saw: Latest Sammy Hagar track unlocks most cars...

U2?

Anyways, the guy who tries this on my car will be singing "and I still haven't found what I'm looking for".

Re:U2?

More like... one, two, three-lock box. (Sammy Hagar)

My Honda CRX SI 86's superior security is immune

No power locks, no power windows (cranks), no power steering, no power...

Subaru

with locking differentials. great in snow, sucks in towing

Schematics?

[Plugh]

This looks like a really good educational project to do with the kids. I googled all over for it but couldn't find schematics or how-to's. Seriously I presume an Arduino and a wifi card is more or less all one needs. What do I have to do, search on Silk Road? Anybody got the infos?

Nothing new here as this is really old news

Similar code-acquisition exploits have already been exploited by criminals for over a year now, and have been deployed by thieves seeking to ransack vehicles across major cities in the U.S.

See: http://www.networkworld.com/article/2909589/microsoft-subnet/thieves-can-use-17-power-amplifier-to-break-into-cars-with-remote-keyless-systems.html
                https://www.youtube.com/watch?v=0wZNSA1Re3Q
                http://www.cbsnews.com/news/high-tech-car-thieves-may-be-breaking-in-by-amplifying-key-fob-signal/

So the criminals have been employing this technology long before /. apparently became aware of it - and maybe gave Kamkar the idea to expand on.

The only reason that works

[hcs_$reboot]

That works because manufacturers don't want (time, money, complexity...) to implement a system using a protocol based on a dialog between the key and the car. That would allow for instance the car submitting a random 64b number to the key. The key would have to cipher the number and send the result back to the car within a short time window (0.5"). Much harder to hack.

Re:My Honda CRX SI 86's superior security is immun

[imboboage0]

I've had a perfectly good xbox 360 in the back seat of my car wide open since February. I also leave the keys in the ignition sometimes, always unlocked, and typically with windows down/t tops out.

but hey, if you tried driving my 86 Mustang GT with bearings instead of bushings and the not so friendly motor, I wouldn't be surprised if you brought it back. especially with the headliner in the way of the mirror.

"Nah man, you can keep this one."

Most?

[wonkey_monkey]

Latest Samy Kamkar Hack Unlocks Most Cars

There are still plenty of old cars on the road. Do more than 50% of them have remote locking?

Re:Most?

[toddestan]

The hack also requires that the car's owner uses the keyfob to unlock the car too. I wonder how many people don't use them? I bought my car used and the previous owners had managed to lose all the keyfobs. I never bothered with replacing them and just use the key.

You can give this card a try and be rich

[mccartkatty]

HACK ATM AND BECOME RICH TODAY How to hack an ATM MACHINE or BANK ACCOUNT You can hack and break into a bank's security ATM Machine without carrying guns or any weapon. How is this possible? First of all we have to learn about the manual hacking of ATM MACHINES and BANKING ACCOUNTS HOW THE ATM MACHINE WORKS. If you have been to the bank you find out that the money in the ATM MACHINE is being filled right inside the house where the machine is built with enough security.to hack this machine We have develop the special blank ATM Card which you can use in any ATM Machine around the world. this card is been programmed and can withdraw 2000 USD within 24 hours in any currency your country make use of. The card will make the security camera malfunction at that particular time until you are done with the transaction you can never be trace. getting the card you will forward the company your address details so we can proceed to send the card to you once you agree to the terms and conditions. you can contact us on email now atmmachinehackes @ gmail com

Bah

[LordWabbit2]

The don't get that technical here in South Africa. They just broadcast ANY other signal as you walk away from your car and hit the lock button on your remote. It interferes with your lock signal and the car remains unlocked. If you are not paying attention you don't notice that your car fails to lock and they are in. And no, they are not trying to steal the car, they just steal whatever you left behind in the car, most of them don't even bother trying to steal the radio. Unemployment is high, they steal what they can. It's gotten so bad they kick down your front door, alarms blazing, steal whatever they can grab and make a runner in the 5 minutes it takes armed response to get there (and yes, that's happened to me).

Re:Bah

All the more reason why we (in any country) need a better social safety net.

Re:Bah

When this crap happens, the "armed response" is already at home.

No, you're not. You're away on vacation, or leaving/fetching the kids at school/day-care, or shopping, or visiting parents/family/friends.

Your case applies to an astoundingly small subset of robberies. I am fairly sure you are aware of that and just like to tote guns, because hell, yeah.

Or something. Meh.

Re:Bah

[WillgasM]

Perhaps it's such a small subset of robberies because thieves know that kicking a door down in the middle of the night is likely to be met with buckshot.

Re:Bah

Perhaps it's such a small subset of robberies because thieves know that kicking a door down in the middle of the night is likely to be met with buckshot.

From the thief's perspective, kicking down the door in the middle of the night is likely to result in an armed confrontation that will maximize the risk of injury and minimize the chance of getting away before authorities arrive. The choice of weapon the person on the other side of the door has barely enters the equation at all. It is a much better strategy to pick a house whose occupants are not home.

Re:Bah

[LordWabbit2]

Sigh, no it's not. They want you home so that they can force you to hand over the valuables. And it's not one or two people kicking down the door, it's usually 4 or more. Also the legalities and issues around having a firearm in South Africa (legally that is) means most home owners are not armed. These are desperate people. One of the things they raid is the groceries in the fridge / deepfreeze. They want cellphones, tablets, laptops, TV's, bank cards. I have a guitar, worth a lot of money, didn't even touch it, admittedly they probably didn't realise how much it was worth.

Re:Bah

That's because the US is full of crazy and STUPID gun nuts. Gun nuts that don't keep their guns in a gun safe.

In all other countries you have the right to defend yourself, that doesn't require a firearm. An aluminum bat or a steak knife can do just as much damage.

Considering how cheap it is now to put security systems in (eg video cameras in addition to alarms) it makes it very risky for a home invasion. Home invasions in Canada mainly target seniors, seniors are unlikely to fight back.

Re:My Honda CRX SI 86's superior security is immun

No power locks, no power windows (cranks), no power steering, no power...

Ok, but I'm sure your car is vulnerable to being unlocked with a coathanger.

Jamming...

[Matt_Bennett]

Because this requires jamming the original signal, this is detectable, otherwise, it is MITM. Jamming is typically very easy- you just have to generate enough energy to overcome the incoming signal- the difficult part is being able to intercept the signal in the presence of your own noise. There are ways to cancel out the noise (like noise cancellation headphones)- but it is a really hard problem, even if you know the exact "noise" you're putting out.

This may push us faster into better types of keys, such as keys with 2-way radios, or even get us out of keys altogether, incorporating the key into one of the other devices we may have on us. We haven't had those keys commonly because of the expense of the technology- technology will progress, and so will the hacks.

yet another invention of the wheel

[rch7]

How many wheels do you really need to invent? Such devices were for sale for professional auto thieves at Warsaw marketplace a decade ago. They don't always work though if remote has separate buttons for lock and unlock.

Re:My Honda CRX SI 86's superior security is immun

Not true. I had the exact same car ('88), and it was stolen with remarkable ease. An officer showed me that they take a simple screwdriver, insert beside the door handle / lock plate, and lift up. They're in in less than 5 seconds. Same screwdriver - jam it into the ignition, forcefully turn, and pull out the lock cylinder. Same screwdriver - put into the hole where the lock cylinder was and turn to start the car.

Assholes even left the screwdriver in the car after taking it for a joyride. Still have it in my toolbox as a reminder.

Latest Samy Hakar Hack

I CAN"T DRIVE SIXTY FIVE!!!!

Public/Private Key

[tingentleman]

Why not use a handshake - with a small amount of processing power in the fob, hidden key pairs could be used to authenticate just like SSH or HTTPS: the keyfob asks a computable question of the car and vice-versa - no amount of record/playback could get you in.

This is getting toward being considered ancient tech in the IT world - surely car companies have techies who can achieve this.