Slashdot Mirror
'New Way of Stealing Cars': Hacking Them With A Laptop (marketwatch.com)
retroworks writes: The Wall Street Journal (Warning: source may be paywalled), CBS and Marketwatch all lead the morning with stories about the newest method of stealing (late model) cars. No need for hacking off the ignition switch and touching the wires to create a spark (controversial during broadcasts in 1970s television crime criticized for "teaching people to steal cars"). Thieves now use the laptop to access the automobile's computer system, and voila. "Police and car insurers say thieves are using laptop computers to hack into late-model cars' electronic ignitions to steal the vehicles, raising alarms about the auto industry's greater use of computer controls. The discovery follows a recent incident in Houston in which a pair of car thieves were caught on camera using a laptop to start a 2010 Jeep Wrangler and steal it from the owner's driveway. Police say the same method may have been used in the theft of four other late-model Wranglers and Cherokees in the city. None of the vehicles have been recovered." The article concludes with the example filmed of a break-in in Houston. The thief, says the NICB's Mr. Morris, likely used the laptop to manipulate the car's computer to recognize a signal sent from an electronic key the thief then used to turn on the ignition. The computer reads the signal and allows the key to turn. "We have no idea how many cars have been broken into using this method," Mr. Morris said. "We think it is minuscule in the overall car thefts but it does show these hackers will do anything to stay one step ahead." No details on modifying the program to run on Android or iPhone -- there's not yet "an app for that."
That you know of.
Combine this with always-on (Tesla?) self-driving cars, and I could just summon one to my mom's basement! Bliss!
On related news, this'd help reduce the number of victims in suicide bombings (by one, each time).
Mr. Morris said. "We think it is minuscule in the overall car thefts but it does show these hackers will do anything to stay one step ahead."
Well Mr. Morris... it's not like the auto industry is even making a serious attempt at vehicle security to begin with. It really is not hard to stay "one step ahead"... in fact the industry is really just refusing to step ahead themselves. A toddler will get farther down the road as long as they refuse to move.
Seriously, given how easy it is to get to the car's ECM, the lack of security, availability of information, and the technology, it is not surprising. A half-decent coder could probably put together the software that runs adequately on a raspberry pi, let alone a laptop -- and it would be much less conspicuous.
You can see in the video that the thief triggers the vehicle alarm, and then proceeds to work on it as the alarm is going off. That means that even old-school hot wiring would have worked. Once the thief has access to the car and plenty of time, there's nothing to prevent him from taking the car.
my wish is your command
Sometimes I actually miss the old days.
I've spent a lot of time lately thinking about how cars are over-engineered.
I've spent a lot of time pining for the days when you could fix them with a screwdriver. Hell, when you could fix them at all.
Although I don't miss dicking around with points.
One make of cars would allow one to add new keys even without a computer attached, but one had to keep pressing a sequence of buttons every ten minutes for a half hour. Another make of vehicles would require a 10-30 minute wait even for the tech in order to clear and add two keys to the transponder key database.
If I had a choice between dealing with 1-2 "hackers" with a laptop who have to sit there while the vehicle goes through a "security wait state", versus something that is so obfuscated that I have to take the vehicle to the dealer and pay $300 for a key and $250 for a snooty tech to actually bother programming it, I'll go for the less secure system that is more maintainable by me.
Vehicles will always be stolen. It is not difficult to amplify a key's signal to make it "appear" close to the vehicle, and once the vehicle is started, the thief has won. This is why I prefer the less hip method of having a key with a push button remote, transponder chip, and requires mechanical engagement of a lock cylinder to start the vehicle. To boot, I added a hidden switch to open/close the transponder antenna's circuit around the ignition on my vehicle, so a would-be thief, even if they have the right code, would be sitting there wondering why nothing passes the immobilizer circuit, even if they decide to delete all keys and add their own to the vehicle's database.
"We think it is minuscule in the overall car thefts but it does show these hackers will do anything to stay one step ahead."
And as long as you continue to identify this as a "minuscule" problem, it will earn a "minuscule" amount of attention to fix and secure.
By comparison, assault rifles account for a "minuscule" fraction of lives taken every year, and yet we have lawmakers staging sit-ins and demanding assault weapons bans in order to "make an impact". It's weird how we prioritize problems in society these days.
CAN is a great bus for its simplicity, but CAN was designed for diagnostics a long time ago. Today, instead of using better technologies, car companies still leave their entire system open via CAN. It's oddly necessary since auto repair shops not operated by the manufacturers need standard equipment to maintain the vehicles.
In the case of new cars, especially electric, allowing maintainable by anyone other than the manufacturer is a mistake. Using a more modern bus, possibly even proprietary or even just ethernet over USB would be much smarter. Then protocols like https and REST APIs would be possible. In addition, cars could use PKI for a trust relationship for maintanence.
The current system is fundamentally broken and there is no reason why we should be limited to technologies which would work on 10 year old PIC microcontrollers.
If someone is that good at deciphering automotive electronic systems and codes they should be selling software to allow independent shops to do that, as well as rekey keys so people don't have to spend $400 at the dealer for a new key...
I'm a consultant - I convert gibberish into cash-flow.
Will TPP restrict my ability as a vehicle owner to research my car's security systems and possibly prevent someone from wifi-jacking my car?
As I understand it, TPP makes it illegal for me to futz with the electronic ignition system.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
How long before a car can be remotely hacked and told to self-drive itself to the chop-shop? By someone in another country?
I remember reading a few years ago that the industry standard for car immobilizers was that it must take a professional thief longer than 10 minutes to disable the immobilizer.
The other year I read the section of my later model Crown Victoria's factory service manual regarding PATS (Ford's immobilizer tech). If you needed to pair a new key, and you did not have any already paired keys, you needed to use the Ford VCM tool to tell the ECU to erase the current list of keys, after which you'd be able to pair a new key.
The manual specified the erasure process would take 10 minutes. Who wants to bet that there's a 10 minute sleep instruction built into the ECU just to fulfill the industry standards?
BTW, the Ford VCM tool sells for under $100 on eBay (well, a Chinese counterfeit that works the same way, comes with cracked Ford software--you think that's gonna make a car thief cry?)
Obviously, once you've broken the ignition with a screwdriver and paired a throwaway key blank ($10 on eBay) to the ECU, the car will start and drive normally.
My current vehicle, an 07 Toyota Yaris does not allow you to clear the keys out of the ECU and won't pair a new key without an already paired key present. The ECU will only pair a key without the if it has no keys stored in it (factory fresh). That means if you try to steal the car, you will need to tear out the ECU and replace it with a completely brand new factory fresh one, or a used one that comes with the original keys. Rather more complicated and quite expensive. The correct way to do the job. Unlike certain other companies...
So I drive a 1996 Dodge Ram 2500 Diesel Truck with 450,000+ km that runs reliably and gets good mileage without a computer. If I park it in an area that does not seem safe I attach a club to the steering wheel. This is old school but no one is going to hack it with a laptop. Maybe get in with a bar along the window to unlock the door but not much to take. or steal.
What did I miss? How is this 'a new way'?
When the owner sets up their vehicle.... have them define a passcode; much like you do for a phone. The vehicle should have sensors to detect unauthorized entry and unauthorized attempts to access diagnostic ports to plug-in a laptop.
If an unauthorized access attempt is detected when the vehicle is in secure mode, Or the user is ultra-paranoid and pushes a special "Lock" button before turning off their engine..... it should put all the vehicle computers in a "Passcode" lock status which can only be released by entering the password; Each intelligent component in the vehicle locking itself and not allowing an unlock without the correct passcode-derived hash being broadcast.
The passcode lock status should take actions to make sure the power systems cannot be taken out of Park/Neutral, Engine control and motors or fuel injection systems set themself into limp mode and not allow high speed operation.
There should be regular phone-home messages for tracking purposes.
Put security covers on each diagnostic access point with a lock which require a traditional physical key that the car owner has to access to; either to open the port or to enable the port.....
Motherboard's "How to hack a car" from a couple years ago. https://www.youtube.com/watch?...
Police and car insurers say thieves are using laptop computers to hack into late-model cars' electronic ignitions to steal the vehicles, raising alarms
If they were raising alarms they wouldn't be getting away with it so much.
systemd is Roko's Basilisk.
Yeah they're stealing all these Jeeps, but jokes on them when they think they're in park and get run over by the car they just stole.
Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
Pop the lock, cut a gap in the steering wheel and toss the club out the window. 10 mins tops on a slow day.
posting anonymously for obvious reasons.
I want to see you try to hack my '95 Escort Wagon.
You are welcome on my lawn.
You cannot possibly engineer something too much.
But you can be stupid about what problems you think you're supposed to be solving.
There are some good things about modern cars, but also some bad things too. It kinds of reminds me of the situation with phones: we clearly have the tech to make some great phones, but the companies aren't really trying to do that. They are looking at a bigger picture than merely giving users what they want. There are other parties to serve to revenue-generating ends, and some have interests which directly conflict with the users. So the goal of companies like Apple and GM is to confuse and obscure the prospective buyer about what they're buying.
In the Internet age, that ought to be unusually hard. But for some reason, it's not.
They started with a vehicle that is often mocked for changing only the very least allowed by the law (the Jeep Wrangler) and then they added all these electronics to it? Yeah, we all knew they were in trouble but this seems like an odd course for them to follow to try to right their own ship.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
where anything from vaguely bad on up involving a computer somehow is "hacking".
Why this is a poor show? Try regular crime reporting, only like this: Anything from petty theft to murder and genocide is now called "crime", done by "criminals". "The house was crimed. The neighbours got all crimed up. Police are investigating the criming and have already apprehended several self-declared criminals." So, did the poor neighbours get burgled or perhaps murdered in a house-robbery? You tell me. Who are these suspects rounded up? Could be the neighbourhood kids "looking suspicious", could be prison gangs, could be anybody really. "Hacking" is like this, only worse.
Outlaw laptops, or require background checks and identification for anyone who wishes to purchase a laptop or another mobile electronic device. This way we will be safe from car thieves. I know this works because the same method safeguards us from terrorists.
Come on people! You can do it with an Arduino and not even see any lag.
It's good to know that general purpose computers are good for something, and that there's something new beyond appy smartphone appy app apps.
What public/private key security? If you think car manufacturers bothered to implement asynchronous security, you're deluding yourself. Replay attacks work on virtually any kind of car.
Seriously, what they tout as the "new kind of electronic lock" is the electronic equivalent of the lock on your sister's diary.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
At first, there was CAN bus. Those that know it know well that this bus know that "security" was not even an afterthought in its design. It came into existence when "board computers" were something that was carefully hidden from the car's user. Chips that controlled injection, traction, braking behaviour that needed no input from the driver. And of course security was a non-issue back then. Because, hey, anyone who could get access to those areas, hidden deeply within the car's heart and soul, could much easier fuck it up or steal it. Seriously, getting access to those early "board computer" parts meant you literally ripped the whole car apart just to gain a GLIMPSE at it.
Time went on and that "board computer" stuff got more and more pervasive. First with displays that were disconnected from the physical things they displayed, with speedometers that didn't just passively count revolutions on a wheel but a LCD that got the speed information from various sensors, same for the RPM gauge of your engine and various other tidbits, and it didn't take long until buttons on your steering wheel were added that let you control radio, air condition and mirrors.
Still not a security issue, because so far you could not affect the car from the outside. You still had to gain access to the inside of the car first before you could mess with it electronically.
Now, though, security IS an issue because the car accepts input from the outside. And that will become an even greater headache than we know now. The buses are in most implementations not separated between "mission critical" and "user leisure", or if, at a logical level only. Meaning that yes, that bus that takes your steering-wheel-button input and even handles your bluetooth is physically the same that deals with your ABS, your injection and your traction control.
I guess I'm not the only one who thinks that this MIGHT become an issue, given time. Especially considering that security that can't be tested in a crash test has not been any kind of issue with car manufacturers so far, not at all.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Sounds like a RollJam variant. https://www.wired.com/2015/08/...
Should be filed under the category "DUH!"
Have gnu, will travel.
Fine we will lock them down and lock in dealer only repairs and maintenance
why something so large?
> If I park it in an area that does not seem safe I attach a club to the steering wheel. This is old school but no one is going to hack it with a laptop.
http://www.makitatools.com/en-...
Even the hardest steels might take a minute to get through. A hacksaw will also eat through it, although more slowly.
From what I've read, the hardened steel used in The Club takes a max of 15 seconds for a cordless angle grinder to take out.
No laptop required.
Then, your "old school" Dodge Ram likely requires simple manipulation of the switches on the column, which avoids the need to cut wires. The "ignition switch" key in many modern vehicles isn't a switch but operates levers which in turn manipulate the switches mounted lower on the steering column. This makes hotwiring easier as there is no guessing as to which wires turn on the pump and ECU, which turns on the starter relay, etc. - just break or remove the dashboard cover, pry up the levers the keyswitch drive, and play with the switch positions.
Having multi-factor authentication in the chain (chip in key, ICM, ECU/ECM all having the correct tokens, key code knowledge, etc.) is far better security. As this article points out it isn't perfect, but it a good deal better than your old school truck's shitty idea of security.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
This actually happened to me and my Audi about 3 years ago. Built in Nav system was stolen, with no signs of break in. Police told me they were informed about thieves intercepting the communication between key and car, using laptops and ordinary antennas. I read up on it and even found software and documentation that facilitates the process. I learned that, even though the electronic key system has some security embedded (rolling key codes are generated that are supposed to be impossible to predict ...) it is still possible to open the lock remotely. This is just related to the lock as far as I know, not the ignition or other things.
Just like they cracked the RFID in credit cards they listen for the RFID communications and decrypt it. Jeep must be using a weak code that can be brute forced.
Write the code to a blank key with a chip and you have just cloned a key.
Ford cars have been able to 'learn' new keys (my taurus hold up to six key codes). My guess is that they are exploiting that.
This is not so new as a few years ago a Russian syndicate had been found to be using notebooks with a radio card installed to blast BMWs and presumably other cars with remote start to get the car unlocked and started long enough to load them onto a truck.
So I drive a 1996 Dodge Ram 2500 Diesel Truck with 450,000+ km that runs reliably and gets good mileage without a computer.
So your Cummins requires 1 wire for run and 1 wire for start... It's not rocket surgery.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Three of my buddies had Dodge Lasers in the 90's. Two of them could open each others locks and start the car with their own keys. It also worked on other peopel Dodge Lasers. Dodge trucks and cars were easy to steal. Pup the night glow ring, punch the tumbler as a certain spot to pop it out and use the same screwdrive to turn the ignition on. Took about a minute.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
This problem has been known forever. Now you dont need to get into the car and use the OBD-II to access the ECU. Car companies have always claimed that security through obscurity is enough protection. This problem of controlling a car via an attack on a software stack has been talked about and even linked as early as March 2011. There is a wonderfully simple way to fix this problem, just PHYSICALLY ISOLATE SYSTEMS. Have one ECU that controls all critical car functions and have another computer with all luxury functions. You cannot hack what you cannot access. No need for fancy software security measures. No need to worry that those vulnerabilities in the open source Bluetooth stack used to save a few bucks. Just have two isolated computers.
>From what I've read, the hardened steel used in The Club takes a max of 15 seconds for a cordless angle grinder to take out.
Criminals don't cut through the club. They cut through the steering wheel, which has to be soft so it doesn't kill the driver in a collision. Takes 10 seconds with a dollar store hacksaw. Bring some dollar store duct tape and you won't even cut up your hands driving off.
That's why the brake pedal clubs are the new hotness. A small bit of missing wheel doesn't prevent driving the car. Cutting off the brake pedal? That's a problem. Not to mention the brake pedal is made of far stronger steel.