Slashdot Mirror
BMW Traps A Car Thief By Remotely Locking His Doors (cnet.com)
An anonymous reader quotes CNET:
Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal... Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (November 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," wrote Jonah Spangenthal-Lee [deputy director of communications for the Seattle Police Department].
The suspect found a key fob mistakenly left inside the BMW by a friend who'd borrowed the car from the owner and the alleged crime was on. But technology triumphed. When the owner, who'd just gotten married a day earlier, discovered the theft, the police contacted BMW corporate, who tracked the car to Seattle's Ravenna neighborhood.
The 38-year-old inside was then booked for both auto theft and possession of methamphetamine.
The suspect found a key fob mistakenly left inside the BMW by a friend who'd borrowed the car from the owner and the alleged crime was on. But technology triumphed. When the owner, who'd just gotten married a day earlier, discovered the theft, the police contacted BMW corporate, who tracked the car to Seattle's Ravenna neighborhood.
The 38-year-old inside was then booked for both auto theft and possession of methamphetamine.
Good for the guy who got his car back, and good that they put the would be thief away, but still, can't say I much like the idea that our corporate overlords can track your car (and therefore movements) and remotely lock down your vehicle.
If it's possible to lock someone inside a car — which is a really terrible feature, by the way — then how long before some car's AI flips out and drives off a bridge — into a river — with passengers inside...and locks the doors shut?
I found on documentary called Robocop II.
This incredibly rare set of circumstances is exactly why we should happily and unquestioningly give our freedoms and privacy away to corporations and to the government!
#DeleteChrome
Pulling the door opener lever on the door of a car overrides the locking mechanisms. This is a fire-safety requirement. The guy was probably just still asleep when the cops found the car.
People died while being locked in cars.
Two examples are : car fallen in the water, and people sleeping in a car while owner and friend locked it. The owner came back after a long hot weeken, his friend was dead inside.
Double lock is a dangerous feature.
aaaaaaa
I'm glad it was a thief with doors. A doorless thief would have escaped.
But I wonder how did they lock his doors remotely?
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Their R&D center was located on Chappaquiddick Island in Massachusetts. After a tragic accident as a result of Soviet hacking, Oldsmobile closed the center in 1969.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
I have never seen a "modern" car that doesn't have headrests. Those headrests can be detached and the metal spikes used to break the passenger windows.
The "feature" has already caused at least one death.
Last week, a burglar pried apart some security bars at my business and squeezed in. He was able to make off with some stolen goods because once inside, he was easily able to open the locked exit door. Fire codes require that all building exit doors accessible to the public be openable from the inside even when locked. These laws were made after repeated fires with huge death tolls exacerbated by locked exit doors. That's what the bar on the door you press when leaving most restaurants and stores does. Even when the door is locked, pushing the bar from the inside will open the door. That way if a fire breaks out, you're not trapped inside because the only person who has the key was the idiot who started the fire and is dead.
Same thing with refrigerators - both the old stand-up units which latched shut, and walk-in refrigerator/freezers used in restaurants. Too many people (especially kids playing) were dying after being trapped inside, that laws were passed requiring a mechanism which allows someone inside to open the latch on the outside.
I don't see why cars should be any different. Yes easy egress makes thievery easier. But preventing that is just not worth the potential loss of life. Any car designer who thinks this is a good idea should be locked inside one of their cars on a sunny day until they admit it's a terrible idea. Heck, after dozens of kids dying each year after being locked in the trunk of a car while playing, we finally passed a law mandating a release mechanism inside the trunk. And some idiot car designer decides it would be a good idea to make it impossible for someone inside the passenger compartment to exit at will? Shame on BMW for trying to spin this to the press as a "helpful" feature.
With my car, once it's been locked with the button on the key fob, after a certain amount of time, it deadlocks the doors - they can not be opened from the inside or outside without being unlocked. The unlock button on the driver's door will no longer function either after the car has been locked from the fob.
This means I could, if I wanted to, lock the car with the windows partially down and after a minute or so the car would be deadlocked - even if someone reached in to open the door, they would be unable to.
Specialist Mac support for creative pros, Melbourne
They would have to prove the owner knew someone was in the car at the time of him initiating the locking of the car. If anything BMW would be held liable for requiring "special knowledge" in order to unlock the car from the inside when a lock was initiated from the outside. Someone has died in a BMW from heatstroke due to this behavior and nothing has changed in the behavior. So I suspect it is unlikely any changes are made as a result from this case.
In an emergency, you're supposed to be able to break a car's side windows.
I supposed the "sun-cooked" guy had passed out (alcohol ? heat shock, while he was asleep ?) before realising he should get out of the car.
I'm more surprised that the thief didn't try to break out of the car. But, on the other hand the lock has happened while he was napping inside the car, so he might not have realised what had happened and did not release he should run away as fast as possible before the police arrives.
I would be much more worried about the remote disabling of the car :
- was some form of owner's access required in order to do the disabling ? (i.e.: the owner's second fob is needed in order to validate the instruction to lock and ignore the stolen fob ?)
- or does any sufficiently high executive at BMW have the power to shut down any random car ?
Also : is the remote access limited to very simple instruction (locking doors and revoking fobs - which as mentioned above shouldn't be dangerous except under special circumstances) or can the car be remotely shut down while it is driving ?
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I don't see why this is a story on Slashdot
Then you must not be thinking of the children. Or terrorists. Oh, and don't forget about children and terrorists.
This story sounds like nothing on the surface, right up until you realize that BMW can track their cars remotely and execute remote operations on them (this was just a teaser of their remote capabilities most likely).
From hacking that system to legal "justifications" sans warrants, this is a privacy and security nightmare.
But hey, carry on...nothing to see here according to the ignorant masses who have been trained that way. Simply because most "gadgets" these days are a privacy and security nightmare doesn't dismiss that fact, or the consequences.
I for one was rather baffled over the keyfob left in the car. My 8-year old car would not automatically lock the doors if it sensed the keyfob inside, so I'm assuming the car was left unlocked with the keyfob. Fail all around.
Not that I would in the first place.
If you don't have a hammer the headrests can often be removed and the metal ends used to break the windows
You're forgetting the child terrorists. And the childish terrorists. And the terrifying children. And the terrorists' children.
Mythbusters did a segment on this, and maybe a revisit. A pointy object certainly helps. Kicking with both feet can do it, though. The side windows are just tempered glass, not the plastic-laminated safety glass.
On the other hand, tapping the EDGE of the glass, such as when trying to unlock the car with a coat hanger, can easily shatter the window. That happened to be and I didn't hit it hard at all.
Yes, hammers look like stupid overkill. But people die in flash floods, often of underpasses. How? If the car stalls out because the water is deeper than expected, you or weaker family members will not be able to open the doors due to water pressure. If you don't get the windows open (due to hard rain?) before the power to them dies, you will have to break windows or drown. Nasty progressive trap.
This is a classic example of how even when you pay for a car, you don't really own it. (kind of like iPhones) Anyone could give any reason for "hijacking" the car. If the OWNER of the car could do this, okay. But this had to be done by BMW CORPORATE. Bit of a difference. Cars today should be scaring us. One has to assume any car with a remote lock can remotely imprison you. It's like that scene in the movie "Minority Report": you can be locked in your own car and "kidnapped" to whereever "big brother" (or smarter hacker using big brothers back doors) says you should be taken and that could create a LOT of havoc. We should seriously be rethinking this. You can say "big win against thieves" this is really a side effect, not the primary purpose. The real purpose, is to keep complete ownership of the vehicles and you in the hands of big brother + corporate. The obvious ability to be abused by government agencies and hackers alike don't matter to the creators or the governments that promote them. I wonder if Russian cars are implementing this feature yet. (Putin would LOVE it I'm sure). It's like that NSA information dragnet;it was never designed to protect the common citizen, just the common interests of those who already have perhaps a bit too much power already.
"Imagination is more important than knowledge" - Einstein
I've worked in government, where regulations forced specific security requirements. Because the regulations were based on some guy's understanding that was slightly outdated and slightly questionable at time they were written, they were completely outdated and foolish by the time we were following them.
As an example, regulations require the use of MD5, though weaknesses were found in MD5 in 1996 and it was more completely broken in 2004-2007. SHA-1, SHA-2, or SHA-3 would be much more secure, but regulations require MD5.
The federal standards relating to classified information are *better* at confidentiality though they don't account for the most recent threats, but they are wholly inappropriate for many tasks. They're also expensive and restrictive to implement because they require that each module by certified ("validated") which can take two years and several hundred thousand dollars - per module.
If there's anything that can be done on the legal side which can actually work, I think it'll be around liability. If you sell a product or service that gets hacked, you're liable unless you can prove that you followed best practices. A problem there is apparent if you've watched a locksmith unlock a few things. I used to work as a locksmith, and most locks, locks that follow industry standards, take about 30 seconds to open (hack). The highest security locks you'll normally find are made by Medeco. They take many minutes, even an hour or more, to open without a key. IT security isn't completely different, there's no magic that will keep a skilled attacker from abusing a system.
What we *can* do is harden systems against script kiddies and accidents - be sure that our systems don't allow employees to accidentally set our customer database to be directly accessible via the web, and our web site doesn't crash when John O'Reilly registers because he has an SQL "quote" in his name.
I've been doing information security full time for twenty years and before that I studied law. I don't see any clear way that law can improve information security much. Attempts to do so may well just make things more expensive, and possibly no more secure.
This seems like the kind of thing that should have been a chapter in Doctorow's "Car Wars" short story.
There is always a mechanical override, it's a part of car safety laws in most western countries, U.S. included. Summary is wrong, possibly the article too.
A successful API design takes a mixture of software design and pedagogy.
We've had the ability to virtually eradicate auto theft since the 1970's. There's only 2 ways to steal a car, drive it or tow it. Locking brake systems immobilize vehicles rendering them immovable, thus virtually unstealable. However, for every vehicle stolen, another is sold. (the replacement), so auto industry lobbyists have fought hard both hide this fact and ensure no laws are enacted. All other electronic gadgets are just distractions.
Good advice. Sadly, car manufacturers should have a manual old school override in all the cars today to let you roll down a window without power. Even if it just on one of the four doors, it'd help.