Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

New Cars Vulnerable To Wireless Theft

timothy posted more than 3 years ago | from the unauthorized-driver-detected dept.

Security 280

tkrotchko writes "In a story published by Technology Review, researchers have demonstrated multiple times that they can bypass the security of wireless entry and ignition systems to take a car without the owner's permission. As researchers in the article point out, car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away. Although this article is light on technical details, a companion article shows how the researchers accomplished the security bypass. An interesting read, and certainly something that will no doubt be the subject of a new movie any day now."

Sorry! There are no comments related to the filter you selected.

A movie, you say (4, Funny)

jeffmeden (135043) | more than 3 years ago | (#34782906)

An interesting read, and certainly something that will no doubt be the subject of a new movie any day now.

How about "gone in 60 microseconds"?

Re:A movie, you say (2)

dch24 (904899) | more than 3 years ago | (#34783072)

gone ins 60 microseconds

Kind of like the "security bypass" - it talks about a completely unrelated hack on the TPMS... unless it disappeared before I read it. (I'm talking about the "companion article [technologyreview.com] ").

Why didn't they just use a standard passive RFID setup? They're not making money selling batteries to customers... I'm confused.

If on the other hand the key has enough power to transmit its signal 100 meters (passive RFID can't do that) then it has enough power to have a real PKI. But I don't think that's the best idea for this use case.

I disabled keyless entry on my car (1)

Anonymous Coward | more than 3 years ago | (#34782980)

Well sort of. I couldn't disable smash-the-window entry.

Re:I disabled keyless entry on my car (0)

Anonymous Coward | more than 3 years ago | (#34783376)

Well sort of. I couldn't disable smash-the-window entry.

Not that I'd use it but what I want to see is a device that tries transmitting all the "panic button" codes to every car within a few hundred meters or more. Hypothetically somebody could use it in a crowded parking lot and watch the ensuing chaos as hundreds of car alarms go off at once. It would make a nice protest for the jackasses who have alarms that go off for no good reason that you hear every 10 minutes anyway.

Re:I disabled keyless entry on my car (2)

dgatwood (11270) | more than 3 years ago | (#34783540)

What do you mean you might not use it? Really? I think every geek dreams about being able to simultaneously set off ten thousand car alarms. It was awesome enough just being in a marching band and setting off five or six along the parade routes.

Re:I disabled keyless entry on my car (0)

Anonymous Coward | more than 3 years ago | (#34783598)

He said he MIGHT NOT use it. This doesn't rule out the possibility.

Re:I disabled keyless entry on my car (4, Funny)

dgatwood (11270) | more than 3 years ago | (#34783658)

Yeah, and I might not post this.

Re:I disabled keyless entry on my car (1)

houstonbofh (602064) | more than 3 years ago | (#34783754)

They have one. It is called a Harley Davidson with open pipes.

Duhhhh (5, Insightful)

phantomcircuit (938963) | more than 3 years ago | (#34782990)

I'm sure pretty much anybody who even remotely understands anything about tech saw this one coming.

Ross Anderson (4, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#34783094)

Ross Anderson's security engineering textbook discusses this problem, as well as how cryptographic systems like Keeloq might be attacked, and some other related topics. I am going to guess, though, that the manufacturer's view is that a thief with the technical skills needed to take advantage of these vulnerabilities is rare (not saying I necessarily agree) and that most thieves will just smash the window and try to steal the radio before the cops arrive (do people still steal car radios?).

Re:Ross Anderson (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34783304)

The problem with the manufacturer's view(banks seem to approach ATM skimmers with the same naivete) is that it only takes somebody with technical skills to do the actual cryptoanalysis, followed by some opportunist with a shady supply chain to "productize" the hack into something that you'll be able to buy over the internet for a few hundred or thousand dollars and operate with about as much difficulty as the average MP3 player...

Obviously, if every thief had to make his own tools, the intersection between people who can analyze novel(if flawed) cryptosystems and then build attack hardware that puts out sufficiently clean RF output exploiting whatever vulnerabilities exist and the people who steal cars for a living is pretty much zero. Stealing cars just isn't lucrative enough, unless times are very hard for engineers of reasonable talent.

That isn't the way it works, though. The guys doing the break-n'-grab are just peons using tools created by others(apparently, with ATM skimmers, there are even "franchise" style setups, where you get access to the hardware in exchange for uploading a percentage of your skims to your sponsor...) And, building sophisticated electronic tools is a perfectly fine business, definitely worth the time of talented people, particularly ones in locales with weakish rule of law and relatively low local wages...

Analyzing a system's security by saying "eh, how many carjackers are cryptoanalysts?" is sort of like dismissing the risks of a bad neighborhood by saying "Eh, how many muggers are machinists and gunsmiths?" It is true that the answer is "Not many, possibly zero"; but that won't exactly keep you from getting shot.

Re:Ross Anderson (2)

dgatwood (11270) | more than 3 years ago | (#34783622)

Exactly. It's basically the DRM problem all over again. Companies spend money to build DRM under the assumption that 99.99% of people won't have the ability to crack it, forgetting that it only takes one to put it on Bittorrent, at which point it doesn't matter that the other thousand folks couldn't crack it. The only difference is that at least with car alarms, you aren't trying to keep your actual customers from getting the key data from their dongles. (Well, knowing the automakers, they probably are, if only to prevent third-party replacement key manufacturing, but at least it isn't a significant part of their business model.)

A lot of car theft is highly organized already. I mean, it's not like you can sell those stolen cars on the street, and operating a chop shop takes money, space, equipment, etc. So if there are weaknesses in the security, the question is not whether they will be exploited, but when.

Re:Ross Anderson (1)

mcgrew (92797) | more than 3 years ago | (#34783398)

The problem isn't just that they can get into the car easily, it's that they can get in the car, start it, and drive away.

Stealing cars used to be easy. There were no fancy electronic keys like we have now, no steering locks like now. All you had to do was open the hood, run a wire from the battery to the coil, and short two terminals on the starter, get in, and drive away.

Re:Ross Anderson (1)

houstonbofh (602064) | more than 3 years ago | (#34783800)

But what is hard now is easy later. The iPhone 10 will have an app to start 7 year old cars... Sorry. I meant Android 10.

Re:Duhhhh (1, Redundant)

ThunderBird89 (1293256) | more than 3 years ago | (#34783334)

Shameless self-promotion [blogspot.com] : I covered this in my blog when Hackaday did an article on a study about this.

The real threat isn't just someone stealing your car, imagine parking a car on the overpass above a busy highway, with a high-power transmitter, and beaming a bit of code at cars that disables the brakes. Or how easy untraceable assassinations will become: since the code can be made to erase itself after execution, nobody can prove it wasn't a technical error but sabotage.

Re:Duhhhh (1)

icebike (68054) | more than 3 years ago | (#34783554)

Exactly.

The same is probably true for Near Field Communications being developed d for financial transactions, such as in the Nexus S smart phone. (In fact that is just about the only reason the Nexus S exists, in all other respects it is a pretty standard Samsung phone).

Keyless entry and NFC simply do not have the security layer in place for the tasks that are being asked of them.

But when everything moves into your phone, keys, credit cards, and passwords, better security layers will have to be developed. Right now, its way too soon to be pushing this stuff into the market place.

In the mean time, a physical key simply is not that much of a problem to deal with, and there is zero increase in user convenience in wireless key fobs. You still have to have it with you.

Can it be disabled? (2)

commodore64_love (1445365) | more than 3 years ago | (#34783004)

If my car comes with a wireless key fob to unlock the car, can that function be disabled?

Re:Can it be disabled? (1)

TheL0ser (1955440) | more than 3 years ago | (#34783044)

Off the top of my head I'd say yes, if you have a big enough sledgehammer.

More seriously, while I know nothing about how these work, I would assume there is some kind of antenna receiving the fob's signal. Finding and either disconnecting or isolating the antenna is another story.

Re:Can it be disabled? (1)

shadowfaxcrx (1736978) | more than 3 years ago | (#34783108)

on most cars these days there are several: one on the outside, a few scattered on the inside, and one in the trunk to detect when you're about to lock your keys in there.

Re:Can it be disabled? (1)

dch24 (904899) | more than 3 years ago | (#34783110)

If you have the wrong type of keyless entry, you can't disable it.

Example: several brands of cars made in Germany. It's a good design. The dash wirelessly authenticates the key, in addition to the physical ignition lock.

You can't disable it (very easily). It's designed to be tamper-resistant, from the factory.

yes. take the battery out of the fob (1)

YesIAmAScript (886271) | more than 3 years ago | (#34783214)

These people are all just doing replay attacks (due to the rolling code systems used), so if you turn off your transmitter, they'll never find the way into your car.

Re:yes. take the battery out of the fob (1)

commodore64_love (1445365) | more than 3 years ago | (#34783460)

Oh okay.
Mine's laying in my sock drawer - never been used. So any thief would never be able to use a transmitter to record its code (unless they broke in my house and stole it). The reason it's in my drawer is because I don't like the bulk of those fobs sitting in my pocket.

Re:Can it be disabled? (1)

peragrin (659227) | more than 3 years ago | (#34783216)

No. The wireless part is tied into the ignition computer. Basically in order to turn it off you have to replace a SOC, with a version that works without it.

When the battery in mine died. I have a "valet" key that functions like a normal key however it can be driven without the fob present. Useful, but not without risks.

These FOB's need to be passive but still with random crypto. or at least make sure the transceiver part of the circuit is passive and only use the battery for the encryption system.

Re:Can it be disabled? (1)

Shadyman (939863) | more than 3 years ago | (#34783332)

If it's an older car, it's typically just a fuse on the fuse panel to disable power door locks, and by extension, keyless entry.

Re:Can it be disabled? (1)

Kalidor (94097) | more than 3 years ago | (#34783350)

Short answer is, yes. Longer is .. depends on the car manufacturer. My parents got a car with one of the wireless fobs as an occasional drive car, the problem is the receiver for the fob drains the battery a good 80% quicker with it on, so the manufacturer put a button under the dash near the bottom of the steering column, that when pushed and held for a certain time disables the receiver in the car. Ostensibly, it's a power save feature, however I view it as a security feature as well since the physical keys still work as does the alarm system.

Re:Can it be disabled? (2)

Enderandrew (866215) | more than 3 years ago | (#34783382)

I just bought a new Rav 4 and it didn't come with a physical key, only a fob. The only physical key I was given was for the glove box.

Nor surprising ... (5, Interesting)

gstoddart (321705) | more than 3 years ago | (#34783016)

Apparently my mother in law used to have a civic with keyless entry ... in a small town of <30,000 there was another Civic of the exact same color which used the same code.

They found out one time at the mall that they could each open the other's car.

I bet there's not nearly enough uniqueness and security in these things.

Re:Nor surprising ... (3, Interesting)

Colonel Korn (1258968) | more than 3 years ago | (#34783122)

Apparently my mother in law used to have a civic with keyless entry ... in a small town of <30,000 there was another Civic of the exact same color which used the same code.

They found out one time at the mall that they could each open the other's car.

I bet there's not nearly enough uniqueness and security in these things.

Last week I drove a friend's late-90s Nissan in Mountain View. It's got a plain old mechanical key. On my way out of a store I walked up to a sedan of the same color, unlocked it, and then realized it wasn't even a Nissan. I confirmed that the key worked by locking it again from the outside before fleeing a couple aisles to the correct car.

Re:Nor surprising ... (1)

Anonymous Coward | more than 3 years ago | (#34783454)

Apparently last week my friend's mother in law used to have a late-90s civic with a plain old keyless mechanic. On her way out of a small town she unlocked three cars that were the same color.

All cars that are the same color must have the same keys!

Another mystery solved by /.

Re:Nor surprising ... (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34783544)

Last week I drove a friend's late-90s Nissan in Mountain View. It's got a plain old mechanical key. On my way out of a store I walked up to a sedan of the same color, unlocked it, and then realized it wasn't even a Nissan. I confirmed that the key worked by locking it again from the outside before fleeing a couple aisles to the correct car.

In true slashdot fashion I shall pontificate without RTFA. Sounds like the wireless key designers have just carried over the mentality from the mechanical key designers here - a couple of hundred, maybe thousand, different key patterns distributed semi-randomly over millions of cars gives you pretty good security because testing any particular key on any particular car is a physical act with lots of manual overhead. But with wireless keys it can all be automated - you can even test multiple cars simultaneously without exposing yourself as a potential thief - just sit in your own car and let the laptop do all the work broadcasting all the possible keys to all of the cars in the near vicinity until one of them spontaneously unlocks.

It should be possible to do completely unique wireless keys and do them in a highly secure fashion, say with public key crypto for example to prove knowledge of a shared secret. I bet these key guys haven't done it because they aren't crypto experts and they don't know enough to call in the crypto experts to give them good advice.

Re:Nor surprising ... (1)

Anonymous Coward | more than 3 years ago | (#34783550)

Ha! I hopped into my car once with a group of friends outside a pub and spend half an hour drinking and smoking weed before I went to turn on the radio and realised it wasn't my car.

Re:Nor surprising ... (1)

boom1shot (1663101) | more than 3 years ago | (#34783210)

Apparently my mother in law used to have a civic with keyless entry ... in a small town of <30,000 there was another Civic of the exact same color which used the same code.

They found out one time at the mall that they could each open the other's car.

I bet there's not nearly enough uniqueness and security in these things.

I think yo' momma [in law] is full of shit [howstuffworks.com] .

Re:Nor surprising ... (1)

gstoddart (321705) | more than 3 years ago | (#34783262)

I think yo' momma [in law] is full of shit

Don't much care what you think -- this has been corroborated by several people who were there.

Re:Nor surprising ... (4, Informative)

boom1shot (1663101) | more than 3 years ago | (#34783758)

I guess it is possible, but it is human error; nothing else. I acquired certifications for 25+ sales people and finance managers at a dealership that sold 4 different manufacturer's lineups. It is possible to sync those keyfobs to two vehicles, as the keyfob itself is the actual authenticator to unlock the vehicle, in the communication between car and keyfob; and then car just authenticates that, "yes, you have sync'd me to this key before." Unlocking two cars with the same keyfob, regardless of whether or not it is a proximity fob with a continuous signal or a regular old push-button-to-unlock-fob, is only a matter of sync'ing both cars to that fob. It just means at some point in time, there was a cruddy mechanic who didn't decide to wipe the key because, "woops, I just sync'd this key to the wrong car... I wonder what I need to do." They leave the car to go ask someone, and then discover the key is still opening the car it belongs to. Works for them. Those keys didn't come from the OEM ready to open both cars. No way, no how.

Re:Nor surprising ... (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34783278)

That article doesn't debunk his in-laws story though.

Re:Nor surprising ... (2)

Shadyman (939863) | more than 3 years ago | (#34783380)

No, it's just a statistical improbability. There was a story on FARK once about someone who came out of the mall, unlocked a car that looked identical to hers, and drove it home.

IIRC, about halfway home, she realized it wasn't hers, and took it back. In the meantime, the other woman had called police. I don't think charges were laid because it was an honest mistake.

[Citation needed]

Re:Nor surprising ... (1)

operagost (62405) | more than 3 years ago | (#34783422)

FWIW, that's obviously not a proximity wireless key but the standard active one that doesn't transmit until you press a button. This article is about the proximity keys that transmit constantly.

Can be turned off (0)

Anonymous Coward | more than 3 years ago | (#34783028)

Check your manuals. At least in my car, this feature could be turned off. In fact, I turned it off before I even drove it off the dealer's lot, due to this exact concern.

Re:Can be turned off (3)

afidel (530433) | more than 3 years ago | (#34783290)

Why? Mechanical locks are just as vulnerable if not more vulnerable so why put up with the inconvenience? Heck thieves have been known to use flatbed wreckers to haul off cars to take them to a chop shop, disabling your keyless entry certainly isn't going to stop that!

Re:Can be turned off (1)

eepok (545733) | more than 3 years ago | (#34783626)

Wireless Activation: Walk up to car, get in car, drive away.

Mechanical Locks: Walk up to car, break window or slim jim the lock (both loud when the car has an alarm), hotwire/break ignition system, try to disable the alarm, drive away.

It's the difference between using a fake ID to get into a bar and having to punch a couple of people in the face to get into the door. The latter is inherently a bit more risky and likely to draw attention.

The "inconvenience" of using a key is worth the minute effort for the small, but more significant deterrence possibility.

Predicted future news (1)

Even on Slashdot FOE (1870208) | more than 3 years ago | (#34783038)

Wireless communications are vulnerable to spoofing, news at 11.
Also, cloned cell phones!

Beats getting carjacked (2)

commodore73 (967172) | more than 3 years ago | (#34783054)

I mean, if they're going to take the car anyway...

Top Gear showed that this is possible now. (-1)

Anonymous Coward | more than 3 years ago | (#34783066)

The 2nd American Special episode of Top Gear showed one of the presenters doing exactly this.

The key to a Chevy Charger was in Hammond's pocket while he was in a restaurant while Jeremy then proceeded to explain that it was a wireless key and then moved his car from parked next to the restaurant into the street and left it there.

He could just as easily have moved it onto a car trailer and driven off with it.

Re:Top Gear showed that this is possible now. (1)

shadowfaxcrx (1736978) | more than 3 years ago | (#34783138)

I'm pretty sure that was staged for entertainment purposes. Most cars require that the key be *inside* the car, or very close to it in order to start. A guy sitting in a diner with a wall/window and several feet of parking space/sidewalk/restaurant between him and his car probably wasn't close enough.

Re:Top Gear showed that this is possible now. (1)

YrWrstNtmr (564987) | more than 3 years ago | (#34783400)

The key to a Chevy Charger

A what?

Already on TV (0)

Predius (560344) | more than 3 years ago | (#34783068)

It's already been shown on TV, an NCIS episode has one guy using an iPhone app plus the VIN of an OnStar equipped car to unlock the car.

Re:Already on TV (0)

Galestar (1473827) | more than 3 years ago | (#34783136)

FYI: NCIS is fiction

Re:Already on TV (0, Insightful)

Anonymous Coward | more than 3 years ago | (#34783238)

He was probably referring to the summary: "and certainly something that will no doubt be the subject of a new movie any day now."

Re:Already on TV (2)

StikyPad (445176) | more than 3 years ago | (#34783346)

I'm sure he was commenting on the last sentence of TFS, not the viability of the attack.

Re:Already on TV (0)

Anonymous Coward | more than 3 years ago | (#34783518)

Hmm. So was the product placement paid for by GM in regards to OnStar, or was it placed by someone else?

Nothing appears in shows these days without having been paid to be there :P

So... (1)

Anonymous Coward | more than 3 years ago | (#34783078)

Thats why we have insurance. And i assume they'll use the nav system to go to your house and rob it and kill your family and pets too right. Gimme a break.

This still won't cause much of an impact (1)

DontLickJesus (1141027) | more than 3 years ago | (#34783088)

This may become a problem for high-end cars. But to be honest lower to middle class folks only typically go so far as wireless entry. You still have to get the ignition going in these cases. Those systems have already been exploited, and yet most car thieves still simply result to smashing or picking something. Tech overhead on low end crime doesn't usually work well.

Re:This still won't cause much of an impact (2)

peragrin (659227) | more than 3 years ago | (#34783248)

You do realize Nissan is selling keyless ignition systems on their Sentra model line right? a $20,000 car isn't that much but you can get one of these systems.(I know I love the convience of mine, but I do wonder about the risks)

Re:This still won't cause much of an impact (2)

hardburn (141468) | more than 3 years ago | (#34783280)

I drive a stick. I expect most car jackers today will manage to get maybe three feet away.

More seriously, this really isn't a big deal. Car thieves use much faster and cruder methods, like hammering a screwdriver into the lock, or just break the window. Car alarms are a joke, too. When was the last time you heard somebody's car alarm go off that wasn't due to a big truck running by, or a dog brushing up against it, or kids throwing rocks?

Re:This still won't cause much of an impact (1)

Riceballsan (816702) | more than 3 years ago | (#34783488)

Well on alarms to your statement I would say that comparison is on par with saying "when was the last time your smoke alarm went off and your house was actually on fire". Car thieves generally don't hit in times and places where you would be passing by. However I do agree on thier uselessness primarally due to the quanity of false alarms have desensitized everyone to the sound. If you hear a car alarm go off outside your appartment your first reaction is, will someone shut that f*cking thing up, instead of someones car is being broken into, I should call the police.

Re:This still won't cause much of an impact (2)

afidel (530433) | more than 3 years ago | (#34783430)

Exactly, the people capable of this are able to get jobs that pay much better than stealing cars and there won't be easy to use tools for the idiot thieves to use because simply selling criminal tools is a crime, again keeping the skilled people out of the market.

Ghost Dog did it first (3, Interesting)

elrous0 (869638) | more than 3 years ago | (#34783096)

This was how the lead character in Ghost Dog [imdb.com] stole his cars. Great movie, BTW.

relaying the wireless data? (2, Interesting)

YesIAmAScript (886271) | more than 3 years ago | (#34783120)

That's really weak. That's barely a security hole at all. Someone has to be near me to have a system to talk to my car key?

Also, the explanation article isn't an explanation at all, it talks about tire pressure monitoring systems and how to spoof readings from those to the dash. It also makes the mistake of saying that the TREAD Act requires you have a wireless tire pressure monitoring system. That's not true at all, the requirements for tire pressure monitoring can be done completely passively by monitoring the effective circumference of the tire (rotation speed) and is done so in many makes.

Re:relaying the wireless data? (1)

shadowfaxcrx (1736978) | more than 3 years ago | (#34783186)

Exactly. They were flipping out about this on some car forums a few weeks back (yeah, /. is behind the curve here) but I don't really see the issue. First off, TPMS monitors receive three kinds of signals: "This is my ID," "This is the tire pressure," and "Error."

It's not like you can send a "shut off the motor" signal through TPMS. It's not set up to receive that (and would therefore just drop it as junk data) and even if it were, it's not set up to carry out the command. At best on some of the better cars you could disable traction control by reporting pressures outside the limits of TCS to handle.

Re:relaying the wireless data? (1)

blair1q (305137) | more than 3 years ago | (#34783310)

Actually, it's a hell of a security hole.

The vulnerability is that the system depends on proximity but does nothing to verify proximity, it merely assumes that the presence of a recognizable signal implies proximity of a valid security token.

The exploit is to create a wormhole in proximity space, bringing the transmitted signal closer to the receiver space even though the transmitter space is far, far away, without making the transmitter traverse the Euclidean space in between.

Unless hands-free keyless systems are somehow upgraded to ensure that proximity of the signal is proximity of the security token, this spells their utter doom. We're back to fishing in our pockets for the Unlock button.

BTW, the second link is an apparent screwup. The first article had all the info needed. /. summarizers are only a few IQ points above /. editors, who would have a hard time out-parcheeseing a truffle.

Problem is... (like spam) (0)

Anonymous Coward | more than 3 years ago | (#34783152)

Some clever Russian(s) are going to start building these devices and selling them online for say $2000 a pop much like they sell spamming/botnet toolkits. Stealing a car will require 0 real effort and will be much safer (since you just walk up to it, get in and drive away, no need to fiddle with the door locks/ignition for a few minutes). Good luck fixing all the affected cars.

Detraction (1)

blair1q (305137) | more than 3 years ago | (#34783172)

these types of solutions detract from the convenience that makes passive keyless entry systems worthwhile.

But when the key is not even a key, that detracts from the thing that causes it to exist, so it might as well not.

I saw this happen last Knight (5, Funny)

Anonymous Coward | more than 3 years ago | (#34783192)

So I was drinking a wine cooler and watching Knight Rider last night and Some dude totally hacked Kit using a TI computer and an ATARI joystick. This tech has obviously existed since the 80s. Sheesh.

Re:I saw this happen last Knight (1)

StikyPad (445176) | more than 3 years ago | (#34783678)

Wine coolers are for pussies. Now Zima, that's a man's drink.

Is it just me or? (1)

Johnny Fusion (658094) | more than 3 years ago | (#34783198)

Does the line: "car security systems will begin have a real impact to every day use if a thief can simply walk up to your car and drive it away." seem to imply car thievery is a new thing? Thieves have been stealing cars since you had to hand crank the engine. Sure the techniques in 1911 were different from the techniques in 2011 but this is a a bit hysterical isn't it? Criminals are always getting better than security which leads to better security which leads to more cunning thieves, like any living system, it will continue to evolve.

Re:Is it just me or? (1)

blueg3 (192743) | more than 3 years ago | (#34783458)

This is like a variation of when lawmakers write a law that takes an already-illegal act and adds "on the Internet" or "with a computer".

Yes, car thieves can steal your car. But now it's wireless!

Which Models, I wonder (1)

GizmoToy (450886) | more than 3 years ago | (#34783202)

The article doesn't say which models and brands were attacked. I'd be curious to see which ones they got.

These keys are certainly extremely useful. The key on mine detects if its inside or outside the car, and can even open the trunk if I touch a button by the tail lights. The fact that the manufacturers haven't considered the security ramifications of these keys is unsettling.

From the description, this seems to be a variation on the standard man-in-the-middle attack. These manufacturers should know better.

The ultimate theft deterrant (1)

Anonymous Coward | more than 3 years ago | (#34783236)

Is a stick shift. Even if they get into your car & manage to get it started, your average car thief has no idea how to drive a stick shift.

Re:The ultimate theft deterrant (1)

TechnoFrood (1292478) | more than 3 years ago | (#34783418)

Perhaps in any country where Automatic transmission cars are the norm, here in the UK the vast majority of cars are Manual transmission.

Re:The ultimate theft deterrant (0)

Anonymous Coward | more than 3 years ago | (#34783424)

Only in the US...

Re:The ultimate theft deterrant (1)

by (1706743) (1706744) | more than 3 years ago | (#34783572)

Of course, it's also easier to roll a stick shift car onto a flatbed -- shifting into neutral and disengaging the parking brake requires physical access alone, whereas shifting into neutral in an slushbox usually (right?) requires the key. Not exactly a showstopper if you're just gonna put it on a trailer, but still.

Fob range extender (1)

foo1752 (555890) | more than 3 years ago | (#34783240)

This just sounds like they build a range extender for the key fob, allowing the fob to be MUCH farther away from the car than it would normally have to be. This is nice to allow access to the car and to get it started, but once you've driven the car out of range of the (range-extended) fob, you'll never get the car started again. Maybe it doesn't matter if they're just taking the car to a chop shop. Still scary, though.

Take without permission, otherwise known as steal (5, Funny)

noidentity (188756) | more than 3 years ago | (#34783314)

they can bypass the security of wireless entry and ignition systems to take a car without the owner's permission

If only we had a word that meant taking something without the owner's permission...

Re:Take without permission, otherwise known as ste (1)

trollertron3000 (1940942) | more than 3 years ago | (#34783536)

LOL I wish I had mod points. I thought the same exact thing when I read that.

Re:Take without permission, otherwise known as ste (5, Funny)

thewils (463314) | more than 3 years ago | (#34783566)

That would be "copyright infringement" right?

Re:Take without permission, otherwise known as ste (1)

TheL0ser (1955440) | more than 3 years ago | (#34783790)

No, no, no... "stealing" is taking without permission. "Copyright infringement" is setting fire to someone's house, kicking their puppy, selling their child off for medical research, punching them in the nose, and then taking something without permission.

Re:Take without permission, otherwise known as ste (0)

Anonymous Coward | more than 3 years ago | (#34783608)

Hey, it's not theft, it's copyright infr- wait...okay, yeah, that's stealing.

Nope. (-1)

Anonymous Coward | more than 3 years ago | (#34783316)

Okay... someone could start the car without the key.

All that'd do is waste gas. Most vehicles with the feature have a locked steering wheel and will not steer or shift out of (P)ark unless the key is in the ignition slot. It ain't going anywhere without the key. In practice, this is not a serious problem.

Please... do some actual field research before posting stories like this.

Re:Nope. (1)

Anonymous Coward | more than 3 years ago | (#34783366)

My prius doesn't need a key in the ignition at all. It just needs the transceiver to be close.

I leave it in my pocket when I drive.

Re:Nope. (1)

wcrowe (94389) | more than 3 years ago | (#34783594)

Um, yeah. I think you need to do a little field research.

Re:Nope. (-1)

Anonymous Coward | more than 3 years ago | (#34783730)

I had done... unless the RFID tag that is part of they key is very close to its designated slot, all cars that I have seen with this feature will not shift out of Park, even though the engine may be started, and the steering wheel remains locked, so it is impossible to drive, let alone steal, until the key is in close enough proximity to the steering column.

Thieves must be fairly dumb (1)

turing_m (1030530) | more than 3 years ago | (#34783364)

I think you need to be a little switched on to know and try this sort of stuff in the first place. Which means you can probably either get an acceptable paying job (at least, better paid than burger flipping) with zero risk of going to jail, or perhaps a higher paying and ethically dubious occupation but with less risk there too. Like an "opportunistically pricing" mechanic, for example. He may charge a woman $500 for changing a spark plug but he's not going to go to jail for it.

The reason I came to this conclusion is reading the famous Chula Vista Residential Burglary Reduction Project report. Only 4% of burglars pick locks. Now why is that? Is it too hard for the average burglar to learn, or was it too hard to learn how to pick locks when that was written? I'm guessing the former was the deciding factor.

Mini Faraday Cage (1)

rnaiguy (1304181) | more than 3 years ago | (#34783384)

Surround the fob with foil (or a more custom-designed solution) while away from the car, and problem solved.

Re:Mini Faraday Cage (1)

MiniMike (234881) | more than 3 years ago | (#34783534)

Surround the fob with foil...

Great, now people will think my key fob is crazy...

Re:Mini Faraday Cage (1)

rnaiguy (1304181) | more than 3 years ago | (#34783670)

But it would go well with the headgear of many slashdot readers.

they can only hack tire Pressure Monitors (1)

jroc242 (1397083) | more than 3 years ago | (#34783392)

the companion article only mentions hacking the tire pressure monitors which are wireless sensors in the wheels. it makes no mention of starting the car and driving away.

Re:they can only hack tire Pressure Monitors (1)

GizmoToy (450886) | more than 3 years ago | (#34783496)

I think the "companion article" is not as related as the posted claimed it to be. After having read both, they're about two completely different topics.

New patent: Unsnoopable car lock (5, Funny)

Midnight Thunder (17205) | more than 3 years ago | (#34783396)

This patent presents a locking system for automotive vehicles that can not be snooped by a nearby wireless hacker. This approach eliminates the need for problem prone wireless receivers and transmitters, whose signal can easily be captured by a third party in the vicinity. This devices presents an opening in the door of about 2mm x 5mm and requires the use of a specifically shaped piece of metal This piece of metal would be unique to each owner. Activation and deactivation is accomplished by a rotational action in either clock-wise or anti-clockwise directions.

This patent is truly ground-breaking since it eliminates the need for an electronic system to function.

Re:New patent: Unsnoopable car lock (5, Funny)

TheL0ser (1955440) | more than 3 years ago | (#34783530)

I can find no fault nor prior art with regards to your patent application. Your application is hereby approved. Please note that on the way out the door intent to sue forms are on your left, and a directory of lawyers on your right. For your convenience, we have also supplied a list of the largest companies that may be possible targets for your legislation. Thank you for visiting the Lawsuit-o-matic Patent Office, and have a nice day.

Just saw somethign similar on the morning news! (2)

Phizzle (1109923) | more than 3 years ago | (#34783408)

The morning news in SF Bay Area showed home security footage of someone just walking up to a supposedly locked up car (Toyota) and looting it without using a key or smashing windows. Apparently there has been a bunch of car robberies of this nature around the Bay Area.

Re:Just saw somethign similar on the morning news! (1)

whoda (569082) | more than 3 years ago | (#34783486)

Yep, I saw it too. The interior lights all came on and everything, just like it would with the normal clicker.
Of course Toyota says they haven't ever received any proof of it happening. LOL

Wireless Theft Aint nothin new (1)

thewils (463314) | more than 3 years ago | (#34783450)

In my old car I had the wireless stolen. I just put another one in.

Luddites (1)

nurb432 (527695) | more than 3 years ago | (#34783464)

Good thing i refuse to have those options in my car.

This matters for nothing (2)

BigSlowTarget (325940) | more than 3 years ago | (#34783478)

If they are going to take your car they are going to take your car. It might be easy, it might be hard but as long as cars can be towed you'd better kiss it goodbye if someone wants it bad enough.

The biggest theft deterrent around is probably title registry and money laundering laws, the locks just protect you from the joyriding kids.

Re:This matters for nothing (2)

eepok (545733) | more than 3 years ago | (#34783724)

False dichotomy: Criminals want to steal your car or they don't.
Tautology: If they are going to steal it, then they are going to steal it.

The decision to commit a crime is relative to the reward of the crime and the risk of getting caught. If the risk is low enough in relation to the value of the crime, then the criminal will commit the crime. If it's not, and there's no mitigating circumstances, the criminal will not commit the crime.

Make your car as difficult as possible to be stolen and your car will be less likely to be stolen. If it is stolen, then you will have a higher chance of recovery.

Woopdeedoo (1)

trollertron3000 (1940942) | more than 3 years ago | (#34783514)

This one guy showed me he could do the same with a screw driver and a hammer when he stole my car. And he didn't have any research grants..

Obligatory RIAA joke. (2)

Riceballsan (816702) | more than 3 years ago | (#34783546)

If this technology became more commonplace, and car theft becomes easy as downloading an ap for your iphone we may have to reverse our slogans. Start an anti car-theft promotion, You wouldn't download a song would you?

Insurance companies don't pay (1)

Anonymous Coward | more than 3 years ago | (#34783584)

When your car is stolen with no obvious sign of forced entry. They consider it to be a fraudulent claim and that you were the one that stole your own car.

The "companion" article is irrelevant (2)

sirwired (27582) | more than 3 years ago | (#34783614)

The companion article talks about something entirely different, namely security issues with wireless Tire Pressure Monitoring Systems. Neither the main article nor the "companion" article talk about the TPMS hack having anything whatsoever to do with vehicle theft or sabotage at the current time.

My Solution (1)

frinkster (149158) | more than 3 years ago | (#34783682)

I drive a car that nobody wants to steal. In fact, so few people wanted my car that Volvo stopped selling it in the US.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?