RFID-enabled Vehicles: Pinch My Ride 429
Billosaur writes "Wired has an excellent article on the problems with the theft of
RFID-enabled vehicles and how insurance companies are so over-confident in the technology, they are denying claims when such vehicles are stolen. Example: "Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been. The 38-year-old truck driver and former reserve Los Angeles police officer did what anyone would do: He reported the theft to the cops and called his insurance company. Two weeks later, the black SUV turned up near the Mexico border, minus its stereo, airbags, DVD player, and door panels. Wassef assumed he had a straightforward claim for around $25,000. His insurer, Chicago-based Unitrin Direct, disagreed." Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started, despite the evidence that the ignition lock had been forced and the steering wheel locking lug had been damaged."
In other news (Score:5, Insightful)
Apparent InsCo greed aside... (Score:5, Insightful)
Re:Apparent InsCo greed aside... (Score:4, Insightful)
Maybe the policy got set from up high: We do not pay out claims on immobilizer equipped cars unless they meet [X, Y, Z] criteria.
Don't forget, there is always a disconnect between the Marketing Dept & the Engineers who design a security/safety system.
You really wanna secure your car?
Install a fuel cutoff switch somewhere non-obvious. Yes, it is security through obscurity, but most thieves don't have the time to troubleshoot a car that won't start.
Re:Apparent InsCo greed aside... (Score:4, Insightful)
Read "The Rainmaker" by John Grisham for an account of some of the dirty practices of insurance companies in denying claims.
FTFA summary: "Their forensic examiner concluded that since all the keys were accounted for, there was no way the engine could have been started"
Since when do you need the keys to steal a vehicle? And if all the keys WEREN'T accounted for, the claim would have been denied because "obviously the claimant was negligent and someone else got a key from them."
Re:Apparent InsCo greed aside... (Score:5, Insightful)
Insurance companies are evil, ladies and gentlemen, and will do everything in their power to stop from having to pay out a dime. While I'm now paying $35 copay for prescriptions through Aetna, they also have a new thing called "precertification" whereby the doctor has to call the insurance company and "approve" the use of a drug. Now, if the doctor hadn't wanted me to have the drug, I'm sure I wouldn't be at CVS with my prescription. Nonetheless, yet another roadblock to actual payout of insurance coverage.
You think Pharma = evil? Check out insurance. Especially in the case of Katrina. Home insurance doesn't cover flood insurance. Flood insurance doesn't cover mud damage. Etc.
Makes me sick.
Re:Apparent InsCo greed aside... (Score:3, Informative)
At the risk of nitpicking, in the four states where I've registered car insurance, only liability insurance was required. Comprehensive and collision coverage is not required by law, though it will be required by contract
Re:Apparent InsCo greed aside... (Score:3, Informative)
The other test was around $1200, with the insurance company only being charged $740 or so. I payed nothing but a $20 copay out of pocket, but the very fact that the system works this way is repugnant.
Re:Apparent InsCo greed aside... (Score:5, Informative)
The goal of bumping up your premium is not to compensate the insurance company. By having an accident, you have shown your insurance company that you are now in the class of people that have recently had an accident. Statistically speaking, you are more likely to have another accident than someone who has not recently had an accident. Your premium is adjusted to match their new information, not to compensate them for the amount they paid out.
Once you are no longer in this class, your premium will drop back down. Your premium isn't dropping because you've "paid them back"; it's dropping because you are now in the class of people that haven't had an accident in a long time. Statistically speaking, you're less likely to have an accident than you were before, so your premium is adjusted.
Re:Apparent InsCo greed aside... (Score:3, Informative)
I agree. But given that having accurate statistics and making accurate risk assessments is the very lifeblood of an insurance company, and the primary way that insurance companies are able to compete with one another, I really have to give them the benefit of the doubt.
B
Re:Apparent InsCo greed aside... (Score:4, Interesting)
RTFA a little closer. The car had RFID keys and shouldn't be able to start without the physical key being present, making theft considerably more difficult. While new in the US, such technology has been fairly common in Europe for over a decade.
Read what I wrote a little closer. I said "since when do you need the keys to steal a car?" The answer is simple - you don't.
Two words ... Tow Truck.
Shove that Navigator into a nearby container and even a lojack can't find it (the condainer makes a nice faraday cage, blocking all radio signals).
Q: What do you call someone whoo thinks a key is perfect protection against theft?
A: A pigeon.
Re:In other news (Score:3, Interesting)
Re:In other news (Score:3)
Re:In other news (Score:3, Informative)
Re:In other news (Score:3, Funny)
DNA (Score:4, Interesting)
Re:DNA (Score:2, Interesting)
If your DNA is found inside of a rape-victim's vagina, however, then yes, you probably are guilty.
Re:DNA (Score:5, Insightful)
You're guilty of having sex with her around the time she was raped, yes. Is that enough to convict you of her rape? Not by a long shot.
Re:DNA (Score:4, Insightful)
That also assumes she's still alive.
Not necessarily... (Score:5, Insightful)
Re:Not necessarily... (Score:5, Insightful)
No, they had a clear goal of making women understand that having a guy cornering them in their room and not letting them out until they "give it up" isn't something they should be expected to live with, or that waking up in a frat house with no clothes on and no memory of last night, isn't just something that "just happens".
Women have an impressive double-standard to live with; if they get assaulted or raped, well, obviously they should have known better. But if they assume that a man might try to rape her if they are alone together, or doesn't want to be in a position where she can be overpowered or outnumbered, well, then she's obviously a man-hater/feminist/dyke. Nowhere in either of those equations is the man's behavior held to any standard.
It is nieve to believe that EVERY woman who claims rape really was raped.
The staistics for false claims of rape are in line with false claims for other crimes. (Well, it depends on who you ask and what time period the study in question covers; the numbers seem to swing from 1 percent to 25 percent of claims, with each end of the range having its defenders.) Also, many rapes go unreported, which would make the percentage of false claims vs. actual rapes even smaller still. But of course, any attempt to raise awareness or to encourage women to talk about what happened to them is "blurring the line between 'rape' and 'regret'".
By your reasoning, we should assume that any person who claims they were robbed or assaulted is lying just because some people lie about it, or live in fear that we could be sent to jail by having someone pointing a finger at us and saying "he stole from me" if we don't defend the reputation of accused thieves.
Re:Not necessarily... (Score:3, Interesting)
Re:DNA (Score:3, Funny)
Re:DNA (Score:3, Funny)
Wired had a bit about this last month (Score:5, Insightful)
The man in the headline should clearly be bending his insurer over a barrel and giving them a good legal fucking...
Re:Wired had a bit about this last month (Score:4, Insightful)
Re:Wired had a bit about this last month (Score:2)
Re:Wired had a bit about this last month (Score:4, Insightful)
Tis a foolish man who assumes that dishonesty goes hand in hand with stupidity (and vice versa for that matter) high technology secuirty systems just encourage theives to be much more sophisticated...
Re:Wired had a bit about this last month (Score:5, Informative)
I find that odd, since key blanks are really cheap. That and the RFID industry is claiming the technology is so cheap they can put these tags on merchandise for mere pennies.
Honda can reprogram the immobilizer system even if you have no keys. It does require the dealer's help - just because they have access to the HDS (Honda Diagnostic System) that is required to perform the task:
Each manufacturer does this differently, so there are some manufacturers that have immobilizer systems that cannot be reprogrammed without an ECU change if the master/learning key is lost.
Re:Don't be so hard on the insurance company (Score:4, Insightful)
I thought it was accepted practice to stall, misrepresent, impose legal costs, hide behind obscure terminology in a contract, and employ countless other ways to avoid rendering its primary service.
Insurance companies will seek any excuse... (Score:5, Insightful)
Re:Insurance companies will seek any excuse... (Score:3, Insightful)
There have been cases among my acquaintances and relatives where the insurance companies refused to pay with the most threadbare excuses. My conclusion is to have only the most essential insurance and to be ready to sue the insurance company if necessary.
Re:Insurance companies will seek any excuse... (Score:3, Interesting)
There have been cases among my acquaintances and relatives where the insurance companies refused to pay with the most threadbare excuses.
Then they did better than I did when I had a claim against progressive. The adjuster outright lied to me multiple times (and they weren't even good lies). I finally had enough and got a lawyer involved. The lawyer finally got fed up with the new adjuster lying to her so she filed a lawsuit. The insurance company's attorney was a least honest.
Re:Insurance companies will seek any excuse... (Score:5, Insightful)
Insurance companies aren't in business to pay for people's losses, they're in business not to pay for people's losses, because the less they pay out, the greater profit they make.
Insurance companies are corporate gamblers. They are betting you are a good driver and that your car won't get stolen or damaged. Your insurance premium is reflective of how good of a bet this is.
That said, when they lose the bet, they will try to weasel out of paying it.
Re:Insurance companies will seek any excuse... (Score:3, Insightful)
No they are not. No more than the casinos are gamblers. They operate within a designed system that ALWAYS works out to their advantage. They know how many cars get stolen per year in Palo Alto, and charge you accordingly.
If your car gets stolen, they are still ahead.
Insurance takes the risk of one individual and spreads it across an entire population.
Re:Insurance companies will seek any excuse... (Score:3, Informative)
Re:Insurance companies will seek any excuse... (Score:3, Interesting)
This woman did have uninsured motorist coverage, but her insurance company denied her medical claims because the man deliberately caused the crash, therefore it wasn't technically an "accident", and thus was not covered by the woman's policy. Insurance companies are weasels and will do anything they ca
Denied (Score:5, Interesting)
Re:Denied (Score:4, Funny)
Without a doubt, my favorite line from the movie. Though, to be honest, it's not high on my "what to watch" when I've got three hours to kill. A close second would have been a hearty "Game over, man!" from Bill Paxton, but it just never appeared.
Re:Denied (Score:3, Informative)
http://www.abc.se/~pa/publ/titan-own.htm [www.abc.se]
http://en.wikipedia.org/wiki/Marine_insurance [wikipedia.org]
I call bullshit (Score:5, Funny)
Insurance fraud.... (Score:5, Insightful)
Re:Insurance fraud.... (Score:2)
Re:Insurance fraud.... (Score:2)
Hm, what the hell is this line right here on my insurance policy that says "Theft" then?
Re:Insurance fraud.... (Score:5, Insightful)
Re:Insurance fraud.... (Score:2)
Re:Insurance fraud.... (Score:2)
Re:Insurance fraud.... (Score:5, Informative)
Moral of the story is... (Score:5, Funny)
Re:Moral of the story is... (Score:3, Interesting)
Yes, it's fraud. But when you commit fraud to get a legitimate claim granted, it's allright in my books.
Re:Moral of the story is... (Score:2)
The moral of the story for me is that I don't really need to buy a car. For people who really need a car, the moral is don't waste money on theft insurance, since you probably won't be able to claim in any case.
Excuse My ignorace. (Score:2, Funny)
Exactly what parts of the car are disabled when refid token is not present?
More over how do those parts KNOW it isn't present?
I mean unless the refid reader is somehow coupled to the spark control computer so that it is impossible to interpose between the refid receiver and the spark control computer I don't see what would
Re:Excuse My ignorace. (Score:2)
But as with most issues, we focus on the wrong part. The problem isn't better technology, it's better punishment for the crime. There's still a distinction between stealing a car for a "joy ride" or taking it to a chop shop. Ther
Re:Excuse My ignorace. (Score:3, Informative)
Re:Excuse My ignorace. (Score:3, Informative)
To elaborate, cars nowadays have their engine computer-controlled by an Engine Control Unit (ECU). It often does everything from telling the spark plugs to fire to r
Re:Excuse My ignorace. (Score:3, Informative)
in the device housing to allow the manufacturers to easily install the things on the new vehicle and
to easily install a new one if the thing fails (which they do occasionally do...)- all it takes is
is knowing where the ECU is on the vehicle, develop a procedure for swapping it out that takes 10 or
less minutes to execute.
You break in, break the column cover to get the ignition switch access without the key, yo
RFID madness? (Score:4, Informative)
Anyway, I suggest you to fill out the questionaire [europa.eu].
Other intresting consultation links can be found here and [ffii.org]here [europa.eu]. It is important to get more people involved in these political procedures and legislature who actually know what they are talking about. And I would like to spam politicians with the request for 'better interoperability'. Here the regulator has to take measures. I found it very nice that the EU already considered it. "Interoperability, standardization, governance, and Intellectual Property Rights (1 June)"
So maybe it makes sense to report cases like these to the authorities to avoid madness. I guess they do not read Slashdot.
'oh-my-god-stats-can-kill' dept. SA's theft stats (Score:5, Interesting)
"What Car?" Security Supertest League Table
The 26 Cars they Couldn't get into:
1-3: Lexus IS300, Lexus LS430 and Lexus SC430 (100).
4-7: BMW 318i SE, Nissan Maxima QX 3.0 SE+, Skoda Superb 2.5 TDi Comfort, Toyota Camry CDX V6 (95)
8-15: Audi A4 1.9 TDi SE, BMW 735i, BMW X5 3.0d, Citroën C3 1.4 HDi Exclusive, Jaguar S-type, Mazda Tribute, Nissan Primera 2.0, VW Passat V6 4motion (90).
16-23: Audi A2 1.4 TDi SE, Audi A6 Avant 4.2 quattro, Audi TT 180 Coupé, Ford Fiesta 1.4 Ghia, Seat Ibiza 1.4 Sport, Toyota Previa D-4D GLS, VW Golf GT TDi PD, Volvo S80 2.4T S. (85).
24-26: Nissan Almera 2.2 Di Sport, Nissan Almera Tino 2.0 SE+, Nissan X-Trail 2.0 SE+ (80).
The Cars they Could
27: BMW 520i (75) 1min 12sec
28: Saab 9-5 Aero 2.3 HOT (75) 1min 5sec
29: Renault Vel Satis (75) 58sec
30: Jaguar X-type 2.5 (70) 1min 30sec
31: Renault Clio 1.6 16v Initiale (70) 1min 15sec
32: BMW 325i Compact (70) 1min 4sec
33: Fiat Stilo 1.2 16v Active 5dr (70) 1min
34: Mazda Premacy (70) 32sec
35: Honda Jazz 1.4 SE Sport (70) 29sec
36: Renault Avantime (70) 25sec
37: Mazda MX-5 (70) 20sec
38: VW Polo TDi PD Sport (65) 1min 50sec
39: Volvo V70 T5 (65) 1min 36sec
40: Honda Civic Type-R (65) 1min 34sec
41: Mercedes C220 CDi Sports Coupé (65) 1min 20sec
42: Ford Mondeo TDCi (65) 1min 11sec
43: Volvo S60 T5 SE (65) 1min 7sec
44: Toyota Yaris T Sport (65) 57sec
45: MG ZT 190 (65) 50sec
46: Ford Focus ST170 (65) 45sec
47: Honda CR-V SE Sport (65) 43sec
48: Range Rover 4.4 V8 HSE (65) 38sec
49: Peugeot 307 SW 2.0 HDi SE (65) 33sec
50: MG TF 135 (65) 30sec
51: Mercedes SL500 (65) 29sec
52: Peugeot 206 HDi D Turbo (65) 20sec
53: Mini One (60) 50sec
54: Ford Maverick V6 XLT 3.0 (60) 32sec
55: Suzuki Liana 1.6 GLX (60) 28sec
56: Vauxhall VX220 (60) 18sec
57: Jeep Cherokee 3.7 Ltd (60) 9sec
58: Toyota Corolla T Sport (60) 8sec
59: Suzuki Wagon R+ 1.3 GL (50) 48sec
60: Daihatsu YRV F-speed (50) 12sec
List incomplete (Score:5, Funny)
Re:List incomplete (Score:3, Funny)
21st century magic (Score:3, Insightful)
Re:21st century magic (Score:2)
You know how little the average person understands about technology? Well, 49% of people understand even less than that...
Plus the manufacturers regularly seem to claim that every new technology is precisely such an infallible solution, even though it always turns out not to be.
Meh - not a big deal. (Score:2)
When there's a disagreement on settlement, you go to court. It happens all the time. One dumb adjuster/investigator can make your time as a claimant difficulty - but by moving to court you can ensure a due process.
Reminds me of the Simpsons (Score:3, Funny)
Insurers have I got news for you.. (Score:5, Informative)
New cars all come with a little plastic keyring with a tab attached to it. You scratch the surface of this tab to reveal a "Master Key".
This key is akin to the RFID code needed to start the car, the dealer is supposed to give it up to the customer so that he can order a new set of keys, reprogram the other ones etc..
This dealer has some people scratch all of these tags before they are given to the client, because as we well know, joe client will lose this in a blink.
Without this key you need to contact the factory, wait two weeks, pay a fee and than program some new keys.
On this particular brand, you can program/pair up to 5 keys per car if I remember correctly; only 5 keys can have the same code, I you lose one, you can only have four more etc.. After you've lost these you will need to reprogram all keys once again.
My point is that at any level in this process you could have an insider job from the dealer, the manufacturer, or even some thief which goes through the dealer's bin picking these tabs if they aren't securely destroyed.
Forensic evidence for this kind of theft is nearly impossible to tell, the cars ECU don't usually keep a whole lot of historical data.
Nevermind that, if you get ahold of a dealer's servicing computer and a new ECU worth only a few thousand dollars you can actually reprogram the keys without need for the master key (plus you get to keep the ecu and put the old one back in when you abandon the car).
The difficulty with this method however is not damaging the stering column or the physical lock.
Re:Insurers have I got news for you.. (Score:3, Interesting)
RFIDs can be cloned.. (Score:3, Interesting)
Re:RFIDs can be cloned.. (Score:4, Insightful)
vehciles don't have access to resources to glom onto a hacked or tuner's ECU somewhere
that doesn't DO the RFID check. If it doesn't have an alarm system, it's very believeable
that someone could have busted into the vehicle, swapped out ECUs, busted the column
lock and cover and drove off in about 10 minutes or so- less if they've got more than
one thief working in parallel.
Remote Start (Score:5, Interesting)
If the owner had done this and perhaps the perps had witnessed the victim using the remote-start vehicle, then they had a good target.
Yes, I read the article and read about the back doors, but there's another situation where owners are willfully overriding security systems in order to get the functionality that they want and the manufacturer doesn't give them. Sound familiar?
catch-22 (Score:3, Insightful)
And if not all the keys had been accounted for, the insurance company would have refused to pay because the guy was careless with his keys.
I hope the victim will be able to recover both his loss and penalties from the insurance company.
You're supposed to help *our* people (Score:3, Funny)
Bob: Did I do something illegal?
Gilbert Huph: [begrudgingly] No.
Bob: Are you saying we shouldn't help our customers?
Gilbert Huph: [pacing back and forth] The law requires that I answer, No.
Bob: I thought we were supposed to help people.
Gilbert Huph: You're supposed to help *our* people! Starting with our stockholders! Who's helping them out, Huh?
Bypass kit (Score:5, Interesting)
No sense (Score:2)
If anyone sees anything, its a non-descript tow truck with a generic company name and a guy wearing a baseball cap, hooded sweater and sunglasses so you can't tell anything about him except s
Newsflash (Score:2)
Half baked insurance companies deny auto claims by default - news at 11p
Ummm.. (Score:4, Insightful)
US carmakers and auto-mobile insurers are unshakably certain that vehicles protected by "transponder immobil-izers" can't be driven without the proper keys - or, at least, that circumventing those transponder systems takes more sweat and money than most auto thieves are willing to expend.
I think these companies are seriously fooling themselves. It's not like every crook has to go through the trouble of cracing the system - only one does - they can then sell their crack to everyone else.
Who wants to bet that right now, as we speak, car thieves know more about these systems than the insurance company forensic investigators do?
I don't even know anything about them and I know how this could be done. These systems work like any other public key encryption, they rely on the fact that there is a **private key** in the car that no one knows about. One leak in the system, either in the plant, or in the chip in the car, or in a disgruntled employee at a dealership, and the system falls apart. Boom, it is now trivial to make fake RFID "keys" that respond with the right handshake to private keys sent from the car.
Take your loss-adjusters car (Score:3, Interesting)
Re:Who really telling the truth (Score:5, Insightful)
Re:Who really telling the truth (Score:2)
Re:Who really telling the truth (Score:5, Informative)
Both of these methods are not only possible, but are common and becoming more common every day, especially on high dollar cars which are a big time target for theft, cadillac escalades and lincoln navigators are high on the list in my neck of the woods...
I question your methodology for assesing this man's involvment as well, you remarks smack of ad-hominem attack fueled by your distaste for his choice of driving a "gas guzzling SUV", however you seem to be suffering from the same shortsightedness that many of the savagely anti-SUV crowd does, you neglect to account for the possible neccesity of such a vehicle, perhaps this many has a large family and a boat which he frequently tows? Oh, but then you'd have to get off your high horse ;)
Re:Who really telling the truth (Score:2)
Damn you are touchy.
To us normal people, the implication of "gas-guzzling" was pretty clear -- that operation of the vehicle has become very expensive recently, you know, because gasoline prices have gone through the roo
Re:Who really telling the truth (Score:3, Insightful)
Large families and boats are both lifestyle choices as well. Choices which it's perfectly valid to criticize.
Re:Who really telling the truth (Score:2)
Re:Who really telling the truth (Score:2)
Large families and boats are both lifestyle choices as well. Choices which it's perfectly valid to criticize.
Not to mention that an SUV is not the best vehicle choice for a large family. A van is.
Re:Who really telling the truth (Score:4, Funny)
~jeff
Re:Who really telling the truth (Score:3, Funny)
Re:Who really telling the truth (Score:2)
Re:Who really telling the truth (Score:3, Funny)
1. Less likely to run out of gas while sitting at the gas pump.
2. Less likely to cause you to exceed credit limit while refueling.
3. Less likely to roll over while on highway exit ramp.
4. Less likely to be targeted by thieves.
5. Less likely to use so much disposable inco
inside dealer job (Score:2)
Re:Who really telling the truth (Score:3, Funny)
Towing your family? That, good sir, is utterly barbaric! Won't someone please think of the children?!? With an SUV that big, there should never arise an occassion where it becomes necesary to tow your family behind you! I am outraged!
Re:Who really telling the truth (Score:4, Interesting)
Re:Who really telling the truth (Score:2)
I had my suspicions about all of that, but the article pretty much spelled it out. So, by your claim, I can gather that either you completely disagree with the information presented there or you didn't
Re:Who really telling the truth (Score:2)
Okayyyyy...
Especially since 1/4 of Americans approve of fraud (Score:3, Interesting)
http://www.accenture.com/xd/xd.asp?it=enweb&xd=_d
So yeah, not a bad assumption to make.
Re:Who really telling the truth (Score:2)
Applying occams razor, I'd say that the Navigator was stolen by towtruck, rather than thieves jerking off the emergency brake in the secret pattern to get it to start.
Re:sue the insurance company (Score:2)
Re:Here's an idea (Score:2, Interesting)
Can you explain to me why we need a sliding scale? The gas-guzzler drivers are already buying more fuel and thus paying more tax. Do you like having the government tell you what and how to drive? Do you want to penalize contractors, limousine companies, and boat owners for buying a vehicle that meets their needs?
Re:Here's an idea (Score:2)
I like the idea, but I think it'd be fairly simple to spoof the tag.
Re:Here's an idea (Score:2)
Re:Here's an idea (Score:4, Informative)
eg. if you have a 1000 kg car compared to a 2000 kg car, then the 2000 kg car is causing 32 times as much wear on the road surface, so the road will need repairs much sooner. a 4000 kg car would be causing 256 times the wear.
Re:Big space (Score:2)
Re:7" RF Fallacy (Score:3, Funny)
Mine does 13 inches...