Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Future of Hi-Tech Auto Theft

samzenpus posted more than 2 years ago | from the stealing-the-car-of-the-future dept.

Crime 272

NicknamesAreStupid writes "Over the past twenty years, car theft has declined as new models incorporated electronic security methods that thwarted simple hot-wiring. The tide may now be turning, as cars become the next Windows PC. The Center for Automobile Embedded Systems Security has posted an interesting paper from UCSD and UW that describes how modern cars can be cracked (PDF). Unlike the old days of window jimmies, these exploits range from attacks through the CD or iPod port to cellular attacks that take inventory of thousands of cars and offer roaming thieves Yelp-like choices ('our favorite is mint green with leather') with unlocked doors and running engines."

cancel ×

272 comments

Sorry! There are no comments related to the filter you selected.

Yes, (5, Funny)

Moheeheeko (1682914) | more than 2 years ago | (#38677116)

Yes I would download a car.

MagnaVolt (3, Funny)

sycodon (149926) | more than 2 years ago | (#38677368)

I'll stick with my trusty MagnaVolt System. [youtube.com]

Re:Yes, (1)

Anonymous Coward | more than 2 years ago | (#38677638)

I would only download the cracked DRM-free version.

Re:Yes, (2)

Hoi Polloi (522990) | more than 2 years ago | (#38677940)

Wait until 3D printer copies of your car start appearing. "Hey, he has the same bumper sticker and fast food wrappers in the front seat..."

Re:Yes, (3, Insightful)

forkfail (228161) | more than 2 years ago | (#38678080)

What happens if the app store decides to disable [electronista.com] your car, though?

what will they do with stolen cars? (4, Informative)

alen (225700) | more than 2 years ago | (#38677134)

one of the reasons auto theft declined is police busted and closed chop shops that took and resold the parts. and you can now buy cheap off brand parts for any car as well. not like anyone stole cars back in the day for personal use

Re:what will they do with stolen cars? (2, Informative)

Anonymous Coward | more than 2 years ago | (#38677190)

Joyriding must be a foreign concept to you then...

Re:what will they do with stolen cars? (5, Informative)

Anonymous Coward | more than 2 years ago | (#38678062)

Joyriding isn't stealing. At least not in the UK. Theft (aka stealing) requires an intention to permanently deprive, which joyriding lacks. Joyriding is why the offence of taking without consent (aka TWOCing) was introduced.

Re:what will they do with stolen cars? (4, Interesting)

hedwards (940851) | more than 2 years ago | (#38677292)

That's one, but around here it's increasingly common for cars to be stolen and then returned hours later after having completed a drug run in the stolen vehicle.

Beyond that bait cars and lojacks as well as other countermeasures make it a lot more likely that car thieves will be caught before they can profit from their crime.

Re:what will they do with stolen cars? (5, Informative)

AlienSexist (686923) | more than 2 years ago | (#38677302)

My understanding is that there is a very hot market for stolen whole cars in Asia, Mexico, and Central & South America. Driven across the border to Mexico for further distribution, sometimes by ship. Pickup trucks in particular are being taken for this purpose. You're right though. Most often cars are not stolen, only broken into for their contents or disassembled for valuable parts. Catalytic converter thefts have been very high because they contain various mixtures of platinum, palladium, rhodium and prices for those precious metals were very high. Just like there's been a huge rash in national copper thefts.

Re:what will they do with stolen cars? (1)

cayenne8 (626475) | more than 2 years ago | (#38677558)

. Catalytic converter thefts have been very high because they contain various mixtures of platinum, palladium, rhodium and prices for those precious metals were very high.

Hmm...now, I'd not have a problem with them taking my catalytic converter off the car (leave me the car)...with less air restriction, I'd likely have more performance!!

And, not like I live where they do sniff tests on inspections....I've never lived where they do that..sounds like a PITA.

Re:what will they do with stolen cars? (1)

tomboalogo (2509404) | more than 2 years ago | (#38677682)

Up here (Canada) there was a rash of catalytic thefts in a train station parking lot. They'd cut them out while owners were at work. Not what you need at the end of a hard day!

Re:what will they do with stolen cars? (2)

CyberTech (141565) | more than 2 years ago | (#38677880)

. Catalytic converter thefts have been very high because they contain various mixtures of platinum, palladium, rhodium and prices for those precious metals were very high.

Hmm...now, I'd not have a problem with them taking my catalytic converter off the car (leave me the car)...with less air restriction, I'd likely have more performance!!

And, not like I live where they do sniff tests on inspections....I've never lived where they do that..sounds like a PITA.

If your car is like mine was, they wouldn't need to do sniff tests. They'd hear you coming. My catalytic converter was cut out of my 4Runner while in the parking lot at work. I left work at around 4pm, started it up, and nearly shit a brick. It was the loudest vehicle I'd ever heard, I thought it was broken, lol!

Brought a friend out to listen while i started it, he's peering around, and says... "wtf, where's your cc?" Just a pile of metal shavings :)

Re:what will they do with stolen cars? (3, Interesting)

clm1970 (1728766) | more than 2 years ago | (#38678010)

Yep. I had an older but still running Toyota pickup. I sold it to a couple of guys who were taking it to Guatemala. Make them come to the bank first so they could certify the bills were not fake as they insisted on paying in cash. DA's office said no known scam going around like that but it was a little freaky to say the least.

Re:what will they do with stolen cars? (5, Interesting)

Anonymous Coward | more than 2 years ago | (#38677468)

Here in Texas, car theft is up because there is one type of vehicle highly sought after: Larger pickups, SUVs, and 4x4s in general. These are promptly taken to the border to smash through the excuse of a fence and to ferry weapons to Mexico, and narcotics/illegals back to the US. A good diesel 4x4 is prized down there because it can easily outrun police vehicles over the terrain. They also are taken to Mexico to be up-armored.

The trick I do with keeping the vehicle from being "borrowed" is the classic kill switch. However, I use two. One is for the fuel pump, the other one turns on and off the RFID antenna. This way, someone trying to clone a PATS key might get my key's serial number, but when they try to jam a clone in the vehicle, it will just give them the middle finger.

Re:what will they do with stolen cars? (0)

Anonymous Coward | more than 2 years ago | (#38677938)

that's the dumbest thing to brag about on a public forum. They use internets too, y'know.

Re:what will they do with stolen cars? (0)

Anonymous Coward | more than 2 years ago | (#38677776)

Actually, you'd be surprised at the # of cars stolen just because the person needed to get from point a to point b. Happens all the time.

Re:what will they do with stolen cars? (0)

Anonymous Coward | more than 2 years ago | (#38677824)

one of the reasons auto theft declined is police busted and closed chop shops that took and resold the parts. and you can now buy cheap off brand parts for any car as well. not like anyone stole cars back in the day for personal use

A lot of auto theft is high end cars that are immediately put into a shipping container & sent overseas. Many other countries care far less about auto theft.

Windows PC? (1)

Anonymous Coward | more than 2 years ago | (#38677140)

What a stupid fucking statement about Windows PC. What is that even supposed to mean? How is a modern car comparable to a computer running Windows? What version of Windows are we talking about here?

Re:Windows PC? (0)

Anonymous Coward | more than 2 years ago | (#38677188)

Ford's SYNC was built originally by Microsoft so I would guess it's running WinCE underneath. I sure hope it's not a stripped down Win7 or such.

Re:Windows PC? (2)

alen (225700) | more than 2 years ago | (#38677204)

wonder if it has active directory connectivity? that would be so cool to add my car to the company's AD forest

Re:Windows PC? (2)

Capt.DrumkenBum (1173011) | more than 2 years ago | (#38677348)

Do that and when you leave the company, suddenly you can't start your car. :)

Re:Windows PC? (1)

DarkOx (621550) | more than 2 years ago | (#38677914)

Sounds nice that way HR can tell you IT department they have to enforce the GPO that does not let anyone go over 65MPH.

Can't wait.

Re:Windows PC? (4, Insightful)

kiwimate (458274) | more than 2 years ago | (#38677258)

It's a stupid flamebait analogy. The summary goes like this

* Windows PCs are as secure as a piece of tissue paper (LOL, for teh win!)
* Cars with their increasingly computerized systems are now becoming vulnerable to hacking.
* Windows PCs are vulnerable to hacking.

Re:Windows PC? (3, Insightful)

SQLGuru (980662) | more than 2 years ago | (#38677294)

The concept is that electronicly secured cars become wide-spread and common. It was why Windows PCs were attacked with viruses first. Now that Mac is more common, you see more attacks against them. It's why you see malicious Android apps. Soon, you'll start seeing malicious car apps......

It's all about wide spread opportunity. You need a lower percentage of successful attacks as the number of targets increases.

Re:Windows PC? (3, Funny)

Anonymous Coward | more than 2 years ago | (#38677402)

We had car analogies for computers, now we have computer analogies for cars.

Re:Windows PC? (1)

garyebickford (222422) | more than 2 years ago | (#38677868)

IIRC Ford at least has a cooperative agreement with Microsoft and has shown cars with (among other things) automatic updating of your music into your car, so yes it might well be running some form of Windows. The increasingly prevalent and probably I-fear-soon-to-be-required OnStar or equivalent is basically a cellular modem connection, which can do almost everything to the car but steer.

And the average car has had more computing power than most desktop PCs for ten years or so. I read somewhere several years ago that the 2000 Cadillac had five Pentium-class CPUs. When you step on the gas, all you are doing is telling the car you want to go faster. When you start your car, you may notice that all the dashboard dials (speedo, etc.) will all go through a calibration cycle where the pointy arrow swings all the way from off to max. That's the CPU that drives the controls getting itself situated.

All in all, the car folks have done a pretty good job of making everything virtual, while maintaining the same user interface as a fiction so few people notice any difference.

Dude (0)

cod3r_ (2031620) | more than 2 years ago | (#38677148)

Sweet

why is the CD player on the same network? (5, Insightful)

Trepidity (597) | more than 2 years ago | (#38677158)

It's not clear to me why the CD player should even be on the same network as the engine-related microcontrollers.

Re:why is the CD player on the same network? (1)

Anonymous Coward | more than 2 years ago | (#38677194)

Because car designers are not network engineers.

Re:why is the CD player on the same network? (5, Informative)

Anonymous Coward | more than 2 years ago | (#38677262)

Sometimes the electronics to control certain parts of the car are in the stereo to keep you from upgrading the stereo. Ford, for example, uses strange oval shapes to keep you from replacing their crappy stereo. Chevrolet in the case of my old Monte Carlo put the door chime and some of the interior light controls in the stereo. The work-around Best Buy did in my car was to move the original stereo to the glove compartment and leave it connected to everything but the speakers. In my wife's Lexus, the car wouldn't even start without the radio. I gave-up on upgrade the stereo in it. Car makers these days go to great lengths to make sure you do not get good sound in your car and buy any upgrades from them.

Re:why is the CD player on the same network? (5, Informative)

Anonymous Coward | more than 2 years ago | (#38677616)

You have a great point about Chevrolet. I install stereos for a living, and Corvettes have some very creative protections against replacing the stereos. GM really wants you to have to suffer with the absolutely horrible Bose stock stereo. GM uses non-standard line out voltages in the Corvette so you can't connect the head unit to a real amplifier. Also, they place the amplifiers in the door which doesn't leave you with enough room to put even a tiny Alpine amp in the door even if you ignore the air flow problems. A real amp will fit under the seat but only if you have one of the few Vettes without power seats. In addition they use proprietary thin woofers in the doors which, of course due to physics, sound horrible. The speakers are a weird and complicated size so you have to fabricate mounting brackets. Also the speakers are a nonstandard impedance so you can't drive them with a standard car amp. Even with all of that work, GM decides to take the door and key chimes away from you if you replace the headunit.

What all of that means is if you want to upgrade or repair any single component, you must replace the entire system.

Re:why is the CD player on the same network? (2, Insightful)

h4rr4r (612664) | more than 2 years ago | (#38677714)

It's a vette, why does it even have a stereo?

Re:why is the CD player on the same network? (4, Funny)

garyebickford (222422) | more than 2 years ago | (#38677890)

To entertain the arm candy.

Re:why is the CD player on the same network? (2, Funny)

Anonymous Coward | more than 2 years ago | (#38678176)

To give you something to listen to when you're waiting for the tow truck.

Re:why is the CD player on the same network? (5, Interesting)

Lumpy (12016) | more than 2 years ago | (#38677774)

Really? I seem to find it different.

Just helped a friend with his 2010 Vette 2 months ago, dingy thingy replacements are available at scosche for less than $25.00 so all your chimes are retained. Steering wheel controls are also easily adapted with a $79.00 box.

speaker upgrades are worthless as the Vette with premium sound that has the amps on the backs of the speakers sound better than any of the aftermarket stuff, speaker placement in the vette is crap anyways, $300 each drivers will not sound any better in that car, but it's easy to do with adapter plates from..... Scosche, that place again.

as for a "real amp" almost nobody puts in a 10,000 watt Rockford Phosgate anymore. replace the head unit with the new kenwood stanav one, hooked into the existing wiring for the speakers and simply removed the speakers and disconnected the "premium sound" amps.

All done. Anyone that has done car stereos in the past 2 years knows this, you dont have to " replace the entire system" not by a long shot.

Re:why is the CD player on the same network? (5, Informative)

BitZtream (692029) | more than 2 years ago | (#38677878)

Wow, you are one of the worst 'stereo installers' I have ever fucking met.

You do realize there is an interface kit for every GM vehicle on the planet that will make it 'normal' or 'industry standard', right? Give you standard line outs, standard speaker outs, will still make sure that you get all your interface sounds piped through your speakers like door chimes and warning bells, blinker clicks, ect ...

Whats great is you're talking about them using weird speakers shapes in places where ... NORMAL SHAPES WON'T FIT.

What all of this means is that you don't actually know what you're talking about.

GM only has 2 or 3 interface busses for the dash electronics in their cars and there are interfaces for all of them. Get a clue about your job.

Re:why is the CD player on the same network? (4, Informative)

BitZtream (692029) | more than 2 years ago | (#38677850)

They aren't 'put in the stereo to intentionally make it harder' as you imply, but when you disconnect the stereo's internal bus, you do fuck up a portion of the cars' network.

GM really doesn't give a fuck if you put in a different stereo after you bought the car ... YOU ALREADY PAID FOR THE STEREO IN THE CAR.

Replacing the stereo is also rather trivial, you just need an interface kit that will interface your stereo with the cars data bus. These interface kits are well known (Best buy sells the damn things) and fit pretty much any car on the planet and make it work with any kind of stereo from old school analog systems to fully modernized systems with blutooth phone audio relays and text output to the display.

Its not the car makers that don't know what they are doing in your case, its you and best buy.

Re:why is the CD player on the same network? (0)

Anonymous Coward | more than 2 years ago | (#38677278)

Microsoft Sync......

Re:why is the CD player on the same network? (1)

Anonymous Coward | more than 2 years ago | (#38677334)

FTFA:

Modern automobiles are controlled by a heterogeneous
combination of digital components. These components,
Electronic Control Units (ECUs), oversee a broad range
of functionality, including the drivetrain, brakes, lighting,
and entertainment. Indeed, very few operations are not
mediated by computer control in a modern vehicle (with
the parking brake and steering being the last holdouts,
though semi-automatic parallel parking capabilities are
available in some vehicles and full steer-by-wire has been
demonstrated in several concept cars). Charette estimates
that a modern luxury vehicle includes up to 70 distinct
ECUs including tens of millions of lines of code [5]. In
turn, ECUs are interconnected by common wired net-
works, usually a variant of the Controller Area Network
(CAN) [12] or FlexRay bus [8]. This interconnection
permits complex safety and convenience features such as
pre-tensioning of seat-belts when a crash is predicted and
automatically varying radio volume as a function of speed.

Re:why is the CD player on the same network? (0)

PPH (736903) | more than 2 years ago | (#38677344)

Because that's how they upload firmware to your ECU.

When you purchased the $5000 'high performance package', they just flipped a configuration bit in a controller to use a different set of curves. Everyone has the same engine. They just change the badge on the back of the car.

Re:why is the CD player on the same network? (3, Informative)

427_ci_505 (1009677) | more than 2 years ago | (#38677412)

Depends on the car. The Corvette, for example, has three variants on the engine, each variant costing a different amount of money.

Re:why is the CD player on the same network? (1)

BitZtream (692029) | more than 2 years ago | (#38677950)

Uhm, this isn't Windows, thats not how it works.

The 'high performance' package from an ECU perspective is almost certainly nothing more than torque curve modifications to 'not hold the engine back' at certain RPM ranges that would make it hard for a dipshit off the street to drive. My car is one of those cars.

The other $4550 worth of the cost however typically goes to suspension or actual engine upgrades.

Unlike software were including extra, but disabled functionality has essentially no cost, in cars the more powerful engine has several costs. It costs more to manufacture itself, it requires different drive line components for supporting it and all sorts of things. In short, they don't do what you're referring too because its not cost effective to sell the bigger more powerful engine at a reduced price with an ecu tweak to ton it down. Its still far cheaper to put in a smaller engine.

Being that they work on 10 week cycles when producing cars, its not like they have to keep all sizes of engine in stock. This 10 week cycle we make big engine cars, next cycle medium, and the one after that is cleanup cycle or whatever.

If you think everyone has same engine you've never looked under the hood. All the corvette performance changes involve different engines with physically different configurations.

Re:why is the CD player on the same network? (0)

peragrin (659227) | more than 2 years ago | (#38677466)

I personally love having to stop my car turn it off, and then restart it just to fix my radio.

I really wish msft woulld get away from intergrated hardware/software they suck at it.

Re:why is the CD player on the same network? (0)

Anonymous Coward | more than 2 years ago | (#38677492)

adjust volume to compensate for engine noise

Re:why is the CD player on the same network? (1)

tompaulco (629533) | more than 2 years ago | (#38677888)

adjust volume to compensate for engine noise
But this introduces an unnecessary step and an assumption. The system guesses how loud the road noise is by using the current engine RPM. Then the radio system gets loader based on that guess.
Instead, they could completely isolate the stereo from the rest of the vehicles systems, and use a microphone to MEASURE the ambient noise and raise the volume by the precise amount necessary. I had a car stereo that did this in 1989. There is no reason in this day and age to make a guess at engine noise from the car's data rather than directly measuring it.

Re:why is the CD player on the same network? (-1)

nurb432 (527695) | more than 2 years ago | (#38677542)

Or why is there a network in the car in the first place. Or processors..

Re:why is the CD player on the same network? (3)

Ouchie (1386333) | more than 2 years ago | (#38677586)

The reason why the Car Stereo is on the same network is because too many people were buying cars with no stereo or the basic stereo then going to after market shops where they could get a much better stereo for the same amount of money. Manufacturers decided that to reduce this they would just make the car stereo a required part for the whole system to work. It gives you a good reason to pay $1200 for the stereo upgrade which we know isn't worth $600.

Re:why is the CD player on the same network? (3, Informative)

Lumpy (12016) | more than 2 years ago | (#38677700)

nope.

It's on the bus to listen for vehicle speed so the active volume can go up and down. Advanced one spit out channel and RDS data for the HUD. there is zero possibility to send out a "lock up the breaks" command from the car stereo into the CANBUS unless you rewrite the stereo's firmware first. and that is not gonna happen, There are a LOT of guys looking to hack GM and Ford satnav systems to get past the damn CANBUS VIN lock. They have had ZERO success in the past 5 years.

Re:why is the CD player on the same network? (2)

PseudonymousBraveguy (1857734) | more than 2 years ago | (#38677702)

Well, it is usually on a different (layer 2) network, but usually there is a gateway routing messages between the two. Why? Because the CD player is embedded in the entertainment system, and that system displays information from the engine (e.g. current mileage), or you may be able to configure your engine via the entertainment system (like switching your engine and gearbox to "sport" mode). However, the gateway does not blindy route any message to any network, there is usually a fixed configuration which message should be routed to which network.

Nevertheless, most development in the field is centered around safety, and not focused at security, so I'm not that surprised that vehicular networks are hackable.

Re:why is the CD player on the same network? (1)

DarkOx (621550) | more than 2 years ago | (#38677726)

Because that is how they implement the "Music gets louder, when the engine is turning more revs and making noise" feature.

Consumers want wizbang features like stereo's that auto adjust volume, they don't care about security. They might not even really care about safety. Oh they'll demand safety "features" like 60 different airbags, but the idea that a software bug or interconnect problem introduced as a result of the needless complexity in some vehicles could cause their breaks to malfunction just is not real to them. Well its not real to them until they or someone they know slams into something.

Re:why is the CD player on the same network? (2)

Fahrvergnuugen (700293) | more than 2 years ago | (#38677780)

Because the CD player connects to the steering wheel controls which connects to the ECU to set cruise control for your drive by wire throttle plate.

Re:why is the CD player on the same network? (1)

BitZtream (692029) | more than 2 years ago | (#38677794)

So that the emergency bell/check engine ding on your engine plays through your speakers when you're blasting the radio too loud to hear it otherwise.

Thats just an example that came to me off the top of my head as I've seen it happen. I'm sure there are plenty more.

Figured this would have happen sooner (1)

AlienSexist (686923) | more than 2 years ago | (#38677180)

With the capability for devices to do remote start, or ONSTAR to do things like remotely unlock your doors, as well as wireless keyfobs. I figured we'd already have people with devices that can fake these signals to gain access to and start automobiles. Much like how there exist DIY RFID readers where you can just walk through a crowd and read all their passport RFIDs and so on.. CD, iPod, Bluetooth, and Cellular attacks. That's clever too.

Re:Figured this would have happen sooner (2)

Lashat (1041424) | more than 2 years ago | (#38677588)

The reason this has not happened sooner is that remote start and auto-unlock are not the only features of OnStar. Key-fob/rfid cloning exists and is not prohibitively difficult. Remote engine kill makes initial get-away more difficult outside of a very small window of time. While vehicle tracking can find the vehicle after it has disappeared from the owners line of sight. Plus, exposes the chop shop location to the authorities.

Until it is possible to cheaply, easily, and quickly block/disable both GPS and cell signals to/from the vehicle after the theif comprimises the it, this high barrier to auto-theft will remain.

Criminals are VERY quick to change their m.o. in the face of tougher security. With many police forces adopting "no reponse with out confirmation" to burlgar alarms. It is much easier to burgle commercial and residential property.

Along the same vein: Watch an episode of "bait car". (one is all you really need) Where the police leave a car in a opportunistic way for a would-be theif to capitalize on the seemingly abandoned car.

Re:Figured this would have happen sooner (1)

CanHasDIY (1672858) | more than 2 years ago | (#38677800)

The reason this has not happened sooner is that remote start and auto-unlock are not the only features of OnStar. Key-fob/rfid cloning exists and is not prohibitively difficult. Remote engine kill makes initial get-away more difficult outside of a very small window of time. While vehicle tracking can find the vehicle after it has disappeared from the owners line of sight. Plus, exposes the chop shop location to the authorities.

Disagree; On-Star's remote capabilities are easily circumvented in most vehicles by removing the relay that powers the CMDA modem. Also taking into consideration that On-Star is a GM-specific product, and GM is not the sole auto maker in the world, the concept that their tracking capabilities are the main reason car theft is in decline is dubious at best.

Personally, I would more likely attribute the decline to a deepening cost vs benefit ratio; a lot of folks have no compunction about breaking a $300-400 computer/smartphone/whatever in the process of reverse engineering it, since worst come to worst, they can most likely replace the device in a paycheck or two; however, most hackers I know are a bit wary of taking on a automobile that A) costs as much or more than most people's annual salary, and B) also happens to be their only means of transportation.

Re:Figured this would have happen sooner (2)

Cramer (69040) | more than 2 years ago | (#38678072)

OnStar is a GM brand. I'm told the Toyota/Lexus Enform/Safety-Connect system is run by OnStar. (on verizon's network.)

If you're going to boost a car thusly equiped, you'd be wise to remove or disable the thing FIRST. When manufacturers get wise and link the module into the anti-theft logic -- meaning the car won't work without it -- simply disable the radio/antenna. Not being able to start your car because it cannot see T-Mobile's network (for example) would never be accepted by customers.

yo. (4, Funny)

grub (11606) | more than 2 years ago | (#38677184)


So the other day I was on the bus and I saw this hot woman driving a car. I pulled out the iPhone, SSH'd into home and ran nmap on her license plate.

LOL, stupid woman didn't notice her gas cap was left off from the last fill but nmap caught it. Used nc to push 'fire.jpg' into her tank and she blew up.

True story, fucker.

Re:yo. (0)

Anonymous Coward | more than 2 years ago | (#38677384)

You should have gone with a Dr. Bob story, those things are a hoot and a half.

Re:yo. (1)

The Grim Reefer (1162755) | more than 2 years ago | (#38677870)

So the other day I was on the bus and I saw this hot woman driving a car. I pulled out the iPhone, SSH'd into home and ran nmap on her license plate. LOL, stupid woman didn't notice her gas cap was left off from the last fill but nmap caught it. Used nc to push 'fire.jpg' into her tank and she blew up. True story, fucker.

So are you saying she was "hot" prior to blowing up, or are you being literal and meant afterward? Just wondering.

Car security has been plummeting for ages (3, Informative)

Riceballsan (816702) | more than 2 years ago | (#38677230)

In many many ways we've been opening more security holes in our cars as time progressed, the wireless unlockers. Even if we pretend that wireless isn't heaven to sniff and spoof. People leave their keys out in all sorts of public places, not everyone locks them up at the gym, most people leave them unattended at a waterpark or beach etc... before wireless that was reasonable, no-one is going to steal my keys because there are 500 cars in the parking lot, nobody can try each one. now with wireless, if you steal someones keys, you can just walk around the lot and push a button to make it beep and find out where the car is.

Re:Car security has been plummeting for ages (1)

drinkypoo (153816) | more than 2 years ago | (#38677296)

Yeah, this is what I came here to comment on... you can go to dealextreme and buy a couple of unlocking tools, and anyone can get it. Probably not too much harder to find more contemporary tools.

Re:Car security has been plummeting for ages (0)

Anonymous Coward | more than 2 years ago | (#38677618)

It works for Microsoft.

Microsoft has this business model, they make a buggy OS, and instead of fixing the problems, they sell you security solutions and "bettter" or newer OS's to counter the problem.

Why shouldn't the car manufacturers do the same?

I mean, look at the cars today, most of them last 5 years, 10 if you're really good to them, but after that, you won't find spare parts, and the maintenance costs will go up sky high.

Anyway, as long as they don't use this imbecilic idea on self-driving cars, I really don't care.

Wrong demographic (2)

prichardson (603676) | more than 2 years ago | (#38677242)

I seriously doubt this will have much effect on car thievery. A jimmy and hotwiring are things pretty much anyone can do. On the other hand, hacking a car's PC is not a skill generally held by people who have an actual desire to steal cars. I expect a few very expensive cars will be stolen via high-tech means, but I wouldn't expect this to cause a noticeable change on cat theft rates for non luxury cars.

Re:Wrong demographic (5, Insightful)

DMUTPeregrine (612791) | more than 2 years ago | (#38677350)

I think you're (somewhat) wrong. Initially it won't mean much, but just like pre-packaged malware suites for credit card fraud (ZeuS being the biggest example) point-and-drool interfaces for car theft will be made eventually.

Re:Wrong demographic (1)

427_ci_505 (1009677) | more than 2 years ago | (#38677452)

Even non luxury cars come with things like bluetooth nowadays. The attack vectors are present.

Re:Wrong demographic (2)

Lumpy (12016) | more than 2 years ago | (#38677652)

no it's not.

there is ZERO connection from the BT to the car's operational CANBUS.

Re:Wrong demographic (0)

Anonymous Coward | more than 2 years ago | (#38678002)

No, YOU'RE wrong. Every ECU in the vehicle is somehow connected to all other ECU's, either via the CAN or LIN busses, or via an RF link (think TPM sensors). Even in vehicles that have separate CAN busses for the interior and the powertrain, the body control module (or equivalent) will gateway messages from one bus to another, so you can operate the vehicle. There is practically ZERO hard-wire electrical connections within a modern vehicle. Even your power window motors aren't connected directly to your window switches -- that would be a waste of heavy copper conductors, and add weight to a vehicle that is trying to wring every last MPG out of itself.

Once someone demonstrates a vulnerability and writes a script for it, any 'script kiddie' will be able to break into the CAN bus. Once there, a script could issue just about any valid command (unlock driver's door comes to mind), since the CAN bus is neither encryped nor authenticated. Most CAN-bus connected modules can be made to spoof their CAN bus ID, thus masquerading as any other module on the bus.

Please RTFA. It will plainly state the various successful attack vectors used.

Re:Wrong demographic (1)

gl4ss (559668) | more than 2 years ago | (#38678116)

no it's not.

there is ZERO connection from the BT to the car's operational CANBUS.

when the entertainment unit is made integral part of the onboard computer systems then uh.. yeah, there is direct connection. why would a car company do that? well, two reasons: to make it more of a bitch to go with aftermarket 40 bucks radios so you'll have to buy their most expensive in car entertainment package when you buy the car and the second reason is simply cutting costs and reducing the number of cpu's on the car.

Re:Wrong demographic (1)

prichardson (603676) | more than 2 years ago | (#38677804)

I'm not saying that the attack vector isn't present, I'm just saying it's not worth it. Someone with the skills to steal a car that way isn't going to bother to make $5000 (at most) selling a stolen car for parts when they could make that in a week at a legitimate job (that they can get with the skills required to steal said car in said fashion).

Now, stealing a crazy-expensive car is another matter entirely.

Re:Wrong demographic (0)

Anonymous Coward | more than 2 years ago | (#38678000)

Criminals don't always think so logically, otherwise they probably wouldn't be criminals in the first place.

I always wonder about the people who are constantly begging at an intersection near me. I think "If you are capable of coming out here every day for the entire day hustling cars you could probably hold down a job that paid more."

Re:Wrong demographic (2, Insightful)

heckler95 (1140369) | more than 2 years ago | (#38677476)

The first guy to hack a car's PC needs to be skilled. Turn that into a black-market android app and all of a sudden the middle-school dropout who had trouble learning how to jimmy or hotwire can steal a car with the swipe of a touchscreen. It's just a matter of time.

Re:Wrong demographic (1)

CanHasDIY (1672858) | more than 2 years ago | (#38677934)

Ignoring, for a moment, that most-if-not-all automotive computer systems are proprietary and thus will vary from manufacturer to manufacturer, I think it's more an issue of funding. If cars cost what computers do, this issue would have come to a head years ago.

Considering cost, it seems to me that hacking of automobile computer systems will, for now, be the exclusive domain of researcher organizations and vast criminal empires... to that end, imagine the havoc that could be wrought if, say, the Zeta's got a hold of one of ICE's Suburbans and managed to reverse engineer it's systems...

Re:Wrong demographic (1)

tomboalogo (2509404) | more than 2 years ago | (#38677748)

"A jimmy and hotwiring are things pretty much anyone can do."

Ummm this hasn't worked for a while no matter what you saw Jason Bourne do on TV.

Re:Wrong demographic (0)

Anonymous Coward | more than 2 years ago | (#38678058)

no.....not until theres an app for it...then what??

I don't quite get it (5, Funny)

kav2k (1545689) | more than 2 years ago | (#38677260)

We need a car analogy here.

Re:I don't quite get it (1)

DarkOx (621550) | more than 2 years ago | (#38677884)

Sure its like if you had a car and left in a parking lot. Now suppose this car of yours had wireless unlock that did not use strong encryption, or any kinds of DH mutual authentication, rolling code, or time based scheme. Then suppose some guy with some relative simply radio equipment waited for you to unlock it. He can could then use a simply replay attack to unlock it and steal any shit you had in there.

Does that help.

Sometimes hi-tech is not the best solution.... (0)

Anonymous Coward | more than 2 years ago | (#38677264)

I live in a country with high levels of criminality.

And the truth here is: You could have a fancy high-tech anti-theft system. But that is going to give you a broken glass or something similar.

The best counter-measure that you can use here is leave the car open with nothing of value or personal belongs inside, and remove a cable from the ignition system.

If a thief cannot start the car in less than 5 minutes, they ussualy try to find a more easy target. Sometimes a simple switch hidden in the car it's better than a $5000 anti-theft system.

Re:Sometimes hi-tech is not the best solution.... (1)

hedwards (940851) | more than 2 years ago | (#38677396)

Which is why police love lojacks, often times they not only get the car back, but they catch the thief red handed.

Re:Sometimes hi-tech is not the best solution.... (1)

Anonymous Coward | more than 2 years ago | (#38677530)

Were in Vancouver when a theft ring wants a car they just show up with a flatbed and take it away. It doesn't even arouse suspicion.

Re:Sometimes hi-tech is not the best solution.... (0)

Anonymous Coward | more than 2 years ago | (#38677610)

Well, here is the same, but in our case if a theft ring wants your car they just show up with a .22 on your window... If you are lucky they allow you to leave. If not... well you will probably end on the news.

Re:Sometimes hi-tech is not the best solution.... (3, Funny)

CanHasDIY (1672858) | more than 2 years ago | (#38677864)

Well, here is the same, but in our case if a theft ring wants your car they just show up with a .22 on your window...

You must not live in a right-to-carry state, if thieves are carjacking folks with pea-shooters...

'Round these parts, that's the fastest way to get your ass blown off by someone with a real gun.

Re:Sometimes hi-tech is not the best solution.... (2)

istartedi (132515) | more than 2 years ago | (#38677930)

On the Internet, nobody knows you're not a badass with a .44 at the ready under the driver's seat. (suppressed laughter). Yes we do. (open laughter).

Re:Sometimes hi-tech is not the best solution.... (1)

betterunixthanunix (980855) | more than 2 years ago | (#38678046)

If you do not think a .22 is a worthy gun, then why not come down to the range and hold up my targets while I shoot mine?

A .22 is plenty deadly, and I would not bet my life on rimfire cartridges not being less reliable than centerfire. If someone already has a gun pointed at you from a foot away, you are not going to get your gun out of the holster before they shoot you, and that is regardless of what caliber they are packing.

Re:Sometimes hi-tech is not the best solution.... (0)

Anonymous Coward | more than 2 years ago | (#38678098)

Sure tough guy. And as you're slowly reaching for your gun with your fat Cheetos fingers, HE ALREADY FUCKING SHOT YOU WITH THE ONE POINTED AT YOUR DIPSHIT HEAD!!!!!11110!

Re:Sometimes hi-tech is not the best solution.... (1)

Anonymous Coward | more than 2 years ago | (#38677736)

I have a friend of mine with a Jeep Wrangler. The glove box is left open, there is no radio, and there is obviously nothing in the vehicle. Still, thieves will hop in, and upon finding nothing to steal, will vandalize things, be if defecating on the seats or whatnot. So, having nothing to steal won't help things.

The ONLY thing I've found which actually helps against car theft is a car alarm that I had custom installed. Upon going off (and so far, I've never had a false alarm), it spews pink fog into the vehicle's interior while flashing strobe lights and having a distinct siren. I've had my truck broken into, but usually the break-in is pretty quick, and few thieves will be trying to crack into a strongbox welded to the frame while the vehicle is billowing fog. (In parking garages, it disperses quickly, but the fog machine can make the interior opaque in 3-5 seconds.)

Bait car? (1)

NetNinja (469346) | more than 2 years ago | (#38677266)

Ever watch bait car? They steal cars left and right!

The future of... (0)

Anonymous Coward | more than 2 years ago | (#38677300)

The future of full coverage car insurance...

If someone wants your car, they will take it somehow.

Get full coverage.

Immobolizers (2)

whitedsepdivine (1491991) | more than 2 years ago | (#38677304)

Most cars except for Benz, are really easy to bypass there immobolizations. You just have to open the car's ECU and rip out the immobolization chip. You just get a check engine light on after the chip has been removed.

Re:Immobolizers (1)

BitZtream (692029) | more than 2 years ago | (#38678016)

Welp, considering on my car that would require removing large portions under hood as well as, and heres the kicker ... opening a hermetically sealed aluminum box without damaging the sensitive components inside, some of which are designed to fail in case its opened that way.

I highly doubt I could (even with training/practice) GET the ECU out of my car and cracked up in 30 minutes. If you take 30 minutes to steal a car, you're caught.

iPod port attack + iCloud = (1)

AlienSexist (686923) | more than 2 years ago | (#38677438)

Your car has been uploaded to iCloud and the criminal can now access it from anywhere!

Plenty of room to improve car security (0)

Anonymous Coward | more than 2 years ago | (#38677604)

Seems like the obvious next step in vehicle security is to be more pro-active in the defenses, i.e., reliance on tracking systems to show where the car is, built-in webcam to take pictures of people approaching and occupying the car (yeah, he can wear a mask, but that makes him obvious to onlookers), etc. Your car should be pretty safe if, in addtion to jimmying the doorlock (by electronic means or otherwise), the thief needs to disassemble the engine block and pull out the module that is transmitting the car's GPS coordinates. Hard to do casually in an open area.

IF they are in the car.... (1)

Lumpy (12016) | more than 2 years ago | (#38677634)

They already own the car.

Dont worry about a thief stealing the car by using the CD player. All of these articles are pure FUD. they cant do a "Shadowrun" style unlock and start from standing outside the car and using their Uber haxor toolkit.

Re:IF they are in the car.... (1)

Anonymous Coward | more than 2 years ago | (#38678076)

You obviously didn't RTFA. The most damning attack was when they got to the point of being able to play an MP3 recording of a dial-up modem session from an iPOD over a telephone handset they had dialed into the vehicle's cellular interface. There were then able to command the vehicle's doors to unlock.

Won't stop... (1)

Anonymous Coward | more than 2 years ago | (#38677670)

I have a Nissan with an Intelligent Key, so I can walk up to the car, push a button on the door handle, and the door unlocks. This is theoretically vulnerable to a relay station attack, where Mallory can put a radio in the next cubicle over and his accomplice stands outside with another radio, this "simulating" my key.

I doubt this would happen. If my car is even stolen, it will be by one of the following methods:

- Taking the physical key, whether by force (robbery/carjacking) or TWOC. TWOC is highly unlikely, since I keep my keys in my pocket, and at home, I have no roommate or teenage child to decide to take my car. My wife obviously has permission to drive my car.

- Towing. This would be quite easy, as people tend to ignore wreckers, assuming the car owner has requested towing, or that the car is parked illegally. This would most likely happen away from home, as I have a garage at home. This is also not very common.

I live in Tallahassee, FL, which was recently ranked the USA's 8th most dangerous city. LoJack isn't available here, but if it was, I'd most likely get it for both our cars, especially since it's a one-time cost.

Now, the Nissan Intelligent Key has one interesting quirk that I hope to never find out about. Assume a typical carjacking where the perp approaches my car with a gun and makes me get out, while he gets in and drives away. The Intelligent Key is in my pocket, so assuming the carjacker does not kidnap me or search my pockets, the first time he turns the ignition switch to off, he will be unable to restart the car without the key.

I used to have a car with the ultimate anti-theft device, and when my car is no longer worth maintaining, I will most likely get another one: a standard transmission. My current anti-theft device is that my car is a non-luxury mid-size, 5 years old, with 52,000 miles on the odometer, making it less appealing. Most effective if I park near an almost-new luxury SUV.

Ghost Dog (2)

Massacrifice (249974) | more than 2 years ago | (#38677720)

They have a movie about his. If you havent seen it, rent/download Ghost Dog : The way of the samurai. One of my best. Main guy steals Lexus with electro device he built himself.

http://www.imdb.com/title/tt0165798/ [imdb.com]

Low hanging fruit (0)

Anonymous Coward | more than 2 years ago | (#38677814)

I've heard that a huge percentage of cars are stolen because there are places where people leave the engine running.

Then of course there's the whole iDevice left on the front seat problem. They don't get the car; but they still get something.

Really though, can we just dispense with the whole car alarm thing? Nobody cares. In fact, I'd like to smash the windows of cars that do it, including my own.

There are *real* alarms you can trigger silently when the car is stolen. Those rock. That should be standard; but only subject to activation from your key fob or by sending a text somewhere with a PIN that you determine. User-activated GPS location: good. Government tracking: bad.

In Europe (0)

Anonymous Coward | more than 2 years ago | (#38677988)

Here in Europe high tech theft is done as follows:

Door is opened through the usual manners. (Window broken or various known vulnerabilities that are also used by road services when you leave your keys in the car.)
(Alarm may sound.)

A special device is put into the OBDB connector that does some magic to reset the ECU. (Overwrites certain values in EEPROM/FLASH. It has a nice interface to select make and model of target car.)
The alarm is now silenced and all known "carcodes" are lost.

You can now start the car with any fitting key. There is no need for transponder anymore.
Generally there are only a few (20) possible key combinations and you can by sets of those.

You now just need to reprogram the car again with another VIN, and change the chasis number.
Generally a VIN of a scrapcar is used.

The car will never be found...

brakes.sys has caused a system error (2)

Joe_Dragon (2206452) | more than 2 years ago | (#38678032)

To reboot the car trun key to off (soft switch)

If that does not work open hood and unhook battery

just what we need more tech to lock to dealer (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38678068)

Get ready to say good buy to any non dealer car repair place. And if they want to be real dicks about dealer oil changes at 3000 miles.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?