Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BMW Cars Vulnerable To Blank Key Attack

timothy posted more than 2 years ago | from the now-that-is-a-catchy-slogan dept.

Security 291

Techmeology writes "Thieves have discovered how to steal BMW cars produced since 2006 by using the onboard computer that is able to program blank keys. The device used — originally intended for use by garages — is able to reprogram the key to start the engine in around three minutes. The blank keys, and reprogramming devices, have made their way onto the black market and are available for purchase over the Internet."

Sorry! There are no comments related to the filter you selected.

Imagine if this was self-driving car (5, Interesting)

Googlefu (2729517) | more than 2 years ago | (#41323271)

Not only would Google's self-driving car be vulnerable to this attack, it would start driving around itself! And you would be responsible for everything the hacked vehicle did.

I agree with the previous note. It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.

Re:Imagine if this was self-driving car (5, Insightful)

Krneki (1192201) | more than 2 years ago | (#41323311)

It can happen yes, but what is more likely to happen an incompetent/drunk driver running you over or a hacked AI car?

AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.

Re:Imagine if this was self-driving car (4, Insightful)

Googlefu (2729517) | more than 2 years ago | (#41323377)

If they can't even get "little" details like car locks working, how is full-driven AI going to be any better?

Re:Imagine if this was self-driving car (5, Insightful)

Krneki (1192201) | more than 2 years ago | (#41323483)

It's security vs ease of use. Maybe they hopped no one would bother, now they know it and the next model will be more secure. The thing about science is that is moving on, while human driving is not.

Re:Imagine if this was self-driving car (-1)

Anonymous Coward | more than 2 years ago | (#41323729)

The article is a advertisement soak...

From the article 'I am pleased to say that we have now had further information from our technical team which means that we will be able to offer the same mitigating measures mentioned in relation to X5 and X6, to any concerned BMW owners, starting within the next eight weeks. This will mean that the car cannot be taken using the piece of equipment you highlight. Of course this will not render the car unstealable, but it will address this particular form of attack.'

Meaning they have already rendered this thing useless. Until the criminals figure out a way around it...

Re:Imagine if this was self-driving car (4, Interesting)

Pieroxy (222434) | more than 2 years ago | (#41324609)

It's not security vs ease of use. It the proof that you should not let a hardware company reinvents itself as a software company. At least not for critical stuff. Whether the car lock is critical or not is another debate.

Look at drivers for printers or scanners, or GC to see that hardware companies have no shame at all when it comes to releasing software that any software developer would qualify as a pile of smoking shit.

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41323527)

That's pretty easy. Install onstar?

Re:Imagine if this was self-driving car (1)

geekoid (135745) | more than 2 years ago | (#41324137)

Engineering.

Re:Imagine if this was self-driving car (0, Troll)

Anonymous Coward | more than 2 years ago | (#41323439)

Especially because the only people who drive BMWs are douchebag middle managers and trust-fund kids. If you see a BMW on the road, chances are that an asshole's in the cockpit, and when that same asshole is not driving his BMW, he's riding in the middle of the road and blowing stop signs and traffic lights on his bicycle while wearing a dickhead helmet and faggotty neon-colored spandex.

Assholes also drive Audi's, too.

-- Ethanol-fueled

Re:Imagine if this was self-driving car (2, Funny)

Anonymous Coward | more than 2 years ago | (#41323541)

And when you see a geek, you see a filthy little zero with massive personality disorders, deranged sexual fetishes, completely unsupported arrogance and an impotent, hyper-ideological little shit who deserves to be kicked in the groin or punched in the face (as determined by 20 sided die roll) on an hourly basis as penance for being such an insufferably awful sack of misery.

Re:Imagine if this was self-driving car (5, Funny)

Anonymous Coward | more than 2 years ago | (#41323649)

BMW driver here. Absolutely correct. I always drive in the middle of the road and I also yell "ka-ching" and "score" when I:

Knock over bicyclists
Clip old ladies
Back up over children
Pass (usually on the right) morons in Priuses, Smart Cars and other econo-boxes like Hondas and Rustangs.
Cut off mom-mobiles where the housewives are talking on the cell phone to their mom.

My driver's seat is usually (partially) filled with a small asian chick with big tits and bigger sunglasses. It is a misnomer that I talk on cell phones while I pass you. In reality, I don't talk on the cell phone because my trophy passenger takes my calls for me.

However, I wouldn't be caught dead on spandex or on a bike. That's who we run over, man. Why would would a predator become prey?

Remember, the difference between a porcupine and a BMW is that with a BMW, the pricks are on the inside. Drive safe! Stay out of my way.

Re:Imagine if this was self-driving car (-1)

Anonymous Coward | more than 2 years ago | (#41323739)

Not surprised!

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41323837)

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41324213)

You lousy stinking dirtball... you've got two seconds to live!

Re:Imagine if this was self-driving car (1)

Lumpy (12016) | more than 2 years ago | (#41324359)

You forgot that we are required to wear wrap around sunglasses and dress in trendy bohemian casual business.
If you don't dress this way BMW will repo the car. I've seen it happen, Neighbor did not wear the approved clothing and the BMW came and took the car after browbeating him.

Re:Imagine if this was self-driving car (-1, Troll)

rthille (8526) | more than 2 years ago | (#41323945)

My 80+ year old farmer mom isn't an asshole, asshole.

Re:Imagine if this was self-driving car (1)

mr1911 (1942298) | more than 2 years ago | (#41324023)

That escalated quickly.

You should talk to someone. Someone as in a psychiatrist or psychologist. Do it now, before you snap and your BMW driving boss is the target of your tirade and/or violence that leaves you in prison for a long time.

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41324515)

+1 Passive Aggressive

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41323497)

I wish I had mod points to give you. AI driving will likely be magnitudes of order safer than humans.

Re:Imagine if this was self-driving car (3, Insightful)

Joce640k (829181) | more than 2 years ago | (#41323901)

AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.

I can tell you're not a lawyer...

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41324507)

The problem with a computer-hacked self-driving car, vs a car hijacked the old-fashioned way, is that the involvement of a malicious third party (and therefore, the exoneration of the innocent owner of the car) will be harder to prove. But there you go, pros and cons. It always happens when a novelty appears. If the pros of the new technology over time tend to outweigh the cons, the technology will eventually take hold. Otherwise, it will wither and die, or become a niche market or a mere laboratory toy.

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41323343)

Then the program developers would be liable for breaking Asimov's rules.

Either that or we welcome out new self-driving robotic overlords.

Re:Imagine if this was self-driving car (4, Insightful)

MetalliQaZ (539913) | more than 2 years ago | (#41323411)

Heh. When did Asimov's rules become law?

Also, just FYI, Asimov created those laws to break them down. He wrote a whole collection of stories that examine how the "3 laws of robotics" can fail.

Re:Imagine if this was self-driving car (1)

Anonymous Coward | more than 2 years ago | (#41323657)

I have read quite a bit of Asimov, and would be interesting in knowing were any of the 3 laws (by the way, they were laws, not rules), was "broken". Certainly not in the books I've read. Or maybe with "breaking down" you mean Asimov presented his laws as leading to problems if applied, so actually he was advocating against them. If so, could you elaborate on that, with examples? I don't recall any situation were a robot was harmful *because* of the three laws. If anything, maybe *despite* the three laws.

Re:Imagine if this was self-driving car (1)

DigiShaman (671371) | more than 2 years ago | (#41323879)

As just about anything in life, there are almost always an exception to the rule. While the 3 laws make for a good platform (in theory), they can be circumvented under the right conditions.

Re:Imagine if this was self-driving car (1)

Joce640k (829181) | more than 2 years ago | (#41323933)

No, it's impossible. The positronic brain would break down completely before one of the laws could be circumvented.

Re:Imagine if this was self-driving car (4, Interesting)

DigiShaman (671371) | more than 2 years ago | (#41324297)

Take the first law for example

A robot may not injure a human being or, through inaction, allow a human being to come to harm.

So a robot walks in a warehouse and finds 100 people all tied up. One of them in the middle has explosives. In this scenario, the robot concludes that the only way to save the other 99 is to kill the one with the explosives. He only has 5 seconds to make a decision.

What does he do? By the first law, he's screwed no matter what decision he makes. Does he opt for the greater good option and kill the one man to save the 99? Or let all 100 die?

Re:Imagine if this was self-driving car (1)

Cormacus (976625) | more than 2 years ago | (#41324621)

Depends. If it's one of the modified Nestors it will probably retrieve what it was sent to get in the warehouse and then walk back out.

Re:Imagine if this was self-driving car (5, Informative)

gstovall (22014) | more than 2 years ago | (#41324623)

Asimov did study this scenario, and it led to the zeroth law, basically known only to the robots.

0. A robot may not harm humanity, or, by inaction, allow humanity to come to harm.

As in Star Trek, "The needs of the many outweigh the needs of the few...or the one"

Re:Imagine if this was self-driving car (1)

wbackner (1417725) | more than 2 years ago | (#41324645)

That's where the zeroth law comes in. It was added in the stories for that exact sort of scenario.

A robot may not harm humanity, or, by inaction, allow humanity to come to harm.

Re:Imagine if this was self-driving car (1)

MetalliQaZ (539913) | more than 2 years ago | (#41324249)

I didn't say broken or circumvented, I said "fail". "fail" as in they failed to protect humans as they were intended.
Here is the most obvious example, and the one that most /.'ers are probably familiar with:

Humans have both the capability and the tendency to harm other human beings. Even good intentioned humans tend to make big mistakes that either directly or indirectly cause other humans to come to harm. By rule number one, robots may not harm a human, or by inaction allow a human to come to harm. The other rules can be overridden by rule one. Therefore, the only way to fully protect humans is to remove their ability to interact at all with other humans. Lock them up. This is basically a removal of nearly all rights and freedoms -- and obviously is counter to the actual intention of the three laws.

Re:Imagine if this was self-driving car (2)

AwesomeMcgee (2437070) | more than 2 years ago | (#41324241)

Asimov's laws are a straw man argument?? Nonsense, he wouldn't do that to us! No, not him!

Re:Imagine if this was self-driving car (4, Insightful)

Anonymous Coward | more than 2 years ago | (#41323381)

Why would you be responsible?
Are you responsible when someone steals a normal car?

Re:Imagine if this was self-driving car (1)

crontabminusell (995652) | more than 2 years ago | (#41323719)

No, but typically you're not in the car when it's stolen, either.

Re:Imagine if this was self-driving car (0)

Anonymous Coward | more than 2 years ago | (#41323787)

I would imagine they would have a manual override so you can disable the car.

Re:Imagine if this was self-driving car (2)

The Grim Reefer (1162755) | more than 2 years ago | (#41323477)

It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.

Depending on who it runs over, this could be a feature rather than a bad thing.

Re:Imagine if this was self-driving car (-1)

Anonymous Coward | more than 2 years ago | (#41323793)

New User - Check
Attacking Google for no apparent reason - Check

I'm surprised you didn't comment on how this would never happen if programmed in Microsoft's latest Visual Studio.

Re:Imagine if this was self-driving car (5, Funny)

daem0n1x (748565) | more than 2 years ago | (#41323969)

Just imagine if a locomotive boiler explodes and kill someone. Steam trains are bad. We should use horses.

Just imagine if a house falls down and people get crushed. Houses are bad. We should live in caves.

Just imagine if your laptop explodes and you die. Laptops are bad, we should use abacuses.

Re:Imagine if this was self-driving car (1)

flyingfsck (986395) | more than 2 years ago | (#41324281)

If a self driving car makes a mistake, then it is an industrial accident. We already have laws for that situation.

Re:Imagine if this was self-driving car (1)

Yobgod Ababua (68687) | more than 2 years ago | (#41324631)

No.

It's a very, very different thing to get a computer to:
a) Do something it's programmed to do (like start up and drive around safely), but for the wrong person.
b) Do something it has NOT been programmed to do (drive unsafely).

You can't just conflate the two with "hacking the system", as they are COMPLETELY different physically, electronically, logically and mathematically.

LOL (-1)

Anonymous Coward | more than 2 years ago | (#41323331)

gives new meaning to the word pwn

Re:LOL (1)

postbigbang (761081) | more than 2 years ago | (#41324225)

Yeah. And if you can get to the ODB2 jack, you can pwn not only BMWs, but Minis, Mercedes, and a bunch of other tasty cars. You download the key, and using the magick of eBay programmers, reset a "blank" key into a new one. Drive away. Try to look dapper.

Re:LOL (1)

Anonymous Coward | more than 2 years ago | (#41324447)

Dapper?? does that mean wearing a top hat and tails while stealing one?

And the question is (3, Funny)

Psicopatico (1005433) | more than 2 years ago | (#41323349)

FTFA:

Amazingly, the blank keys and the device are both available to buy at a bit of a price on the internet.

And the question is: how many BitCoins does those cost?

Re:And the question is (1)

richy freeway (623503) | more than 2 years ago | (#41323379)

Buy them on eBay and Alibaba for actual money.

Ford Comparison (2, Interesting)

Anonymous Coward | more than 2 years ago | (#41323367)

I know ford around the same era required other valid keys to be present when the new key was programmed. I'm surprised BMW didn't have a similar requirement

Re:Ford Comparison (3, Insightful)

TWX (665546) | more than 2 years ago | (#41323519)

I'm not surprised.

Essentially no one thinks about security, or more accurately, while one team is thinking about security, another team is thinking about something that totally and completely bypasses that security.

And as for Ford, there was an article in Wired several years ago about the possible failure of immobilizer systems in various Ford/Lincoln vehicles.

In my opinion, if there's a legitimate way to make the vehicle move, there's a way to make the vehicle move. If you don't want the vehicle to move then you need to remove something from it that makes it move, preferably something that a thief wouldn't normally bring with them, like a coil wire on a vehicle with a distributor, or a fuel pump relay or ASD relay, or something like that. Come to think of it, one could probably relocate such a relay to the passenger compartment to allow one to use the relay itself like a key, removing it to immobilize the vehicle.

Either way though, relying on an electronic means from an automaker is foolish.

Re:Ford Comparison (3, Interesting)

mlts (1038732) | more than 2 years ago | (#41323607)

There is that, or use security by obscurity. For example, on Ford PATS systems, one can put a switch in on the circuit of the ignition antenna which reads the key's RFID chip.

Flip the switch, and even if a thief was able to clone a 40 (S) or 80 bit (SA) PATS key, they will still be stuck scratching their head as the ignition still wouldn't start.

Of course, this doesn't mean that the thief will not resort to vandalism, but it will mean the vehicle most likely will remain in the same spot unless towed.

Re:Ford Comparison (1)

bobcat7677 (561727) | more than 2 years ago | (#41324015)

An excellent example of physical security...and how physical security will trump electronic security every time. Just ask the crew of the Battlestar Galactica.

Re:Ford Comparison (1)

ajlitt (19055) | more than 2 years ago | (#41324627)

I can't, they've been dead for thousands of years.

Re:Ford Comparison (4, Interesting)

Lumpy (12016) | more than 2 years ago | (#41324423)

Why so complicated? a simple $3.29 switch that interrupts the power to the fuel pump. Works on 99.98765% of all cars and will foil any thief.

Flip switch under seat, and leave the car. Thief tries to start car and it acts like it is out of gas. No thief will look under the seat for a switch they have less than 30 seconds to get in and get the car moving or they risk getting caught, so if they cant do a fast smash and grab they move on.

Re:Ford Comparison (0)

Anonymous Coward | more than 2 years ago | (#41324559)

"No thief will look under the seat for a switch they have less than 30 seconds to get in and get the car moving or they risk getting caught"

Until this becomes an even moderately standard practice... at which point EVERY thief WILL look under the seat and still be gone in 30 seconds or less.

Re:Ford Comparison (2)

swb (14022) | more than 2 years ago | (#41324031)

I've seen this technique used before. A landscaper I knew had a hidden key lock than interrupted the electronics on a Bobcat, and my dad's business had some numeric keypad switches that did the same thing installed in some of the business cars they had.

The keypad would be easy to defeat if you had a shop and could trace the wires, but the keypad itself had a bunch of wires in/out that couldn't just be randomly spliced by a thief. I think there might have been some other module under the hood, too, that made it more complicated.

Re:Ford Comparison (1)

rwise2112 (648849) | more than 2 years ago | (#41323863)

I remember a while back, you could unlock Fords remotely with a Palm Pilot app.

Re:Ford Comparison (2)

Joce640k (829181) | more than 2 years ago | (#41324045)

I remember opening a friend's Peugeot with my HP200LX [wikipedia.org] and a TV remote control emulator.

The keys used an infra-red system with a receiver above the rear view mirror.

Re:Ford Comparison (1)

localman57 (1340533) | more than 2 years ago | (#41324171)

I know ford around the same era required other valid keys to be present when the new key was programmed. I'm surprised BMW didn't have a similar requirement

This isn't the same thing. You're talking about a consumer being able to program their own key. Typically, you have to have two valid keys to program a third, so a valet can't do it with one key. But cars typically come with only two keys. If you lose one, you can't program a new one yourself. You have to take it to a dealership who has a backdoor to program more keys through the CAN network. The BMW theives are exploiting this backdoor. Some of these details vary a bit for maker to maker, model to model, but this has been pretty standard for around 15 years.

BTW, if you only have two keys to your car now, do yourself a favor, and get a third one from wal-mart, and program it yourself. This is much cheaper than the $150 or more if you lose a key, and have to have the dealership reprogram one for you.

So this means (1)

wbr1 (2538558) | more than 2 years ago | (#41323399)

No more waiting around for a dog to crap out the 'laser encoded' keys he ate.
Oh, and i know Nick Cage sucks, but thats my girls favorite movie and it always makes her horny. So yeah, I have seen it too many times.

Re:So this means (-1)

Anonymous Coward | more than 2 years ago | (#41323429)

Oh, and i know Nick Cage sucks, but thats my girls favorite movie and it always makes her horny. So yeah, I have seen it too many times.

By 'girls' I hope you mean your Wife/GF/SO, and not your daughter(s).

Re:So this means (1)

wbr1 (2538558) | more than 2 years ago | (#41323529)

Girlfriend, possessive. I was typing on my phone so I shortened it for laziness reasons. Of course and AC would take it to incest. Where is YOUR mind at? And why the fuck am I responding to an AC>

Re:So this means (1)

Anonymous Coward | more than 2 years ago | (#41323639)

Oh, and i know Nick Cage sucks, but thats my girls favorite movie and it always makes her horny. So yeah, I have seen it too many times.

By 'girls' I hope you mean your Wife/GF/SO, and not your daughter(s).

This is /. so you can never be certain.

This is /. not /b/ (2)

SmallFurryCreature (593017) | more than 2 years ago | (#41324105)

On /b/ you can be certain, he is talking about his kids.

On /. you can be certain, whenever someone is talking about sex, he is lying.

Re:This is /. not /b/ (1)

Pope (17780) | more than 2 years ago | (#41324477)

"A guy came up to me after one of my shows, and said 'I'd like you to meet my wife and sister,' and there was only ONE woman standing there!"

In other news: (5, Insightful)

AtomicDevice (926814) | more than 2 years ago | (#41323407)

Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!

Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

Re:In other news: (3, Insightful)

rot26 (240034) | more than 2 years ago | (#41323525)

PREVENT crime?

You're thinking of some organization other than the police. They're just there to fill out the paperwork afterward.

Re:In other news: (3, Interesting)

dywolf (2673597) | more than 2 years ago | (#41323609)

Why I rarely bother to lock my car. Granted its an older model. Truth is, ya, a determined theif will steal the car about as quickly as I can unlock the door and start it normally with the key. Most people aren't so motivated, and governed by basic morals. As long as the key isnt in the car, and there's nothing worth stealing in the car, and I'm in a reasonably low crime area, the car is gonna be fine in all likelihood. Just as well since hte lock has started acting finicky about 6 months ago. I really need to take it apart and degrime it with some WD or something.

Re:In other news: (4, Interesting)

54mc (897170) | more than 2 years ago | (#41323663)

I stopped locking my car for a similar reason. Nothing in my car is worth more than the cost of a broken window. I will say that I've lost a few jackets I've left in there during the winter, but, as I said, they were a lot cheaper than a new window.

Re:In other news: (0)

Anonymous Coward | more than 2 years ago | (#41324187)

That might seem true until a hobo uses your back seat as a toilet

Re:In other news: (1)

tom17 (659054) | more than 2 years ago | (#41324375)

Better than having a backseat toilet *and* a broken window...

Re:In other news: (3, Insightful)

Anonymous Coward | more than 2 years ago | (#41324595)

Yes, but do you think the crook would have broken a window to get your coat?

Re:In other news: (1)

gstoddart (321705) | more than 2 years ago | (#41324159)

Why I rarely bother to lock my car. Granted its an older model. Truth is, ya, a determined theif will steal the car about as quickly as I can unlock the door and start it normally with the key.

A truly motivated and resourceful criminal would just show up with a tow truck. Nobody would even look at a tow-truck taking away a car.

But, the locks keep the casual/incompetent ones away.

Though, years ago I used to have a Jeep ... my friend pointed out that locking it was futile because it was basically a tent on wheels. Anybody who knows about how to do the soft-top could just unzip it. Anybody who didn't could simply cut it.

After that, I stopped locking it.

Re:In other news: (4, Informative)

afgam28 (48611) | more than 2 years ago | (#41324607)

When the car makers all started to introduce engine immobilizers, the rate of car thefts plunged. (An immobilizer is a device that prevents hot wiring)

If your reasoning was true then immobolizers would not have had any effect.

Yes a determined and well equipped theif will always find a way in. Unfortunately, most vehicle thefts are opportunistic crimes, and it is definitely worth trying to prevent that by locking your car.

Re:In other news: (3, Interesting)

jeffmeden (135043) | more than 2 years ago | (#41323655)

Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!

Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

The seemingly odd thing is that there are other implementations that work the same way (I have seen this done to Honda cars many many times) but don't suffer from this kind of attack, since the car computer purposefully responds very very slowly to the reprogram command. Leave it to those hyper-efficient Germans to think that reducing the time required was a good thing.

and after the fix all work must be done dealership (2)

Joe_Dragon (2206452) | more than 2 years ago | (#41323415)

and after the fix all work must be done dealership

Dupe (5, Informative)

Muros (1167213) | more than 2 years ago | (#41323447)

Re:Dupe (1)

54mc (897170) | more than 2 years ago | (#41323675)

But that was two entire months ago!

Security and lifetime of your typical car (5, Insightful)

sinij (911942) | more than 2 years ago | (#41323487)

Cars are expected to last at least 10 years, many last much longer, well into mid 20s.

Such timescales are 'forever' in the sense of IT security. Just look at 'recent' examples - WEP was rolled out around 2000 and is now broken in just a couple minutes. Most cars made in 2000 are still on the road.

I'd go as far as saying that it is impossible to secure your car for its expected useful life without the use of physical security.

Re:Security and lifetime of your typical car (4, Insightful)

0123456 (636235) | more than 2 years ago | (#41323715)

PGP is over twenty years old, and I'm not aware of it being broken other than by rubber hoses or brute force on short keys.

You don't need physical security, you just need security developers of clue.

Re:Security and lifetime of your typical car (1)

Richy_T (111409) | more than 2 years ago | (#41323831)

It's impossible, barring extreme methods, period. All you can do is make the next car along look like a better prospect.

Re:Security and lifetime of your typical car (0)

Anonymous Coward | more than 2 years ago | (#41324619)

This is how it's supposed to work. If we don't see our older cars as crappy compared to newer cars, they can't sell us a new car.

Business exists to make a profit, not necessarily to deliver a quality product.

Re:Security and lifetime of your typical car (1)

Joce640k (829181) | more than 2 years ago | (#41324125)

WEP was rolled out around 2000 and is now broken in just a couple minutes

WEP was broken before it was ever rolled out. It was designed by people with very little clue.

Hackers don't usually 'break' things, they find holes in designs.

Re:Security and lifetime of your typical car (0)

Anonymous Coward | more than 2 years ago | (#41324199)

Equally true is that no one would bother to steal a 20 year old car

Its a key recovery problem... (3, Informative)

nweaver (113078) | more than 2 years ago | (#41323509)

(Since its a duplicate post, I'm going to include my reply from the last time it was posted)

The basic design flaw is how key duplication/recovery is handled.

On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key, to tell the computer "hey, this is the new key to use". The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!

But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.

Re:Its a key recovery problem... (2)

mlts (1038732) | more than 2 years ago | (#41323795)

Ford is similar to the Concours -- to add a new key, you need two existing keys to the system.

Of course, if one loses a key, one can get a programmer for a Ford. However what the vehicle does to slow down a thief who has two cut keys is force a 10 minute wait cycle until security functions are accessible. Then keys can be added and removed.

The wait time isn't perfect -- someone's car that is tucked away somewhere remote can be accessed, but compared to having to replace the computer [1], it is a decent compromise.

There has to be a balance somewhere between "crap, lost all keys, time to replace ECM/TCM/audio system/etc." versus "plug device in, hotwire vehicle, drive off."

[1]: Mercedes systems from what I've seen are pretty secure, but if has to delete more then eight keys over the vehicle's lifetime, a good chunk of the car computer will need replaced.

No, it's worse (3, Informative)

dutchwhizzman (817898) | more than 2 years ago | (#41323809)

All you have to do in the BMW is to tell te computer "This is a blank key, please put one of the legible, unencrypted 10 passwords you have in you on the blank key". The other keys already issued would still work and you could even program keys with them as well, just not using the car itself.

Re:Its a key recovery problem... (1)

Lumpy (12016) | more than 2 years ago | (#41324463)

Whoever told you that lied. You can get new keyfobs programmed at the dealer if you have no keys.

Pricey cars! (4, Funny)

cupantae (1304123) | more than 2 years ago | (#41323513)

They cost between 17,000 and more than 100,000 thousand pounds.

£100,000,000 is too much for any car, let alone one that allows anyone to steal it.

Re:Pricey cars! (0)

Anonymous Coward | more than 2 years ago | (#41324011)

£100,000,000 is too much for any car, let alone one that allows anyone to steal it.

At that price point, you don't rely on locks.

Re:Pricey cars! (1)

Provocateur (133110) | more than 2 years ago | (#41324653)

That better come with the 2 booth babes from the car show. As upgradable parts, too.

Buy vintage BMWs! (1)

avm (660) | more than 2 years ago | (#41323549)

....like my personal favorite, the 2002. Sure, it can still be stolen using much less sophisticated equipment, but its arguably cooler than many of the modern iterations and a lot easier on your checkbook.

Re:Buy vintage BMWs! (1)

sinij (911942) | more than 2 years ago | (#41323627)

Love 2002, much better than 1 and 3 series cars offered today.

I own multiple classic cars, but for your typical "must start every morning" commute use they are not practical. Plus, you have to be technically inclined or filthy rich to keep them on the road.

If you are kind of person that never changed their own oil - classic/vintage cars are not for you.

Re:Buy vintage BMWs! (3, Informative)

Pope (17780) | more than 2 years ago | (#41324495)

Hell, the old R series motorcycles from the late 60s/early 70s had ONE key for every model! Want someone else's R60? Just use your key and start 'er up.

It's this easy (0)

Anonymous Coward | more than 2 years ago | (#41323617)

http://www.youtube.com/watch?v=kVmPfCFFkqQ&feature=related

Ultimate Theft Method (1)

RobertLTux (260313) | more than 2 years ago | (#41323883)

Push comes to Shove all you need to steal a car is a FlatBed Wrecker with an optional Crane.

Now this is STUPID since it enables you to not need to get to extreme methods to steal a very pricey car.

Stolen in 3 minutes? (1)

PPH (736903) | more than 2 years ago | (#41324117)

All you need to stop this is a car alarm and a .357 magnum.

Re:Stolen in 3 minutes? (2)

Lluc (703772) | more than 2 years ago | (#41324581)

All you need to stop this is a car alarm and a .357 magnum.

You really just need the .357 magnum -- if you shoot the car enough times in the correct place, I guarantee a thief will not be able to drive it away.

All 2 ton freestanding objects can be stolen (1)

ZokelX (2390856) | more than 2 years ago | (#41324261)

Lets be honest, the easiest of stealing cars is that you get in and drive away. If smart electronics, big mechanical bars, armored doors and breaks are preventing you from this you can always and quite easily use a truck with winch or towbar. Sound alarms might work on your drive way but not on a busy parking when a professional looking tow truck is having its go at your car. GPS antenna's are easily jammed/cut or covered. Besides the 'hacking' of electronics there are many ways to drill holes for cable clipping, fuse pulling or apply voltage to powered windows and/or locks . High value objects that are out there will always be of interest to people that have low moral values.

available for purchase over the Internet (0)

Anonymous Coward | more than 2 years ago | (#41324275)

Where, god damn it, where?
(posting as ac 'cause i forgot my password)

Old news (1)

Dunge (922521) | more than 2 years ago | (#41324395)

I saw this on Slashdot last month or so...

Nothing to see here (0)

Anonymous Coward | more than 2 years ago | (#41324465)

So, 2006 technology that made it more difficult to start a car after you've already broken into it has been circumvented using tools developed and sold for just that purpose? Wow! I would have never guessed that there was any possible way to start a car, especially an all-mighty BMW without the original key...
In other news, it turns out some clever thieves have discovered this amazing thing called a (likely used or stolen) tow truck that allows you to drive off with any vehicle, even if you don't have the keys.

Unless BMW is different than everyone else... (0)

Anonymous Coward | more than 2 years ago | (#41324483)

...you don't "program" a key, rather, the serial number spat out by the key is stored in the car's computer and recognized as valid.

The mechanism for making 3rd, 4th, etc keys (you need 2 different originals in most cases) is present in most American vehicles that have a factory immobilizer.

For example, if you cut a key and want to program it for your Jeep:

  - Insert original key #1, turn ignition to ON, wait a few seconds, turn to OFF
  - Remove key #1, insert original key #2, turn ignition to ON, wait a few seconds, SKIS light lights, car beep, turn to OFF, remove key
  - Insert new key #3, turn ignition to ON, wait for SKIS to stop flashing and beeping. Your new key is stored.
  - Profit???

Always ensure you never give your mechanic two keys. Also ensure he doesn't own the more complicated and expensive units locksmiths and dealers own that can reset the immobilizer and program keys without originals (not as hard to get as you might imagine). Lastly, just don't trust immobilization systems to be worthwhile--at least in Canada the only requirement is that they resist a tools based hacking approach for 5 minutes or 15 (?) minutes without tools to be certified (they are required on all new non-fleet vehicles here).

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?