×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Using Laptops to Steal Cars

CmdrTaco posted more than 7 years ago | from the because-you-shouldn't dept.

455

Ant writes "Thieves are using laptops/notebooks to steal the most expensive luxury cars. Many of these cars have completely keyless ignitions and door locks, meaning it can all be done wirelessly. Thieves often follow a car until it gets left in a quiet area, and they can steal it in about 20 minutes..."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

455 comments

Far too long. (5, Funny)

grub (11606) | more than 7 years ago | (#15256893)


20 minutes to remove the laptop from the bag, smash the window and pound on the steering column with it? They must be using those modern, fancy-pants, lightweight laptops. In the old days we could get a car in under 5 minutes with a Mac Portable.

Re:Far too long. (5, Informative)

drinkypoo (153816) | more than 7 years ago | (#15257016)

Even in your average American "luxury" car, multiple attempts to start the car without the appropriate key will disable the ECU. Furthermore, in most systems, if certain items are damaged, the ECU actually has to go back to the manufacturer for reprogramming because it's part of the anti-theft system. See, there's a communications module with an antenna near the ignition switch, and it has a unique ID. You need the factory scan tool to assign a new radio module to the ECU. (I'm forgetting some details, there's more to it than this, but I figure I can look it up in the shop manual if I ever need to work on a car like that. Einstein said to never memorize what you can look up.)

The point is that unless you have the proper equipment to unlock, the car can lock itself to the point where it can not be driven. See, modern cars have variable valve timing, coil-on-plug ignition, and a whole bunch of other stuff that simply will not work without the cooperation of the computer. And, you can't just change the computer, because the radio module is locked to an ECU as well. You'd have to swap both the ECU and the module. The module is buried in where the ignition switch is and replacement requires partial dashboard or column disassembly. The ECU is sometimes under the hood, but that's very rare; typically it's behind the kick panel on the right side.

I'm sure you were going for humor (that was a joke, right? right?) but there are people asking these questions more seriously and you were most highly moderated. :)

Re:Far too long. (1)

CastrTroy (595695) | more than 7 years ago | (#15257079)

So you're saying that if you throw enough wrong codes at the car, then it will disable itself? Sounds like you could have a lot of fun disabling people's cars on them. You could probably disable a whole parking garage full of cars with strong enough transmitter and 5 minutes of free time. Even without that, just walk up to a car that isn't yours, and press the button 50 times.

Re:Far too long. (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#15257167)

Except that the system I'm talking about is a short-range radio that is only activated when a key is put into the ignition, in order to read the code stored in a RFID tag (or similar - sometimes they actually use electrical contacts even, but that's old tech) on the key. Other systems work differently.

Re:Far too long. (2, Informative)

dgatwood (11270) | more than 7 years ago | (#15257117)

Problem is that this is relatively weak. Most car alarms automatically shut off if the car gets tilted to a certain angle to avoid alarms while being towed. All you have to do to steal a car, then, is to buy a tow truck and tow it to a private garage, wherein you have sufficient privacy and time to replace those modules....

Seriously, if you're talking about the folks who are most likely to steal luxury cars, nothing short of a LoJack-like device makes sense. All you can really hope to do is deter casual thieves.

Re:Far too long. (4, Interesting)

drinkypoo (153816) | more than 7 years ago | (#15257196)

Most car alarms automatically shut off if the car gets tilted to a certain angle to avoid alarms while being towed.

That's very nice, but it has nothing to do with what we're talking about here, which is not alarm systems, but theft prevention devices built into the car's PCM, or Powertrain Control Module (formerly "ECU", or Engine Control Unit, but PCM is the OBD-II terminology and all cars are now OBD-II.)

Car alarms have two purposes: Inform everyone that the car is being tampered with, and stop the car from being driven. These systems have only one purpose: Stop the car from being driven. Either way, it's insignificant to the towing company. The ECU does not disable itself when the vehicle is at an angle. Personally I think that whole thing about car alarms disabling themselves is a myth anyway, because car alarms still work when cars are parked on steep-ass hills in san francisco.

"Space Fall" (1)

HTH NE1 (675604) | more than 7 years ago | (#15257272)

"If you had access to the computer, could you open the doors?"
"Of course. Why?"
"Just wondered how good you really were."
"Don't try and manipulate me, Blake."
"Now why should I try and do that?"
"You need my help."
"Only if you can open the doors."

"I could open every door, blind all the scanners, knock out the security overrides, and control the computer. Control the computer and you control the ship."

Re:Far too long. (1)

geoffeg (15786) | more than 7 years ago | (#15257085)

And since the Mac Portable used a lead-acid battery you could use it to jump start the car! (ok, probably not)

And thats why... (2, Insightful)

Sinryc (834433) | more than 7 years ago | (#15256900)

And thats why people will want a regular key. Its worked for hundreds of years on other things, so a car should be no problem.
All they really need to do is start randomizing the locks on cars, and not just use the same pattern...
yea, expensive, but safe.

Re:And thats why... (3, Insightful)

$RANDOMLUSER (804576) | more than 7 years ago | (#15256935)

Locks are for honest people. If a pro really wants to steal your car, whether the key is physical or software won't matter much.

VERSE VICEA (1)

Philip K Dickhead (906971) | more than 7 years ago | (#15256952)

I want use Cars to steal LAPTOPS!

Re:VERSE VICEA (1)

ichigo 2.0 (900288) | more than 7 years ago | (#15257162)

Try camping outside of a university with your car. When you see a group of people with laptops use your GTA-honed driving skills to "acquire" their property. Remember not to drive over too many people, or else you won't be able to shake the cops without a new paint job on your car.

Nice cars are for suckers (4, Funny)

Anonymous Coward | more than 7 years ago | (#15257219)

The first thing I do when I get a new car is I back it into a fire plug, then run it along side of a brick wall. Then I "key" it a bit and ding it up here and there with a 9 iron.

Finally, I pour some cod liver oil on the upholstery and lock a couple of cats in it for a few days (with the windows cracked and plenty of food and water - I'm not mean.)

That just about puts an end to anyone's desire to steal my cars.

posted anonymously so THEY won't find me.

Re:And thats why... (1)

stefanlasiewski (63134) | more than 7 years ago | (#15256995)

All they really need to do is start randomizing the locks on cars, and not just use the same pattern...

Imagine replacing the existing locking system on the hundred of thousands of cars that use keyless entry. The auto manufacturers will resist.

How many of us predicted this years ago? When I saw my first keyless system, I think the first thought on my head was "They better change the code every time the person enters the car". I'm sure the auto designers were told about this security flaw dozens of times--

Re:And thats why... (5, Interesting)

dgatwood (11270) | more than 7 years ago | (#15257073)

Regular keys take seconds to defeat. The electronic ignitions take 20 minutes. That's a pretty big improvement in the grand scheme of things.

One thing they're doing these days is to store some state information so that each code is different than the previous one. However, this only goes so far in terms of increasing the complexity of breaking in. There are generally a limited number of possible codes, so you can eventually guess the right one. And since the car will be ignoring bogus codes (to avoid being fooled by other cars' remotes), you can pretty much send it crap until you hit the right value with impunity.

If you really want your car to be secure, what they need to do is make the keyless entry devices carry a public/private key pair. On each key device, put a mini-USB jack on them and have a USB jack on the dashboard hooked up to the car's computer. Use this to copy the public key from each "key". Require that after the first key is loaded, one known key must be within radio range in order to associate a new key.

When you push the unlock button on the key, the device would send an unencrypted "unlock" message. Upon receiving this, the car would reply with a random string of data (say a 2k packet). The key device would receive this, sign the data using its private key, apply a random back-off timer to minimize collisions, then transmit the signed copy of the data, skipping a random time interval between each attempt, and stopping after 5 seconds or when the car transmits a "verified" message.

Of course, the car would stop listening after 5 seconds as well. Since the message to be encrypted changes each time, this would essentially thwart any attempts to fool the car by transmitting random data until it gets it right.

If you're really paranoid, you could design it so that the key also knows a public key for the car and uses that to get a session key so that the entire communication path is encrypted.

Re:And thats why... (4, Funny)

iminplaya (723125) | more than 7 years ago | (#15257175)

If you really want your car to be secure...

Just do what I used to do. Pop off the distributor cap, and remove the rotor. Not too many people carry a spare one of those around.

Re:And thats why... keys are no better (5, Interesting)

stmfreak (230369) | more than 7 years ago | (#15257113)

And thats why people will want a regular key. Its worked for hundreds of years on other things, so a car should be no problem.

No, they're not safe. The key merely turns a lock that closes a contact telling the computer it's okay to proceed. After my 2001 Sukuki GSXR was stolen and recovered, I had to learn a thing about hot-wiring ignitions because the thieves had changed the locks. Within the ignition tumbler was a small PCB that connected circuits to ground for parking lights, accessories and the ignition. The added "security" was that a resistor was used in the circuit for the ignition.

Turns out, the wiring harness for the ignition has a molex connector underneath the right side fairing, right about where my fairing had been shattered by blunt-force-trauma. With nothing more than some knowledge, a spare connector, some wires, a switch and a specifically rated resistor, you could build a plug that would "start" any modern GSXR in about 20 seconds.

Keys are no safer. As far as the computers are concerned, they're either on or off. RFID, challenge/response, better encryption, failed-attempt lockouts, these things are going to become more common because they do a better job slowing the thieves down.

Re:And thats why... (1)

myth24601 (893486) | more than 7 years ago | (#15257122)

Many new cars come with regular keys(not the keyless option) that have an RFID dodad embeded in the key so that the car will not start unless the RFID is there when you try to crank the car. I guess this would stop somone from simply using a lockpick on the car unless they could cercumvent the RFID stuff.

One drawback is that if you want an extra key you have to get it from the dealer or get them to "program" your key if you optain one from a third party.

This has insturctions on how to setup some of the keys that don't require any special equipment. Some require at least one existing programed key while some do not.

PDF warning
http://www.kaba-ilco.com/key_systems/pdf/2006_Auto _Truck_Key_Blank_Reference_%5B2852-E-1105%5D.pdf [kaba-ilco.com]

Even regular keys aren't regular... (1)

RareButSeriousSideEf (968810) | more than 7 years ago | (#15257243)

When the dealership quoted me upwards of 90 bucks to make a 2nd key for my car, I declined & headed to my local Ace Hardware, who did it for about 84.50 less (hey, it took their most expensive automotive blank). The dupe is cut right, the original has no *visible* embedded chip, and the dupe even unlocks & starts the car -- for about 3 engine cycles. Then it kills the engine & all electric devices. Being a glutton for punishment, I of course repeated the experiment a couple times (easier than RingTFM, no?).

This approaches DRM's insidiousness in vendor lock-in through needless proprietary interfaces. Well, needless from a consumer standpoint, anyway. But hey, I do get deterrence from theives who think my car's worth $6.00 but not $90.00.

I haven't tried starting the car with my laptop yet...

Moral: (5, Funny)

Musteval (817324) | more than 7 years ago | (#15256901)

Laptops are evil.

Fortunately, friendly Republican senators are even now pushing a bill through Congress to outlaw these devil-machines. Always looking out for our interests, those guys.

Re:Moral: (5, Funny)

ntsucks (22132) | more than 7 years ago | (#15257123)

Unfortunately, friendly Democratic senators are sponsoring a plan where the federal government will buy a laptop for thieves that do not have their own. ;-)

Related video (4, Informative)

Crussy (954015) | more than 7 years ago | (#15256905)

I saw a video [media.ccc.de] from a conference in Germany that has to do with infared hacking. It's quite interesting if you have the time to watch it.

and then what? (2, Interesting)

JeanBaptiste (537955) | more than 7 years ago | (#15256914)

I've been under the impression that thieves steal cars to strip them for parts, as its impractical to re-sell a stolen car as a whole.

Are parts for luxury cars that specialized? I thought most parts were more or less universal these days. Does a H3 take a special spark plug or something? /20 minutes and a laptop? //more like 2 minutes, a brick and a screwdriver

Re:and then what? (1)

joshsisk (161347) | more than 7 years ago | (#15256973)

The sparkplug may be standard (not that anyone steals a car to sell the sparkplugs) but the engine components, as well as all the body components, transmission, etc, are likely not. A new bumper for my (not luxury car) would cost me at least $500 new, for example.

Re:and then what? (1)

einhverfr (238914) | more than 7 years ago | (#15257270)

We have an older used Audi (combo electronic/physical lock, iirc both are required to drive the car but either one can open the door).

We had to get a fuel injector replaced. Unfortunately, Audi had changed the specs so it meant that we had to replace all six of them at $100/fuel injector.

So the answer is "yes."

Re:and then what? (1)

7macaw (933316) | more than 7 years ago | (#15256981)

A spark plug may be more or less generic, but transmission, engine, engine-controlling computer, etc. are more specialized and tend to be expensive just because the owners of an expensive car are supposed to be able to pay some more.

And speaking of hummers, a set of those shiny rotating wheel covers costs around 5 or 10 thousand, I think.

Re:and then what? (2, Informative)

deacon (40533) | more than 7 years ago | (#15257022)

These high end luxury cars are exported overseas to markets (North Africa for example) where the origin of the car is easily hidden, and the new owners might not even care.

Crash parts are taken from cars that are very popular, like Toyota Camry, where there is a big demand due to the huge number of cars on the road.

An original Toyota front fender is about $260. Add headlights, front bumper cover, hood, grill, and a stolen Camry is worth almost 2 K in just front end parts.

Re:and then what? (4, Informative)

sunwukong (412560) | more than 7 years ago | (#15257240)

Also keep in mind that the parts market is where dealers and shops make a lot of money -- the margins are huge.

A consumer group once calculated that rebuilding a $30K Honda from "genuine" parts would have a material cost of over $90K!

Re:and then what? (0)

Anonymous Coward | more than 7 years ago | (#15257027)

Actually luxury cars are usually stolen for export. The most common car thefts are things like Honda Civics that are strippe dand sold for parts. This is not practicle with luxury cars that have serialized parts.

Luxury cars are usually only stolen under limited circumstances. That is someone has a buyer in China, Saudi Arabia or a random warlord and they steal the car in a port city Los Angeles usually drive it into a cargo container and ship it out never to be seen again.

Re:and then what? (1)

thebdj (768618) | more than 7 years ago | (#15257098)

Another thing is that a lot of times parts from luxury cars are interchangeable with those of lower models. I remember hearing somewhere that thefts of Acuras was up because people would buy the parts for Honda automobiles. Sometimes this is buying a bigger engine or luxury parts that they do not sell in the lower end cars. I would imagine this sort of interchange can also be done with Toyota and Lexus and pretty much any other car line and its luxury counterpart.

Some cars do make it overseas, but unless you live in or near a port city, odds are your cars are being stolen for parts. I mean why would you ship cars from middle America to a port town when you can just distribute the various parts well enough locally. Besides, most port cities have their own abundance of cars for the taking, especially when you consider the majority of the US population is still situated out towards the coasts.

And so it follows... (5, Funny)

MudButt (853616) | more than 7 years ago | (#15256918)

This is exactly why my daughter will not have a keyless chastity belt...

Re:And so it follows... (0)

peragrin (659227) | more than 7 years ago | (#15256954)

Wait!! Your on Slashdot, your not supposed to have childern!!!

Sorry I couldn't help myself.

Re:And so it follows... (0)

Anonymous Coward | more than 7 years ago | (#15256986)

Learn to help yourself, fucktard.

What does she do? (1)

demonic-halo (652519) | more than 7 years ago | (#15257002)

Hmm..

For someone to follow her around with a laptop for 20 min... And to need a chasity belt...

She's probably doing something she shouldn't be doing.

Re:And so it follows... (1)

cez (539085) | more than 7 years ago | (#15257005)

Surprising that Northstar or whatever luxury gps / alarm service that these newer vehicles have can't detect a brute-force attack. I can't imagine its as easy as finding the right frequency, there has to be some sort of security thats being actively bypassed, one that should send up a red flag. "Too many ignition start attempts...you are being locked out of your vehicle for the next 60 seconds..."

Re:And so it follows... (1)

CCFreak2K (930973) | more than 7 years ago | (#15257155)

If I had a daughter, I'd want the SMART ones to procreate with her.

I'm 18 though, so it's a moot point right now, heh.

Re:And so it follows... (0)

Anonymous Coward | more than 7 years ago | (#15257226)

so only you can have sex with her?

text of article (5, Informative)

Anonymous Coward | more than 7 years ago | (#15256939)

Text of article:

High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key -- mechanical or otherwise -- to start the engine, so-called 'keyless' setups require only the presence of a key fob to start the engine.

The expert gang suspected of stealing two of David Beckham's BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car's computer, open the doors, and start the engine.

"It's difficult to steal cars with complex security, but not impossible. There are weaknesses in any system," Tim Hart of the Auto Locksmith Association told the U.K.'s Auto Express magazine. "At key steps the car's software can halt progress for up to 20 minutes as part of its in-built protection," said Hart.

Because the decryption process can take a while -- up to 20 minutes, according to Hart -- the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham -- the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.

While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.

According to the Prague Post leaving such information on a laptop is what got Radko Souek caught for stealing several cars. "You could delete all the data from your laptop, but that's not good for you because the more data you have, the bigger your possibilities," he says. He says any car that relies on software to provide security can be circumvented by other software. "Every car has its weak spot," he says. Souek faces up to 12 years in prison.

The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true 'keyless' systems, software is the only thing between a thief and your car. As computers become more powerful, will stealing cars become even easier? Never mind future cars with better security -- what about today's cars a few years down the road? With cars as inexpensive as the Toyota Camry offering entirely keyless systems, these concerns a relevant to all consumers.

Posted anonymously to avoid karma whoring.

inexpensive? quite opposite logic applies (1)

mapkinase (958129) | more than 7 years ago | (#15257156)

With cars as inexpensive as the Toyota Camry offering entirely keyless systems, these concerns a relevant to all consumers.


"as inexpensive" - this is exactly why it is NOT relevant to "all" consumers. Who would spend time on training hacking and $500 on a laptop to steal "inexpensive" Camry? The goal does not justifies the means.

Re:text of article (0)

Anonymous Coward | more than 7 years ago | (#15257172)

The worst thing about a Toyota Camry is an engineering flaw IMHO. When the Camry is stopped and shifted into park every damned door unlocks automatically. It's a car jackers dream.

What? (1)

artifex2004 (766107) | more than 7 years ago | (#15257235)

The worst thing about a Toyota Camry is an engineering flaw IMHO. When the Camry is stopped and shifted into park every damned door unlocks automatically. It's a car jackers dream.


Mine doesn't. If it did it by default, then I'm sure I disabled it the first day, when I read my manual.

Gone in 20 Minutes... (3, Funny)

im_mac (927998) | more than 7 years ago | (#15256944)

Are they referring to their server? 5 minutes after the link arrived on /. and I already get a timeout error.

Glad I didn't get a Prius (1, Informative)

mikeisme77 (938209) | more than 7 years ago | (#15256955)

The keyless feature of the Prius was one of the main reasons I was considering it over the hybrid Honda models, but after considering the higher price of the Prius and reading about the insecurity of RFID I decided against it. Now I'm even more sure I made the right decision.

Smart Key - It's an option... (1)

Animaether (411575) | more than 7 years ago | (#15257081)

It's an option... You don't -have- to get the Smart Key. You have to pay extra to get it. There's tons of reasons not to get a Prius, but this isn't particularly one of them.

Re:Smart Key - It's an option... (1)

mikeisme77 (938209) | more than 7 years ago | (#15257116)

But if you want side air bags and all those other nice safety features, you have to get the smart key. You also have to get the Bluetooth calling thing and the upgraded stereo system in the Chicago area (they don't have package 4, and below package 4 you don't get all the safety features...)

Re:Smart Key - It's an option... (1)

trentblase (717954) | more than 7 years ago | (#15257249)

Although you can probably disable any of these "features" pretty easily if you are on slashdot.

Re:Glad I didn't get a Prius (3, Funny)

ConsumerOfMany (942944) | more than 7 years ago | (#15257083)

Im pretty sure the fact that it is a Prius is the best deterrent against theft you can have.....

Re:Glad I didn't get a Prius (1)

NuShrike (561140) | more than 7 years ago | (#15257134)

What's wrong with the price of the Prius? Have you compared the cost vs included creature comforts item by item, inch by inch, to see how the price is justified versus whatever you were buying? Still cheaper than the other hybrid models.

You don't see people complaining you're never make your money back buying that navigation/V6+/European/SUV/luxury type vehicle.

You can turn off the RFID keyless entry. The only thing the RFID could then be used is engine ignition.

Sounds like a weak straw-man argument you have.

Re:Glad I didn't get a Prius (1)

mikeisme77 (938209) | more than 7 years ago | (#15257194)

The Prius with similar safety features to the hybrid Honda Civic I bought was $3,000-4,000 more in the Chicago area because they chose not to sell package 4 in this area--and anything less than that and I wasn't getting the safety features I wanted/needed. Estimated EPA of the Prius is higher, but not by that much more, and I'm getting higher than the EPA of the Civic hybrid. I actually thought the Civic was more comfortable to drive as it allows greater adjustment of the seat and steering wheel. The main things the Prius had over the Civic (besides slightly higher EPA rating) were storage space and cool tech items (that I didn't need, and some I didn't even want). The keyless entry was a feature I DID want and might've been enough to tip me over toward the Prius had it not been for the security issue.

Re:Glad I didn't get a Prius (1)

CheshireCatCO (185193) | more than 7 years ago | (#15257221)

Getting into a car isn't that hard. Getting it to move is tougher. So it's precisely the ignition that I'd be worried about, not the keyless entry.

As far as the GP's logic goes, I understood it perfectly: not everyone wants/needs all of the add-ons. If you're looking at a Civic, you're probably worried about the bottom line you're paying right now, not in five years. I know I was when I got my hybrid. Which is part of why I didn't get a Prius myself.

I don't think anyone is saying that the Prius is over-priced. But it is undeniably more expensive. For many of us, that's a factor.

Security by Obscurity is no security at all. (5, Insightful)

anubi (640541) | more than 7 years ago | (#15256959)

From the article...

"While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands."

shens (1)

slashdotnickname (882178) | more than 7 years ago | (#15256975)

I call shens on this article.

Though what the author describes is technically possible, outside of test environments luxury cars are almost never stolen by strangers... friends or family members with grudges maybe, but professional car thieves avoid these cars because of their almost zero resell/chop-up value.

Re:shens (2, Insightful)

TubeSteak (669689) | more than 7 years ago | (#15257052)

but professional car thieves avoid these cars because of their almost zero resell/chop-up value.
Car thieves go after high end cars all the time.

If for no other reason than to steal the headlights & rims.

A friend of mine knew some people that would go out in a 4 man team to steal rims. They had an expensive hydralic jack and some power tools. He said they were shady guys, but would do a NASCAR Pit Crew proud.

And that's not even the pro's.

Re:shens (1)

Breakfast Pants (323698) | more than 7 years ago | (#15257269)

"And that's not even the pro's." And that's not even car theives. They are just taking the rims off of the thing on the street.

Re:shens (0)

Anonymous Coward | more than 7 years ago | (#15257115)

Nonsense - they put the car in a container and ship it overseas. There are a lot of places where people care more about the status/price of a car than whether it has been stolen.

Re:shens (1)

ergo98 (9391) | more than 7 years ago | (#15257176)

outside of test environments luxury cars are almost never stolen by strangers... friends or family members with grudges maybe, but professional car thieves avoid these cars because of their almost zero resell/chop-up value.

Luxury cars are stolen all of the time, primarily to put on a container ship and send overseas (depending on where you are, overseas varies. A stolen car from Germany ends up in Canada, and vice versa, both without local paper trails documenting the theft).

Nonetheless this story..smells..bogus, or at best completely anecdotal. One short article on some random website is hardly convincing. It looks like a car-centered blog.

I'll wait until it has credible backers before I worry about thieves wirelessly stealing my car.

Re:shens (2, Interesting)

PenGun (794213) | more than 7 years ago | (#15257218)

The scam when I was young was to take a crane truck, grab a nice new vette and take it out to the toolies flip it upside down in a ditch and gut it. Took about 20 min to remove the running gear.

  It was kinda cool to come across a vette upside down looking like an old crab shell with all the guts missing.

    PenGun
  Do What Now ??? ... Standards and Practices !

does this mean (3, Funny)

supe (163410) | more than 7 years ago | (#15256977)

My updated keyless 1968 Rambler 550 classic is going to be stolen soon?
Guess I'll havee to down grade.

Re:does this mean (1)

Thunderstruck (210399) | more than 7 years ago | (#15257095)

No, but they may come after my old Caddy'. Unlike a Rambler, a Cadillac is not a car to scorn.

Re:does this mean (1)

PenGun (794213) | more than 7 years ago | (#15257170)

Nash Rambler

  How do I get this thing out of second gear ? ... toot toot

      PenGun
    Do What Now ??? ... Standards and Practices !

Yea, right (4, Interesting)

TubeSteak (669689) | more than 7 years ago | (#15256991)

The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true 'keyless' systems, software is the only thing between a thief and your car.
So what?

It's not like 99% of keyed systems were very secure. Except for the newer laser/dimple keys, thieves are going to easily get into your car.

I remember seeing on TV a news thing they did with a former car thief. He said that a car with a club, a brake pedal lock and an alarm system were the most secure. Not because they were un-stealeable, but because it wasn't worth the time or effort.

Maybe Car MFGs will get serious about security in the future, but I doubt it. The only business they lose is from people who see the top ten most stolen cars and think "I don't want one of those". Otherwise, stolen cars = money for them, mechanics and part manufacturers.

Re:Yea, right (1)

Breakfast Pants (323698) | more than 7 years ago | (#15257181)

Yep, right now keyless entry can be duped by a straight replay attack. They need to implement query/response and prevent replays with cryptographic salts.

Insert... (4, Funny)

Billosaur (927319) | more than 7 years ago | (#15256992)

...favorite Knight Rider joke here: "Michael, someone's trying to connect to me via Wi-Fi and and override my locking mechanism!"

couple of points (2, Interesting)

mapkinase (958129) | more than 7 years ago | (#15256999)

1. What kind of embedded os they are running? I am at total loss with modern cars.

2. It seems that this problem is more solvable than attacks on computers from the Internet, because the car hackers have the following disadvantages

*) less time to hack
*) less time to use the car after hacking
*) more visibility and danger of immediate apprehension
*) even the most luxurious cars are of a less source of income (after stealing) compared to what modern hackers can earn

Re:couple of points (1)

From A Far Away Land (930780) | more than 7 years ago | (#15257082)

"1. What kind of embedded os they are running? I am at total loss with modern cars."
I can't say for sure but I'd guess Windows 95. It's the only OS that asks "Where do you want to go today?" and nothing else would make sense for a car.
"Humanity to others" just doesn't seem likely, especially in an SUV.

Re:couple of points (1)

TubeSteak (669689) | more than 7 years ago | (#15257198)

1. Usually custom everything, if for no other reason than to try and frustrate the aftermarket mod chip guys.

2.

- If they know the owner isn't coming back soon, they have all the time in the world

- I'm not sure how you come to that conclusion.

- Again, I'm not sure how you come to that conclusion. If anything, a laptop is less conspicuous than the normal regimen of car-stealing tools.

- This is possible, but these aren't 'hackers', they're car thieves. I imagine your every day hacker wouldn't have a clue how to fence a stolen car.

How could it be that badly designed? (1)

AnyoneEB (574727) | more than 7 years ago | (#15257008)

20 minutes? What, is it just sending some pre-generated random number? Are they really too lazy to use a simple challenge-response scheme like normal password authenication? Or would that take up too much battery power on the errr... key?

Of course, as another poster mentioned, it does not really matter what you can do fancily and wirelessly because you can just smash the window.

Re:How could it be that badly designed? (1)

David Horn (772985) | more than 7 years ago | (#15257067)

No, the delays are part of (ironically) extra security on the part of the car's computer. Making the thief wait for 20 minutes gives the owner a chance to return to the car and discourages the thief from working on things in public. Mind you, chances are they simply park up near to the car they want to break into and play with their laptops.

Re:How could it be that badly designed? (1)

Zakabog (603757) | more than 7 years ago | (#15257147)

But smashing the window will make a lot of noise, set off any car alarms, and you won't be able to start the car. Plus it's obvious it's not your car if you're smashing the window. Someone just sitting against their car using a laptop isn't that suspicious at all, if anyone asks you're just waiting for your friend.

Re:How could it be that badly designed? (1)

zakezuke (229119) | more than 7 years ago | (#15257258)

But smashing the window will make a lot of noise, set off any car alarms, and you won't be able to start the car. Plus it's obvious it's not your car if you're smashing the window. Someone just sitting against their car using a laptop isn't that suspicious at all, if anyone asks you're just waiting for your friend.

While yes, smashing a window would make much noise... and looks rather suspicious... what are bystanders going to do about it? You would "think" they would phone the police but if you actually observe parkinglots where this tends to happen most people don't do jack. And heck even calling 911 the responce time can be anywhere from 5min to an hour by that time said theif could run away on foot or run away with the car.

Alarms are even more of a joke... they are so common place people tend not to even look anymore. It's better than nothing, but might scare away your average petty thief, but at this point people don't care unless it goes off all the time... like that jackass down the street who has a viper 3000... you know the one.

That's not all (3, Funny)

From A Far Away Land (930780) | more than 7 years ago | (#15257013)

There are reports out of Nebraska today that people with laptops have been seen plugging them into airport electrical outlets, and stealing electrons in an unguarded airport. The Department of Homeland Insecurity has declined to comment on the matter.
Details at 6:00

Re:That's not all (0)

Anonymous Coward | more than 7 years ago | (#15257103)

Just look for the people with their beard hair standing on end.

20 *Minutes* is actually quite long... (4, Interesting)

rblum (211213) | more than 7 years ago | (#15257024)

And that's insecure? Your run-of-the-mill car can be broken into in about 20 seconds. How'd I know? I managed to leave my keys in my car and called AAA. The guy showed up and had it open in under 20 seconds, just using a coathanger.

From that POV, give me the fancy-pants stuff any time.

Not so hard apparently (5, Interesting)

Visaris (553352) | more than 7 years ago | (#15257025)

There is a student on campus that was bragging that he could do just as the article describes. A professor put down $100 and bet the student that he couldn't get into his car in 15 min without breaking anything. The student took the bet. Needless to say, the whole class was out in the parking lot 5 min later to watch. It took the student about 5 minutes. The car chirped and the lights flagshed. I assume this meant the doors had been unlocked. Next, the car started, the student opened the door and got it.

This was really cool to see live. There is a something about seeing it done live that is very impressive.

Re:Not so hard apparently (0)

Anonymous Coward | more than 7 years ago | (#15257087)

That is quite scarry, it looks like RFID is failing as an authentication mechanism..... which university did this happen at?

Re:Not so hard apparently (0)

Anonymous Coward | more than 7 years ago | (#15257120)

I am intrigued by your ideas and would like to subscribe to your newsletter.

No, seriously. Thats cool.

And seriously, I would like to know how the hell it works. From an academic perspective.

(interestingly, my captcha for this post is 'misuse.' How's that for irony?)

Re:Not so hard apparently (1)

Paralizer (792155) | more than 7 years ago | (#15257148)

This is quite a predicament for the student; take the money he won from the professor, or risk failing the class?

What kind of car was it?

Sigh (0)

Anonymous Coward | more than 7 years ago | (#15257040)

Am I the only one that found Radko Souek's situation ironic? Instead of doing a better job of protecting his data (encryption) he just left it out there and his information eventually fell into the wrong hands...

leftlane in the hard shoulder (0)

Anonymous Coward | more than 7 years ago | (#15257053)


looks like Slashdot put leftlane's server smoking into the hard shoulder awaiting recovery

Tow truck? (3, Informative)

Anonymous Coward | more than 7 years ago | (#15257057)

Why go through the hassle? It's WAY easier to back up to a car with a flatbed or wheel lifts to steal a car. You can lift the drive wheels and be gone in 30 seconds or less. You can then override the rest of the system at your leisure.

That's the way the repo man does it. (1)

NotQuiteReal (608241) | more than 7 years ago | (#15257142)

The repo man uses the tow-away method too. Even though they have a legal right to snatch a car in default they don't like to stick around for a confrontation anymore than a thief does. 20 minutes is a long time.

I just want my car to phone home. (2, Insightful)

jcr (53032) | more than 7 years ago | (#15257064)

All I need it to do is advise me of its location, and if it's not where I think it should be, I want to snap a picture of whoever's in the driver's seat. Then, I'll either fax that picture and the car's location to the cops, or just wait for the perp to leave the car and go take it back myself.

Of course, wiring a 2 or three farad capacitor into the steering column so that I could zap him unconscious would be fun, too.

-jcr

Re:I just want my car to phone home. (1)

P3NIS_CLEAVER (860022) | more than 7 years ago | (#15257106)

Of course, wiring a 2 or three farad capacitor into the steering column so that I could zap him unconscious would be fun, too.

The capacitor would be as big as your car.

There is an easy inexpensive way to do this. (1, Informative)

Anonymous Coward | more than 7 years ago | (#15257164)

This is detailed in the latest Popular Science. Just get one of those prepaid GPS cellphones. You can track the phone online, at about $9 a month. If I find the article I'll link to it, but check the May 2006 issue of PopSci.

Where can I get my hands on this software? (1)

farker haiku (883529) | more than 7 years ago | (#15257100)

Frankly, I'd like to see how vulnerable my car is. If I can hack it in 20 minutes, well, ok so that'd be cool and stuff, but I can modify my car's computer through a tool made available from volkswagon. I'd like to expirement with my car. I dunno. Try to lock it down a bit if you'll pardon the pun.

Unformative FA (1)

hackstraw (262471) | more than 7 years ago | (#15257127)

Wow, who wrote this stuff?

Unless I'm way off base here, this sentence:

"You could delete all the data from your laptop, but that's not good for you because the more data you have, the bigger your possibilities," he said.

Makes no sense or apparent relevance. Maybe an illusion to using security by obscurity? Dunno.

Does anybody know more about the article than what it says?

What kind of technology does the security software use? I'm assuming its wireless, RFID, bluetooth, retinal scan, or something. I don't know.

Also, I'm curious what country this is based? The 12 years in prison for stealing a car seems a bit excessive, even for US standards. I mean, stealing a car is only an inconvenience. Most people with such a car can't afford it so they finance it which requires full coverage, and so you get a new car.

Also, its so easy to steal a car, so what is new? People used to be able to use standard radio scanners to open garage doors and keyless entry things. Snatching a purse with keys is probably the easiest way to score an SUV today. The problem is really what do you do with the car? That is much more difficult than stealing it in the first place.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...