Using Laptops to Steal Cars 455
Ant writes "Thieves are using laptops/notebooks to steal the most expensive luxury cars. Many of these cars have completely keyless ignitions and door locks, meaning it can all be done wirelessly. Thieves often follow a car until it gets left in a quiet area, and they can steal it in about 20 minutes..."
Far too long. (Score:5, Funny)
20 minutes to remove the laptop from the bag, smash the window and pound on the steering column with it? They must be using those modern, fancy-pants, lightweight laptops. In the old days we could get a car in under 5 minutes with a Mac Portable.
Re:Far too long. (Score:5, Informative)
Even in your average American "luxury" car, multiple attempts to start the car without the appropriate key will disable the ECU. Furthermore, in most systems, if certain items are damaged, the ECU actually has to go back to the manufacturer for reprogramming because it's part of the anti-theft system. See, there's a communications module with an antenna near the ignition switch, and it has a unique ID. You need the factory scan tool to assign a new radio module to the ECU. (I'm forgetting some details, there's more to it than this, but I figure I can look it up in the shop manual if I ever need to work on a car like that. Einstein said to never memorize what you can look up.)
The point is that unless you have the proper equipment to unlock, the car can lock itself to the point where it can not be driven. See, modern cars have variable valve timing, coil-on-plug ignition, and a whole bunch of other stuff that simply will not work without the cooperation of the computer. And, you can't just change the computer, because the radio module is locked to an ECU as well. You'd have to swap both the ECU and the module. The module is buried in where the ignition switch is and replacement requires partial dashboard or column disassembly. The ECU is sometimes under the hood, but that's very rare; typically it's behind the kick panel on the right side.
I'm sure you were going for humor (that was a joke, right? right?) but there are people asking these questions more seriously and you were most highly moderated. :)
Re:Far too long. (Score:2)
Re:Far too long. (Score:3, Interesting)
Re:Far too long. (Score:4, Insightful)
Re:Far too long. (Score:5, Interesting)
Re:Far too long. (Score:3, Informative)
Seriously, if you're talking about the folks who are most likely to steal luxury cars, nothing short of a LoJack-like device makes sense. All you can really hope to do is deter casua
Re:Far too long. (Score:5, Interesting)
That's very nice, but it has nothing to do with what we're talking about here, which is not alarm systems, but theft prevention devices built into the car's PCM, or Powertrain Control Module (formerly "ECU", or Engine Control Unit, but PCM is the OBD-II terminology and all cars are now OBD-II.)
Car alarms have two purposes: Inform everyone that the car is being tampered with, and stop the car from being driven. These systems have only one purpose: Stop the car from being driven. Either way, it's insignificant to the towing company. The ECU does not disable itself when the vehicle is at an angle. Personally I think that whole thing about car alarms disabling themselves is a myth anyway, because car alarms still work when cars are parked on steep-ass hills in san francisco.
Re:Far too long. (Score:3, Interesting)
Powertrain security is a joke from a security perspective. It might stop a casual thief, but its main purpose has always been to encourage the customer to pay the dealer for extra keys so that they can make mor
Re:Far too long. (Score:3, Informative)
Since it cannot be done through ordinary OBD-II codes, and can even require the use of nonstandard pins (since OBD-II doesn't regulate most of the pins on the connector) this is not necessarily true. You don't need anything special to pull and clear codes but you often do need something special to, say, reprogram the PCM.
Re:Far too long. (Score:3, Informative)
Used to work in a shop (Score:4, Interesting)
No, car alarms don't disble themselves on an angle. In fact, a common accessory is an angle *detector* to make the alarm go off in case someone (legit or not) attempts to tow. Often this is just a ball bearing in an assembly that completes a circuit when tilted, although I've seen ones made out of mercury that work essentially the same way as the older-school a/c & heating thermostats.
When an alarm WILL disable itself is when you enable the courtesy feature. Say you have your sensitivity set high, and the night is unusually windy. Instead of going off all night, your car alarm will disble the inputs for that ZONE for an hour (or 2, whatever... programmable).
Note that door switches, window break sensors, motion detectors are all still active, since each of these is on its own zone.
Re:Far too long. (Score:2, Funny)
"Space Fall" (Score:2)
"Of course. Why?"
"Just wondered how good you really were."
"Don't try and manipulate me, Blake."
"Now why should I try and do that?"
"You need my help."
"Only if you can open the doors."
"I could open every door, blind all the scanners, knock out the security overrides, and control the computer. Control the computer and you control the ship."
did you read the article? (Score:5, Informative)
And I can implement a system that locks out ssh from any IP address that tries more than 3 wrong passwords. That won't stop someone from exploiting a vulnerability in Apache or PHP, and rooting the box. It also won't stop someone from trying passwords from the console, if I didn't set that up as well...
If you had bothered to read the article- the whole point is that theives are exploiting weaknesses in the systems and doing so successfully. Some early systems were hilariously bad; GM's first attempt involved a resistor at the base of the key, and the ECU would simply check if the resistance was correct.
You remind me of the Iraqi Ambassador, with buildings getting shelled behind him, declaring that the Americans are being repelled and have not entered Baghdad. Cars are being stolen right now, despite all the lockouts and "rules" car manufacturers have imposed.
See, modern cars have variable valve timing, coil-on-plug ignition, and a whole bunch of other stuff that simply will not work without the cooperation of the computer.
Variable Valve timing and coil-on-plug ignition do not make a car harder to steal; you still need fuel and a spark, and if the ECU won't allow the car to start, it won't allow the car to start; a 2007 A6 with direct-injection, Variable Valve Timing, Variable Intake Geometry, Coil-on-Plug ignition, etc is no harder to "force" to start than my '91 Audi with none of the above; both ECUs will simply not allow fuel or spark. Plus all of these components are 'stupid'; they're just valves and whatnot. It is not cost-effective to make each coil-pack module demand authentication from the ECU. The manufacturer's job is to make it difficult to steal a car; the rest is society's job (ie low motivation to steal, public awareness ie people notice someone doing something they shouldn't, and last but not least, government- ie police, courts, jail, legislation.)
Futhermore, dealerships use computerized scan tools to communicate with the various modules in the cars. When the owner uses the wrong key 6 times in a row to try and unlock his shiny new Mercedes- they don't package the car up, slap a UPS label on it, and send it back to Germany...nor do they do that with any of the computer modules like you implied; it honestly sounds like you had no idea what you were talking about and confusing RADIO lockouts (where MANY radios WOULD permanently lock themselves if too many incorrect keycodes were entered, and had to be sent to "repair" centers.) The dealer tech plugs in a computer, possibly calls a hotline and validates himself to get a code based off the vehicle VIN number or a code the ECU spits out, aka challenge/response - and then unlocks the security system. VW uses a particular system that is almost completely emulated by software packages like VAG-COM and ProDiag, and both can be used to re-associate a dashboard and ECU without any dealer involvement.
Anti-theft is about theft deterrent; as we network people say, "you can't stop a big enough hammer." There are now towing/recovery companies using tow-trucks that have crane, reach over the car, the tow truck operator slips arms under each wheel, and then the crane picks the car directly up and plops it on the back of the tow truck. You can do almost the same thing with a regular flatbed tow truck and a set of wheel dollies (designed for moving cars that can't be started, have been crashed, etc.)
Re:Far too long. (Score:3, Interesting)
For example, if RocketChip (a certain ECU reprogramming company that the Volkswagen TDI crowd prefers) were to get a request to disable the immobilizer on an ECU, they'd do it.
So, pop the hood, take out the ECU, send it to a reprogramming company, ask for the immobilizer to be deleted, and voila, you have no immobilizer. Or, if you want to steal a certain model of vehicle, have an ECU ready to go.
Older immobilizer equipped cars are even more of a joke. Unplug the
Re:Far too long. (Score:3, Interesting)
For pure griefing fun, if you can't steal the car, you make it so the owner can't drive it, either. You are doing the same microwaving that ECU.
I had a car that folks tried to steal at least 3 times. The first two failed, and broke something off in the ignition, forcing me to pay for a window and the ignition repair. The third failed, and may have gone and done a little joyriding, but by that time the turbocharger was going on the engine, so the police believe they act
Re:Far too long. (Score:2)
For the office-ready desktop alternative why not try the Macintosh XT? http://www.everymac.com/systems/apple/mac_classic/ stats/mac_xl.html [everymac.com]
Re:Far too long. (Score:2)
Fig, apple, or blueberry?
Re:Far too long. (Score:5, Funny)
getting noticed... (Score:5, Interesting)
A car getting towed often gets noticed, but a guy with a laptop parked in the next space doesn't...
And thats why... (Score:2, Insightful)
All they really need to do is start randomizing the locks on cars, and not just use the same pattern...
yea, expensive, but safe.
Re:And thats why... (Score:4, Insightful)
VERSE VICEA (Score:2)
Re:VERSE VICEA (Score:5, Funny)
That's only allowed in Soviet Russia.
Re:VERSE VICEA (Score:2)
Nice cars are for suckers (Score:4, Funny)
Finally, I pour some cod liver oil on the upholstery and lock a couple of cats in it for a few days (with the windows cracked and plenty of food and water - I'm not mean.)
That just about puts an end to anyone's desire to steal my cars.
posted anonymously so THEY won't find me.
Re:And thats why... (Score:3, Funny)
Re:And thats why... (Score:2)
Imagine replacing the existing locking system on the hundred of thousands of cars that use keyless entry. The auto manufacturers will resist.
How many of us predicted this years ago? When I saw my first keyless system, I think the first thought on my head was "They better change the code every time the person enters the car". I'm sure the auto designers were told about this security flaw dozens of times--
Re:And thats why... (Score:5, Interesting)
One thing they're doing these days is to store some state information so that each code is different than the previous one. However, this only goes so far in terms of increasing the complexity of breaking in. There are generally a limited number of possible codes, so you can eventually guess the right one. And since the car will be ignoring bogus codes (to avoid being fooled by other cars' remotes), you can pretty much send it crap until you hit the right value with impunity.
If you really want your car to be secure, what they need to do is make the keyless entry devices carry a public/private key pair. On each key device, put a mini-USB jack on them and have a USB jack on the dashboard hooked up to the car's computer. Use this to copy the public key from each "key". Require that after the first key is loaded, one known key must be within radio range in order to associate a new key.
When you push the unlock button on the key, the device would send an unencrypted "unlock" message. Upon receiving this, the car would reply with a random string of data (say a 2k packet). The key device would receive this, sign the data using its private key, apply a random back-off timer to minimize collisions, then transmit the signed copy of the data, skipping a random time interval between each attempt, and stopping after 5 seconds or when the car transmits a "verified" message.
Of course, the car would stop listening after 5 seconds as well. Since the message to be encrypted changes each time, this would essentially thwart any attempts to fool the car by transmitting random data until it gets it right.
If you're really paranoid, you could design it so that the key also knows a public key for the car and uses that to get a session key so that the entire communication path is encrypted.
Re:And thats why... (Score:4, Funny)
Just do what I used to do. Pop off the distributor cap, and remove the rotor. Not too many people carry a spare one of those around.
Re:And thats why... (Score:5, Funny)
If you really want your car to be secure (Score:4, Funny)
Don't belittle or yell at your car when it's naughty, a firm "No!" perhaps followed up by thwacking it in the grill with a rolled up newspaper should suffice to let the poor auto know it has been bad without destroying it's self esteem.
When the time comes and your car starts to notice cars of the opposite sex, do not make this a big deal, that can cause deep seated insecurities in any automobile. Let it know that the feelings it is having are natural and no big deal.
It will also help if the car does not have to worry about it's old age and retirement. Let your car know you have invested some money for it to live off of when it leaves the workforce.
Re:And thats why... keys are no better (Score:5, Interesting)
No, they're not safe. The key merely turns a lock that closes a contact telling the computer it's okay to proceed. After my 2001 Sukuki GSXR was stolen and recovered, I had to learn a thing about hot-wiring ignitions because the thieves had changed the locks. Within the ignition tumbler was a small PCB that connected circuits to ground for parking lights, accessories and the ignition. The added "security" was that a resistor was used in the circuit for the ignition.
Turns out, the wiring harness for the ignition has a molex connector underneath the right side fairing, right about where my fairing had been shattered by blunt-force-trauma. With nothing more than some knowledge, a spare connector, some wires, a switch and a specifically rated resistor, you could build a plug that would "start" any modern GSXR in about 20 seconds.
Keys are no safer. As far as the computers are concerned, they're either on or off. RFID, challenge/response, better encryption, failed-attempt lockouts, these things are going to become more common because they do a better job slowing the thieves down.
Moral: (Score:5, Funny)
Fortunately, friendly Republican senators are even now pushing a bill through Congress to outlaw these devil-machines. Always looking out for our interests, those guys.
Re:Moral: (Score:5, Funny)
Related video (Score:4, Informative)
Re:Related video (Score:3, Informative)
Re:Related video (Score:2)
and then what? (Score:2, Interesting)
Are parts for luxury cars that specialized? I thought most parts were more or less universal these days. Does a H3 take a special spark plug or something?
Re:and then what? (Score:3, Informative)
Crash parts are taken from cars that are very popular, like Toyota Camry, where there is a big demand due to the huge number of cars on the road.
An original Toyota front fender is about $260. Add headlights, front bumper cover, hood, grill, and a stolen Camry is worth almost 2 K in just front end parts.
Re:and then what? (Score:5, Informative)
A consumer group once calculated that rebuilding a $30K Honda from "genuine" parts would have a material cost of over $90K!
Re:and then what? (Score:2)
Some cars do make it overseas, but unle
Re:and then what? (Score:2)
We had to get a fuel injector replaced. Unfortunately, Audi had changed the specs so it meant that we had to replace all six of them at $100/fuel injector.
So the answer is "yes."
And so it follows... (Score:5, Funny)
What does she do? (Score:2)
For someone to follow her around with a laptop for 20 min... And to need a chasity belt...
She's probably doing something she shouldn't be doing.
Re:And so it follows... (Score:2, Funny)
Talk about missing the target demographic.
Bring Your Daughter to Slashdot Day (Score:3, Funny)
Re:And so it follows... (Score:4, Funny)
Like there aren't portals around back and on the balcony.
Re:And so it follows... (Score:3, Funny)
And what if she ended up with a script kiddie instead?
text of article (Score:5, Informative)
High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key -- mechanical or otherwise -- to start the engine, so-called 'keyless' setups require only the presence of a key fob to start the engine.
The expert gang suspected of stealing two of David Beckham's BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car's computer, open the doors, and start the engine.
"It's difficult to steal cars with complex security, but not impossible. There are weaknesses in any system," Tim Hart of the Auto Locksmith Association told the U.K.'s Auto Express magazine. "At key steps the car's software can halt progress for up to 20 minutes as part of its in-built protection," said Hart.
Because the decryption process can take a while -- up to 20 minutes, according to Hart -- the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham -- the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.
While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.
According to the Prague Post leaving such information on a laptop is what got Radko Souek caught for stealing several cars. "You could delete all the data from your laptop, but that's not good for you because the more data you have, the bigger your possibilities," he says. He says any car that relies on software to provide security can be circumvented by other software. "Every car has its weak spot," he says. Souek faces up to 12 years in prison.
The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true 'keyless' systems, software is the only thing between a thief and your car. As computers become more powerful, will stealing cars become even easier? Never mind future cars with better security -- what about today's cars a few years down the road? With cars as inexpensive as the Toyota Camry offering entirely keyless systems, these concerns a relevant to all consumers.
Posted anonymously to avoid karma whoring.
The demons of stupidity are loose (Score:5, Insightful)
If you replicate a "secret" a few million times, put it in places outside your control, and if you have no way of changing it in the field then you do not have a secret!
>"...There are weaknesses in any system," Tim Hart of the Auto Locksmith Association told the U.K.'s Auto Express magazine.
What, Mr. Hart, are the weaknesses in OpenSSH public key authentication? It sounds like the automakers are trying to roll their own crypto, with the usual results. Designing a crypto system is like playing chess with a grandmaster. You'll make a mistake somewhere, and your opponent will find that mistake and use it to break you.
As long as people make blunders like this we'll have fiascos like the TI chips with 40-bit encryption [rfidanalysis.org].
What? (Score:2)
Mine doesn't. If it did it by default, then I'm sure I disabled it the first day, when I read my manual.
Gone in 20 Minutes... (Score:3, Funny)
I think I speak for everyone when I say... (Score:4, Funny)
Glad I didn't get a Prius (Score:2, Informative)
Smart Key - It's an option... (Score:2)
Re:Smart Key - It's an option... (Score:2)
Re:Smart Key - It's an option... (Score:2)
Re:Glad I didn't get a Prius (Score:2, Funny)
Re:Glad I didn't get a Prius (Score:2)
You don't see people complaining you're never make your money back buying that navigation/V6+/European/SUV/luxury type vehicle.
You can turn off the RFID keyless entry. The only thing the RFID could then be used is engine ignition.
Sounds like a weak straw-man argument you
Re:Glad I didn't get a Prius (Score:2)
Re:Glad I didn't get a Prius (Score:2)
As far as the GP's logic goes, I understood it perfectly: not everyone wants/needs all of the add-ons. If you're looking at a Civic, you're probably worried about the bottom line you're paying right now, not in five years. I know I was when I got my hybrid. Which is part of why I didn't get a Prius myself.
I don't think anyone is saying that the Prius is over
Security by Obscurity is no security at all. (Score:5, Insightful)
"While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands."
shens (Score:2)
Though what the author describes is technically possible, outside of test environments luxury cars are almost never stolen by strangers... friends or family members with grudges maybe, but professional car thieves avoid these cars because of their almost zero resell/chop-up value.
Re:shens (Score:3, Insightful)
If for no other reason than to steal the headlights & rims.
A friend of mine knew some people that would go out in a 4 man team to steal rims. They had an expensive hydralic jack and some power tools. He said they were shady guys, but would do a NASCAR Pit Crew proud.
And that's not even the pro's.
Re:shens (Score:2)
Re:shens (Score:2, Interesting)
It was kinda cool to come across a vette upside down looking like an old crab shell with all the guts missing.
PenGun
Do What Now ???
does this mean (Score:3, Funny)
Guess I'll havee to down grade.
Yea, right (Score:5, Interesting)
It's not like 99% of keyed systems were very secure. Except for the newer laser/dimple keys, thieves are going to easily get into your car.
I remember seeing on TV a news thing they did with a former car thief. He said that a car with a club, a brake pedal lock and an alarm system were the most secure. Not because they were un-stealeable, but because it wasn't worth the time or effort.
Maybe Car MFGs will get serious about security in the future, but I doubt it. The only business they lose is from people who see the top ten most stolen cars and think "I don't want one of those". Otherwise, stolen cars = money for them, mechanics and part manufacturers.
Re:Yea, right (Score:2)
Best Anti-Theft System I Ever Had (Score:3, Funny)
On a good note I did get to use 100% of my free AAA tows for that year.
My wife's Honda Civic has
Re:Yea, right (Score:4, Insightful)
A rock through the window defeats even the newer laser/dimple key systems.
The benefit of using a laptop, though, is that the thief doesn't have to engage in suspicious-looking activities like reaching through shattered safety glass on a car with a shrieking alarm, or fidgeting over the door lock with a bobby pin. Now they can just park a cargo van next to the target car, and sit in the back packet-sniffing to their heart's content without a passerby raising an eyebrow.
Insert... (Score:5, Funny)
Re:Insert... (Score:2)
Hold me Michael, I'm scared."
couple of points (Score:2, Interesting)
2. It seems that this problem is more solvable than attacks on computers from the Internet, because the car hackers have the following disadvantages
*) less time to hack
*) less time to use the car after hacking
*) more visibility and danger of immediate apprehension
*) even the most luxurious cars are of a less source of income (after stealing) compared to what modern hackers can earn
Re:couple of points (Score:2)
I can't say for sure but I'd guess Windows 95. It's the only OS that asks "Where do you want to go today?" and nothing else would make sense for a car.
"Humanity to others" just doesn't seem likely, especially in an SUV.
Re:couple of points (Score:2)
2.
- If they know the owner isn't coming back soon, they have all the time in the world
- I'm not sure how you come to that conclusion.
- Again, I'm not sure how you come to that conclusion. If anything, a laptop is less conspicuous than the normal regimen of car-stealing tools.
- This is possible, but these aren't 'hackers', they're car thieves. I imagine your every day hacker wouldn't have a clue how t
How could it be that badly designed? (Score:2)
20 minutes? What, is it just sending some pre-generated random number? Are they really too lazy to use a simple challenge-response scheme like normal password authenication? Or would that take up too much battery power on the errr... key?
Of course, as another poster mentioned, it does not really matter what you can do fancily and wirelessly because you can just smash the window.
Re:How could it be that badly designed? (Score:2)
Re:How could it be that badly designed? (Score:2)
Re:How could it be that badly designed? (Score:2)
While yes, smashing a window would make much noise... and looks rather suspicious... what are bystanders going to do about it? You would "think" they would phone the police but if you actually
That's not all (Score:4, Funny)
Details at 6:00
Re:That's not all (Score:4, Funny)
Yeah but they just aren't the same after that. All their potential is gone...
20 *Minutes* is actually quite long... (Score:5, Interesting)
From that POV, give me the fancy-pants stuff any time.
Re:20 *Minutes* is actually quite long... (Score:5, Interesting)
In reality the only differences between the two types of theft is the amount of money spent on the vehicle, and the amount of time no one notices (or cares about) someone working on it. 20 minutes or 2 minutes, either way your car is gone.
Not so hard apparently (Score:5, Interesting)
This was really cool to see live. There is a something about seeing it done live that is very impressive.
Re:Not so hard apparently (Score:2)
What kind of car was it?
Re:Not so hard apparently (Score:5, Funny)
hmm
Re:Not so hard apparently (Score:4, Funny)
Re:I don't buy it... (Score:3, Funny)
what you dont?
Tow truck? (Score:3, Informative)
That's the way the repo man does it. (Score:2)
Comment removed (Score:3, Insightful)
Re:I just want my car to phone home. (Score:3, Funny)
Where can I get my hands on this software? (Score:2)
Unformative FA (Score:2)
Unless I'm way off base here, this sentence:
"You could delete all the data from your laptop, but that's not good for you because the more data you have, the bigger your possibilities," he said.
Makes no sense or apparent relevance. Maybe an illusion to using security by obscurity? Dunno.
Does anybody know more about the article than what it says?
What kind of technology does the security software use? I'm assuming its wireless, RFID, bluetooth, retinal scan, or something. I don't
Halfway to my new Porsche... (Score:3, Funny)
If so, it won't last long... (Score:5, Interesting)
So you are looking at hitting a 1 in 2^42, or 1 in 4 trillion needle in a haystack.
Even if you rifle through codes, you're not going to hit one soon.
And if the system is designed to lock out after 3 failures, and make you wait 5 seconds to try another key, that means you won't stand much of a chance of rifling through the codes in your lifetime.
So, if these systems have flaws right now, it's in implementation, not design, and it'll be rapidly fixed.
BTW, for about 15 years there were only about 40 different door keys on all GM cars. We happened to have two at once that had the same door key (although they didn't use the same ignition key, GM used a two key system at the time). So this electronic system is still pretty much better, the only downside, is there is no deterrent to sitting a few feet from a car and trying to open it electronically versus putting a key in the door of the car and trying to turn it.
Re:One system alone isn't enough (Score:3, Interesting)
This is very true - happened to me. You would not believe how expensive a factory steering wheel is! $1000+ Only insure companies ever buy them.