Using Laptops to Steal Cars 455
Ant writes "Thieves are using laptops/notebooks to steal the most expensive luxury cars. Many of these cars have completely keyless ignitions and door locks, meaning it can all be done wirelessly. Thieves often follow a car until it gets left in a quiet area, and they can steal it in about 20 minutes..."
Related video (Score:4, Informative)
text of article (Score:5, Informative)
High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key -- mechanical or otherwise -- to start the engine, so-called 'keyless' setups require only the presence of a key fob to start the engine.
The expert gang suspected of stealing two of David Beckham's BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car's computer, open the doors, and start the engine.
"It's difficult to steal cars with complex security, but not impossible. There are weaknesses in any system," Tim Hart of the Auto Locksmith Association told the U.K.'s Auto Express magazine. "At key steps the car's software can halt progress for up to 20 minutes as part of its in-built protection," said Hart.
Because the decryption process can take a while -- up to 20 minutes, according to Hart -- the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham -- the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.
While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.
According to the Prague Post leaving such information on a laptop is what got Radko Souek caught for stealing several cars. "You could delete all the data from your laptop, but that's not good for you because the more data you have, the bigger your possibilities," he says. He says any car that relies on software to provide security can be circumvented by other software. "Every car has its weak spot," he says. Souek faces up to 12 years in prison.
The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true 'keyless' systems, software is the only thing between a thief and your car. As computers become more powerful, will stealing cars become even easier? Never mind future cars with better security -- what about today's cars a few years down the road? With cars as inexpensive as the Toyota Camry offering entirely keyless systems, these concerns a relevant to all consumers.
Posted anonymously to avoid karma whoring.
Glad I didn't get a Prius (Score:2, Informative)
Re:Related video (Score:3, Informative)
Re:Far too long. (Score:5, Informative)
Even in your average American "luxury" car, multiple attempts to start the car without the appropriate key will disable the ECU. Furthermore, in most systems, if certain items are damaged, the ECU actually has to go back to the manufacturer for reprogramming because it's part of the anti-theft system. See, there's a communications module with an antenna near the ignition switch, and it has a unique ID. You need the factory scan tool to assign a new radio module to the ECU. (I'm forgetting some details, there's more to it than this, but I figure I can look it up in the shop manual if I ever need to work on a car like that. Einstein said to never memorize what you can look up.)
The point is that unless you have the proper equipment to unlock, the car can lock itself to the point where it can not be driven. See, modern cars have variable valve timing, coil-on-plug ignition, and a whole bunch of other stuff that simply will not work without the cooperation of the computer. And, you can't just change the computer, because the radio module is locked to an ECU as well. You'd have to swap both the ECU and the module. The module is buried in where the ignition switch is and replacement requires partial dashboard or column disassembly. The ECU is sometimes under the hood, but that's very rare; typically it's behind the kick panel on the right side.
I'm sure you were going for humor (that was a joke, right? right?) but there are people asking these questions more seriously and you were most highly moderated. :)
Re:and then what? (Score:3, Informative)
Crash parts are taken from cars that are very popular, like Toyota Camry, where there is a big demand due to the huge number of cars on the road.
An original Toyota front fender is about $260. Add headlights, front bumper cover, hood, grill, and a stolen Camry is worth almost 2 K in just front end parts.
Tow truck? (Score:3, Informative)
Re:Far too long. (Score:3, Informative)
Seriously, if you're talking about the folks who are most likely to steal luxury cars, nothing short of a LoJack-like device makes sense. All you can really hope to do is deter casual thieves.
There is an easy inexpensive way to do this. (Score:1, Informative)
Re:and then what? (Score:5, Informative)
A consumer group once calculated that rebuilding a $30K Honda from "genuine" parts would have a material cost of over $90K!
Why not just use a tow truck? (Score:2, Informative)
I can see if you're a teen going for a joyride. but not a "pro"
Re:Far too long. (Score:3, Informative)
Since it cannot be done through ordinary OBD-II codes, and can even require the use of nonstandard pins (since OBD-II doesn't regulate most of the pins on the connector) this is not necessarily true. You don't need anything special to pull and clear codes but you often do need something special to, say, reprogram the PCM.
At least in the case of the system GM was using in the late nineties, the dealer did NOT have a way to reset the system under many conditions, and the PCM had to be sent back to GM.
did you read the article? (Score:5, Informative)
And I can implement a system that locks out ssh from any IP address that tries more than 3 wrong passwords. That won't stop someone from exploiting a vulnerability in Apache or PHP, and rooting the box. It also won't stop someone from trying passwords from the console, if I didn't set that up as well...
If you had bothered to read the article- the whole point is that theives are exploiting weaknesses in the systems and doing so successfully. Some early systems were hilariously bad; GM's first attempt involved a resistor at the base of the key, and the ECU would simply check if the resistance was correct.
You remind me of the Iraqi Ambassador, with buildings getting shelled behind him, declaring that the Americans are being repelled and have not entered Baghdad. Cars are being stolen right now, despite all the lockouts and "rules" car manufacturers have imposed.
See, modern cars have variable valve timing, coil-on-plug ignition, and a whole bunch of other stuff that simply will not work without the cooperation of the computer.
Variable Valve timing and coil-on-plug ignition do not make a car harder to steal; you still need fuel and a spark, and if the ECU won't allow the car to start, it won't allow the car to start; a 2007 A6 with direct-injection, Variable Valve Timing, Variable Intake Geometry, Coil-on-Plug ignition, etc is no harder to "force" to start than my '91 Audi with none of the above; both ECUs will simply not allow fuel or spark. Plus all of these components are 'stupid'; they're just valves and whatnot. It is not cost-effective to make each coil-pack module demand authentication from the ECU. The manufacturer's job is to make it difficult to steal a car; the rest is society's job (ie low motivation to steal, public awareness ie people notice someone doing something they shouldn't, and last but not least, government- ie police, courts, jail, legislation.)
Futhermore, dealerships use computerized scan tools to communicate with the various modules in the cars. When the owner uses the wrong key 6 times in a row to try and unlock his shiny new Mercedes- they don't package the car up, slap a UPS label on it, and send it back to Germany...nor do they do that with any of the computer modules like you implied; it honestly sounds like you had no idea what you were talking about and confusing RADIO lockouts (where MANY radios WOULD permanently lock themselves if too many incorrect keycodes were entered, and had to be sent to "repair" centers.) The dealer tech plugs in a computer, possibly calls a hotline and validates himself to get a code based off the vehicle VIN number or a code the ECU spits out, aka challenge/response - and then unlocks the security system. VW uses a particular system that is almost completely emulated by software packages like VAG-COM and ProDiag, and both can be used to re-associate a dashboard and ECU without any dealer involvement.
Anti-theft is about theft deterrent; as we network people say, "you can't stop a big enough hammer." There are now towing/recovery companies using tow-trucks that have crane, reach over the car, the tow truck operator slips arms under each wheel, and then the crane picks the car directly up and plops it on the back of the tow truck. You can do almost the same thing with a regular flatbed tow truck and a set of wheel dollies (designed for moving cars that can't be started, have been crashed, etc.)
Re:Far too long. (Score:3, Informative)
First of all, the dealer typically can't do it. It usually requires the unit to be sent back to the manufacturer, to avoid just this kind of problem.
Second of all, these vehicles sometimes have two completely separate data interfaces. For instance, they may have the ISO ODB-II interface for pulling powertrain codes and doing all the usual stuff you can do with the scan tool like snapshots and the like, and an entirely separate communications interface on some of the non-specified pins for reprogramming the ECU. I've heard of at least one vehicle handled in this way.
Sure, but in any case, even replacing the PCM in the course of auto theft usually involves too much of an investment in time, not to mention that to remove the kick panel, you usually have to open the door, and frequently have to remove the trim piece on the jamb. All that makes you far more noticable.
As has been pointed out, a tow truck bypasses all of this crap, but if you can park someplace a tow truck can't get you, then you're really in pretty good shape. And, I do agree that a lojack is probably more effective than everything nonlethal that you can do put together.
Re:Far too long. (Score:1, Informative)
keys at gunpoint.