Please create an account to participate in the Slashdot moderation system


Forgot your password?

Using Laptops to Steal Cars 455

Ant writes "Thieves are using laptops/notebooks to steal the most expensive luxury cars. Many of these cars have completely keyless ignitions and door locks, meaning it can all be done wirelessly. Thieves often follow a car until it gets left in a quiet area, and they can steal it in about 20 minutes..."
This discussion has been archived. No new comments can be posted.

Using Laptops to Steal Cars

Comments Filter:
  • and then what? (Score:2, Interesting)

    by JeanBaptiste ( 537955 ) on Wednesday May 03, 2006 @04:31PM (#15256914)
    I've been under the impression that thieves steal cars to strip them for parts, as its impractical to re-sell a stolen car as a whole.

    Are parts for luxury cars that specialized? I thought most parts were more or less universal these days. Does a H3 take a special spark plug or something? /20 minutes and a laptop? //more like 2 minutes, a brick and a screwdriver
  • Yea, right (Score:5, Interesting)

    by TubeSteak ( 669689 ) on Wednesday May 03, 2006 @04:38PM (#15256991) Journal
    The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true 'keyless' systems, software is the only thing between a thief and your car.
    So what?

    It's not like 99% of keyed systems were very secure. Except for the newer laser/dimple keys, thieves are going to easily get into your car.

    I remember seeing on TV a news thing they did with a former car thief. He said that a car with a club, a brake pedal lock and an alarm system were the most secure. Not because they were un-stealeable, but because it wasn't worth the time or effort.

    Maybe Car MFGs will get serious about security in the future, but I doubt it. The only business they lose is from people who see the top ten most stolen cars and think "I don't want one of those". Otherwise, stolen cars = money for them, mechanics and part manufacturers.

  • couple of points (Score:2, Interesting)

    by mapkinase ( 958129 ) on Wednesday May 03, 2006 @04:39PM (#15256999) Homepage Journal
    1. What kind of embedded os they are running? I am at total loss with modern cars.

    2. It seems that this problem is more solvable than attacks on computers from the Internet, because the car hackers have the following disadvantages

    *) less time to hack
    *) less time to use the car after hacking
    *) more visibility and danger of immediate apprehension
    *) even the most luxurious cars are of a less source of income (after stealing) compared to what modern hackers can earn

  • by rblum ( 211213 ) on Wednesday May 03, 2006 @04:42PM (#15257024)
    And that's insecure? Your run-of-the-mill car can be broken into in about 20 seconds. How'd I know? I managed to leave my keys in my car and called AAA. The guy showed up and had it open in under 20 seconds, just using a coathanger.

    From that POV, give me the fancy-pants stuff any time.
  • by Visaris ( 553352 ) on Wednesday May 03, 2006 @04:42PM (#15257025) Journal
    There is a student on campus that was bragging that he could do just as the article describes. A professor put down $100 and bet the student that he couldn't get into his car in 15 min without breaking anything. The student took the bet. Needless to say, the whole class was out in the parking lot 5 min later to watch. It took the student about 5 minutes. The car chirped and the lights flagshed. I assume this meant the doors had been unlocked. Next, the car started, the student opened the door and got it.

    This was really cool to see live. There is a something about seeing it done live that is very impressive.
  • Re:And thats why... (Score:5, Interesting)

    by dgatwood ( 11270 ) on Wednesday May 03, 2006 @04:47PM (#15257073) Homepage Journal
    Regular keys take seconds to defeat. The electronic ignitions take 20 minutes. That's a pretty big improvement in the grand scheme of things.

    One thing they're doing these days is to store some state information so that each code is different than the previous one. However, this only goes so far in terms of increasing the complexity of breaking in. There are generally a limited number of possible codes, so you can eventually guess the right one. And since the car will be ignoring bogus codes (to avoid being fooled by other cars' remotes), you can pretty much send it crap until you hit the right value with impunity.

    If you really want your car to be secure, what they need to do is make the keyless entry devices carry a public/private key pair. On each key device, put a mini-USB jack on them and have a USB jack on the dashboard hooked up to the car's computer. Use this to copy the public key from each "key". Require that after the first key is loaded, one known key must be within radio range in order to associate a new key.

    When you push the unlock button on the key, the device would send an unencrypted "unlock" message. Upon receiving this, the car would reply with a random string of data (say a 2k packet). The key device would receive this, sign the data using its private key, apply a random back-off timer to minimize collisions, then transmit the signed copy of the data, skipping a random time interval between each attempt, and stopping after 5 seconds or when the car transmits a "verified" message.

    Of course, the car would stop listening after 5 seconds as well. Since the message to be encrypted changes each time, this would essentially thwart any attempts to fool the car by transmitting random data until it gets it right.

    If you're really paranoid, you could design it so that the key also knows a public key for the car and uses that to get a session key so that the entire communication path is encrypted.

  • by stmfreak ( 230369 ) <stmfreak AT gmail DOT com> on Wednesday May 03, 2006 @04:51PM (#15257113) Journal
    And thats why people will want a regular key. Its worked for hundreds of years on other things, so a car should be no problem.

    No, they're not safe. The key merely turns a lock that closes a contact telling the computer it's okay to proceed. After my 2001 Sukuki GSXR was stolen and recovered, I had to learn a thing about hot-wiring ignitions because the thieves had changed the locks. Within the ignition tumbler was a small PCB that connected circuits to ground for parking lights, accessories and the ignition. The added "security" was that a resistor was used in the circuit for the ignition.

    Turns out, the wiring harness for the ignition has a molex connector underneath the right side fairing, right about where my fairing had been shattered by blunt-force-trauma. With nothing more than some knowledge, a spare connector, some wires, a switch and a specifically rated resistor, you could build a plug that would "start" any modern GSXR in about 20 seconds.

    Keys are no safer. As far as the computers are concerned, they're either on or off. RFID, challenge/response, better encryption, failed-attempt lockouts, these things are going to become more common because they do a better job slowing the thieves down.
  • Re:Far too long. (Score:3, Interesting)

    by drinkypoo ( 153816 ) <> on Wednesday May 03, 2006 @04:56PM (#15257167) Homepage Journal
    Except that the system I'm talking about is a short-range radio that is only activated when a key is put into the ignition, in order to read the code stored in a RFID tag (or similar - sometimes they actually use electrical contacts even, but that's old tech) on the key. Other systems work differently.
  • Re:Far too long. (Score:5, Interesting)

    by drinkypoo ( 153816 ) <> on Wednesday May 03, 2006 @04:59PM (#15257196) Homepage Journal

    Most car alarms automatically shut off if the car gets tilted to a certain angle to avoid alarms while being towed.

    That's very nice, but it has nothing to do with what we're talking about here, which is not alarm systems, but theft prevention devices built into the car's PCM, or Powertrain Control Module (formerly "ECU", or Engine Control Unit, but PCM is the OBD-II terminology and all cars are now OBD-II.)

    Car alarms have two purposes: Inform everyone that the car is being tampered with, and stop the car from being driven. These systems have only one purpose: Stop the car from being driven. Either way, it's insignificant to the towing company. The ECU does not disable itself when the vehicle is at an angle. Personally I think that whole thing about car alarms disabling themselves is a myth anyway, because car alarms still work when cars are parked on steep-ass hills in san francisco.

  • Re:shens (Score:2, Interesting)

    by PenGun ( 794213 ) on Wednesday May 03, 2006 @05:01PM (#15257218) Homepage
    The scam when I was young was to take a crane truck, grab a nice new vette and take it out to the toolies flip it upside down in a ditch and gut it. Took about 20 min to remove the running gear.

      It was kinda cool to come across a vette upside down looking like an old crab shell with all the guts missing.

      Do What Now ??? ... Standards and Practices !
  • Re:Far too long. (Score:3, Interesting)

    by dgatwood ( 11270 ) on Wednesday May 03, 2006 @05:15PM (#15257371) Homepage Journal
    I've fixed my car using OBD-II and freediag. I'm quite familiar with the subject, and it DOES have EVERYTHING to do with what we're talking about. It doesn't require specialized scan tools to talk to the PCM/ECU. It requires some very inexpensive hardware, coupled with properly written software.

    Powertrain security is a joke from a security perspective. It might stop a casual thief, but its main purpose has always been to encourage the customer to pay the dealer for extra keys so that they can make more money. The fact is that, with the exception of tracking systems, alarm systems are the only viable line of defense.

    If you can disable the alarm and tow the vehicle to a private location, the vehicle is as good as yours no matter what the manufacturer did to the PCM. Why? Because the dealer obviously has a way to reset the system and program it for new keys, and there are only two things preventing a thief from doing the same thing: lack of information and the inability to do it surreptitiously. The first one falls into the "security through obscurity" category, and thus is unlikely to stop car thieves at this level of sophistication for very long. The second one can be defeated with a tow truck.

    Thus, while I left out a couple of steps in arriving at the conclusion before, my point is valid: powertrain security is a pointless exercise. Even requiring an ignition key is basically a pointless exercise except to prevent children from accidentally starting the car. It prevents naive abuse of the vehicle and nothing more.

  • getting noticed... (Score:5, Interesting)

    by TamMan2000 ( 578899 ) on Wednesday May 03, 2006 @05:33PM (#15257523) Journal
    I would just use my tow truck...

    A car getting towed often gets noticed, but a guy with a laptop parked in the next space doesn't...
  • by YesIAmAScript ( 886271 ) on Wednesday May 03, 2006 @05:37PM (#15257565)
    Cars use similar systems to garage door openers. They are immune to pure replay attacks. And they have a 48-bit keyspace, only about 6 bits worth of which is active at a time (about 30 or so codes out of the keyspace will work at a time).

    So you are looking at hitting a 1 in 2^42, or 1 in 4 trillion needle in a haystack.

    Even if you rifle through codes, you're not going to hit one soon.

    And if the system is designed to lock out after 3 failures, and make you wait 5 seconds to try another key, that means you won't stand much of a chance of rifling through the codes in your lifetime.

    So, if these systems have flaws right now, it's in implementation, not design, and it'll be rapidly fixed.

    BTW, for about 15 years there were only about 40 different door keys on all GM cars. We happened to have two at once that had the same door key (although they didn't use the same ignition key, GM used a two key system at the time). So this electronic system is still pretty much better, the only downside, is there is no deterrent to sitting a few feet from a car and trying to open it electronically versus putting a key in the door of the car and trying to turn it.
  • by cdrudge ( 68377 ) on Wednesday May 03, 2006 @05:39PM (#15257588) Homepage
    I think his point is it's not that much different with a luxury car then it is with a more traditional car. If you know what you are doing, it only takes a minute or two to steal a car. Here's a video [] of some amaturish appearing kids stealing a car in about 2 minutes. A minute of that was working the lock and about 40 seconds was working the ignition wires. If it's a quite area, just breaking the window takes a second or two.

    In reality the only differences between the two types of theft is the amount of money spent on the vehicle, and the amount of time no one notices (or cares about) someone working on it. 20 minutes or 2 minutes, either way your car is gone.

  • Re:Far too long. (Score:5, Interesting)

    by drinkypoo ( 153816 ) <> on Wednesday May 03, 2006 @05:46PM (#15257652) Homepage Journal
    It won't work on cars that are already started, the module doesn't do anything then. Even on parked cars, he'd have to have both the transmitter (which wouldn't need much power, the key's output power is roughly nil) and a way to insert a blank key in the ignition since that's the only time that the key is actually scanned (maybe just at ignition time.)
  • Re:Far too long. (Score:3, Interesting)

    by bhtooefr ( 649901 ) <bhtooefr@bhtooefr. o r g> on Wednesday May 03, 2006 @05:48PM (#15257673) Homepage Journal
    Well, other companies can reprogram the ECU.

    For example, if RocketChip (a certain ECU reprogramming company that the Volkswagen TDI crowd prefers) were to get a request to disable the immobilizer on an ECU, they'd do it.

    So, pop the hood, take out the ECU, send it to a reprogramming company, ask for the immobilizer to be deleted, and voila, you have no immobilizer. Or, if you want to steal a certain model of vehicle, have an ECU ready to go.

    Older immobilizer equipped cars are even more of a joke. Unplug the immobilizer control unit, short out the right pins, and drive off.

    Not that I suggest stealing cars. I'm just saying that even your high-tech, impossible to defeat immobilizer systems are easily defeated.
  • by lgw ( 121541 ) on Wednesday May 03, 2006 @06:03PM (#15257808) Journal
    No it isn't. It takes 20 seconds to cut through the steering wheel to remove it.

    This is very true - happened to me. You would not believe how expensive a factory steering wheel is! $1000+ Only insure companies ever buy them.
  • Re:Far too long. (Score:3, Interesting)

    by garylian ( 870843 ) on Wednesday May 03, 2006 @06:16PM (#15257904)
    All very valid comments. However...

    For pure griefing fun, if you can't steal the car, you make it so the owner can't drive it, either. You are doing the same microwaving that ECU.

    I had a car that folks tried to steal at least 3 times. The first two failed, and broke something off in the ignition, forcing me to pay for a window and the ignition repair. The third failed, and may have gone and done a little joyriding, but by that time the turbocharger was going on the engine, so the police believe they actually brought it back.

    Let's not give some enterprising folks the idea of running around and shorting out the ECUs of cars everywhere.

    Besides, I wonder if something like this foils Lo-Jack. If not, no biggie. I mean, if you spend more than $25K on a car/truck, or have a vehicle that is high on the stolen list, and don't have Lo-Jack (at least if it is available) you are asking for it.

    It works so well, most car theives steal a car and simply move it a few blocks, park it, and leave it for 24hrs. If nobody picks it up, then they take it to the chop-shop. That 24hrs is to keep from having the chop-shop raided. That's their method of stoping Lo-Jack. Which is why they usually recover the car in decent condition within 15 minutes most of the time.
  • Re:And thats why... (Score:2, Interesting)

    by iminplaya ( 723125 ) on Wednesday May 03, 2006 @07:58PM (#15258643) Journal
    I used an easy solution for that also. I put a splice into the wire leading to the fuel cut-off solenoid. And for double protection, I had a removable steering wheel. If I was really paranoid, I guess I could've bought a "Denver boot". But the best anti-theft device I fuond was to sell the car.
  • by Skadet ( 528657 ) on Wednesday May 03, 2006 @08:12PM (#15258717) Homepage
    Late to the punch, I realize, but I used to do odd (electronics) jobs for a car stereo/alarm dealer, where I learned a great deal about car alarms.

    No, car alarms don't disble themselves on an angle. In fact, a common accessory is an angle *detector* to make the alarm go off in case someone (legit or not) attempts to tow. Often this is just a ball bearing in an assembly that completes a circuit when tilted, although I've seen ones made out of mercury that work essentially the same way as the older-school a/c & heating thermostats.

    When an alarm WILL disable itself is when you enable the courtesy feature. Say you have your sensitivity set high, and the night is unusually windy. Instead of going off all night, your car alarm will disble the inputs for that ZONE for an hour (or 2, whatever... programmable).

    Note that door switches, window break sensors, motion detectors are all still active, since each of these is on its own zone.

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan