Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(C|Net)   Car thieves find keyless cars easy to steal. Keyless anti-theft device vendors whistle and hopes no one notices. Maybe people should start using physical keys again?   (news.com.com) divider line 60
    More: Stupid  
•       •       •

13272 clicks; posted to Main » on 06 May 2006 at 2:20 PM (8 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



60 Comments   (+0 »)
   

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2006-05-06 11:12:01 AM  
decrypting one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car-

40 bit encryption, if I understand this correctly, was proved insecure oh about 10 years ago for browsers. Meaning, if I understand this correctly, Mercedes is absolutely beyond stupid and into criminally negligent for running this shiate out into the market.



/not submitter.
 
2006-05-06 11:22:38 AM  
Your fob wants a tin foil hat.
 
2006-05-06 11:35:18 AM  
Generation_D: "40 bit encryption, if I understand this correctly, was proved insecure oh about 10 years ago for browsers. Meaning, if I understand this correctly, Mercedes is absolutely beyond stupid and into criminally negligent for running this shiate out into the market."

Hobbyists were able to brute-force 56-bit encryption years ago. It's not just them though. At work we have cards with RFID chips, and those don't have any encryption at all.

It's really sad that anyone considers these secure. Cryptography is hard to get right when you've got the best in the business working for years on a system and then publishing the results so that everyone else can have a look. It's damn near impossible under any other circumstances.
 
2006-05-06 12:01:45 PM  
Let me put it this way... first time I went to the car lot with my Dad as he bought a new Ford Explorer somewhere between 6 and 10 years ago, I was playing around with their "10" digit punch code. I managed to unlock one of the vehicles.

1. Being able to guess a method of unlocking a car = bad.
2. Grouping your buttons in pairs = bad.
3. 40-bit encryption? = bad.
4. Allowing the car to start with this horrible level of security? = Asinine.
 
2006-05-06 12:16:08 PM  

It's really sad that anyone considers these secure. Cryptography is hard to get right when you've got the best in the business working for years on a system and then publishing the results so that everyone else can have a look. It's damn near impossible under any other circumstances.


But once they're done, it's easy to copy their results to a new system. That's why there are standards bodies publishing ways in which to do this stuff. And companies selling this stuff. As long as you're using the right technology for the right purpose, it's pretty much foolproof.

Keys? Wireless ones even? Been there and done that. The only hard part is preventing denial of service attacks (can't be done, really, just have a physical key backup).

I especially like when I press my key, and 20 yards to the left of me I hear "bleep-bleep". Because my car doesn't bleep. I just opened some one else's car, a different brand even, with my key. Yay!
 
2006-05-06 12:18:02 PM  
 
2006-05-06 12:32:43 PM  
A-Glass-Darkly: 1. Being able to guess a method of unlocking a car = bad.

The bank once sent me an ATM card with the pin number (they chose it for me) 0000.

I know all 10,000 combinations are supposed to have identical odds of being chosen randomly, but give me a farking break. 0000 is not secure, if a thief even thinks "well I'll go through a few from the start just in case" he'll get it on the first try.
 
2006-05-06 12:33:20 PM  
A-Glass-Darkly: I cited: SFGate.com's 'Committee OKs bill to add gays, lesbians to textbooks'

Are gays and lesbians not secure?
 
2006-05-06 12:48:48 PM  
Improper use prevents the car's fuel pump from operating correctly. Unless the driver has the correct key chip installed, the car will run out of fuel a few blocks from the attempted theft. (That's why valet keys don't have the chips installed; valets need to drive the car only short distances.)

I call shenanigans. Without the fuel pump running, the engine will simply NOT run. Fuel injection requires rather high pressure. I had a fuel pump crap out on me, it was only producing about 40 psi, and the engine barely could sputter, certainly not go anywhere.
 
2006-05-06 01:38:17 PM  
I installed a car alarm in my car after someone broke into it only stealing my $7 cell phone charger and tire presure gage. They total ignored the still valid out of state license plates, and valid in state plates from my other car that were sitting in my front seat, and the twenty dollars in change I had in my cup holders.

I was pissed that they broke a plastic molding around my window when all they had to do was stick any GM key into the lock to unlock it. That's what I get for driving a Cavalier I guess.
 
2006-05-06 02:27:19 PM  
who cares, they are stealing Mercedes from rich assholes.
 
2006-05-06 02:33:04 PM  
i46.photobucket.com
 
2006-05-06 02:33:34 PM  
Keyless cars are an indication that automotive technology has come far enough. Give me a car with a real key, a real transmission with a real clutch, and start trying reinvent stuff that doesn't need messing with.
 
2006-05-06 02:34:09 PM  
partipilo

Hence why it doesn't fail right away, it fails after some distance has been travelled.
 
2006-05-06 02:34:23 PM  
I mean stop trying to reinvent stuff...
 
2006-05-06 02:35:43 PM  
who cares, they are stealing Mercedes from rich assholes.

In case you haven't noticed, technology trickles down. Your next Kia will likely have the same feature.

Use of a 40-bit PN sequence is professional negiligence on the part of the RFID industry. There absolutely can be, and should be, lawsuits filed over this.
 
2006-05-06 02:36:14 PM  
Who cares what Lemmy Kilmister, he is just a poor asshole.
 
2006-05-06 02:37:09 PM  
Keyless cars? Who was really finding the key to be an encumbrance?

Fark it all, my life would be perfect if I didn't have to turn a piece of metal in my car to start it!
 
2006-05-06 02:37:27 PM  
shenanigans
shenanigans
shenanigans
shenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigansshenanigans
shenanigans
shenanigans
shenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigansshenanigans
shenanigans
shenanigans
 
2006-05-06 02:37:30 PM  
Manufactorers might not care, but your insurance will.
 
2006-05-06 02:39:29 PM  
LavenderWolf: partipilo

Hence why it doesn't fail right away, it fails after some distance has been travelled.


No, as in "it doesn't run." If the fuel pump is not operating, the engine won't run long enough to get your car backed out of a parking space, let alone all the way to the front door of a restaurant.

The valet key DOES have a chip in it. It usually just doesn't have the necessary cuts in it to unlock the glove box or trunk.
 
2006-05-06 02:39:38 PM  
Give me a car with a real key, a real transmission with a real clutch, and start trying reinvent stuff that doesn't need messing with.


..and you kids get off your lawn?
 
2006-05-06 02:42:27 PM  
40-bit encryption?!

For a car??

I have better security on my farking instant messages.

Jesus, why not just use a substitution cipher?
 
2006-05-06 02:49:26 PM  
You can blame the US government for the 40 bit keys. For a long time, nothing with larger keys could be exported, so everyone used 40 bits, to be able to have a single version. It was quick for browsers to update to larger keys when this rule was dropped, but embedded hardware changes much more slowly.
 
2006-05-06 02:49:26 PM  
*pistol whips Gahbrone, 48 times*
 
2006-05-06 02:49:32 PM  
I wonder how well-protected the RFID-enabled Mastercard credit cards are? I can envision someone with a laptop and scanner walking in a crowded mall collecting and decoding RFID "fingerprints." It's not hard to hide a small laptop these days (one could even hide a full-sized laptop at the bottom of a baby stroller).
 
2006-05-06 02:49:50 PM  
cheap_thoughts: $7 cell phone charger and tire presure gage.


Your Cell Phone can check your tire pressure?

Cool

Where can I get one?
 
2006-05-06 02:50:54 PM  
AbitraryConstant
At work we have cards with RFID chips, and those don't have any encryption at all.

Well enable the encryption, silly.
 
2006-05-06 02:53:42 PM  
I don't think you can blame the US government for things that are exported from Germany or Japan. And those encryption restrictions were (a) more on the order of 64 bits, not 40; and (b) removed during the Clinton administration. There are no valid excuses for this situation.
 
2006-05-06 02:56:54 PM  
2006-05-06 12:48:48 PM partipilo [TotalFark]

I call shenanigans. Without the fuel pump running, the engine will simply NOT run.


Agreed. Typically when you initially turn the key, it will prime the fuel pump in order to pressurize the fuel. This provides the initial fuel required to start the car. Without this pressurization, the car typically will crank for a few seconds without starting first.

In short, if the fuel pump is not running, neither is the car. It's not a matter of being able to run short distances. It's a matter of your car immediately turning off and refusing to start again.
 
2006-05-06 02:57:55 PM  
Arcas, unless I'm mistaken there's an article in the tech section from Wired about RFID being easily hacked.
 
2006-05-06 03:02:12 PM  
Keyless ignition systems allow you the convenience of starting your car with the touch of a button, without removing the chip from your pocket or purse or backpack

God, have we gotten that lazy that it's now too much work to pull a key out of your pocket, put it in a hole, and turn it?

What next, the car just starts magically when you sit in it?

Regular car keys aren't perfect either, witness the numerous stories of "I got into a car and started it...THEN I realized it wasn't mine".

I also like how the 7 series when it ejects the key, it's aimed perfectly to go between the seat cusion and console...
 
2006-05-06 03:04:17 PM  
RFID is indeed easily hacked. That doesn't stop people from wanting it in their cars, passports and even implanted in their own bodies, because they can open things .001 second faster.

Insurance covers it, whether the thief can take over your car from a distance via radio, or needs to actually walk up to it to break in manually.
 
2006-05-06 03:04:56 PM  
submitter: Car thieves find keyless cars easy to steal.

Fixed.
 
2006-05-06 03:07:24 PM  
You kids and your fancy security systems. In my day we just put a toggle switch inline of the ignition wire.
 
2006-05-06 03:13:12 PM  
And you thought I was crazy. http://www.barse.org/blog/archives/ali2_thumbnail.jpeg
 
2006-05-06 03:13:47 PM  
Gahbrone: shenanigans
shenanigans


...

We await seeing your temporary bannination. Although that shiny Total Fark tag might help protect ya.
 
2006-05-06 03:17:54 PM  
We just have to keep building a better mouse trap.
 
2006-05-06 03:20:58 PM  
On a slightly related note, I have to stifle a chuckle every time I hear the chirp of a car alarm--typically activated by some soccer mommy or the typical Lumbergh climber.

Yeah. That's going to keep your car safe. Dumb aswipe.
 
2006-05-06 03:21:36 PM  
Whatever happened to just smashing a window?
 
2006-05-06 03:23:34 PM  
Hahahaha, this is hysterical. 56-bit DES encryption was breakable in the late 1970's (albeit with super-computers). Now auto-makers are only using 40-bit encryption when it can easily be broken by just about any modern personal computer out there? Keep in mind that each bit of encryption doubles the number of possible keys. So 40-bit encryption has 1/2^14 as many possible keys, and 56-bit is already considered insecure.
 
2006-05-06 03:29:07 PM  
FarkmeBlind: submitter: Car thieves find keyless cars easy to steal.

Fixed.


You've got that right. Cars with keys are ridiculously easy to steal with simple (and cheap) hand tools. At least with the keyless cars the thief will need a laptop and other electronics. In the end, anyone who thinks their car is secure is living in dreamland.

Oh, and on the fuel pump issue, I have a fuel pump cutout switch on my car. I can turn off the pump and probably drive about 1/2 to one block with the pump completely off.
 
2006-05-06 03:37:05 PM  
What I can't understand is why car companies don't come up with some huge removable fuse that connects the starter to the battery. Remove that and there's no way the car's going to be hotwired, unless the crook opens the hood and connects it somehow.
 
2006-05-06 03:42:48 PM  
lelio: What I can't understand is why car companies don't come up with some huge removable fuse that connects the starter to the battery. Remove that and there's no way the car's going to be hotwired, unless the crook opens the hood and connects it somehow.

Personally, I'd rather be able to remove the brakes whenever I lock up my car. That way, when some thief steals it, they can kill themselves AND insurance will buy me a new car!

It's win-win!
 
2006-05-06 03:47:12 PM  
MrSnrub: You've got that right. Cars with keys are ridiculously easy to steal with simple (and cheap) hand tools. At least with the keyless cars the thief will need a laptop and other electronics. In the end, anyone who thinks their car is secure is living in dreamland.


Yup. This would make the average car potentially more secure since the average thief is a moron and won't be able to use a laptop and all that to steal the car. In addition, it takes a while to steal a car and I probably there are other caveats of the method used that is another advantage.

However, from what I can tell this method is also harder to detect by a bystander since all they see is someone walking to the car, the doors opening and then them driving off.

Of course since it's for expensive cars only right now, I'm sure the thieves who can sue laptops are having a fun time.
 
2006-05-06 03:47:48 PM  
For the love of Christ.

Step 1: Go to a local hardware store that sells really big chain links. Home Depot is fine.

Step 2: Buy a length of big chain links and a cheap lock.

Step 3: Wrap the chain/wire around the gas and brake pedals, securing with the lock.

Step 4: Relax.
 
2006-05-06 03:48:39 PM  
lelio, maybe because then theives would just open the hood and connect it somehow? Maybe?
 
2006-05-06 03:58:37 PM  
daimonasfonias

lelio, maybe because then theives would just open the hood and connect it somehow? Maybe?

Perhaps with the jumper cables from your trunk.
 
2006-05-06 04:02:29 PM  
search this site, there's how-to's for everything, including long range rfid rigs,

enjoy

http://www.hackaday.com/entry/1234000303032502/
 
2006-05-06 04:19:24 PM  
Hmmmm. And not long ago, we had an item on FARK about how modern cars had so much security, thieves were resorting to breaking and entering houses to get the real keys/fobs.

/Confused
 
Displayed 50 of 60 comments

First | « | 1 | 2 | » | Last | Show all



This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report