If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Register)   You know that state of the art system that allows you to start your car without taking your keys out of your pockets? It turns out that car thieves love it too   (theregister.co.uk) divider line 41
    More: Obvious, BMW, UCSD, pockets  
•       •       •

7986 clicks; posted to Main » on 19 Sep 2012 at 11:38 PM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



41 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
ZAZ [TotalFark]
2012-09-19 09:09:16 PM  
all BMWs meet all UK and global security standards

I bet BMWs also meet all applicable asteroid impact resistance standards, yet I would not feel secure in one when the rocks started falling.
 
2012-09-19 09:11:24 PM  
In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.
 
2012-09-19 09:24:36 PM  

bdub77: I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.


The very first model year these things were made, they had wicked strong encryption, so much so that the US government forbade them to export to most countries. I don't know if they deliberately weakened the encryption in response, or if holes were found in it via the inevitable march of technology, but I can't fault the auto makers for either.
 
2012-09-19 10:50:36 PM  

bdub77: In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.


Yea but this is new territory for cars...
Car companies aren't traditionally all that good at being all the way out on the leading edge of tech...
 
2012-09-19 11:41:07 PM  

Sim Tree: bdub77: I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.

The very first model year these things were made, they had wicked strong encryption, so much so that the US government forbade them to export to most countries. I don't know if they deliberately weakened the encryption in response, or if holes were found in it via the inevitable march of technology, but I can't fault the auto makers for either.


Possibly both.

If you create a supposedly theft-proof system, thieves WILL find a way to defeat it, and usually sooner rather than later.
 
2012-09-19 11:43:37 PM  
Got a big rock? You can easily get into someone's house or car.

/yawn
 
2012-09-19 11:48:09 PM  
I like chips in bank cards in crowded places. Mmmmm...data....

(statement may or may not be science fiction...but fun conspiracy...or fact...hmmm...maybe I should google it...)
 
2012-09-19 11:48:17 PM  

wallywam1: Got a big rock? You can easily get into someone's house or car.

/yawn


Not the Zombie Apocalypse House.

Goes from this:

asset3.cbsistatic.com

To this:

i.i.com.com
 
2012-09-19 11:50:22 PM  
Old news... I remember the same mention of this approach last year.

It's something that I'm actually glad that my car doesn't have it, I'd probably dis-activate it if possible.
 
2012-09-19 11:50:50 PM  

Gyrfalcon: Sim Tree: bdub77: I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.

The very first model year these things were made, they had wicked strong encryption, so much so that the US government forbade them to export to most countries. I don't know if they deliberately weakened the encryption in response, or if holes were found in it via the inevitable march of technology, but I can't fault the auto makers for either.

Possibly both.

If you create a supposedly theft-proof system, thieves WILL find a way to defeat it, and usually sooner rather than later.


Car alarms were the reason why car jackings went up. When you make it harder to steal a parked car, they just wait until you're in it, shoot you and drive off.
 
2012-09-19 11:51:59 PM  

Sim Tree: The very first model year these things were made, they had wicked strong encryption, so much so that the US government forbade them to export to most countries. I don't know if they deliberately weakened the encryption in response, or if holes were found in it via the inevitable march of technology, but I can't fault the auto makers for either.


As a thought we wanted to start a "secret" society. Really a club that just dealt with encryption, security and fun stuff involving those subjects. A branch off our radio and tech classes. We get together and play around with this different ideas and methods. However I can't help but think if it ever got to be more than a few friends and beer the government would either imprison us or hire us.
 
2012-09-19 11:59:37 PM  
Does this surprise anyone? Anyone at all?

There's a whole laundry list of 'hacks' for every wireless system which has popped up from baby monitors to wireless home security systems.

I figured it would be just a matter of time before these remote car starters would be 'hacked' and by hacked I mean copied like the RFID chips in credit cards. Anything broadcast through the air via radio waves can be intercepted and copied.

There's even inroads being made to be able to listen in on cell phone conversations. There are already cell phone jammers out -- illegal in the US for private use but a lot of businesses have begun to install them and you can buy pocket versions from China off the Internet.

Consider the fact that with something like On-Star, automobile dealers can now shut down your car if you're behind in payments and even track it down for repossession. (This system is also being used to catch car thieves.)

As soon as someone came up with a keyed ignition system for cars, someone else found out how to crack it. (Early cars had no key ignition. You set the gas, set the spark, set the brake, made sure the transmission was in neutral then went out and cranked the engine by hand like mad.)
You can read about gangsters stealing early cars as easily as picking out shirts in a store.
 
2012-09-20 12:01:43 AM  
Harley Davidsons also use a keyless transponder to start, but this can be overridden by using the turn signal switch to enter a code which enables the bike to start even in cases where the owner loses the transponder or its battery is weak or dead. The problem is that the bikes all leave the factory with the same override code which many owners never bother to change...

Of course there is a key that locks the forks, but I've seen plenty of H-D's parked up with the steering unlocked and it's a good bet that many of those still have the factory default code, making them child's play to steal.

/Bike thieves know the default code
//Dealer made me change the override code before leaving the premises with my new bike
///always lock the steering on mine, even when it's at home in the garage
 
2012-09-20 12:05:22 AM  

eraser8: wallywam1: Got a big rock? You can easily get into someone's house or car.

/yawn

Not the Zombie Apocalypse House.

Goes from this:

[asset3.cbsistatic.com image 550x366]

To this:

[i.i.com.com image 550x365]


That could be bypassed with a rock in the closing mechanism.

On a side note, those images are dishonest since they show different sides of the house. In a similar vein watch as I transform this WalMart into an impenetrable fortress.
www.inquisitr.com
places.designobserver.com
 
2012-09-20 12:10:51 AM  

RogermcAllen: That could be bypassed with a rock in the closing mechanism.

On a side note, those images are dishonest since they show different sides of the house. In a similar vein watch as I transform this WalMart into an impenetrable fortress.


Fair point.

Here's a better angle:

www.geekologie.com
 
2012-09-20 12:14:55 AM  

bdub77: In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.




What's more ridiculous is how they try to whitewash this.

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011."

Oh yes, those old ancient 2011 BMWs. What old ancient rustic pieces of shiat.

And the funny thing is, if this hack worked for cars built through, say, July 2012, they would probably say the same thing:

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before July 2012."

The top BMW PR people got together and that was the best line of bullshiat they could come up with.
 
2012-09-20 12:26:08 AM  
This is where I once again I'm OK with my distrust of things being _all_ electronic, especially if there are radio communications involved that others can pick up.
Take for instance the older systems, where the key has a little chip in in that talks to the computer, but you still have to put the key in a mechanical lock to get it to go.
Unless I'm missing something, you've actually removed a layer of security (the actual ignition lock). What good is that?

2002 or newer=intercept chip transmission, then a screwdriver to the ignition or whatever.
2012=intercept chip transmission, push button...which one is harder?

/Lawn, off.
 
2012-09-20 12:48:01 AM  

eraser8: RogermcAllen: That could be bypassed with a rock in the closing mechanism.

On a side note, those images are dishonest since they show different sides of the house. In a similar vein watch as I transform this WalMart into an impenetrable fortress.

Fair point.

Here's a better angle:


You don't even need the rock; all you need is time. They're gonna run out of food or water eventually. And what happens if Godzilla is in a house smashing mood? Or a pack of velociraptors? I bet they could get in there.

I wondered the other day; zombies Vs. velociraptors, who'd win? Obviously, if there was a fark ton of raptors and not many zombies; the raptors would win. If there were a fark ton of zombies and only a few raptors; I imagine one of the raptors would go down eventually; then you would have zombie-velociraptors.

/ I don't think that house is zombie-velociraptor proof
 
2012-09-20 12:48:38 AM  
No way I want one of these on my car.

Keeping my 98 running til it drops, then demanding a real key and no keyless on my next one. If thats no longer possible, I'll just keep buying used.

Stupid rushed-to-market easily defeated security hacks are bad enough in web servers, I do not want them on my car. The confluence of marketing and dev, as usual, security gets left out.
 
2012-09-20 12:51:14 AM  

Goodfella: bdub77: In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.



What's more ridiculous is how they try to whitewash this.

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011."

Oh yes, those old ancient 2011 BMWs. What old ancient rustic pieces of shiat.

And the funny thing is, if this hack worked for cars built through, say, July 2012, they would probably say the same thing:

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before July 2012."

The top BMW PR people got together and that was the best line of bullshiat they could come up with.


They've got top men working on it.
 
2012-09-20 01:02:21 AM  
Best anti-theft device for non luxury cars? Stick Shift.

No really, criminals are mostly idiots and idiots vary rarely learn to drive a stick shift anymore.
 
2012-09-20 01:18:53 AM  
I'm more annoyed with the repeated use of 'pwn'
 
2012-09-20 01:21:04 AM  
This is one more example of why I'm not an early adopter, particularly with wireless anything.

///wired the house with cat 5 cable.
 
2012-09-20 01:33:48 AM  
Perfect use of the tag subby.
 
2012-09-20 01:39:07 AM  

Raoul Eaton: This is one more example of why I'm not an early adopter, particularly with wireless anything.

///wired the house with cat 5 cable.


Comme ceci?

www.widescreenwallpapers.org
 
2012-09-20 01:51:52 AM  

FizixJunkee: Raoul Eaton: This is one more example of why I'm not an early adopter, particularly with wireless anything.

///wired the house with cat 5 cable.

Comme ceci?

[www.widescreenwallpapers.org image 500x375]


That's exactly what I have. The data transmission is a little iffy, but it makes up for it in cuteness.
 
2012-09-20 02:10:25 AM  

iheartscotch: eraser8: RogermcAllen: That could be bypassed with a rock in the closing mechanism.

On a side note, those images are dishonest since they show different sides of the house. In a similar vein watch as I transform this WalMart into an impenetrable fortress.

Fair point.

Here's a better angle:

You don't even need the rock; all you need is time. They're gonna run out of food or water eventually. And what happens if Godzilla is in a house smashing mood? Or a pack of velociraptors? I bet they could get in there.

I wondered the other day; zombies Vs. velociraptors, who'd win? Obviously, if there was a fark ton of raptors and not many zombies; the raptors would win. If there were a fark ton of zombies and only a few raptors; I imagine one of the raptors would go down eventually; then you would have zombie-velociraptors.

/ I don't think that house is zombie-velociraptor proof


ZOMG! Call SyFy. Right now. This is GENIUS!
 
2012-09-20 02:26:54 AM  

Sim Tree: The very first model year these things were made, they had wicked strong encryption, so much so that the US government forbade them to export to most countries. I don't know if they deliberately weakened the encryption in response, or if holes were found in it via the inevitable march of technology, but I can't fault the auto makers for either.


I'm confused by the encryption comment. What's the authentication method? Does the key go through a handshake with the car to verify each other? Because it doesn't matter how strong the encryption is if anyone can just intercept the encrypted phrase and then transmit that.
 
2012-09-20 02:42:14 AM  
I know this may make me the odd man out, but... I really don't have a problem with just sticking a real key into the ignition and turning it to start the car. In fact, I'd rather that car manufacturers stop adding this kind of crap to cars so that they can hold down the prices.

/yeah, I know...
//get the f*ck off my lawn
 
2012-09-20 03:13:13 AM  

Fark Me To Tears: I know this may make me the odd man out, but... I really don't have a problem with just sticking a real key into the ignition and turning it to start the car. In fact, I'd rather that car manufacturers stop adding this kind of crap to cars so that they can hold down the prices.

/yeah, I know...
//get the f*ck off my lawn


Dude, until two years ago, I had a manual transmission with power nothing--even wind-down windows. It got awesome mileage, and NOBODY would ever steal it, even if they knew how to drive it away.
 
2012-09-20 04:46:24 AM  
How about a detachable accelerator pedal?
 
2012-09-20 05:03:31 AM  
Kill switches should be complementary. I'm thinking a voucher system.
 
2012-09-20 07:00:15 AM  
The whole keyless entry thing is awesome, I'd still prefer a key ignition, even if its just inserting a circuit loop peg.

In my work I can extend my workday by up to double in the summer if I leave the truck running with the AC on because I don't cook-off as quickly and can take breaks as I need them, so some system that keeps the engine running but disables the transmission would rock too.

Supposedly there's an option that will disable keyless entry and start if it can't localize your key to point blank. A nissan I rented could actually tell which side of the car you were on and wouldn't actually unlock the door until you were motionless by that door. So I get the feeling this is just cheap-ass fail.
 
2012-09-20 08:48:08 AM  

Sudo_Make_Me_A_Sandwich: Sim Tree: The very first model year these things were made, they had wicked strong encryption, so much so that the US government forbade them to export to most countries. I don't know if they deliberately weakened the encryption in response, or if holes were found in it via the inevitable march of technology, but I can't fault the auto makers for either.

I'm confused by the encryption comment. What's the authentication method? Does the key go through a handshake with the car to verify each other? Because it doesn't matter how strong the encryption is if anyone can just intercept the encrypted phrase and then transmit that.


That was the major factor, to prevent rebroadcasts. Once a signal was received by the car, it would be 'consumed' and no longer valid to the car ever again. The car and the key would then each go on to independently calculate the same next new code in an encryption series, based loosely on the previous code, but mostly on the fob. The car, being the more complicated entity, would actually keep a 'window' of ~200 codes in case the owner was mashing the button out of range. If a code in the window was received by the car, it would unlock, drop the older codes, and fill the window up to 200 again. (Usually this would be an increase of 1 after receiving code #1, because usually customers were usually in range when unlocking the car.) Dual windows would be kept for husband/wife teams.

The series itself was also supposed to be incalculable from any number of previous codes without possessing that one actual fob, but that's less useful now. A PS3 could probably crack a series in a few days or weeks. But at the time, this was a herculean task requiring centuries.

They also wanted each series to be unique to a specific automobile. Even if you had a working series with the working algorithm (say, by taking apart a number of fobs) and just started broadcasting unlock codes, the chances of crossing another car's series would literally be over 1 in ten trillion. So you couldn't go into a parking lot and just try your hand. It did, however, mean the car needed to be reprogrammed by the dealer if you lost your keys.

Even at worst, tho, it's much better than the mechanical key. Generally, a given model year only had ~10 keys possible. If you had all 10 keys, you could drive any car of that model any time you wanted. Repo men would frequently keep a keychain of "GM keys" etc., as in: 'We need to repossess a pinto? That'll be key #85 or so'. People wound up on fark after driving the wrong car home a couple times.
 
2012-09-20 10:43:05 AM  
I think push-button start is overrated anyway. I like the tactile aspect of starting a car by "traditional" means. Plus, after being a Valet for a while and being able to start cars in the parking lot with the fob still in the key cabinet 50yds away, and seeing people drive off without their keys because a valet goofed and left the fob on his belt, I realized they were very insecure.
 
2012-09-20 11:03:56 AM  
"...OBD systems need to accessible and programmable to allow access to third parties because of EU rules..." So basically the EU is saying that they support car theft? Cool!
 
2012-09-20 11:58:29 AM  

Lafiel: iheartscotch: eraser8: RogermcAllen: That could be bypassed with a rock in the closing mechanism.

On a side note, those images are dishonest since they show different sides of the house. In a similar vein watch as I transform this WalMart into an impenetrable fortress.

Fair point.

Here's a better angle:

You don't even need the rock; all you need is time. They're gonna run out of food or water eventually. And what happens if Godzilla is in a house smashing mood? Or a pack of velociraptors? I bet they could get in there.

I wondered the other day; zombies Vs. velociraptors, who'd win? Obviously, if there was a fark ton of raptors and not many zombies; the raptors would win. If there were a fark ton of zombies and only a few raptors; I imagine one of the raptors would go down eventually; then you would have zombie-velociraptors.

/ I don't think that house is zombie-velociraptor proof

ZOMG! Call SyFy. Right now. This is GENIUS!


It makes as about much sense as most of the stuff they've come up with; I'm glad that I have your support though!
 
2012-09-20 12:28:38 PM  

sno man: bdub77: In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.

Yea but this is new territory for cars...
Car companies aren't traditionally all that good at being all the way out on the leading edge of tech...


This is no different than now. There are only so many variations of keys cut for cars to gain entry. Some auto makers have more and some less. Its simple to get into a vehicle and take it. If you really want security then install a hidden kill switch.
 
2012-09-20 03:00:45 PM  

iheartscotch: Goodfella: bdub77: In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.



What's more ridiculous is how they try to whitewash this.

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011."

Oh yes, those old ancient 2011 BMWs. What old ancient rustic pieces of shiat.

And the funny thing is, if this hack worked for cars built through, say, July 2012, they would probably say the same thing:

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before July 2012."

The top BMW PR people got together and that was the best line of bullshiat they could come up with.

They've got top men working on it.




Who?
 
2012-09-20 03:19:33 PM  

Goodfella: iheartscotch: Goodfella: bdub77: In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011. "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action," it said.

I realize this is a legal statement basically, but I'm sorry, security threats should be fully addressed when the car is designed and developed. This includes wireless cryptography and other tech security considerations.



What's more ridiculous is how they try to whitewash this.

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before September 2011."

Oh yes, those old ancient 2011 BMWs. What old ancient rustic pieces of shiat.

And the funny thing is, if this hack worked for cars built through, say, July 2012, they would probably say the same thing:

"In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models - those built before July 2012."

The top BMW PR people got together and that was the best line of bullshiat they could come up with.

They've got top men working on it.



Who?


TOP MEN.
 
2012-09-20 11:33:34 PM  

Sim Tree: Once a signal was received by the car, it would be 'consumed' and no longer valid to the car ever again.


Thanks for that detailed explanation. That makes a lot of sense as a method.
 
Displayed 41 of 41 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report