Thursday, January 6, 2011

What do you get when you cross a car with a computer?

You get a computer with wheels.  When you boot it, "they" will come, as eventually they come to all computers that are on the network.

Good thing your car isn't on a network, right?  Oh, wait.  Well good thing that the designers thought long and hard about security, right?  Oh, wait:

Car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key, according to new research that will be presented at the Network and Distributed System Security Symposium next month in San Diego, California.

The researchers successfully attacked eight car manufacturers' passive keyless entry and start systems—wireless key fobs that open a car's doors and start the engine by proximity alone.

...

Capkun and Aurélien Francillon and Boris Danev, both researchers in the same institution, examined 10 car models from the eight manufacturers. They were able to access all 10 and drive them away by intercepting and relaying signals from the cars to their wireless keys.
Security wasn't an afterthought.  It wasn't thought of at all.

How do you know if you're vulnerable?  If you can start your car via your key fob, you almost certainly are.  If you can unblock your car doors via a key fob, you're at increased risk of theft, but less than the new wireless cars.  Or shield your key when not in use.  Leaving it in, say, an old ammo can gives you extra style points for shielding.

The Borepatch recommendation is to drive something without all the new fangled electronics.  Like this:

Or since, as they say, this baby don't run on faith, perhaps one of these:

8 comments:

libertyman said...

Yes, but can't you start the GTO with a slide hammer and a screwdriver? For the truck, you can probably use a couple of alligator clips. But you are right, the high tech guys never thought of people's baser motives.

LeverAction said...

How long before someone hacks OnStar and wreaks havoc down a bunch of GM cars? I've never been a fan of techno-cars, partly because of things like this.

LeverAction said...

Okay, how about "...wreaks havoc on..." instead? Its my guvermint ejacashun showin' again.

Lissa said...

Oooo shiny :)

wolfwalker said...

"Security wasn't an afterthought. It wasn't thought of at all."

I don't think that's entirely fair. If these researchers had demonstrated a method of recreating the keyless-entry and keyless-start signals, then I'd agree that it was a failure of security. But what they did was capture the original signal and amplify it so that the key could hear and respond from farther away. I can't think of any way to defend against that. Encryption wouldn't help, neither would additional signal protocols. Any radio signal can be captured and relayed that way.

I do have a question, however. What happens to a keyless-start system if you drive out of range of the key transmitter?

notDilbert said...

Car????

Pffft. How about your house??

How many of us always lock the doors and Bar the sliders only to leave via the Garage useing the Garage door opener.

,,,Just how difficult do you think it is to "hack" a garage door opener? Back in the 50's, everybody's Sears opener worked on most of thier neighbors garages too.

SpeakerTweaker said...

Ooohh, The Judge. I'd give a finger and two toes for one of those...

No need to fear security on it, either. I'll be able to defend it easily by boomstick, as it would never likely be out of eyesight;)



tweaker

Eseell said...

"Encryption wouldn't help, neither would additional signal protocols. Any radio signal can be captured and relayed that way."

I disagree. Using a rotating key for the encryption between the car and fob would greatly decrease the likelihood that someone could capture a transmission and reuse it in time to steal your car without your notice. You could even setup the car's security system to activate if a key more than one or two keys out of date is used. It'd be expensive and it'd be a pain in the butt for auto dealers to maintain, but it'd be a lot more secure than what we have now and the technology for such encryption has matured to the point that I think it's feasible - or soon will be.