Good thing your car isn't on a network, right? Oh, wait. Well good thing that the designers thought long and hard about security, right? Oh, wait:
Security wasn't an afterthought. It wasn't thought of at all.
Car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key, according to new research that will be presented at the Network and Distributed System Security Symposium next month in San Diego, California.
The researchers successfully attacked eight car manufacturers' passive keyless entry and start systems—wireless key fobs that open a car's doors and start the engine by proximity alone.
...
Capkun and Aurélien Francillon and Boris Danev, both researchers in the same institution, examined 10 car models from the eight manufacturers. They were able to access all 10 and drive them away by intercepting and relaying signals from the cars to their wireless keys.
How do you know if you're vulnerable? If you can start your car via your key fob, you almost certainly are. If you can unblock your car doors via a key fob, you're at increased risk of theft, but less than the new wireless cars. Or shield your key when not in use. Leaving it in, say, an old ammo can gives you extra style points for shielding.
The Borepatch recommendation is to drive something without all the new fangled electronics. Like this:
Or since, as they say, this baby don't run on faith, perhaps one of these:
Yes, but can't you start the GTO with a slide hammer and a screwdriver? For the truck, you can probably use a couple of alligator clips. But you are right, the high tech guys never thought of people's baser motives.
ReplyDeleteHow long before someone hacks OnStar and wreaks havoc down a bunch of GM cars? I've never been a fan of techno-cars, partly because of things like this.
ReplyDeleteOkay, how about "...wreaks havoc on..." instead? Its my guvermint ejacashun showin' again.
ReplyDeleteOooo shiny :)
ReplyDelete"Security wasn't an afterthought. It wasn't thought of at all."
ReplyDeleteI don't think that's entirely fair. If these researchers had demonstrated a method of recreating the keyless-entry and keyless-start signals, then I'd agree that it was a failure of security. But what they did was capture the original signal and amplify it so that the key could hear and respond from farther away. I can't think of any way to defend against that. Encryption wouldn't help, neither would additional signal protocols. Any radio signal can be captured and relayed that way.
I do have a question, however. What happens to a keyless-start system if you drive out of range of the key transmitter?
Car????
ReplyDeletePffft. How about your house??
How many of us always lock the doors and Bar the sliders only to leave via the Garage useing the Garage door opener.
,,,Just how difficult do you think it is to "hack" a garage door opener? Back in the 50's, everybody's Sears opener worked on most of thier neighbors garages too.
Ooohh, The Judge. I'd give a finger and two toes for one of those...
ReplyDeleteNo need to fear security on it, either. I'll be able to defend it easily by boomstick, as it would never likely be out of eyesight;)
tweaker
"Encryption wouldn't help, neither would additional signal protocols. Any radio signal can be captured and relayed that way."
ReplyDeleteI disagree. Using a rotating key for the encryption between the car and fob would greatly decrease the likelihood that someone could capture a transmission and reuse it in time to steal your car without your notice. You could even setup the car's security system to activate if a key more than one or two keys out of date is used. It'd be expensive and it'd be a pain in the butt for auto dealers to maintain, but it'd be a lot more secure than what we have now and the technology for such encryption has matured to the point that I think it's feasible - or soon will be.