General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMillions of cars' keyless entry systems can be hacked, security experts find
Source: Associated Press
By ASSOCIATED PRESS
AUGUST 12, 2016, 11:40 AM
A group of computer security experts say they figured out how to hack the keyless entry systems used on millions of cars, meaning that thieves could, in theory, break in and steal items without leaving a broken window.
The experts say that remote entry systems on millions of cars made by Volkswagen since 1995 can be cloned to permit unauthorized access to the car's interior.
The same experts say another system used by other brands, including Ford, Chevrolet, Renault and General Motors' Opel, can also be defeated.
In a paper delivered Friday at the Usenix security conference in Austin, Texas, the authors say a thief could use commonly available equipment to intercept entry codes as they are transmitted by radio frequency, then use that information to clone another remote so the car could be opened.
[font size=1]-snip-[/font]
Read more: http://www.latimes.com/business/autos/la-fi-hy-cars-hackers-20160812-snap-story.html
Related: Lock It and Still Lose It on the (In)Security of Automotive Remote Keyless Entry Systems (Usenix)
Daemonaquila
(1,712 posts)If it's electronic and emits a signal, it can be hacked. End of story.
If it can be hacked, it will be hacked. It probably HAS BEEN hacked.
I want to slap the crap out of car dealers that are upset when I go for older cars or models with no keyless entry, and minimal electronic crapola. Not only is it much cheaper in the long run because my car doesn't become a problem when an expensive electronic component starts going on the fritz, but it makes a difference for security and control of the vehicle.
whatthehey
(3,660 posts)It's dropped from 659/100k in 1991, which is about when metal keys were widely giving way to push button fobs, to 221/100k now. The most preciptous part of that decline started shortly after the 1997 intro of smart keys that meant hotwiring was no longer feasible on cars so equipped.
You are worried about people equipped with high tech devices who have to stand right next to you to steal a code, but not about any Joe blow with a coathanger or a lockpick?
http://www.nytimes.com/2014/08/12/upshot/heres-why-stealing-cars-went-out-of-fashion.html?_r=0
Money quote...
You can see this in the pattern of thefts of Americas most stolen car, the Honda Accord. About 54,000 Accords were stolen in 2013, 84 percent of them from model years 1997 or earlier, according to data from the National Insurance Crime Bureau, a trade group for auto insurers and lenders. Not coincidentally, Accords started to be sold with immobilizers in the 1998 model year. The Honda Civic, Americas second-most stolen car, shows a similar pattern before and after it got immobilizer technology for model year 2001.
LanternWaste
(37,748 posts)"It's dropped from 659/100k in 1991, which is about when metal keys were widely giving way..."
Post hoc ergo prompter hoc. Supply objective causation and your allegation becomes a premise. Leave it as is, it's a bumper-sticker, regardless of the projected concern of codes as well as coathangers.
whatthehey
(3,660 posts)The inability to hotwire cars is not a temporal coincidence. The lack of simple mechanical locks that can be slimjimmed is not either. 84% of Honda Accords on the road in 2013 were not pre 1997 models and yet that was the ratio of 16+ year old cars stolen. It is sheer sophist nonsense to pretend that electronic locks and immobilizers are as easy to overcome as a latch behind a 1/4" gap and a couple of wires.
matt819
(10,749 posts)Mr. Mercedes already addressed this issue. Pretty scary.
Xithras
(16,191 posts)The HITAG transponders used by many car manufacturers only use 48 bit encryption, and even worse only use a 32 bit rolling key. Tack onto this the fact that the encryption uses a discoverable fixed key instead of a random number generator, and you have an "encryption" system that is theoretically crackable by any 12 year old script kiddie with a laptop and a signal scanner. It's "secure" in only the loosest sense.
Many manufacturers use higher encryption levels and PRNG's to really randomize the keys, which are nearly uncrackable. The problem here isn't that the technology is broken, but that these manufacturers went with the cheapest solution they could find and implemented encryption standards that haven't been considered secure in more than a decade.
UMTerp01
(1,048 posts)Its keyless entry and I have a program on my phone that I can even unlock and lock it with my phone. What in the hell? This is yet another downside with technology. Its brought us some great things but its also another thing to be hacked.
MrScorpio
(73,631 posts)maxsolomon
(33,345 posts)If you can manage to get in and steal it, please proceed. Just make sure you total it.
MineralMan
(146,309 posts)I encountered an older guy who had locked his keys in his car. He was flustered and sweating in the sun. I asked him if I could help. He said thanks. So I got my slim Jim from my trunk and opened his door in about 30 seconds.
"Thanks," he said. " Are you a mechanic?"
"Nope," I replied. "A car thief." Then, I got in my car and left. Actually, I was working as a mechanic then, but that wouldn't have been as good a story for him to tell later.