

Keyless cars 'increasingly targeted by thieves using computers' - secfirstmd
http://www.bbc.co.uk/news/technology-29786320

======
Someone1234
> We need better safeguards within the regulatory framework to make sure this
> equipment does not fall into unlawful hands and, if it does, that the law
> provides severe penalties to act as an effective deterrent.

That's "solution" is moronic and lazy.

Instead of changing the car's security systems so they're actually secure, you
want to make the security obscure by making key-recoders illegal to even own?

Makes me wonder if this is even really about the thefts or the car
manufacturers using the thefts as an excuse to push their competitors out of
the market using this new proposed law. If authorised dealerships are the only
people who can legally re-code cars/keys then they've just assured themselves
a huge business boost.

Plus this law will be ineffective. There is already a law against owning tools
designed to break into vehicles ("tools of the trade" laws). But they're
largely ineffective at stopping vehicle crime.

Instead they should make the technology entirely transparent and hire some
damn cryptographers to design their systems. Double public-key cryptography
(e.g. one private key in the car and key-fob respectively) make doing this
securely absolutely possible.

Set up an industry group who stores the car's private keys and allows any
authorised shop to request them and update them. Store an audit log. If a car
gets stolen pull the log and see who requested the private key, then send the
bobbies around to sort 'em out.

~~~
floatrock
> If authorised dealerships are the only people who can legally re-code
> cars/keys then they've just assured themselves a huge business boost.

One of the neat ideas that, imho, doesn't receive nearly enough attention in
the bitcoin space is smart property -- you can use the blockchain and
cryptography to have _decentralized property transfer_ , even offline and in a
hostile network environment (ie a thief trying to spoof a property transfer
message to the car.

[https://en.bitcoin.it/wiki/Smart_Property#Theory](https://en.bitcoin.it/wiki/Smart_Property#Theory)
lists the gorey crypto-details, but imagine instead of transferring ownership,
you just temporarily grant another party (ie your mechanic) to have
'ownership-like' rights to your car while it's in the shop.

> Set up an industry group who stores the car's private keys and allows any
> authorised shop to request them...

Centralized points of failure always fail. How long before the next Target or
Home Depot has a credit card breach? How long before this centralized
authority blocks non-dealer shops from being part of the network (or pay
exorbitant fees).

We can decentralize all this while still keeping it cryptographically secure.

~~~
gnopgnip
What happens when you lose a key?

~~~
floatrock
Exactly one of the major issues blocking consumer-level adoption of
decentralization technologies. Centralized trust is just too darn convenient,
especially wrt backups.

As with most ideological debates, the middle ground is probably the most
amicable. Bigger crypto-nerds than me will have more fleshed out ideas, I'm
sure, but there are ways to have a hybrid centralized/decentralized approach.
One algorithm I've heard tossed around, for example, is shamir's secret
sharing. Basically you can split a key between different parties... no one
party/dealer/mechanic/DMV has access to the family jewels, but you can
reconstruct the secret with 3 of the 5 pieces or whatever threshold.
[http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing](http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing)

The challenge is, like you say, to make all this magic enough that it becomes
consumer friendly. Much more fulfilling a UX gig than designing virtual farms,
though.

------
paulgerhardt
There are a lot of different things going on here but the article is very
vague and may not be reporting anything new. Or perhaps it is.

First off there are two generations of keyless entry systems. The older
rolling code system, KeeLoq, was developed by a South African company and
bought by Microchip in the '90's- a near full break was widely published in
2004/2005 and tools released a few years later[1]. The newer system is called
HiTag2/3/Pro. Vulnerabilities also exist in HiTag2.

Additionally there is a vehicle immobility device known as Megamos (which Land
Rover is known to use) - a break was published last year but an injunction by
the UK High Court prevented release of much of the technical details at the
time.[2] If criminals are breaking Megamos than this is news. To paraphrase HN
user brians: "given sure confidence that there is a vulnerability, skilled
security [criminals] can find it very quickly. " [3]

Most talks and articles that come out focus on Keeloq. It's trivial to capture
a packet from the remote when not near the vehicle and replay that packet when
near the vehicle to gain access. [4]

Once one has access to the vehicle there is a separate attack on the OBD-II
port to start the vehicle. This was a a widely published attack on BMW's
involving this.[5]

Also, the equipment required to clone a modern electronic car key is widely
available. I personally saw a number for sale in the security malls around
Shenzhen. Banning ownership of key-recoders probably won't work as most of
this can be done with an SDR. The price for an SDR is about the same as a 3D
printer (thousands last year, hundreds this year.) SDR's are already cheaper
than most dedicated programmers.[6]

Even though most of the protocols are vulnerable or broken it should be noted
they are not ineffective. For instance there was an 88% decrease in theft
between the pre-98 and post 98 Honda Civic models which began implementing
(broken) anti-theft keys.[7]

[1]
[https://www.youtube.com/watch?v=l_crMuwBp8I](https://www.youtube.com/watch?v=l_crMuwBp8I)

[2]
[https://www.usenix.org/conference/usenixsecurity13/dismantli...](https://www.usenix.org/conference/usenixsecurity13/dismantling-
megamos-crypto-wirelessly-lockpicking-vehicle-immobilizer)

[3]
[https://news.ycombinator.com/item?id=8456206](https://news.ycombinator.com/item?id=8456206)

[4] [http://www.wired.com/2014/08/wireless-car-
hack/](http://www.wired.com/2014/08/wireless-car-hack/)

[5]
[http://www.bmwland.co.uk/forums/viewtopic.php?f=1&t=135599&s...](http://www.bmwland.co.uk/forums/viewtopic.php?f=1&t=135599&sid=66cdcd99d0403af2d27e6ec2d40a5daa)

[6]
[https://www.avtotools.com/index.php?productID=409](https://www.avtotools.com/index.php?productID=409)

[7] [http://www.latimes.com/business/autos/la-fi-hy-honda-
accord-...](http://www.latimes.com/business/autos/la-fi-hy-honda-accord-most-
stolen-car-20140814-story.html)

------
hughes
> "By far the most common way of a car being stolen is still from thieves
> breaking into homes and stealing keys,"

This never even occurred to me as a way of stealing a car. TV & hollywood car
thieves _always_ smash the window or jimmy the lock somehow.

I suppose the comparison with cryptographic keys is also accurate: It's
usually far easier to steal someone's private key than it is to break the
cryptography.

~~~
to3m
My car insurance is 10% cheaper due to keeping my car in a residential parking
area as opposed to in my garage! My best guess for the reason - aside from
that the statistics say the risk doesn't require a higher premium - being a
person, I want a _proper_ reason ;) - is that on average a garage affords a
thief more privacy and gives them (compared to on-street parking) a good idea
which house to look in.

(The funny thing is, my parking spot is numbered. But they never asked me
about that.)

~~~
walshemj
according to todays evening standard range rovers are uninsurable in London
unless you have secure off street parking

------
lumberjack
This is just speculation but I do not think that the thieves in this case are
doing anything particularly hard. They probably aren't reverse engineering the
locks or cracking the encryption. What is probably happening is that somebody
within the dealership or company is getting their hands on the digital keys
and selling them on the black market.

The key difference (no pun intended) is that previous the thieves had access
to physical master keys but they still had to go from car to car to find a
suitable match. But with keyless systems they can probably find a way to scan
a whole parking lot in a few minutes. Makes it far easier. Also, it's easier
to copy a digital file without being noticed as opposed to "misplacing" a
physical key.

~~~
nostromo
Two factor could easily solve this. Make it key + PIN. Or key + phone.

~~~
TaylorAlexander
Or a one time pad. Plug the key into a physical port inside of the car and it
generates a million codes that are saved in the key itself and the vehicle.
The vehicle can have a memory of several paired keys, which all require a
separate procedure. Make the procedure take 30 minutes and require physical
access to the inside of the vehicle.

I suppose the issue is that someone could still get you to press the button
out of range and copy that value over the air, and then use it on your car.
But perhaps there is a scheme to avoid that too. Maybe use a real time clock
and use a new key every second.

Really, there should be open source hardware that can do this. Can't these
vehicles be unlocked with access to the CAN bus? You could disable the
insecure proprietary RF receivers and install an open source system on the CAN
bus. They're usually locked down on ignition though...

~~~
thaumasiotes
> someone could still get you to press the button out of range and copy that
> value over the air, and then use it on your car. But perhaps there is a
> scheme to avoid that too.

I'm not educated in this field. But, I believe there are schemes to allow two
parties to demonstrate to each other over untrusted channels that they share a
secret (here, the codes generated when you physically plug your fob into your
car), without leaking the shared secret.

If memory serves, connecting to SSH without a password uses such a scheme.

~~~
TaylorAlexander
Yeah, there definitely are schemes in standard cryptography that allow for
this, and any kind of true modern crypto should solve all these problems
handily. I just have a feeling current crypto isn't as future proof as we
would all like, and was thinking about a scheme that wouldn't rely on the
strength of an algorithm to keep things secure. But then, I may be too
paranoid...

------
dromidas
I'm waiting for the day when we have an article titled "Driver-assisting cars
targeted by hackers". Primary reason why even if I could afford a Tesla S that
I wouldn't buy one. If my car has any sort of control over my acceleration or
steering (excluding tire-specific traction control functionality) then that
car had better not have any sort of internet connection. Tesla has the ability
to update over the air... that is kind of terrifying.

~~~
icebraining
Planes have automated systems that have control over direction and speed, and
nowadays many planes have connections to the Internet. Has any ever been
hijacked over the 'net?

~~~
vonmoltke
Aircraft avionics are separated from the internet access on-board and must be
manually accessed to be controlled or modified.

~~~
icebraining
Yes, and likewise they can decouple the low-level steering/accelerating
mechanism from the Internet-enabled, high level system and have them
communicate over a very restricted channel.

~~~
TheLoneWolfling
Are you sure that they could?

Sure, you can decouple this to an extent. But, barring complete informational
disconnection (read: airgap and no wireless communications) (and potentially
not even then), this only reduces the attack surface, not removes it entirely.

What happens, for example, when your driver assist includes GPS data? Oh
look... now you're downloading and decoding maps. Whoops! Attack vector.

What happens when your keyfob starts doing encrypted communication with the
car (as other people in this thread are suggesting)? Whoops! Attack vector.

What happens when your entertainment console shows options to change the
amount of time before the doors automatically lock? Whoops! Attack vector.

Cars are getting more complex - and it only takes one break in the defenses.

~~~
TaylorAlexander
The infotainment system must be capable of taking address input, and that same
computer would be internet connected for a variety of reasons. Taking over the
steering as the above poster suggested would likely not be a desirable hack
anyway. More likely someone would want to leave the low level control systems
intact and just change the desired destination. A solid hack would actually
wait until you get to your destination, and then once you send the vehicle to
park itself, it instead just goes to the attacker's desired location. Might be
a while before you even realized something was up!

It was noted that the Xbox One will accept voice commands from a video the
console itself is playing. What happens when someone makes a hyper-targeted
Pandora ad that uses your car's voice control function to enter a new
destination address? If you are paying attention you will likely notice this,
but many people have suggested that at some point you can sleep in your car
and wake up at your destination, so even that isn't guaranteed.

No doubt direct control of steering and brakes will be highly locked down, but
as you point out that in no way eliminates the possibility for mischief.

------
tsotha
I don't need keys, apparently. We had a rash of thefts in my area, and I ran
into a cop at the local coffee shop. I asked him about it, and when he found
out I had a manual transmission he laughed and said I had nothing to worry
about.

Apparently the kinds of thieves who steal mass market cars are mostly younger
guys who can't drive stick. Of course all bets are off if you have a classic
Bugatti or something along those lines.

~~~
Anechoic
[http://www.masslive.com/news/index.ssf/2014/01/springfield_p...](http://www.masslive.com/news/index.ssf/2014/01/springfield_police_would-
be_ca.html)

------
userbinator
I think this is largely a case of too much proprietary technology and
"security through obscurity". Open protocols like WPA2 for WiFi are reviewed
by many cryptographers even before they're implemented, so any flaws can be
quickly discovered and corrected.

Ideally keyless entry would involve being able to buy a generic keyfob which
works for any car it's paired with, and the authentication would work with an
open protocol much like with WiFi. If people can setup WiFi
encryption+authentication, they should be able to setup new keys for their
car.

(Personally, I'm not a fan of keyless cars. There's something really
satisfying and secure about the feeling of putting a physical key into a lock
and unlocking it.)

~~~
astrange
> There's something really satisfying and secure about the feeling of putting
> a physical key into a lock and unlocking it.

Right, until the key falls out of the lock and your car turns off.

[http://en.wikipedia.org/wiki/2014_General_Motors_recall](http://en.wikipedia.org/wiki/2014_General_Motors_recall)

------
rjv
I'd prefer a keyless system over the "key with anti-theft chip" alternative. I
just had to replace one of these keys for my car and it was over $300 USD.
That much for just a KEY that needs to be "programmed." Such a scam by the
manufacturer...

~~~
mikestew
$226 USD for a new keyless entry fob for a Nissan Leaf (selected because it's
what I own): [http://www.nissanofelkgrove.com/versa-intelligent-
key.htm](http://www.nissanofelkgrove.com/versa-intelligent-key.htm)

Or am I misunderstanding what you mean by "keyless"? _Something_ has to
authenticate the "keyless" part.

------
takeda
I see many people speculate how the cars are being hacked.

In addition to listed attacks there's even easier one and harder to protect
against. You basically need two people, one one carries a device and is close
to the car. The other wears an antenna and tries to get close to the car
owner. They relay information over radio.

They basically use owner's key to open the car.

I'm wondering if this problem could somehow be solved on cryptographic level.
But even then I would love if manufacturers would simply provide a switch on
the key, which simply turns off the keyless feature.

------
phkahler
It doesn't say what the input to the device for programming keys is. Is it the
VIN# ? Is there some magic to pairing a key with a car that can be done from
outside with the ignition off? There's really nothing here to indicate what
one can or can not do to prevent it.

~~~
talmand
I was wondering the same thing myself. The article made it seem like they just
walk to a car, hit a few buttons on a magic box, their fob is now tied to the
car, and the car door opens. There's got to be more to it than that.

I can see copying the key if you have the original fob, but then you have the
original fob so why bother? Maybe people are doing the simple credit card
swipe bit that nefarious retail people have been doing for a while now? I
suppose we should stop handing over fobs to valet parking?

If it is as simple as the key being tied to the VIN then we can all just put
electrical tape on our car's VIN. I have plenty to spare if someone wants
some, I only used a small bit from a new roll to cover the front-facing camera
on my laptop.

~~~
privong
> I suppose we should stop handing over fobs to valet parking?

I thought many (but presumably not all) cars came with "valet keys", just for
that reason. I am not sure how often they are used, though.

~~~
dragonwriter
Many (most) keyless cars don't have an ignition fallback (well, a contact
fallback where the fob is inserted into a slot rather than relying on wireless
signal is common, but that still requires the fob); most that I've seen have
an entry fallback with a mechanical key that is normally kept in the fob.

They usual "valet keys" I've seen are for _keyed_ ignition cars where the
valet key works the ignition but not the glovebox lock.

~~~
talmand
The fob for my car has a valet key of sorts. It's so I can lock the
compartments inside the car. I hand over the fob and keep the key. They may
easily take the car, but dang if they'll have to work at getting that glove
compartment open.

------
LeonM
Every couple of month a "newsitem" appears writing about criminals having a
"special device" that allows them to unlock cars. In the end, it just turns
out the owners forgot to lock their car, lost a key, or the key was simple
stolen from their home/pocket.

I remember about 2 years ago there was a media frenzy (at least here in The
Netherlands) about criminals having a special device that allowed them to
detect whether a car contained a laptop or tablet in the trunk, even if the
device was fully turned off! In the end it was found that the thieves simple
observed the parking lot and looked for people stashing their laptop bag in
their car.

Modern keyless access systems are actually pretty good and cars are much, much
harder to "crack" then someones front door. Breaking into a house to get the
car keys is usually much more easy to do.

~~~
michaelt

      Modern keyless access systems are actually pretty good
    

It sounds like you're well informed about these things - where can I read more
about exactly how they secure these things?

------
zaroth
I wouldn't mind being able to start the car just due to the presence of my
phone. Just one less thing to carry. And if the phone's what's allowing the
car to run, it's a built-in software anti-theft device.

