Hacker News new | past | comments | ask | show | jobs | submit login
The Guy Selling Wireless Tech to Steal Luxury Cars (vice.com)
19 points by enigmabridge 3 days ago | hide | past | web | favorite | 13 comments

> "Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people."

I know there's a fine line here and it probably varies by jurisdiction, but aren't there laws that depend on your intention? As in, if they guy would sell this with intentions of good use or even with no intentions at all, even if they knew there existed bad uses, it would be legal, but if they sell it with the intention that it would be given a bad use it would be illegal.

I mean, here they're saying that their intention is for buyers to use them to steal cars.

I'm ok with their ability to sell it. I'm not sure how I feel with the way they're openly admitting that they expect to make their money from people stealing cars.

Good smart lightbulbs (was it Ikea?) nowadays have time-of-flight protection against remote attackers with high-gain antennas. You need to physically be within xx centimeters of the device, or else the signals take too long and are discarded. I can't believe car manufacturers haven't thought of that.

A good article from 2016 on the topic of such attacks: https://ethz.ch/content/dam/ethz/special-interest/infk/inst-...

Nice, very on topic! Seems the problem was solved in the "Time-of-flight (Short symbol IR-UWB)" protocol to defend against exactly the attacks that these devices use. Now the car manufacturers just have to use it.

The relay attack is pretty wild but it also sounds like all these years later all these cars are mostly using an ancient cipher.

The Cipher was broken so badly that as far back as 2005 it was published how to break it, and it has still never been changed.

If you have regular access to the car (parking garage) you can just break the cipher if you see it on more than one day... no need to relay at all, and no protections against the relay attack would stop it from working.

It's a 40-bit cipher but because of a weakness you can calculate down to 2^16 possible keys and then come back on another day and break it very quickly at which point you've essentially got your own key to the car.

Car manufacturers seem have have had a pretty relaxed attitude to security for ever:


We stored our keys in Faraday cage pouches[0] to (hopefully) prevent this attack. Of course when you're out and about, bringing a Faraday pouch with you is a bit cumbersome.

[0] https://www.amazon.com/gp/product/B01HETGX00

Luxury? Keyless entry and ignition is quickly becoming standard. My 2014 Mazda 6, and my 2018 VW Passat are not luxury cars.

If he's selling the high end model for $12,000 how many cars would you need to steal? I can't imagine the value of stolen car is much considering most have gps tracking and serialized parts

I used to know a guy that stole many cars. We are not buddies any more for obvious reasons.

They would purchase "rollers" or "theft recovery" cars with clean titles. Roller = a car frame wit VIN and title, possibly blown engine, stripped interior if car was used to race etc. Theft Recovery = stripped car, no interior, engine etc.

Clean titles made it easy as no inspection was required.

He would steal the same car, transfer parts, discard the frame. You could easily make 15k+ on one car.

Others ship cars to other countries. Same goes for motorcycles.

I find that very hard to believe given how much work is involved in that

I don't know anyone making 14k cash in three weeks. Definitely worth it for someone uneducated that can earn max 50k.

Disable the tracking, ship to a country that the customs agents can be paid off and no one else cares. Hardest part would be getting it out of country.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact