> We need better safeguards within the regulatory framework to make sure this equipment does not fall into unlawful hands and, if it does, that the law provides severe penalties to act as an effective deterrent.
That's "solution" is moronic and lazy.
Instead of changing the car's security systems so they're actually secure, you want to make the security obscure by making key-recoders illegal to even own?
Makes me wonder if this is even really about the thefts or the car manufacturers using the thefts as an excuse to push their competitors out of the market using this new proposed law. If authorised dealerships are the only people who can legally re-code cars/keys then they've just assured themselves a huge business boost.
Plus this law will be ineffective. There is already a law against owning tools designed to break into vehicles ("tools of the trade" laws). But they're largely ineffective at stopping vehicle crime.
Instead they should make the technology entirely transparent and hire some damn cryptographers to design their systems. Double public-key cryptography (e.g. one private key in the car and key-fob respectively) make doing this securely absolutely possible.
Set up an industry group who stores the car's private keys and allows any authorised shop to request them and update them. Store an audit log. If a car gets stolen pull the log and see who requested the private key, then send the bobbies around to sort 'em out.
> If authorised dealerships are the only people who can legally re-code cars/keys then they've just assured themselves a huge business boost.
One of the neat ideas that, imho, doesn't receive nearly enough attention in the bitcoin space is smart property -- you can use the blockchain and cryptography to have decentralized property transfer, even offline and in a hostile network environment (ie a thief trying to spoof a property transfer message to the car.
https://en.bitcoin.it/wiki/Smart_Property#Theory lists the gorey crypto-details, but imagine instead of transferring ownership, you just temporarily grant another party (ie your mechanic) to have 'ownership-like' rights to your car while it's in the shop.
> Set up an industry group who stores the car's private keys and allows any authorised shop to request them...
Centralized points of failure always fail. How long before the next Target or Home Depot has a credit card breach? How long before this centralized authority blocks non-dealer shops from being part of the network (or pay exorbitant fees).
We can decentralize all this while still keeping it cryptographically secure.
This is really a story about money to be made. Unfortunately, from a behavioural economics perspective neither the car manufacturers nor dealers have any incentive to make it difficult to steal a car.
Why do we focus on keys at all; why can't we just use thumbprints, or heck retina scans to unlock the cars? That technology exists today, we can keep everything local, a crappy thumbprint scanner is $4 on ebay right now.
Combine that with the in-dash electronics we have, and it would be simple to handle 'access management' or authorized thumbprints... much like my rubbish car can handle bluetooth devices.
The problem is that at $429 (CAD) per lost key, my car dealer couldn't care less about this. It's literally not in their interest to give up this revenue stream. Until they have an economic incentive to do it, it won't happen.
Exactly one of the major issues blocking consumer-level adoption of decentralization technologies. Centralized trust is just too darn convenient, especially wrt backups.
As with most ideological debates, the middle ground is probably the most amicable. Bigger crypto-nerds than me will have more fleshed out ideas, I'm sure, but there are ways to have a hybrid centralized/decentralized approach. One algorithm I've heard tossed around, for example, is shamir's secret sharing. Basically you can split a key between different parties... no one party/dealer/mechanic/DMV has access to the family jewels, but you can reconstruct the secret with 3 of the 5 pieces or whatever threshold. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
The challenge is, like you say, to make all this magic enough that it becomes consumer friendly. Much more fulfilling a UX gig than designing virtual farms, though.
More succinctly, we already have laws against stealing cars but people still do it. I agree the locks need to be stronger.
Perhaps it needs to be an independent third party that tests, breaks, and publicly reviews keyless entry systems. Such a third party could provide "certification" or badges for Cryptographically Secure Keyless Entry systems.
When purchasing a vehicle I'd be willing to pay a small premium for a vehicle with secure locks.
> "By far the most common way of a car being stolen is still from thieves breaking into homes and stealing keys,"
This never even occurred to me as a way of stealing a car. TV & hollywood car thieves always smash the window or jimmy the lock somehow.
I suppose the comparison with cryptographic keys is also accurate: It's usually far easier to steal someone's private key than it is to break the cryptography.
My car insurance is 10% cheaper due to keeping my car in a residential parking area as opposed to in my garage! My best guess for the reason - aside from that the statistics say the risk doesn't require a higher premium - being a person, I want a proper reason ;) - is that on average a garage affords a thief more privacy and gives them (compared to on-street parking) a good idea which house to look in.
(The funny thing is, my parking spot is numbered. But they never asked me about that.)
This is just speculation but I do not think that the thieves in this case are doing anything particularly hard. They probably aren't reverse engineering the locks or cracking the encryption. What is probably happening is that somebody within the dealership or company is getting their hands on the digital keys and selling them on the black market.
The key difference (no pun intended) is that previous the thieves had access to physical master keys but they still had to go from car to car to find a suitable match. But with keyless systems they can probably find a way to scan a whole parking lot in a few minutes. Makes it far easier. Also, it's easier to copy a digital file without being noticed as opposed to "misplacing" a physical key.
Or a one time pad. Plug the key into a physical port inside of the car and it generates a million codes that are saved in the key itself and the vehicle. The vehicle can have a memory of several paired keys, which all require a separate procedure. Make the procedure take 30 minutes and require physical access to the inside of the vehicle.
I suppose the issue is that someone could still get you to press the button out of range and copy that value over the air, and then use it on your car. But perhaps there is a scheme to avoid that too. Maybe use a real time clock and use a new key every second.
Really, there should be open source hardware that can do this. Can't these vehicles be unlocked with access to the CAN bus? You could disable the insecure proprietary RF receivers and install an open source system on the CAN bus. They're usually locked down on ignition though...
> someone could still get you to press the button out of range and copy that value over the air, and then use it on your car. But perhaps there is a scheme to avoid that too.
I'm not educated in this field. But, I believe there are schemes to allow two parties to demonstrate to each other over untrusted channels that they share a secret (here, the codes generated when you physically plug your fob into your car), without leaking the shared secret.
If memory serves, connecting to SSH without a password uses such a scheme.
Yeah, there definitely are schemes in standard cryptography that allow for this, and any kind of true modern crypto should solve all these problems handily. I just have a feeling current crypto isn't as future proof as we would all like, and was thinking about a scheme that wouldn't rely on the strength of an algorithm to keep things secure. But then, I may be too paranoid...
I'm waiting for the day when we have an article titled "Driver-assisting cars targeted by hackers". Primary reason why even if I could afford a Tesla S that I wouldn't buy one. If my car has any sort of control over my acceleration or steering (excluding tire-specific traction control functionality) then that car had better not have any sort of internet connection. Tesla has the ability to update over the air... that is kind of terrifying.
Planes have automated systems that have control over direction and speed, and nowadays many planes have connections to the Internet. Has any ever been hijacked over the 'net?
Yes, and likewise they can decouple the low-level steering/accelerating mechanism from the Internet-enabled, high level system and have them communicate over a very restricted channel.
Sure, you can decouple this to an extent. But, barring complete informational disconnection (read: airgap and no wireless communications) (and potentially not even then), this only reduces the attack surface, not removes it entirely.
What happens, for example, when your driver assist includes GPS data? Oh look... now you're downloading and decoding maps. Whoops! Attack vector.
What happens when your keyfob starts doing encrypted communication with the car (as other people in this thread are suggesting)? Whoops! Attack vector.
What happens when your entertainment console shows options to change the amount of time before the doors automatically lock? Whoops! Attack vector.
Cars are getting more complex - and it only takes one break in the defenses.
The infotainment system must be capable of taking address input, and that same computer would be internet connected for a variety of reasons. Taking over the steering as the above poster suggested would likely not be a desirable hack anyway. More likely someone would want to leave the low level control systems intact and just change the desired destination. A solid hack would actually wait until you get to your destination, and then once you send the vehicle to park itself, it instead just goes to the attacker's desired location. Might be a while before you even realized something was up!
It was noted that the Xbox One will accept voice commands from a video the console itself is playing. What happens when someone makes a hyper-targeted Pandora ad that uses your car's voice control function to enter a new destination address? If you are paying attention you will likely notice this, but many people have suggested that at some point you can sleep in your car and wake up at your destination, so even that isn't guaranteed.
No doubt direct control of steering and brakes will be highly locked down, but as you point out that in no way eliminates the possibility for mischief.
I don't need keys, apparently. We had a rash of thefts in my area, and I ran into a cop at the local coffee shop. I asked him about it, and when he found out I had a manual transmission he laughed and said I had nothing to worry about.
Apparently the kinds of thieves who steal mass market cars are mostly younger guys who can't drive stick. Of course all bets are off if you have a classic Bugatti or something along those lines.
I think this is largely a case of too much proprietary technology and "security through obscurity". Open protocols like WPA2 for WiFi are reviewed by many cryptographers even before they're implemented, so any flaws can be quickly discovered and corrected.
Ideally keyless entry would involve being able to buy a generic keyfob which works for any car it's paired with, and the authentication would work with an open protocol much like with WiFi. If people can setup WiFi encryption+authentication, they should be able to setup new keys for their car.
(Personally, I'm not a fan of keyless cars. There's something really satisfying and secure about the feeling of putting a physical key into a lock and unlocking it.)
There are a lot of different things going on here but the article is very vague and may not be reporting anything new. Or perhaps it is.
First off there are two generations of keyless entry systems. The older rolling code system, KeeLoq, was developed by a South African company and bought by Microchip in the '90's- a near full break was widely published in 2004/2005 and tools released a few years later[1]. The newer system is called
HiTag2/3/Pro. Vulnerabilities also exist in HiTag2.
Additionally there is a vehicle immobility device known as Megamos (which Land Rover is known to use) - a break was published last year but an injunction by the UK High Court prevented release of much of the technical details at the time.[2] If criminals are breaking Megamos than this is news. To paraphrase HN user brians: "given sure confidence that there is a vulnerability, skilled security [criminals] can find it very quickly. "
[3]
Most talks and articles that come out focus on Keeloq. It's trivial to capture a packet from the remote when not near the vehicle and replay that packet when near the vehicle to gain access. [4]
Once one has access to the vehicle there is a separate attack on the OBD-II port to start the vehicle. This was a a widely published attack on BMW's involving this.[5]
Also, the equipment required to clone a modern electronic car key is widely available. I personally saw a number for sale in the security malls around Shenzhen. Banning ownership of key-recoders probably won't work as most of this can be done with an SDR. The price for an SDR is about the same as a 3D printer (thousands last year, hundreds this year.) SDR's are already cheaper than most dedicated programmers.[6]
Even though most of the protocols are vulnerable or broken it should be noted they are not ineffective. For instance there was an 88% decrease in theft between the pre-98 and post 98 Honda Civic models which began implementing (broken) anti-theft keys.[7]
I'd prefer a keyless system over the "key with anti-theft chip" alternative. I just had to replace one of these keys for my car and it was over $300 USD. That much for just a KEY that needs to be "programmed." Such a scam by the manufacturer...
I see many people speculate how the cars are being hacked.
In addition to listed attacks there's even easier one and harder to protect against. You basically need two people, one one carries a device and is close to the car. The other wears an antenna and tries to get close to the car owner. They relay information over radio.
They basically use owner's key to open the car.
I'm wondering if this problem could somehow be solved on cryptographic level. But even then I would love if manufacturers would simply provide a switch on the key, which simply turns off the keyless feature.
It doesn't say what the input to the device for programming keys is. Is it the VIN# ? Is there some magic to pairing a key with a car that can be done from outside with the ignition off? There's really nothing here to indicate what one can or can not do to prevent it.
I was wondering the same thing myself. The article made it seem like they just walk to a car, hit a few buttons on a magic box, their fob is now tied to the car, and the car door opens. There's got to be more to it than that.
I can see copying the key if you have the original fob, but then you have the original fob so why bother? Maybe people are doing the simple credit card swipe bit that nefarious retail people have been doing for a while now? I suppose we should stop handing over fobs to valet parking?
If it is as simple as the key being tied to the VIN then we can all just put electrical tape on our car's VIN. I have plenty to spare if someone wants some, I only used a small bit from a new roll to cover the front-facing camera on my laptop.
Many (most) keyless cars don't have an ignition fallback (well, a contact fallback where the fob is inserted into a slot rather than relying on wireless signal is common, but that still requires the fob); most that I've seen have an entry fallback with a mechanical key that is normally kept in the fob.
They usual "valet keys" I've seen are for keyed ignition cars where the valet key works the ignition but not the glovebox lock.
The fob for my car has a valet key of sorts. It's so I can lock the compartments inside the car. I hand over the fob and keep the key. They may easily take the car, but dang if they'll have to work at getting that glove compartment open.
Can't speak for all vehicles, but mine ('10 CTS) has a procedure for programming a new RF fob if you don't have any working fobs to start from. It takes about 1/2 an hour and requires you to put the new fob in a special slot on the center console. It also requires you to activate the ignition switch on and off at some defined interval. I think the idea is that if they make it take a long time it reduces the chances of someone being able to sit there and not look suspicious.
I have a Nissan with "keyless ignition" (push-button start) and it came with two keys and a small piece of metal with a five digit code stamped on it. Apparently if I lose my keys I just need that five digit code to have new keys programmed.
Every couple of month a "newsitem" appears writing about criminals having a "special device" that allows them to unlock cars. In the end, it just turns out the owners forgot to lock their car, lost a key, or the key was simple stolen from their home/pocket.
I remember about 2 years ago there was a media frenzy (at least here in The Netherlands) about criminals having a special device that allowed them to detect whether a car contained a laptop or tablet in the trunk, even if the device was fully turned off! In the end it was found that the thieves simple observed the parking lot and looked for people stashing their laptop bag in their car.
Modern keyless access systems are actually pretty good and cars are much, much harder to "crack" then someones front door. Breaking into a house to get the car keys is usually much more easy to do.
I wouldn't mind being able to start the car just due to the presence of my phone. Just one less thing to carry. And if the phone's what's allowing the car to run, it's a built-in software anti-theft device.
That's "solution" is moronic and lazy.
Instead of changing the car's security systems so they're actually secure, you want to make the security obscure by making key-recoders illegal to even own?
Makes me wonder if this is even really about the thefts or the car manufacturers using the thefts as an excuse to push their competitors out of the market using this new proposed law. If authorised dealerships are the only people who can legally re-code cars/keys then they've just assured themselves a huge business boost.
Plus this law will be ineffective. There is already a law against owning tools designed to break into vehicles ("tools of the trade" laws). But they're largely ineffective at stopping vehicle crime.
Instead they should make the technology entirely transparent and hire some damn cryptographers to design their systems. Double public-key cryptography (e.g. one private key in the car and key-fob respectively) make doing this securely absolutely possible.
Set up an industry group who stores the car's private keys and allows any authorised shop to request them and update them. Store an audit log. If a car gets stolen pull the log and see who requested the private key, then send the bobbies around to sort 'em out.