Go Back   Club Lexus Forums > General Forums > Car Chat
Sign in using an external account
Register Forgot Password?


New cars being targeted by thieves using unknown technology

Reply
 
 
 
 
Thread Tools Search this Thread Display Modes
Old 06-19-13, 09:37 AM   #16
nthach
Lexus Champion
Trader Score: (0)
 
Join Date: Oct 2003
Location: California
Posts: 3,257
Default

Most automotive RFID uses weak 48-96 bit encryption, while some systems can be cracked easily if you know/get the master seed value - GM's systems are known for this.

Honda uses a brake-press bypass system for their immobilizers, anyone with access to Honda's extranet can get access to the brake bypass sequence.
This ad is not displayed to registered members.
Register your free account today and become a member on Club Lexus!
nthach is offline   Reply With Quote
Old 06-19-13, 11:20 AM   #17
RX469
Lexus Champion
Trader Score: (1)
 
Join Date: Feb 2003
Location: Maryland
Posts: 2,047
Send a message via AIM to RX469
Default

What about ramdon 'code-hopping' that aftermarket manufacturers use?
__________________

Wanted: Toyota Back-up camera - Video Rearview Mirror - Air Bag for MR-S or Celica GT-S Steering Wheel
RX469 is offline   Reply With Quote
Old 06-19-13, 01:01 PM   #18
My0gr81
Lead Lap
Trader Score: (0)
 
Join Date: Apr 2008
Location: Ontario
Posts: 652
Default

Quote:
Originally Posted by RX469 View Post
What about ramdon 'code-hopping' that aftermarket manufacturers use?
They used to before RFID, once they impemented RFID, most just use a state counter and the RFID code. As mentioned, the RFID code can be brute forced and the state counter can be assumed, creating an easy subsitution attack scenario.
My0gr81 is offline   Reply With Quote
Old 06-19-13, 01:12 PM   #19
mrraider
Pole Position
Trader Score: (0)
 
Join Date: Apr 2010
Location: Montreal, QC
Posts: 391
Default

Quote:
Originally Posted by My0gr81 View Post
They used to before RFID, once they impemented RFID, most just use a state counter and the RFID code. As mentioned, the RFID code can be brute forced and the state counter can be assumed, creating an easy subsitution attack scenario.
In other words, it's no harder than cracking a WiFi WEP key. The rewards however, are far greater than free **** downloads.
mrraider is offline   Reply With Quote
Old 06-29-13, 03:11 PM   #20
M45owner
Rookie
Trader Score: (0)
 
Join Date: May 2013
Location: USA
Posts: 52
Default

Technology is constantly progressing....I am sure by the time these new "intelli-keys" hit the market on the new cars, there is already a way to get around it. This proves it.
M45owner is offline   Reply With Quote
Old 07-29-13, 11:00 AM   #21
My0gr81
Lead Lap
Trader Score: (0)
 
Join Date: Apr 2008
Location: Ontario
Posts: 652
Default

Here is some more information on the "hack". It seems some automakers aren't keen to see this published in the wild.

http://www.bbc.co.uk/news/technology-23487928
My0gr81 is offline   Reply With Quote
Old 07-29-13, 12:16 PM   #22
Blackraven
Lexus Champion
Trader Score: (0)
 
Join Date: Jan 2005
Location: Makati, Philippines
Posts: 3,148
Default

Quote:
Originally Posted by Joey-E View Post
I got some old technology for thieves
Click the image to open in full size.
^^^
When all else fails, you are free to shoot and kill the perpetrator without hesitation
Blackraven is offline   Reply With Quote
Old 07-29-13, 01:36 PM   #23
1JZPWRD
1JZ Single SC400
Trader Score: (58)
 
1JZPWRD's Avatar
 
Join Date: Jan 2009
Location: Alabama, Roll Tide!
Posts: 8,460
Default

I have always said, if someone wants your car, then they will get it. They have a device for everything out there now, just computer software hacks. Its out there, but we innocent people choose not to think about ways to steal cars, but the idea of how to achieve this own our own, by working hard and saving money at it. Just look what happened to Jessica Barton's MKIV. It was parked outside her condo and was gone in minutes, found hacked up just ten minutes down the road. They found so many of her parts, cut, scattered, and busted.
__________________
1992 SC400, Sleeper..522RWHP - 93 octane, 1JZ, BW S366, Soarer R154, ACT Stage 4, 800cc, DM LW Flywheel, MINZ FPR, 3" Exhaust, HKS CF Slip on, HKS BOV, Tial 44 WG, BC 264 Cams, AEM gauges, AEM V2, MKIV Auto LSD!
Follow my build thread.....http://www.clublexus.com/forums/buil...and-links.html
Jay's Interior....http://www.clublexus.com/forums/sc-4...y-1jzpwrd.html
1JZPWRD is offline   Reply With Quote
Old 07-30-13, 12:14 AM   #24
UpSideDown
Lead Lap
Trader Score: (0)
 
UpSideDown's Avatar
 
Join Date: Jul 2009
Location: SE
Posts: 564
Default Scientist banned from revealing codes used to start luxury cars

http://www.guardian.co.uk/technology...ing-codes-cars


A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.

The high court imposed an injunction on the University of Birmingham's Flavio Garcia, a lecturer in computer science, who has cracked the security system by discovering the unique algorithm that allows the car to verify the identity of the ignition key.

The UK injunction is an interim step in a case launched by Volkswagen's parent, which owns the four luxury marques, against Garcia and two other cryptography experts from a Dutch university.

It complained that the publication could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car". The cars are protected by a system called Megamos Crypto, an algorithm which works out the codes that are sent between the key and the car.

The scientists wanted to publish their paper at the well-respected Usenix Security Symposium in Washington DC in August, but the court has imposed an interim injunction. Volkswagen had asked the scientists to publish a redacted version of their paper Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser without the codes, but they declined.

Volkswagen told the court that the technology they examined was used in a number of its vehicles and other mass market cars manufactured by itself and others.

Garcia and his colleagues from the Stichting Katholieke Universiteit, Baris Ege and Roel Verdult, said they were "responsible, legitimate academics doing responsible, legitimate academic work" and their aim was to improve security for everyone, not to give criminals a helping hand at hacking into high-end cars that can cost their owners 250,000.

They argued that "the public have a right to see weaknesses in security on which they rely exposed". Otherwise, the "industry and criminals know security is weak but the public do not".

It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

The scientists said it had probably used a technique called "chip slicing" which involves analysing a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself a process that costs around 50,000. The judgment was handed down three weeks ago without attracting any publicity, but has now become part of a wider discussion about car manufacturers' responsibilities relating to car security.

The scientists said they examined security on everything from Oyster cards to cars to enable manufacturers to identify weaknesses and improve on them.

Finding in Volkswagen's favour, Mr Justice Birss said he recognised the importance of the right for academics to publish, but it would mean "that car crime will be facilitated". A Volkswagen spokesman declined to comment on the interim injunction.
UpSideDown is offline   Reply With Quote
Old 07-30-13, 01:16 AM   #25
Hoovey2411
Lexus Fanatic
Trader Score: (16)
 
Hoovey2411's Avatar
 
Join Date: Oct 2008
Location: California
Posts: 27,929
Default

Cool, now reveal the codes to unlock my "uncrackable" Lexus ECU
__________________
http://www.clublexus.com/forums/signaturepics/sigpic95774_1.gif
|Version 3.5 |TLN #918|
GIANTS|NINERS|SHARKS|WARRIORS
Hoovey2411 is offline   Reply With Quote
Old 07-30-13, 01:37 AM   #26
UpSideDown
Lead Lap
Trader Score: (0)
 
UpSideDown's Avatar
 
Join Date: Jul 2009
Location: SE
Posts: 564
Default

Quote:
Originally Posted by Hoovey2411 View Post
Cool, now reveal the codes to unlock my "uncrackable" Lexus ECU
Then he will have Toyota after him too.
UpSideDown is offline   Reply With Quote
Old 07-30-13, 01:47 AM   #27
dmvp29
Lead Lap
Trader Score: (0)
 
Join Date: Jun 2007
Location: CA
Posts: 697
Default

The fact that he was able to crack the code is troubling (and useful) in and of itself. Hopefully car manufacturers update their encryption algorithms now.
dmvp29 is offline   Reply With Quote
Old 07-30-13, 02:41 AM   #28
UpSideDown
Lead Lap
Trader Score: (0)
 
UpSideDown's Avatar
 
Join Date: Jul 2009
Location: SE
Posts: 564
Default

I think VW should hire him!
UpSideDown is offline   Reply With Quote
Old 07-30-13, 03:49 AM   #29
Stormwind
Lexus Test Driver
Trader Score: (0)
 
Join Date: Jan 2007
Location: CA
Posts: 1,386
Default

Prediction : dot forces vw to recall every vw, porsche, lamborghini, bentley ever made that is sold in the usa.
Stormwind is offline   Reply With Quote
Old 07-30-13, 04:53 AM   #30
My0gr81
Lead Lap
Trader Score: (0)
 
Join Date: Apr 2008
Location: Ontario
Posts: 652
Default

Repost from here:

http://www.clublexus.com/forums/8063339-post21.html

Perhaps, both threads could be merged. Interesting discussion on the merits that your garage door opener is probably safer than the keyless entry implementation from most car makers. Most all car makers have gone to the easier to implement RFID based system. If that implementation used software provided by the vendor mentioned in the article, because the code was posted online, it is vulnerable to a substitution attack.

Last edited by My0gr81; 07-30-13 at 04:57 AM..
My0gr81 is offline   Reply With Quote
Old 07-30-13, 04:53 AM
 
 
 
 
Reply

Tags
car, entry, forums, hacking, keyless, thief, thieves

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Forum Jump

All times are GMT -7. The time now is 02:28 AM.

Join ClubLexus
Advertising


Copyright © 2000-2008 Internet Brands, Inc. All Rights Reserved
Privacy Policy | Disclaimer | Terms of Use | JOBS


Get all contact info

Content Relevant URLs by vBSEO 3.5.2