I’ll stick to my kill switch.

The lesson to be learned from this article? Buy cheap cars. Like cory said in the previous message, “who would want a keyless car anyway?”.

Kiltak
[Geeks Are Sexy] Tech. News

pay no attention to line 10. This is just a secret message for terrorists using public posts for their instructions. Please citizen, go about your business.

Pay no attention to comment #13.

That is just what they want you to think!

“While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.”

The writer shows his ignorance of information security here. Security through obscurity has been proven to be useless. It IS possible to build cryptographically secure systems that are not defeatable even if the attacker knows how the system works.

The failure of the auto manufacturers to design their computer systems securely is horrible, but not really suprising. It did take them fifty years to include seatbelts…

The Israelites are terrorists. Everyone just steriotypes the muslims as terrorists when that is like saying all Americans love George Bush and are fat, and drive huge gas guzzlers( ok maybe thats true for most). Israel routinely bombs Palestine. They are such idiots, even with Americas help they still lost the Gaza Strip.

Ooh, looks like we have some allah-heiling neo nazis here.

Point of order: it wasn’t Hitler who came up with the idea of labeling Jews with identifying tags. Mohammed wrote that into the Koran. Hitler just thought it was a good idea.

Any religion based on a piece of racist trash like the Koran ought to be got rid of ASAP.

Now if they could just perfect the ability to wirelessly assume control of the a-hole’s car that just cut you off in traffic so you force his car to make a right turn off the bridge…

Why am I not suprised? Now your car can be stolen in broad daylight and no one would know or care. Park next to the car, crack it, and get in it like you own it.

BTW, comment #1 is pretty stupid. A kill switch can be found by any decent theif in less than 30 seconds, or completely bypassed in the same amount of time.

There will always be a way to steal car. In big cities it’s not uncommon for a car theif to just use a Flat bed truck. Easiest way to get around ANY security or alarm system.

Sometimes, i still trust cars with conventional keys. The more complex it is, everything tends to be even easier to be decoded.

Agree with 16. Its *pretty* stupid if they havent designed with hackers in mind.

Gumibears on fingerprint pads. Please. If you pay 100k for a vehicle Im pretty sure the recognition tech will be better then your $15 Micro$hit reader.

Eitherway, anything is breakable. The titanic sunk, file sharing still exists, and where there is a will there is a way.

“When building this kind of a system, it’s tough to make reasonable defaults. For example, how many times should it take before you pause the authentication engine? How long should it pause? 20 minutes doesn’t seem long, but if you consider that someone with a powerful enough transmitter could send deliberately false authentication codes to try and make everyone’s cars lock out in a crowded parking lot at the mall during Christmas rush. All of a sudden, 20 minutes seems reasonable in comparison to 1 hour.”

If the system were cryptographically sound, there would be no need to have any pause, because there would be so many possible codes that it would take beyond the age of the universe to find the correct code.

The first and most obvious answer is to make the range of the system very short, less than a foot. A thief standing next to the driver’s door of an expensive car, laptop in hand, would be kind of obvious.

Cars a lot cheeper than a Camry also offer keyless entry.

Keyless entry is fairly common these days (getting moreso). Hopefully keyless theft will not!

Poor Technology?

As a computer scientist, I find it difficult to understand why any laptop can foil the encryption (or unencrypted byte sequence for that matter) in under 20 minutes. Properly encrypted, long byte sequences should take considerable time (years if encrypted) to crack.

Well,
the thing is. . .

I think these wireless systems (at least the weaks ones) work in a one-way and without variation. Am I right?
If so, the encryption wouldn’t work. Once it’d no matter to the theif.

A solution I’d consider would envolve a two-ways dialog. I mean, not only the car receives the data, but also the mobile device receives and works on it.

For example:
To open the door:
1st. mobile tells the car that the user wants to open the door and the time (maybe with an obscure offset) is xyz (sync would be made necessary) in an encrypted way
2st. car sends to the mobile device the time set on it and checks if it matter (and if anything strange happens the mobile device could tell it’s owner that someone is trying to open the door if it isn’t that away from it)
3st. mobile device check the data against a token in it and finally tell the car to open it if the data transmiter pass.
4st. car checks the data and, if ok, tell the mobile device that it’s going to open the door, waits for a tiny time to get the response (in a way like TCP of the TCP/IP), if the mobile says ok, it opens. If it doesn’t, it doesn’t open.

Both the car and the remote device could have a log of its activites and could check one against the other if necessary. . .

Lots of good points above.

The “One-Time Pad” is the only true, 100% uncrackable (when used correctly), encryption cypher. It was developed many years ago (1917) and was even used to a large extent in WWII. If this method of encryption was used, we would only have to be concerned about those rogue tow-truck operators.

One of the interesting comments from the article reads, “While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands”. This is called security-through-obscurity, and should be a warning sign to anyone that something is not secure at all (as opposed to simply having weak security). There are many very secure systems whose entire inner-workings are fully disclosed to the public. It is that disclosure that helps such systems start out strong and stay strong with respect to security.

All the computer professionals who want to work for GM’s automotive division, raise your hand!

(Toyota, maybe, but it’s in the South)

We need to go back to standard keys . In the old days it only took 60 seconds. Now with these new fangled gadgets I have to bring my lunch.

The best security to go with keyless enrty is to get a Trunk Monkey!

I have a keyless car and it’s great for when you in a hurry. from a distance I can unlock the doors and start the car. I think if the thiefs get the same frequency as the transmitter then who cares what computers can do to cars?

If someone wants to steal a car they will. They will find a way, no matter what security you have.

Pay no attention to comment to comments 45 and 51. These are just secret messages for terrorists using public posts for their instructions. Please citizen, go about your business.

SEI QUE COM A GLOBALISAÇÃO E O ALMENTO DA CAPACIDADE DE IMAGINAÇÃO ESTAMOS EVOLUINDO TECNOLOGICAMENTE E AO MESMO TEMPO SOFRENDO AS CONCEQUENCIAS DE TAL EXITO, QUE DEIXAR BEM CLARO QUE COM TANTA TECNOLOGIA E RIQUESAS PRA POUCOS SER� O MEIO DE VIDA PARA OS MARGINAIS TAMBEM, ESTAREM SE ESPECIALIZANDO ALMENTANDO ASSIM A MARGINALIDADE OS GRANDES EMPRESARIOS ESTÃO ESQUECENDO QUE, INVESTIR EM TECNOLOGIA E NÃO INVESTIR EM MENOS GRIMES NÃO É UM BOM NEGÓCIO. OBRIGADO

ready?

Well, I make no claims to being a security expert, but if this gets more and more popular, a scenario where an attacker is trying to hack the key must become easier with a caryard full of vehicles with these keyless sytems.
I know the numbers are spectacularly large on guessing a decent-length key, but if there are say 50 cars within range which respond to the same format of RF or whatever wireless system is used, each key attempted would have a chance on all of them simultaneously, yeah? So still 20mins between attacks, but it increases your odds somewhat, surely.
Further, what if an attacker wandered into a car-park somewhere likely to have expensive vehicles parked in it regularly (preferably the same vehicles), and installed a recording device that logged signals from nearby vehicles/keys? Simply rebroadcast…

I want buy this key

hola