Watch Out For People With Laptops Connected By Cable To Your Ferrari

from the yeah-right dept

Wed, May 3rd 2006 12:45pm — Carlo Longino

The latest threat to modern cars -- apparently -- is thieves with laptops who can pick the software locks used by keyless entry systems and steal a car in, oh, 20 minutes or so. It's hard to fathom how too many people could hang out next to a fancy car for 20 minutes with a laptop connected to the car via cable, never mind that attaching said cable to the car's computer would probably require breaking into it somehow. That is, unless they're using Bluetooth, the supposed scorn of cars everywhere. Shouldn't be too long before easily excitable anti-virus firms start announcing exclusive deals to supply regularly updated security software to automakers to deal with all this impending doom.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

SPR, 3 May 2006 @ 12:54pm

Connected Cars
I wonder how long it will be before we have to push on the gas to shut down, or stop!!
[ link to this | view in thread ]
Matt, 3 May 2006 @ 12:57pm

Whoa...
Dude, that's crazy! I gotta learn how to do that...

F430 Modena would be nice I daresay. But how do they manage to interface with the keyless entry system? I didn't think that was possible. Any explanations?

Matt
[ link to this | view in thread ]
Andrew, 3 May 2006 @ 1:09pm

Re: Whoa...
Well....your littel clicker thingy for your car has to interface with the cars systems somehow. Id guess that you could use a PC and broadcast on the same band as the cars keyless entry. You could probably interface with the car that way. Dont actualy know, I am just pulling this out of thin air.
[ link to this | view in thread ]
matt, 3 May 2006 @ 1:25pm

Re: Re: Whoa...
actually as an fyi (I used to sell cars)...the interface is not physical with the car. For the last 5 years or so, even semi-new vehicles have used RF to broadcast the "proper signal" that is specific to each car. So bluetooth? yeah, very easily done.
[ link to this | view in thread ]
alex, 3 May 2006 @ 1:27pm

m$
as long as my car isnt running on windows, i'll be fine. i can imagine it. if i turn on my headlights too soon after turning on the windshield wipers, my car will crash!
[ link to this | view in thread ]
j!, 3 May 2006 @ 1:33pm

Re: m$
Yeah, I hope my car never runs linux. Cant imagine having to run some bash script to start my car or run some funky command to turn on the wipers. And then whataya know it crashes just like windows.
[ link to this | view in thread ]
Hairball, 3 May 2006 @ 1:45pm

Re: Re: m$
hahahahahaha. owned. lmao
[ link to this | view in thread ]
Egat, 3 May 2006 @ 1:51pm

Cabled or Wireless?
The article summary seems to indicate that a cable is needed to connect and crack the keyless entry system. However, the article linked seems to indicate that it is done wirelessly.

If it's wireless then a 20 minute lockout isn't going to do much. Just follow the car you want to steal, park near em, and start up your cracking program. If you've got it set up right, your laptop never even has to be open, and it automatically opens the doors and starts the car once the keyless fob is cracked, you jump in and drive away.
[ link to this | view in thread ]
Carlo, 3 May 2006 @ 2:16pm

Re: Cabled or Wireless?
This confusion merely reinforces the contention that this story isn't all it's cracked up to be. The article I linked to talks about doing it wirelessly, but I'm not sure where that came from. The article upon which it appears to based (and which I didn't link to since it's on a registration-based site) talks only about cables:

"Experts believe the gangs first acquire details on where a car's security data is stored - information that only the manufacturer is supposed to know. They then track a vehicle until they know it will be parked in a secluded area, because they need the time to connect their laptop to the car's computer via cable.

The gang runs software that interrogates the car's chips and sends them the right data to break the security barrier. "At key steps the car's software can halt progress for up to 20 minutes as part of its in-built protection," said Hart."
[ link to this | view in thread ]
Guy looking for a laugh... NVM, just found it, 3 May 2006 @ 2:25pm

Re: m$
LOL I feel your pain. While making jokes about cars and computers... think about a Subaru Tribeca: AOL edition. It clams to have 5.6 MPG, but really has 2.4 (FYI I am refering to connections speeds on dial-up), and when your car sends you a diagnostic via email, it gets hacked into and the email is unsent before you can read it, so when your car breaks down for "no reason", you are suprised.
[ link to this | view in thread ]
plawler, 3 May 2006 @ 2:27pm

Cracking automotive RFID
This was done by some students at Johns Hopkins. Details at:

They connected 16 FPGAs together at a total cost of under $3,500. Texas Instruments provided them with 5 DST tags whose keys they did not know. The 16-way parallel cracker was able to recover all 5 keys in well under 2 hours.
[ link to this | view in thread ]
Daryl Licked, 3 May 2006 @ 2:42pm

keyless entry v. anti-theft no-start
there are 2 different things going on here, one is wireless, one is not. Its not that hard to use an entena to capture a keyless entry transmission, the problem is that the "key codes" revolve. youd hafta capture quite a bit of keyless entry traffic to crack this.
the cable connection has nothing to do with the keyless entry. modern cars use RFID technology to test the key thats in the ignition. if the key is incorect, even if its cut properly, the computer will not allow the fuel injectors to fire. the cable connection theyr refering to is thru the OBD II plug. they hack the cars computer untill it either ignores the securety key procedure, or activates it thru a workaround, allowing the injectors to fire.

Darylicked: ASE certified tech (car hacker)
[ link to this | view in thread ]
Anonymous Coward, 3 May 2006 @ 3:16pm

Pfft. This news is precisely why I don't own a Ferrari! Or, maybe it's my credit score. I can't remember now.
[ link to this | view in thread ]
TuxRacer, 3 May 2006 @ 3:18pm

Re: Re: Re: m$
I'd rather have Linux. It doesn't actually crash, just all the pretty stuff that you look at lock up, you run a couple quick commands in bash and your running full speed again. May take more work, but you don't actually crash and if you know what your doing it'll never freeze anyway.
[ link to this | view in thread ]
Anonymous Coward, 3 May 2006 @ 3:29pm

great
next you'll be driving to work and you car veers of the fwy and you end up at a million different porn shops and some dead sultans house in arabia
[ link to this | view in thread ]
Anonymous Coward, 3 May 2006 @ 3:31pm

Re: Whoa...
the new(er) hi tech cars have blue tooth capability...boom! even PDAs could eventually be used to do it...
[ link to this | view in thread ]
txjump, 3 May 2006 @ 3:42pm

Re: Re: Whoa...
hehehe id like to see the pda that has 16 parallel FPGAs.
[ link to this | view in thread ]
LOLer, 3 May 2006 @ 4:52pm

LOL
The lack of specific instructions and possibilites as to how this may or may not be done reinforces my thought that nobody on this site has the slightest clue as to how you'd go about "hacking" a car...

Again, americans impress me.
[ link to this | view in thread ]
Egat, 3 May 2006 @ 5:12pm

Re: Re: Cabled or Wireless?
OK, thanks for the clarification from Carlo and Daryl Licker.

The details are incredibly sketchy (Carlo's quotes seem to be all there is). It sounds like the thief is purchasing info on how to put the car security into a factory diagnostic mode of some kind, which might explain the 20 minute lockout. The second article seems to indicate they've got control of the security system at that point and can do as they please with the car.

Just another reason not to trust security-by-obscurity systems, not that any more were needed.
[ link to this | view in thread ]
Varekai, 3 May 2006 @ 5:19pm

Well
At least you wont have to worry about your brakes locking up in the middle of driving and not being able to stop. You can just use ctrl + Alt + delete
[ link to this | view in thread ]
nunya, 3 May 2006 @ 6:12pm

Re: Re: m$
Well, if you have issues with scripts and require "funky commands" to run things, chances are you screwed them up and crashed it yourself. Probably from lack of RTFMs. Oh well, it's not for everyone.. My CarPC is running Linux and doesn't crash, even with WiFi, a touchscreen display, GPS.

I guess configuring something yourself, knowing how it's supposed to work and what is needed, is possibly better than letting some software decide what's best for my application. Then again, that can't be right. Look at how secure Windows is by default.

Again, not for everyone.... Just don't bash something simply because you find it difficult.
[ link to this | view in thread ]
Liz, 3 May 2006 @ 6:12pm

Connected cars
In some areas of Denver it is a lot easier, we witnessed a guy with a brand new Ferrari get out at a busy local shopping center, go into a restaurant - and leave the keys in the car with the car running and the windows down - he was gone about 10 minutes. Amazing no one nicked it!
[ link to this | view in thread ]
Chris Maresca, 3 May 2006 @ 6:22pm

Re: m$
Hope you don't own a BMW with I-drive, because that is Windows CE (or whatever the call it today).

http://www.microsoft.com/presspass/press/2002/Mar02/03-04BMWpr.mspx

Matter of fact, BMW is not the only manufacturer using Windows CE, so are Citroën, DaimlerChrysler, Fiat, Honda, Hyundai, Toyota and Volvo.

http://www.microsoft.com/presspass/press/2006/jan06/01-05InfotainmentExperiencesPR.mspx

Aftermarket wise, Alpine, Kenwood and Panasonic all use MS in their products.

No one uses Linux in cars yet AFAIK, although Tom Tom's Navigator uses Linux.

Chris.
[ link to this | view in thread ]
Chris Maresca, 3 May 2006 @ 6:30pm

Re: Re: m$
Let me clarify my own comment, no OEM uses Linux in cars, AFAIK. I have a car PC in one of my cars and it runs Linux, as did the MPEG DIN headend back in the day.

That said, there are also a lot of car PCs running Windows, and many more using Windows as part of an OEM ICE system.

Chris.
[ link to this | view in thread ]
Anonymous Coward, 3 May 2006 @ 6:31pm

Re: Re: m$
If the car is to complicated for you, just get a bicycle. From your post it sounds like that would be just about your speed...
[ link to this | view in thread ]
Anonymous Coward, 3 May 2006 @ 7:24pm

Re: Re: m$
I had to reboot my car twice .. nothing.
So I rebooted once more in safe mode and push the car all the way home.
[ link to this | view in thread ]
chucklesjh, 3 May 2006 @ 7:51pm

I can see it now....Ferrari, cars running on Windows. Or maybe VW running on Linux or OSX... What happens when there is a BSOD or a Kernel Panic while driving?
[ link to this | view in thread ]
Darknet, 3 May 2006 @ 8:11pm

Hacking cars, the next generation eh.
[ link to this | view in thread ]
Autozone Employee, 3 May 2006 @ 8:30pm

RE: keyless entry v. anti-theft no-start by Daryl
where everyone gets there facts i have no idea.
it seems that almost all of this is made up information :)

heres some thats true. the OBD II connector on a car doesnt have an input section... the pins simply A. send a 12v 15amp power supply through 1 pin. B. ground through another pin. and C. the rest are just to send specific singals to whatever device is connected.

what specific singals are sent?

if the ECM (the car's computer, which is _always_ buried under the hood) has detected any problems with the car, it stores that problem as a number... p0301 being a cylinder 1 misfire, p1428 being a ford specific transimssion speed sensor malfunction.

nothing can be sent to the ecm through this connector.
and plus, the connector itself is under the driverside dash.

point being, if anyone can physically hook up a cable to a car's computer, they either have the keys, or they broke in to it. (or broke the hood latch and found the ecm)

there just simply is no way this is possible through wires.
[ link to this | view in thread ]
Chris Maresca, 3 May 2006 @ 9:27pm

Re: Re: Re: m$
Well, you might be surprised, but most cars actually have a 'safe' mode. It's called 'limp home' mode and occurs when certain sensor go out of range. It generally allows the engine to run, but restricts power/revs.

Often, the car will display 'restricted performance' or some such on the status display or trip computer. Sometimes this condition can be cured by disconnecting the battery (the car equivelant of a reboot) for a certain mount of time (usually more than an hour). It can always be cured by hooking up an ODB2 scanner and reseting the DTCs (Diagnostic Trouble Codes) to zero, although they may return if it's a chronic (and real) problem, much like a computer reboot won't cure a hardware problem...

Cars, much more like desktop computers than you think, there's even a large group of car geeks hacking said cars....

Chris.
[ link to this | view in thread ]
Chris Maresca, 3 May 2006 @ 9:40pm

Re: RE: keyless entry v. anti-theft no-start by Da
That's not true. Most OBDII interfaces are bi-directional (how else would you reset codes?), although there are always manufacturer specific extensions.

Otherwise, things like re-configuring cars so that satnav can be retrofited would be impossible (like this http://www.navplus.us/). If you know the particular codes needed to reconfigure your car's systems (like turning off the 'door locks on movement' in mine), then you can use generic ODBII PC-based software (like this http://obddiagnostics.com/) to change things.

Chris.
[ link to this | view in thread ]
Anonymous Coward #7, 3 May 2006 @ 11:45pm

Duh...
I don't see why they don't just break in, personally. You'd have to spend 20 valuable minutes hacking (hacking quietly, but slowly) then jump in and hack some more to get it going without the key, or hotwire it.

If I were a car thief, I'd stick to physical hacking.
[ link to this | view in thread ]
Anonymous Coward, 4 May 2006 @ 7:46am

Re: LOL
"The lack of specific instructions and possibilites as to how this may or may not be done reinforces my thought that nobody on this site has the slightest clue as to how you'd go about "hacking" a car..."

You expect someone to give you instructions on how to do this on Techdirt? Get a clue. The people who know how to do this want to keep it as secretive as possible so that others don't cut into their profits. The ones who don't know how to do this, can't post specifics. The news won't supply details as there would be an outbreak of car thefts if they did!
[ link to this | view in thread ]
Daryl Licked, 4 May 2006 @ 10:23pm

Re: RE: keyless entry v. anti-theft no-start by Da
A quaint reminder as to why you should never trust the diagnosis of an "autozone employee". i do know specifics on how to "hack" ignition systems. i just worked on a benz last week with an intermitent no start due to an onboard security system. There is a tremendous amount of bi-directional control through an OBD2 interface. dont believe me? "auto-zone" even sells "chip upgrades" for Ford and GM that are nothing more than software fed thru the OBD port to increase horsepower through transmission and fuel/ignition controls. yeesh
[ link to this | view in thread ]
dodgetech2, 6 May 2006 @ 2:19pm

Re: RE: keyless entry v. anti-theft no-start by Da
You are incorrect...data most certainly can be sent thru the DLC....That connector is used to update controllers..if you have a bi-directional scan tool, you can send info all day long to any module on the bus...right thru the DLC....(data link connector)
[ link to this | view in thread ]