Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  That One Guy (profile), 12 Aug 2016 @ 11:42am

  
  

  What's the harm?

  So one exploit allows you to unlock the vehicle, another allows you to start it, what possible use could those two exploits have to anyone with nefarious intent?

  [ link to this | view in chronology ]

  • 

    afn29129 (profile), 12 Aug 2016 @ 11:56am

    
    

    Re: What's the harm?

    Staring the VW while it's inside someone's garage. Carbon monoxide, etc.

    [ link to this | view in chronology ]

    • 

      SpaceLifeForm, 12 Aug 2016 @ 2:07pm

      
      

      Simple solution

      Outlaw garages.

      [ link to this | view in chronology ]

  • 

    Ninja (profile), 12 Aug 2016 @ 12:09pm

    
    

    Re: What's the harm?

    Terrorists will mass start vehicles all over the world to cause a combo of global warming and shortage of hydrocarbons. Unless the evil empire of the West embraces some God.
    
    TERROR!
    
    Ahem.

    [ link to this | view in chronology ]

  • 

    Anonymous Coward, 12 Aug 2016 @ 12:15pm

    
    

    Re: What's the harm?

    We need to make a law to stop these criminals from doing the crime!

    [ link to this | view in chronology ]

    • 

      mcinsand, 12 Aug 2016 @ 12:34pm

      
      

      going after the criminals

      >>We need to make a law to stop these criminals from doing
      >>the crime!
      
      First, we need to criminalize the addition of backdoors. Then, we go after those that either intentionally add the backdoors or abuse official powers to coerce companies to add backdoors. Finally, lock said criminals up, as appropriate. As for the lock holding the criminals in cells, no backdoors and whether or not the key is thrown away depends on how many people have security undermined by said backdoors.

      [ link to this | view in chronology ]

• 

  Mason Wheeler (profile), 12 Aug 2016 @ 11:44am

  
  

  BRB. Shorting VW...

  [ link to this | view in chronology ]

  • 

    Vidiot (profile), 12 Aug 2016 @ 1:44pm

    
    

    Re:

    You've got a BUNCH of shortin' to do... the researchers apparently disclosed to VW (who has responded energetically) late last year, but is still working through the disclosure-and-response process with several other manufacturers.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 12 Aug 2016 @ 3:08pm

      
      

      Re: Re:

      Well, that does not surprice me at all. I have a very strobg feeling this sort of hack will soon be extended to ALL cars sold since 1995. I mean, serioulsy, can you really expect an encryption scheme developed to work in a car in 1995 stand any chance against modern computers?
      
      Good thing though, I am sure it is easy to just update your fob and car with the upcoming security update!

      [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Aug 2016 @ 11:55am

  
  

  As bad as this is, it's limited by the technology of the time. Today's vehicles have the potential for more harm.

  [ link to this | view in chronology ]

  • 

    Ninja (profile), 12 Aug 2016 @ 12:14pm

    
    

    Re:

    You mean like almost every vehicle produced by VW till 2016 wouldn't rely on a 10-yr-old+ security scheme? Would it? Derp.

    [ link to this | view in chronology ]

  • 

    Jason, 12 Aug 2016 @ 12:19pm

    
    

    Re:

    According to the linked article, the problem affects "close to all the 100 million" vehicles sold in the last twenty years. Only the most recent (basically, current) model years of some cars are not affected.

    [ link to this | view in chronology ]

• 

  Capt ICE Enforcer, 12 Aug 2016 @ 11:56am

  
  

  Not what you think.

  Hey guys, this is not a back door. More like a passenger side door. Where they can get in, but the consumer is still behind the wheel. So it is a okay.

  [ link to this | view in chronology ]

• 

  Anon E. Mous (profile), 12 Aug 2016 @ 11:56am

  
  

  Somewhere in a corner office at the FBI James Comey's eyes are welling up with tears of joy that his message on how backdoors are needed is finally coming to fruition

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 12 Aug 2016 @ 1:51pm

    
    

    Re:

    What about those of us who prefer a hatchback?

    [ link to this | view in chronology ]

• 

  DannyB (profile), 12 Aug 2016 @ 11:57am

  
  

  Look at it another way

  They're just trying to help police / FBI get into people's cars without a trace. For example, when you are in your car, the door is locked and the police are screaming / demanding to search your car for no stated reason.
  
  If Apple would be as cooperative as VW, then the police / FBI could search your phone too.
  
  And VW's backdoor unlock technique would never be abused. Hear that Apple! (sarcasm)

  [ link to this | view in chronology ]

• 

  Ryunosuke (profile), 12 Aug 2016 @ 12:02pm

  
  

  this is why i don't drive hatch-backs

  [ link to this | view in chronology ]

• 

  Ninja (profile), 12 Aug 2016 @ 12:12pm

  
  

  They didn't use that Magic Unicorn Powder (TM) produced by pixies. That's why they failed. But our implementation of the Magic Gate (TM) with a Golden Key (TM) will be flawless. - Law enforcement

  [ link to this | view in chronology ]

• 

  hegemon13, 12 Aug 2016 @ 12:14pm

  
  

  Simple, really

  VW just needs to make sure the backdoor key only works for good guys. Duh.

  [ link to this | view in chronology ]

  • 

    DogBreath, 12 Aug 2016 @ 12:24pm

    
    

    Re: Simple, really

    I prefer the Mr. Bean method of car security myself.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Aug 2016 @ 12:14pm

  
  

  It's easier and cheaper to pay lawyers to suppress unwelcome news...

  Than it is to, you know, ACTUALLY DO YOUR JOB. At least until the customer lawsuits start in earnest. Then it's easier and cheaper to pay off politicians to change the laws so that you're not liable...

  [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Aug 2016 @ 12:30pm

  
  

  VW needs to nerd harder

  Sounds like VW needs to nerd harder. We all know you can have back doors/golden keys that can only be used by the good guys.

  [ link to this | view in chronology ]

• 

  Glen Foster, 12 Aug 2016 @ 12:37pm

  
  

  But of course we all know how well suing someone will keep that information secret. I mean no one has ever heard of the Streisand effect, right?

  [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Aug 2016 @ 12:41pm

  
  

  One good thing!

  One good thing out of this: we now have a real-life car analogy for encryption backdoors!

  [ link to this | view in chronology ]

• 

  BentFranklin (profile), 12 Aug 2016 @ 12:59pm

  
  

  All they need to do is make reverse engineering something illegal.

  [ link to this | view in chronology ]

  • 

    That One Guy (profile), 12 Aug 2016 @ 1:19pm

    
    

    Re:

    With DRM that's close to already being the case. If you have to break or remove the DRM to have access to the core code in order to reverse engineer it then doing so is illegal.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 12 Aug 2016 @ 1:54pm

      
      

      Re: Re:

      That's why I let the Library of Congress or Archive.org remove the DRM for me. Once that's removed, I'm in the clear for personal use :)

      [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Aug 2016 @ 2:15pm

  
  

  Nerd Harder

  "In other words, VW created a backdoor, and assumed that it would remain hidden. But it did not."
  
  VW did NOT nerd hard enough.

  [ link to this | view in chronology ]

• 

  bob, 12 Aug 2016 @ 3:11pm

  
  

  if it isn't broke don't fix it.

  I know that most readers here focus a lot on security. However, there is a lot of other considerations that need to be made when designing a larger system of systems.
  
  Using the same key for every car is silly from a security point of view. However when designing and manufacturing a product you can't only consider security as the most important thing.
  
  If they used different keys that would also mean needing to maintain different copies of the firmware or at least track which car has which key. Manufacturers also might need to have access to keys. Then if VW has to issue a recall for a firmware update it becomes a bigger hassle for repairmen, owners, manufacturers.
  
  In the end maintaining multiple keys over 20+ years might be more expensive than issuing out a blanket update later on or replacing the car's parts if needed.
  
  Security costs money but the company might lose more than money if crap hits the fan.
  
  I think in this particular case VW was just being lazy because it hadn't been broken for so long they figured it was okay.
  
  Just some stuff to consider.

  [ link to this | view in chronology ]

  • 

    John Fenderson (profile), 12 Aug 2016 @ 3:19pm

    
    

    Re: if it isn't broke don't fix it.

    "If they used different keys that would also mean needing to maintain different copies of the firmware or at least track which car has which key. Manufacturers also might need to have access to keys."
    
    Ummm, no.

    [ link to this | view in chronology ]

  • 

    James T (profile), 12 Aug 2016 @ 4:33pm

    
    

    Re: if it isn't broke don't fix it.

    Yeah that's a nope, not how this stuff works.

    [ link to this | view in chronology ]

  • 

    Anonymous Coward, 12 Aug 2016 @ 8:11pm

    
    

    Re: if it isn't broke don't fix it.

    Physical keys: Unless you get a new set of locks installed, the manufacturer can look up your car and find the correct key code, and manufacture a new key from that. Had to get a NEW key made to the old code for my car because the key I had for the driver's door was no longer working on the trunk due to 25 years of wear.
    
    Any digital keys would require no significant additional database storage. And you can bet your boots that they do indeed retain (digital) key information. Any changes to the key (or fob) required by firmware updates would be retained as well ... and the firmware update would be added to the record for your car.
    
    As the data is stored per-car, the firmware portion of the key can be varied per car as well.
    
    Remember that this attack captures the "user" portion of the key via the fob. So long as the firmware key is not varied per-car, a simple dictionary attack will crack the car open easily.
    
    Heck, if the key size is small enough, you can brute force it even if they vary it per-car. Especially as you have the fob's key already.
    
    ... or you can simply gain access to the manufacturer's database and game over, man.
    
    Whose bright idea was it to make your car radio controlled in the first place?

    [ link to this | view in chronology ]

    • 

      John Fenderson (profile), 12 Aug 2016 @ 10:26pm

      
      

      Re: Re: if it isn't broke don't fix it.

      No firmware changes are required to support each car having a unique key. Also, there is no technical reason why the car manufacturer would have to have a record of the key that goes with each car.
      
      "So long as the firmware key is not varied per-car, a simple dictionary attack will crack the car open easily."
      
      This isn't correct. Most remote car unlockers use a rotating key system or a computational exchange, specifically to foil dictionary attacks or attackers sniffing the unlock signal to reproduce it. There are a few different ways this is done, some better than others, but the net effect is that a different key is needed for each unlock.

      [ link to this | view in chronology ]

      • 

        art guerrilla (profile), 13 Aug 2016 @ 6:24am

        
        

        Re: Re: Re: if it isn't broke don't fix it.

        VW: Officer Donut, arrest that man ! ! !

        [ link to this | view in chronology ]

  • 

    Anonymous Coward, 13 Aug 2016 @ 12:11am

    
    

    Re: if it isn't broke don't fix it.

    If they used different keys that would also mean needing to maintain different copies of the firmware or at least track which car has which key.

    
    They already do that, as each car comes with a unique key for the purchasers use.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Aug 2016 @ 7:30pm

  
  

  When tech fails sometimes you have to KISS

  Eh.. can't you just pull the fuse for the power locks and use the key as was originally intended. Isn't that why most cars have a physical key lock on the driver side door?

  [ link to this | view in chronology ]

• 

  Jeffrey Nonken (profile), 12 Aug 2016 @ 11:27pm

  
  

  Shooting the messenger has been an accepted method of dealing with problems for millennia, and is just as effective now as it was on the first application.

  [ link to this | view in chronology ]

• 

  Jigsy (profile), 13 Aug 2016 @ 2:01pm

  
  

  >Volkswagen Created A 'Backdoor' To Basically All Its Cars [...]
  
  I believe they call it the trunk...

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 14 Aug 2016 @ 2:33am

    
    

    Re:

    Yes, although that is recent. In the old days, before it was leaked, they used to call it the hood.

    [ link to this | view in chronology ]

• 

  Kryxx, 15 Aug 2016 @ 7:54am

  
  

  This was planned, they needed a way to remotely flip the VW Beetle back over by popping the trunk!

  [ link to this | view in chronology ]

• 

  maisiewilliams (profile), 28 May 2020 @ 4:36am

  
  

  Want to find out if your used car is stolen?

  CarDotCheck is a UK Car History Check Web Portal, that specialises in generating car history reports for used cars such as outstanding finance, written-off, keeper history, <a href="https://cardotcheck.co.uk">stolen car check</a> and much more.

  Visit: <a href="https://cardotcheck.co.uk">Stolen Car Check</a>

  Find out if your car is stolen

  [ link to this | view in chronology ]