New BMW's getting stolen using blank BMW keys
Discussion
The issue imo, is not one of "prevention" but one of "cure".
The simple fact of the matter is that these theives will go to whatever lengths necessary to take your car, because the deterant from doing so is so low. They earn a better living through crime than with a proper job, and our laws are now so lax and impotent that they know they have little to fear.
What ever security is invented, someone will break it, and if they don't, they will just resort to sticking a knife in your face and saying "give us your keys"!
When we get properly "tough on crime" and not the wishy washy lame stasis we have now, things will improve.
The simple fact of the matter is that these theives will go to whatever lengths necessary to take your car, because the deterant from doing so is so low. They earn a better living through crime than with a proper job, and our laws are now so lax and impotent that they know they have little to fear.
What ever security is invented, someone will break it, and if they don't, they will just resort to sticking a knife in your face and saying "give us your keys"!
When we get properly "tough on crime" and not the wishy washy lame stasis we have now, things will improve.
TheEnd said:
I've seen a CAS reader disguised as a mobile phone, and there are quite a few variants out there.
Some even can use the inductive loop in the car for the new programming, but I've yet to see a radio grabber that will do the rolling code tables.
Some even can use the inductive loop in the car for the new programming, but I've yet to see a radio grabber that will do the rolling code tables.
I am not knowledgeable enough to comment personally.
But my Laptop client whom I asked about this then asked me if the software on the BMW is windows based. I said I thought it very probably was. He then said that in that case it must be vulnerable to abuse and almost impossible to secure. Given someone with the time and money to attempt this.
I think that is where the problem lies. As my garage man predicted years ago.
I hope BMW can sort this.
They clearly need to admit the problem. Like Toyota with their drive by wire problem getting admission is the real problem.
Steffan said:
TheEnd said:
I've seen a CAS reader disguised as a mobile phone, and there are quite a few variants out there.
Some even can use the inductive loop in the car for the new programming, but I've yet to see a radio grabber that will do the rolling code tables.
Some even can use the inductive loop in the car for the new programming, but I've yet to see a radio grabber that will do the rolling code tables.
I am not knowledgeable enough to comment personally.
But my Laptop client whom I asked about this then asked me if the software on the BMW is windows based. I said I thought it very probably was. He then said that in that case it must be vulnerable to abuse and almost impossible to secure. Given someone with the time and money to attempt this.
I think that is where the problem lies. As my garage man predicted years ago.
I hope BMW can sort this.
They clearly need to admit the problem. Like Toyota with their drive by wire problem getting admission is the real problem.
Steffan said:
I am not knowledgeable enough to comment personally.
But my Laptop client whom I asked about this then asked me if the software on the BMW is windows based. I said I thought it very probably was. He then said that in that case it must be vulnerable to abuse and almost impossible to secure. Given someone with the time and money to attempt this.
I think that is where the problem lies. As my garage man predicted years ago.
I hope BMW can sort this.
They clearly need to admit the problem. Like Toyota with their drive by wire problem getting admission is the real problem.
contracttor said:
He's talking out of his arse. The windows based portion is for the entertainment and nav only and is on a seperate network to the rest of the vehicle's systems.
The day I saw a crashed ATM showing a memory dump and windows error message was the day I stopped believing people would be so stupid as to run anything mission critical on windows.however I expect it runs a very basic kernel of a unix origin but probably extremely limited more akin to PLC than a proper OS. hence the lack of security when plugging in devices.
if the cars ran a proper OS then this wouldn't be an issue
stuart-b said:
The day I saw a crashed ATM showing a memory dump and windows error message was the day I stopped believing people would be so stupid as to run anything mission critical on windows.
however I expect it runs a very basic kernel of a unix origin but probably extremely limited more akin to PLC than a proper OS. hence the lack of security when plugging in devices.
if the cars ran a proper OS then this wouldn't be an issue
NCR atm's have been running windows for donkeys years, on the whole they are pretty reliable. A duff memory chip wil cause any os to crash as you describe.however I expect it runs a very basic kernel of a unix origin but probably extremely limited more akin to PLC than a proper OS. hence the lack of security when plugging in devices.
if the cars ran a proper OS then this wouldn't be an issue
eliot said:
NCR atm's have been running windows for donkeys years, on the whole they are pretty reliable. A duff memory chip wil cause any os to crash as you describe.
Point being that a desktop based OS isn't exactly suitable - back on topic, security has been ignored in favour of convenience - and now it has come back to haunt them.
Max_Torque said:
The issue imo, is not one of "prevention" but one of "cure".
The simple fact of the matter is that these theives will go to whatever lengths necessary to take your car, because the deterant from doing so is so low. They earn a better living through crime than with a proper job, and our laws are now so lax and impotent that they know they have little to fear.
What ever security is invented, someone will break it, and if they don't, they will just resort to sticking a knife in your face and saying "give us your keys"!
When we get properly "tough on crime" and not the wishy washy lame stasis we have now, things will improve.
Agree 100%.The simple fact of the matter is that these theives will go to whatever lengths necessary to take your car, because the deterant from doing so is so low. They earn a better living through crime than with a proper job, and our laws are now so lax and impotent that they know they have little to fear.
What ever security is invented, someone will break it, and if they don't, they will just resort to sticking a knife in your face and saying "give us your keys"!
When we get properly "tough on crime" and not the wishy washy lame stasis we have now, things will improve.
Saw a programme a few years ago, one that followed cops around with cameras focussing on car crime (can't remember the title) They came across a locked up shed with 2 identical 4x4's at least one of which was stolen and going through the process of being cloned. They eventually collared the owner of said shed and investigations proved he was part of larger gang of car ringers and very heavily involved in the process. Went to court found guilty, what was his sentence? £400 fine. Yeah four hundred quid, probably less than the money he made from ringing one car, absolutely pathetic. Car crime does pay, handsomely.
stuart-b said:
The day I saw a crashed ATM showing a memory dump and windows error message was the day I stopped believing people would be so stupid as to run anything mission critical on windows.
I can't think of a current OS with a GUI of some form that hasn't had a security vulnerability in say the past 3 years. ATM's are basically configure and forget devices so a easy target for hax0r's even if fully patched at initial install it's not as if ATM operators go round applying security patches. The core modules of a car will likely not run a OS but be simplistic PLC type devices, OS wise your likely to find Wind River BSD and QNX as the most popular choices for car devices that need an OS.
If you really want to expand your mind google CANBUS hacking wireless, PLC devices with security vulnerabilities imagine that!
b0rk said:
stuart-b said:
The day I saw a crashed ATM showing a memory dump and windows error message was the day I stopped believing people would be so stupid as to run anything mission critical on windows.
I can't think of a current OS with a GUI of some form that hasn't had a security vulnerability in say the past 3 years. ATM's are basically configure and forget devices so a easy target for hax0r's even if fully patched at initial install it's not as if ATM operators go round applying security patches. The core modules of a car will likely not run a OS but be simplistic PLC type devices, OS wise your likely to find Wind River BSD and QNX as the most popular choices for car devices that need an OS.
If you really want to expand your mind google CANBUS hacking wireless, PLC devices with security vulnerabilities imagine that!
b0rk said:
I can't think of a current OS with a GUI of some form that hasn't had a security vulnerability in say the past 3 years. ATM's are basically configure and forget devices so a easy target for hax0r's even if fully patched at initial install it's not as if ATM operators go round applying security patches.
The core modules of a car will likely not run a OS but be simplistic PLC type devices, OS wise your likely to find Wind River BSD and QNX as the most popular choices for car devices that need an OS.
If you really want to expand your mind google CANBUS hacking wireless, PLC devices with security vulnerabilities imagine that!
I agree, but by OS I simply mean just that - an operating system of the lowest level, without a GUI or any modules not specific to the car. I guess something not unsimiliar to this: http://megatunix.sourceforge.net/ which hooks in to Megasquirt firmware.The core modules of a car will likely not run a OS but be simplistic PLC type devices, OS wise your likely to find Wind River BSD and QNX as the most popular choices for car devices that need an OS.
If you really want to expand your mind google CANBUS hacking wireless, PLC devices with security vulnerabilities imagine that!
The only issue here is the authentication handshaking to the car. A simple public/private key system, as per SSH handshaking, could solve the problem. We use it to connect to secure devices over the Internet, and BMW could keep copies of the private keys internally - doubled up with two factor authentication and there is no way you could "hack" in to the car in the way they are now. The technology is already out there - you login to your Internet banking, and millions login to their servers in this way.
Steffan said:
Good post brings up http://www.caranddriver.com/features/can-your-car-... for me. I do not pretend to understand the detail but it does look a real problem to me.
Good post SteffanOBD-II
THE HACK: The researchers at CAESS wrote a program that searched for and exploited vulnerable communications points where vehicle systems interface. They installed that program onto the car’s CAN bus through the OBD-II port. Once on the network, the program could control every system from the windshield wipers to the brakes. This is the most direct way to hack a car, as it sends code directly to the CAN bus.
THE DEFENSE: Until recently, most of the data sent among vehicle systems had not been encrypted, leaving cars wide open for enterprising hackers. Now, carmakers are starting to adopt routine security protocols from the information-technology field, such as protecting files with digital signatures. “What’s pretty much standard IT is now being applied to the automotive sector,” says Gassenfeit
As you can see they are already on the case-the problem with cars, is that the technology is already a few years out of date by the time the car hits the market, and unlike software, you can't easily just "update" a car. It involves a lengthy recall process. Hence the problem we're faced with today.
stuart-b said:
Steffan said:
Good post brings up http://www.caranddriver.com/features/can-your-car-... for me. I do not pretend to understand the detail but it does look a real problem to me.
Good post SteffanOBD-II
THE HACK: The researchers at CAESS wrote a program that searched for and exploited vulnerable communications points where vehicle systems interface. They installed that program onto the car’s CAN bus through the OBD-II port. Once on the network, the program could control every system from the windshield wipers to the brakes. This is the most direct way to hack a car, as it sends code directly to the CAN bus.
THE DEFENSE: Until recently, most of the data sent among vehicle systems had not been encrypted, leaving cars wide open for enterprising hackers. Now, carmakers are starting to adopt routine security protocols from the information-technology field, such as protecting files with digital signatures. “What’s pretty much standard IT is now being applied to the automotive sector,” says Gassenfeit
As you can see they are already on the case-the problem with cars, is that the technology is already a few years out of date by the time the car hits the market, and unlike software, you can't easily just "update" a car. It involves a lengthy recall process. Hence the problem we're faced with today.
I know in the post 2010 1 Series cars, aftermarket tuners can't 'flash' the ECU via the OBD port because of the enryption, so does this mean that these cars can't be 'hacked' and stolen via the OBD port on the same basis.....???
aeropilot said:
OK..... as a non-IT person, based on the above, am I right in saying that the BMW's this affects would be those with the pre-encrypted MSD's....?
I know in the post 2010 1 Series cars, aftermarket tuners can't 'flash' the ECU via the OBD port because of the enryption, so does this mean that these cars can't be 'hacked' and stolen via the OBD port on the same basis.....???
I wouldn't know, but it would depend if the part of the ECU you can't get in to, controlling the engine also controls pairing of the keys.I know in the post 2010 1 Series cars, aftermarket tuners can't 'flash' the ECU via the OBD port because of the enryption, so does this mean that these cars can't be 'hacked' and stolen via the OBD port on the same basis.....???
The elephant in the room is as far a information security is concerned once you have physical access all bets are off. This still leaves the question how does one get access to the obd port in the first place?
Either a vulnerability in the key transmission is being exploited and needs addressing or it's standard social engineering (signal blocking and relying on people not verifying that the car is locked). If its the former then BMW should be forced to address it. If its the latter then the option to have audible verification turned on should be offered by BMW at reduced cost
Either a vulnerability in the key transmission is being exploited and needs addressing or it's standard social engineering (signal blocking and relying on people not verifying that the car is locked). If its the former then BMW should be forced to address it. If its the latter then the option to have audible verification turned on should be offered by BMW at reduced cost
Gassing Station | BMW General | Top of Page | What's New | My Stuff