Welcome to the North American Subaru Impreza Owners Club Thursday July 31, 2014
Home Forums WikiNASIOC Products Store Modifications Upgrade Garage
NASIOC
Here you can view your subscribed threads, work with private messages and edit your profile and preferences Home Registration is free! Visit the NASIOC Store NASIOC Rules Search Find other members Frequently Asked Questions Calendar Archive NASIOC Upgrade Garage Logout
Go Back   NASIOC > NASIOC General > News & Rumors > Non-Subaru News & Rumors

Welcome to NASIOC - The world's largest online community for Subaru enthusiasts!
Welcome to the NASIOC.com Subaru forum.

You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, free of charge, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!

If you have any problems with the registration process or your account login, please contact us.
* Registered users of the site do not see these ads.
Reply
 
Thread Tools Display Modes
Old 03-15-2011, 05:12 AM   #1
AVANTI R5
Scooby Guru
 
Member#: 73805
Join Date: Nov 2004
Default Trojan-Horse MP3s Could Let Hackers Break Into Your Car Remotely,


Hacked dash: Researchers have previously shown they can take control of a carís dashboard display, among other systems.
Credit: Center for Automotive Embedded Systems Security

Quote:
Researchers who have spent the last two years studying the security of car computer systems have revealed that they can take control of vehicles wirelessly.

The researchers were able to control everything from the car's brakes to its door locks to its computerized dashboard displays by accessing the onboard computer through GM's OnStar and Ford's Sync, as well as through the Bluetooth connections intended for making hands-free phone calls.

They presented their findings this week to the National Academies Committee on Electronic Vehicle Controls and Unintended Acceleration, which was brought together partly in response to last year's scandal over supposed problems with the computerized braking systems in Toyota Priuses.

The team, including Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, and Stefan Savage, a professor of computer science at the University of California, San Diego, had previously shown that they could take control of a car's computer systems, provided that they had physical access to the vehicle's onboard diagnostics portóa federally mandated access point located under the dashboard in almost all modern cars.

With the new work, the researchers systematically analyzed ways they could get at a car's computer systems without having physical access. They used a 2009 mass-production sedan equipped with fewer computer systems than many high-end cars. For each attack that succeeded, they confirmed that they could take complete control of all of the car's internal computer systems.

The researchers attacked the car's Bluetooth system, which allows a driver to make hands-free cell-phone calls. They found a vulnerability in the way the Bluetooth system was implemented that allowed them to execute code to take control of the car. To do this, the researchers used a smart phone already paired with the car or found a way to illicitly authorize a new smart-phone connection.

Nowadays many cars come equipped with cellular connections that perform safety functions, such as automatically calling for help if the driver is in a crash. The researchers found that they could take control of this system by breaking through its authentication system. First, they made about 130 calls to the car to gain access, and then they uploaded code using 14 seconds of audio. The researchers also found other ways to gain access, for example via the car's media player.

"We were surprised to find that the attack surface was so broad," Kohno says, referring to the wide variety of ways the researchers were able to gain access to the car's computer systems.

The team analyzed possible attack scenarios as well. For example, they showed that high-tech car thieves could search for desired models of cars, identify their locations, and unlock them, all without any forced entry. They could conduct malicious surveillance, such as forcing a car to send out its GPS location at regular intervals. They could also sabotage a car, by disabling its brakes, for example.
http://www.technologyreview.com/computing/35094/page1/
* Registered users of the site do not see these ads.
AVANTI R5 is offline   Reply With Quote
Old 03-15-2011, 07:32 AM   #2
MrSaabaru
NASIOC Supporter
 
Member#: 74709
Join Date: Nov 2004
Chapter/Region: MWSOC
Location: Fort Wayne-ish
Vehicle:
2007 Solstice
05 Yamaha R6 & 04 Saab 93

Default

that's just scary. i guess it was inevitable, but i never even thought about wireless connectivity + complicated onboard computers = trouble.

Maybe Toyota will now blame corporate espionage instead of floor mats.
MrSaabaru is offline   Reply With Quote
Old 03-15-2011, 08:43 AM   #3
mpaone
Scooby Specialist
 
Member#: 3
Join Date: Jun 1999
Chapter/Region: South East
Location: Alfretter Geeoja
Vehicle:
2012 Geeteeeye
and 71' VW Gulf Beetle

Default

I knew this was coming. As soon as they announced they could remotely disable or unlock doors I thought hackers will get in.

The scariest part is what it could do to surrounding cars as well... could you imagine disabling a car traveling at 80mph on a major highway?

IMO we don't need GPS tracking, remote start, emergency calling or any of the other stuff provided by ONstar and similar companies. We've done perfectly fine for the 100 plus years without it.

-Mike.
mpaone is offline   Reply With Quote
Old 03-15-2011, 09:32 AM   #4
MrSaabaru
NASIOC Supporter
 
Member#: 74709
Join Date: Nov 2004
Chapter/Region: MWSOC
Location: Fort Wayne-ish
Vehicle:
2007 Solstice
05 Yamaha R6 & 04 Saab 93

Default

especially now that our cell phones can do so much of that stuff and leave the car alone. i've always been a mapquest printout person, but that's just because i'm too cheap to pay even a dollar or two for GPS on my phone. but this could be another reason. i've always been a firm believer in the KISS plan for cars. the simpler the better.
MrSaabaru is offline   Reply With Quote
Old 03-15-2011, 01:50 PM   #5
ezparts
Scooby Specialist
 
Member#: 10555
Join Date: Sep 2001
Location: MPK, CA
Vehicle:
2004 STi
Blue

Default

when will we see McAfee for cars?
ezparts is offline   Reply With Quote
Old 03-15-2011, 02:39 PM   #6
SCRAPPYDO
Scooby Guru
 
Member#: 873
Join Date: Feb 2000
Chapter/Region: TXIC
Location: Just outside of Houston TX
Vehicle:
2013 F150 King Ranch
Datsun 71 240Z & 68 2000

Default

All that crap designed to make you safe, really does not. All that government mandated BS, through short sighted legislation, WILL come back and bite your butt off. This is typical, and completely expected. Granted Onstar is not government mandated, but this is the kind of crap that comes about.

now we will be forced to pay for car hacking security software.
SCRAPPYDO is offline   Reply With Quote
Old 03-15-2011, 02:55 PM   #7
MrSaabaru
NASIOC Supporter
 
Member#: 74709
Join Date: Nov 2004
Chapter/Region: MWSOC
Location: Fort Wayne-ish
Vehicle:
2007 Solstice
05 Yamaha R6 & 04 Saab 93

Default

^^^ I sometimes think regulation is a good idea, but sometimes I agree wholeheartedly. The biggest one I hate is tire pressure monitoring. It seems to be an overreaction to the Ford/Firestone fiasco. Any tire leak slow enough to be picked up by a monitoring system is slow enough to be picked up by looking at your tires before you drive, and by actually paying attention to how it feels.

Most of the safety stuff I agree with like a lot of the mechanical stuff, seatbelt retractors, pressure sensors on auto up windows, etc., but some go too far.
MrSaabaru is offline   Reply With Quote
Old 03-15-2011, 03:09 PM   #8
Lboogie
Scooby Specialist
 
Member#: 171611
Join Date: Feb 2008
Chapter/Region: BAIC
Location: Silicon Valley
Vehicle:
2014 FiST
Blk

Default

Research and Real World are way different, don't go mudding your shorts just yet kids.
Lboogie is offline   Reply With Quote
Old 03-15-2011, 03:30 PM   #9
Dr.Evol500
Scooby Newbie
 
Member#: 251919
Join Date: Jul 2010
Chapter/Region: MWSOC
Location: Columbus, OH
Vehicle:
2009 WRX Wagon
PSM

Default

This, among other reasons, is why I have REFUSED to buy a car with OnStar or a similar system.
Dr.Evol500 is offline   Reply With Quote
Old 03-15-2011, 03:38 PM   #10
wrxsubaru
Scooby Specialist
 
Member#: 65133
Join Date: Jun 2004
Chapter/Region: NWIC
Location: Seattle
Default

Quote:
Originally Posted by Lboogie View Post
Research and Real World are way different, don't go mudding your shorts just yet kids.
One thing I can guarantee you are if this research team was able to do it, a lot of other people could too. They used no "special" tools and were pretty surprised at how low the security threshold was for the car they were using. There are huge gaps as shown in automotive security. This does not mean its super easy, or it could be done as you drive by a person on the road but most cars have almost no security in terms of their ECU permissions.
wrxsubaru is offline   Reply With Quote
Old 03-15-2011, 03:48 PM   #11
manticus
Scooby Specialist
 
Member#: 162857
Join Date: Oct 2007
Chapter/Region: W. Canada
Location: Calgary, AB
Default

Quote:
Originally Posted by SCRAPPYDO View Post
All that crap designed to make you safe, really does not. All that government mandated BS, through short sighted legislation, WILL come back and bite your butt off. This is typical, and completely expected. Granted Onstar is not government mandated, but this is the kind of crap that comes about.

now we will be forced to pay for car hacking security software.
Are you in the wrong thread scrappy? None of the electronic doodads like Bluetooth, OnStar, GPS, and remote unlocking are mandated by government standards.

If you're forced to pay for car hacking security software then that is the most capitalistic result of private sector technology development. You can't have your cake and eat it too.

Last edited by manticus; 03-15-2011 at 05:54 PM.
manticus is offline   Reply With Quote
Old 03-15-2011, 04:01 PM   #12
samagon
Scooby Guru
 
Member#: 26859
Join Date: Oct 2002
Chapter/Region: TXIC
Location: undisputed COMBAT! champion
Vehicle:
of TXIC
I also like (oYo)!!!!

Default

being someone who owns a BT adapter for my obd port, I am very aware that this is a potential threat.

it really is a big deal if someone can get in.

but, it's not like it takes a second to find, connect and browse to what you need. even if there is a program someone has to execute what you want, it will take time to browse for available BT devices, then pair. at least 30 seconds. maximum distance for connection is pretty short range as well. so you figure a hacker would need to be next to you to connect and execute. unless you are in traffic how many people do you sit right next to?

and then when you are in traffic, well, it's a question of how many people the hacker has spacial access to in order to connect and execute.

it's not like the internet where if your computer is on, it is always connected. it isn't a very practical way to hack is all I'm saying.
samagon is online now   Reply With Quote
Old 03-15-2011, 04:54 PM   #13
chazly413
Scooby Specialist
 
Member#: 151079
Join Date: Jun 2007
Chapter/Region: MAIC
Location: College Park, MD
Vehicle:
2005 2.5RS RBP
motec system exhaust-RIP

Default

This thing cited an inconsistency between the blue tooth and the onboard computer led to the exploit.. Why are these two systems even connected at all? Remove that connection, problem solved.
chazly413 is offline   Reply With Quote
Old 03-15-2011, 05:58 PM   #14
Optimus Prime
Scooby Specialist
 
Member#: 69847
Join Date: Sep 2004
Location: Cybertron
Vehicle:
2010 Evolution X

Default

Wen the tuning world no how difficult it is to communicate with an ECU. Look at the amount of R&D that Cobb does. It's not going to be as easy as described.

And the thing about hacking via Bluetooth? Really? It takes me 15 minutes to setup my stupid phone. And seriously, they were able to "execute code", so there is a compiler built in to my ECU. Finally I can play Duke Nukem Forever on my fuel gauge.

This article was written for the part of the population that will believe anything.
Optimus Prime is offline   Reply With Quote
Old 03-15-2011, 06:00 PM   #15
samagon
Scooby Guru
 
Member#: 26859
Join Date: Oct 2002
Chapter/Region: TXIC
Location: undisputed COMBAT! champion
Vehicle:
of TXIC
I also like (oYo)!!!!

Default

Quote:
Originally Posted by chazly413 View Post
This thing cited an inconsistency between the blue tooth and the onboard computer led to the exploit.. Why are these two systems even connected at all? Remove that connection, problem solved.
one would imagine that they would be separate systems, but with radios having speed sensing volume, only allowing for certain control when not moving, and that sort of thing, it does make a modicum of sense that they are integrated, why have redundant sensors, when that data is fed to the computer anyway?

one thing where this could be useful, is for yourself, if your car has a 'black box' mechanism that keeps a record of the last minutes events (or so), if you learned how to hack that, you could have a program on your phone that you connect to the system via BT to execute and you could have any parameters loaded into the 'black box' that you wanted....

I was going 50mph, then boom! the dealership looks, and there's record of the car traveling 50mph on a freeway, not making hard corners on a track, because in addition to changing the parameter for the speed, you also adjusted the GPS location...

I couldn't see this being used by someone maliciously against you on a freeway, or at a stoplight, but this could be very useful...
samagon is online now   Reply With Quote
Old 03-15-2011, 07:20 PM   #16
GDB FAN
Scooby Guru
 
Member#: 105814
Join Date: Jan 2006
Chapter/Region: NWIC
Vehicle:
two V8's..
'murica

Default

Quote:
Originally Posted by Optimus Prime View Post
This article was written for the part of the population that will believe anything.
Not really.

Non-tech savvy readers might find stuff like this incredibly intimidating while others find it interesting.
Personally I love iPhone, facebook and the like but understand the pros and cons of having those luxuries. That's why when things like that do fail, my whole world doesn't come crashing down.

Knowing stuff like this exists makes you wonder what kind of precautions are out there and just how dependent we are on them.
GDB FAN is offline   Reply With Quote
Old 03-15-2011, 07:22 PM   #17
MrSaabaru
NASIOC Supporter
 
Member#: 74709
Join Date: Nov 2004
Chapter/Region: MWSOC
Location: Fort Wayne-ish
Vehicle:
2007 Solstice
05 Yamaha R6 & 04 Saab 93

Default

Quote:
Originally Posted by manticus View Post
Are you in the wrong thread scrappy? None of the electronic doodads like Bluetooth, OnStar, GPS, and remote unlocking are mandated by government standards.
You'd be surprised what the government puts standards on. For example, anything with wireless connectivity has that ancient, ubiquitous FCC certification on it. that includes radios, cellular tech, and bluetooth devices. There are all kinds of other gov regs that cover all the features in cars that aren't popular knowledge too. especially when there are things that the customer might not know about, or things that can be accidentally activated, i.e. cruise control stalks have audible click requirements and minimum force requirements for pushing the button to activate your cruise control. I'm not sure what the requirements for these features are, but don't assume they aren't there just because we don't know them and common sense says they aren't regulated.

Quote:
Originally Posted by samagon View Post
but, it's not like it takes a second to find, connect and browse to what you need. even if there is a program someone has to execute what you want, it will take time to browse for available BT devices, then pair. at least 30 seconds. maximum distance for connection is pretty short range as well. so you figure a hacker would need to be next to you to connect and execute. unless you are in traffic how many people do you sit right next to?

and then when you are in traffic, well, it's a question of how many people the hacker has spacial access to in order to connect and execute.

it's not like the internet where if your computer is on, it is always connected. it isn't a very practical way to hack is all I'm saying.
Quote:
Originally Posted by Optimus Prime View Post
Wen the tuning world no how difficult it is to communicate with an ECU. Look at the amount of R&D that Cobb does. It's not going to be as easy as described.

And the thing about hacking via Bluetooth? Really? It takes me 15 minutes to setup my stupid phone. And seriously, they were able to "execute code", so there is a compiler built in to my ECU. Finally I can play Duke Nukem Forever on my fuel gauge.

This article was written for the part of the population that will believe anything.
None of us are professional thiefs. who's to say what can happen if you park the car at a mall, and somebody has something we don't know about. Not everything shuts off in your car, not even the higher-level computers. It's not just your radio's clock that keeps going when the car is off. And cobb is trying to get an engine tune to run right. Much different than some simple command like 'disable kill-switch'. Plus the ECU isn't the only computer in cars. I worked with some of the electronics at chrysler, and the cluster controlled many other things, sometimes windows, blinkers, the starter, door locks, who knows what else. it's not the same for every car, based on what that company prefers. I'm not saying this article is possible, or even probable, but it's not like it doesn't pass the laugh test.

Quote:
Originally Posted by chazly413 View Post
This thing cited an inconsistency between the blue tooth and the onboard computer led to the exploit.. Why are these two systems even connected at all? Remove that connection, problem solved.
Quote:
Originally Posted by samagon View Post
one would imagine that they would be separate systems, but with radios having speed sensing volume, only allowing for certain control when not moving, and that sort of thing, it does make a modicum of sense that they are integrated, why have redundant sensors, when that data is fed to the computer anyway?
It's been a while since i had a job even remotely related to this, but I know that sometimes a single module controls nearly all wireless communication in the vehicle, so that's another thing that ties a bunch of systems together, even if the driver thinks they're all separate. avoiding redundant systems, like you mentioned. no need to pay for a bunch of wireless things. I bluetooth might not be, but i'm sure there's at least one wireless object that doesn't escape by enough degrees of separation. Plus, bluetooth isn't the only way this article said the car could be hacked. it's believable that a dirty mp3 could put a virus on your car, that makes the car's computer open it up to outside control of the computers. I've heard of microsoft zunes being infected with viruses from the same thing. an audio player is an audio player for some things.
MrSaabaru is offline   Reply With Quote
Old 03-16-2011, 03:06 AM   #18
elirentz
Scooby Specialist
 
Member#: 70082
Join Date: Sep 2004
Chapter/Region: South East
Location: charleston, sc
Vehicle:
2005 sti, 02 s2000
88 944 beater

Default

There's another page to the article that states it took 10 researchers 2 years to accomplish this and they said they still feel comfortable driving their cars.

What this does is expose the vulnerabilities to the car companies so they can tighten up the security.
elirentz is offline   Reply With Quote
Old 03-16-2011, 10:57 AM   #19
OrbitalEllipses
Scooby Guru
 
Member#: 178811
Join Date: Apr 2008
Chapter/Region: MAIC
Location: MoCo
Vehicle:
2013 WRB BRZ
:banana:

Default

It took 10 researchers 2 years to make this presentation, is VERY different from 10 researchers taking 2 years to hack a car. We all knew this day would come. Hacking isn't even that "difficult" these days as you can download a program to inspect data going through wireless traffic (unencrypted of course, which should be a crime).
OrbitalEllipses is offline   Reply With Quote
Old 03-16-2011, 01:24 PM   #20
samagon
Scooby Guru
 
Member#: 26859
Join Date: Oct 2002
Chapter/Region: TXIC
Location: undisputed COMBAT! champion
Vehicle:
of TXIC
I also like (oYo)!!!!

Default

Quote:
Originally Posted by MrSaabaru View Post
None of us are professional thiefs. who's to say what can happen if you park the car at a mall, and somebody has something we don't know about.
absolutely, which is why the BT connector I plug in the OBD port is always disconnected (it stays on even if the vehicle is off, and it does allow minimal connection to the ECU, I'd imagine it's only a matter of knowing the right PID to open the door locks).

Anyway, in order for someone to connect to the car there has to be a connection method. wired, or wireless. unless they break the windows to connect via the OBD (to unlock the doors), wireless is the only option. The question is, is the installed BT responsive when the car is turned off?

Quote:
Originally Posted by MrSaabaru View Post
It's been a while since i had a job even remotely related to this, but I know that sometimes a single module controls nearly all wireless communication in the vehicle, so that's another thing that ties a bunch of systems together, even if the driver thinks they're all separate. avoiding redundant systems, like you mentioned. no need to pay for a bunch of wireless things. I bluetooth might not be, but i'm sure there's at least one wireless object that doesn't escape by enough degrees of separation. Plus, bluetooth isn't the only way this article said the car could be hacked. it's believable that a dirty mp3 could put a virus on your car, that makes the car's computer open it up to outside control of the computers. I've heard of microsoft zunes being infected with viruses from the same thing. an audio player is an audio player for some things.
one conceivable possibility is:

1. you run infected MP3, it only does one thing, makes BT always on.
2. park in mall parking lot.
3. thief cruises lot for BT.
4. ???
5. profit (for thief)!!!

but, the point is, that without some way to access the system, there is no possible way for the system to be compromised (think of a computer, take off all the spyware, all the virus scanners, open all the ports, turn on NETDDE, turn on every possible entry point for a hacker, then unplug it from any networks, no matter how easy it would be to hack, this computer will never be compromised, simply because it is inaccessible).

even in the above possible scenario, it would take a lot of luck on the part of the thief. How many people store and play MP3s in/on their car? How many of those people are going to be somewhere that the thief can find?

It's an issue of time. When a thief that is sophisticated enough to make these programs, and hack CANBUS to unlock some car doors to steal, or whatever, they are also presumably sophisticated create a program that hits millions of computers, phishes for an open port, then cracks in and scans for passwords, or CC numbers.

you could hit millions of computers a day doing that, or you can drive around a mall parking lot all day spending up to a minute next to each car in hopes that one of them has an MP3 you made, so that you can hack the BT and gain access to the car. it just doesn't make practical sense. even if you could scan lets go big and say 10 cars a minute, that's 60 cars an hour, and assuming you are an industrious thief, you put in 10 hour days, that's only 600 cars you can try and gain access to in one 'thief day' of work.

there's a lot easier ways to steal cars than that. and there's a lot more 'efficient' use of a sophisticated thief's time than driving around mall parking lots.

possible, yes, practical, definitely not.
samagon is online now   Reply With Quote
Old 03-16-2011, 01:46 PM   #21
manticus
Scooby Specialist
 
Member#: 162857
Join Date: Oct 2007
Chapter/Region: W. Canada
Location: Calgary, AB
Default

Quote:
Originally Posted by MrSaabaru View Post
You'd be surprised what the government puts standards on. For example, anything with wireless connectivity has that ancient, ubiquitous FCC certification on it. that includes radios, cellular tech, and bluetooth devices. There are all kinds of other gov regs that cover all the features in cars that aren't popular knowledge too. especially when there are things that the customer might not know about, or things that can be accidentally activated, i.e. cruise control stalks have audible click requirements and minimum force requirements for pushing the button to activate your cruise control. I'm not sure what the requirements for these features are, but don't assume they aren't there just because we don't know them and common sense says they aren't regulated.
Oh, sorry - I didn't mean to imply that the devices themselves were not regulated, I'm just not aware of how government has mandated the usage of bluetooth phones, remote unlocking, etc. and how they would be to blame for the security gaps that may or may not exist.
manticus is offline   Reply With Quote
Old 03-16-2011, 02:05 PM   #22
samagon
Scooby Guru
 
Member#: 26859
Join Date: Oct 2002
Chapter/Region: TXIC
Location: undisputed COMBAT! champion
Vehicle:
of TXIC
I also like (oYo)!!!!

Default

Quote:
Originally Posted by manticus View Post
Oh, sorry - I didn't mean to imply that the devices themselves were not regulated, I'm just not aware of how government has mandated the usage of bluetooth phones, remote unlocking, etc. and how they would be to blame for the security gaps that may or may not exist.
they're not, and the fears that are raised should be nothing new.

how long have keyless entries been around? those are supposed to foolproof as well, but I can absolutely promise you they are defeat-able with the right software/hardware, and have been for years, but we're safe and comfortable with them.

but now that someone can possibly use that same system of entry to gain access to the computers in our cars, it's all scary again. not really.
samagon is online now   Reply With Quote
Old 03-16-2011, 02:06 PM   #23
MrSaabaru
NASIOC Supporter
 
Member#: 74709
Join Date: Nov 2004
Chapter/Region: MWSOC
Location: Fort Wayne-ish
Vehicle:
2007 Solstice
05 Yamaha R6 & 04 Saab 93

Default

Quote:
Originally Posted by manticus View Post
Oh, sorry - I didn't mean to imply that the devices themselves were not regulated, I'm just not aware of how government has mandated the usage of bluetooth phones, remote unlocking, etc. and how they would be to blame for the security gaps that may or may not exist.
Yeah, I don't know what they are either. But i wouldn't be surprised if their desire for an automotive black box, or some overreaction to a malfunction here or there has put something like this in place. again, i haven't had a job where i'd care about this in about 4 years, maybe 5. nothing related to automotive electronics has stayed stagnant that long, especially audio/info/connectivity related.

Quote:
Originally Posted by samagon View Post
but, the point is, that without some way to access the system, there is no possible way for the system to be compromised (think of a computer, take off all the spyware, all the virus scanners, open all the ports, turn on NETDDE, turn on every possible entry point for a hacker, then unplug it from any networks, no matter how easy it would be to hack, this computer will never be compromised, simply because it is inaccessible).

even in the above possible scenario, it would take a lot of luck on the part of the thief. How many people store and play MP3s in/on their car? How many of those people are going to be somewhere that the thief can find?

It's an issue of time. When a thief that is sophisticated enough to make these programs, and hack CANBUS to unlock some car doors to steal, or whatever, they are also presumably sophisticated create a program that hits millions of computers, phishes for an open port, then cracks in and scans for passwords, or CC numbers.

you could hit millions of computers a day doing that, or you can drive around a mall parking lot all day spending up to a minute next to each car in hopes that one of them has an MP3 you made, so that you can hack the BT and gain access to the car. it just doesn't make practical sense. even if you could scan lets go big and say 10 cars a minute, that's 60 cars an hour, and assuming you are an industrious thief, you put in 10 hour days, that's only 600 cars you can try and gain access to in one 'thief day' of work.

there's a lot easier ways to steal cars than that. and there's a lot more 'efficient' use of a sophisticated thief's time than driving around mall parking lots.

possible, yes, practical, definitely not.
Nobody here or in the article was saying that it's practical yet, or at least not how i read it. I thought the point was that everybody should be made aware of the possibility now, to design in safeguards before some development in computers, hacking and communications software makes this easier. with radios already able to read MP3 cds, and a LOT of companies having hard drives for photos, audio, GPS info, etc., it isn't that unbelievable.

As to what responds when the car is off, I don't know. I know that some stuff stays on for a while then shuts off, some stuff never shuts off, and some things will turn back on when you pull the handle even on a locked door.

It's believable to me, even though i haven't yet thought of how, that the system that handles those keyless systems, especially with the newer passive systems where a key in your pocket is good enough, can be hijacked somehow through any of the other systems. Again, i'm not saying any of this is practical, or even possible. I just think the article is an interesting bit of info to think about.

Plus my response was to the people who were saying it was basically for gullible people and a waste of ink.
MrSaabaru is offline   Reply With Quote
Old 03-16-2011, 02:27 PM   #24
arghx7
Scooby Specialist
 
Member#: 232940
Join Date: Dec 2009
Location: cold
Default

sounds like some internet fear mongering
arghx7 is offline   Reply With Quote
Old 03-16-2011, 03:38 PM   #25
samagon
Scooby Guru
 
Member#: 26859
Join Date: Oct 2002
Chapter/Region: TXIC
Location: undisputed COMBAT! champion
Vehicle:
of TXIC
I also like (oYo)!!!!

Default

Quote:
Originally Posted by MrSaabaru View Post
Nobody here or in the article was saying that it's practical yet, or at least not how i read it. I thought the point was that everybody should be made aware of the possibility now, to design in safeguards before some development in computers, hacking and communications software makes this easier. with radios already able to read MP3 cds, and a LOT of companies having hard drives for photos, audio, GPS info, etc., it isn't that unbelievable.

As to what responds when the car is off, I don't know. I know that some stuff stays on for a while then shuts off, some stuff never shuts off, and some things will turn back on when you pull the handle even on a locked door.

It's believable to me, even though i haven't yet thought of how, that the system that handles those keyless systems, especially with the newer passive systems where a key in your pocket is good enough, can be hijacked somehow through any of the other systems. Again, i'm not saying any of this is practical, or even possible. I just think the article is an interesting bit of info to think about.

Plus my response was to the people who were saying it was basically for gullible people and a waste of ink.
kk, I'm with you.

as I said in an above post though, I think the normal remote keyless systems have been possible to break for years with the right tools.

I guess I just see this as a non-article, a fluff piece, it's like the articles that say "ipad holds 80% of the tablet market!" well of course it does, it's been the only game in town until just a few months ago.

I would imagine that it would be obvious by now to everyone that anything that has a method of being connected to has a potential to be compromised. Yet people still seem to be astonished by this, such as it never occurred to them that this could ever happen.
samagon is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
real friends break into your car! TheLegacy New England Impreza Club Forum -- NESIC 18 11-10-2005 07:17 PM
Bad to let your car remote start every few hours?? The Modaholic New England Impreza Club Forum -- NESIC 6 01-12-2004 01:57 AM
thanks to everyone who tried to help me break into my car today at the autox jmott Texas Impreza Club Forum -- TXIC 3 08-12-2001 01:59 PM


All times are GMT -4. The time now is 12:04 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Powered by Searchlight © 2014 Axivo Inc.
Copyright ©1999 - 2014, North American Subaru Impreza Owners Club, Inc.