Sooo they have been stealing Infiniti's from my area recently with relative ease allegedly by using a Bluetooth obd2 reader connected to an android tablet running a pirated copy of some Nissan service tech software.
Nobody from any of the Infiniti groups is 100% certain how they are doing it, but the best theory out there is above.
Just the other night, a crew of dudes stole 3 Q50’s from my neighborhood with relative ease.
Well for one thing the OBD port shouldn’t be designed so that it has direct access to any useful CAN bus. It should go to a gateway that requires authentication to do anything except read OBD, and all of the IDs that you are allowed to send should be whitelisted.
The issue people are mentioning with the headlights is easily solved by just moving the starter CAN to its own CAN bus between the immobiliser and the ECU (physically isolating the headlights), which costs about $5 total and requires no crypto unless thief is willing to cut the car nearly completely in half.
(The problem with crypto is the $10 safety MCUs used all throughout cars are only like 20MHz and they can’t really do the 2000+ crypto ops/sec on top of their current workload. Also the tooling support for crypto ATM is really poor in the model based design tools that are used for this safety relevant SW)
BTW I personally don’t believe that anything that involves cutting into a vehicle is negligence of anyone. I mean, from my perspective, anyone can just pop the hood and drive the car with their own BYO ECU. It’s just a hunk of metal and once you start cutting it up you can make it do whatever you want.
Yes, the simplest solution sometimes really is the right one. Cheaply isolate sensitive targets from easily accessible areas. Your $5 solution is enough to avert these issues, and makes the attack a lot more expensive. The job is to find a "lever" where you only have to put in a little effort (say $5 worth) but which causes the thief to have to put in a lot of effort (cutting the car in half). The better the "lever", the safer the design.
I agree fully with this, except for the fact that this then makes devices like the Comma (comma.ai) impossible. The hacker in me really wants to be able to send steering signals by plugging something into my car :)
The solution is not that complicated, just route the wiring harness on a location not easily accessible from the exterior of the vehicle. There’s nothing that can stop thieves just delay them enough to increase their risk to be discovered.
See all that time the thief spends near the drivers side headlight? The headlights are on the can bus, if you can tap a couple wires in there the cars is yours.
Genuine question - why do headlights need to be on the main CAN bus? Could they not be operated from somewhere closer to the ECU by wires that just carry power and maybe some very simple data lines?
I can see fiberoptics, but wireless just wouldn't be reliable. There are too many sources of noise in a car, plus rush hour traffic with dozens (hundreds?) of cars nearby broadcasting on similar frequencies.
It may be something as stupid as a wiring harness layout optimization. You can put the headlights controller at the headlights and only run a single set of CAN bus wires (which are probably in that area anyways), haven't played with CAN I assume they are fairly few and fairly thing gauge, through the firewall of the car.
There are usually two can buses a car, a slow one and a fast one. The slow one controls the lights, infotaiment, climate, etc, while the fast one controls the ECU, driver assist, all related to driving.
All CANBUS packages that are useful to drive a car should be encrypted using a public/private key that is in the owner key. Decryption chips are cheap and fast.
Maintenance is a big key management problem though: if only the owner has it, there will be problems when people inevitably lose it. If there are shared keys for service departments or databases, thieves will get access to them.
Things like time-limited on-demand keys can limit those problems but now you can’t get your car serviced when Toyota’s servers go down and they need to commit to not breaking API compatibility for multiple decades.
In the old days, most or all car companies had the ability to look up the bitting code to cut a replacement key (the mechanical kind) from the car's VIN. There's no reason they can't do the same with an encryption key.
Of course they'd need to do a good job securing that database since inappropriate access to it would make stealing cars very easy.
There is a very good reason that isn't possible/analagous to traditional rekeying.
Mechanical keys are not secure. They can be reproduced with basic skills. That's why there used to be a giant key cutting industry where much of the business was car keys (Thanks, GM.)
The whole idea of CA PKI and all modern TPM architecture on devices is that they CAN'T be reproduced or replaced in context without massive effort that would make the intended use moot; IE replacing the TPM and associated on both the key and car. This would require some bureaucratic pointless process to prove your identity, and it would be very expensive and frustrating, and completely at the manufacturers will.
Further, if the car CPU could allow this, it would be >.0001 second before theives use the same exact tools that the manufacturers use. This is basically what's happening now with current NFC/Radio Keyfobs. Basic access to existing cpu through canbus makes NFC/Radio moot.
Most modern keys already have cryptographic rfid transponders which must be in place to turn off the Immobilizer system.
Unfortunately, Immo can be trivially disabled/bypassed/reprogrammed on many cars using the canbus or odb2 interface.
Also trivially editable in many ICUs is the mileage, airbag (crash) history, etc.
The main vector is that this data typically exists alongside performance parameters and user data like registered keys and fobs, so is accessible either by catching the ecu in bootup/program mode, by buffer overrun attacks, or often just by asking nicely.
This is basically doable by anyone who can to chip tuning or ECU remaps. It’s technical, but not that technical. Many ECUs require JTAG access inside the ECU housing or even desoldering the serial flash chip, but many do not.
I just bought a whole setup for this from AliExpress for about 100 dollars and it’s worked well for me so far, just a specialised JTAG adapter with some cables really.
Pretty sure if you wrote drivers for chip tuning software to use a buspirate it would work just as well if not better.
The manufacturer should maintain a root cert that can be used. If that root cert is compromised then they should have a way of rotating keys if the vehicle and physical keys are present. Breaches then constitute what amounts to a software recall, putting the onus on the manufacturer to report them or be held liable for thefts. The recall notice puts the liability on the driver to have their vehicle updated (for free) in a timely fashion.
The situation doesn’t need to be as strict as #2: you could have a way for a registered service shop to get a per-device rekey by shifting some liability to them. Making it per device prevents bulk usage and an active communication with the manufacturer would mean the cops could ask the owners of a shady auto shop some questions when 80% of the stolen cars in the area are being rekeyed at a place the owners have never been to. I lost a car key once and the locksmith who showed up checked my drivers license against the title database because he could have been penalized for unlocking a vehicle without doing so - we could make the same model work electronically because while car thieves are anonymous, legitimate repair shops have a business presence and reputation to preserve. Even someone amoral isn’t going to look the other way for something which will cost them their primary revenue stream.
I don't think that the dealer equipment being used to steal cars today is coming from dealers where management is knowingly engaging in car theft. It is other people who are misusing those tools. There are many hundreds of thousands of people who work at dealerships, and many do not care about their employers reputation. Also, many dealerships are broken into.
Yes, which is why I suggested a combination of measures to change that. An active per-device transaction would make it clear when a dealer’s access is being misused, and if it affects their business viability it would turn out that they could do a better job of controlling access. Hundreds of thousands of people work at banks, too, and many of them do not care about their employers but thefts from customer accounts are rare because the companies are incentivized to set appropriate safeguards. There’s no reason why car repairs couldn’t be the same other than that it costs more than what they’ve been doing, and there aren’t strong enough incentives for them to take on those costs.
What would that look like in reality? Expecting dealerships to have the same physical security, procedures, and security vetting of a bank? There's already a shortage of workers in these roles, now we want the guys busting their knuckles on vehicle repairs to have a good credit score and good background check and perform elaborate opening and closing procedures with a buddy system? Storing tools in a vault?
I really don't see how any of this is merited or reasonable, especially when the vast majority of the cars being stolen in my neighborhood are either stolen with the keys or with a tow truck.
Require resets to be initiated and authorized by the F&I department, whose security and KYC processes should already be substantially similar to those of other institutions that regularly approve $50,000+ loans.
1. As a result, we'll see costs like losing the keys to a rental car go from a $250-500 fee to a $2500-5000 fee, due to the additional costs to process and the additional loss of use.
2. Criminal rings that steal high value cars will go from often using tow trucks, to exclusively using tow trucks.
3. The number of cars stolen via stolen keys will remain unchanged.
Yes, the key itself will be more secure, but I'm not really sure it will actually improve anything. More security is not better if the costs do not create real-world results.
Your second point is leaving out a lot: there’s no way adding a requirement that you have heavy equipment and a skilled operator isn’t going to reduce the number of thefts, and those trucks are in more limited supply and easier to track than a small tablet. They’re also way less stealthy so there’s a lot more time to get caught.
The third point may be true for classic theft but would not be true for the growing category of thefts caused by abusing wireless keys. If you can’t easily get a new key, the resell value for that car is going down dramatically.
Commercial tow trucks are not hard to get in many places, but it is also not required to tow a car. There are many consumer oriented solutions for towing a car. Tow dollies are about $40 to rent in my city. Or if you're a thief, trailers aren't hard to steal either.
> If you can’t easily get a new key, the resell value for that car is going down dramatically.
Most of the vehicles that are stolen for resale are high value and sent overseas to parts of the world where the labor cheap to do something like entirely rip out all of the security components. I don't really think that these criminals will stuff a G-wagon in a shipping container for $100,000 but they won't do it for $80k or $90k.
> Commercial tow trucks are not hard to get in many places, but it is also not required to tow a car. There are many consumer oriented solutions for towing a car. Tow dollies are about $40 to rent in my city. Or if you're a thief, trailers aren't hard to steal either.
Again, it’s possible but do you really think there isn’t even one thief who lacks easy access to a tow truck or will be caught firing up noisy equipment at 3am but not if they fumble around in their pocket while walking up to a car? Not a single teenager looking to joyride won’t give up if it’s harder than the Kia video they saw on Tik Tok?
Similarly, yes, people will still steal vehicles and ship them overseas but the more work they do the lower the resale market and value will be, and that will make it less tempting since you’d only be able to sell to people who are content never getting service from the manufacturer. Even if we assume that there are countries with skilled technicians and effectively no law enforcement, only something like 10-15% of stolen vehicles are shipped according to U.S. officials so even if you wrote those off entirely you would have plenty of room to improve by reducing the majority of thefts which never leave the country.
There's different categories of criminal here who are willing and able to do different things to different types of cars.
> Again, it’s possible but do you really think there isn’t even one thief who lacks easy access to a tow truck or will be caught firing up noisy equipment at 3am but not if they fumble around in their pocket while walking up to a car?
Canbus attacks, OBDII reprogrammers, and similar are typically pretty intrusive, they require cutting into fender liners, removing lamps, busting a window, or otherwise gaining physical access to the bus. They also require specialized tooling and expertise that are harder to get than the tools which physically move vehicles.
The one that might be an exception, and some savvy street criminal might be able to get their hands on is a tool to do is a relay attack, which is usually good enough to steal belongings from a car, but generally not capable of stealing the car.
> Not a single teenager looking to joyride won’t give up if it’s harder than the Kia video they saw on Tik Tok?
Definitely not. Vehicles with immobilizers are essentially never stolen by joyriders unless they have also stolen the keys.
> Even if we assume that there are countries with skilled technicians and effectively no law enforcement, only something like 10-15% of stolen vehicles are shipped according to U.S. officials
Yes, and almost all of the other ones either just lack immobilizers, or the thief also stole the keys.
Simply requiring the dealers to take seriously ownership validation and track which workers used the reset system (no shared logins, etc.) would do most of it.
The result of that may be that losing a key is financially devastating enough that it totals many vehicles. And/or if the odometer and other local storage is affected, that may cause permanent title issues for the car.
The number of people who lose their keys vastly dwarfs the number of people who are having their car stolen with a flipper zero.
It has to be hard enough it can't be done in the street (without getting attention), but maybe it could be easy enough to do in a garage.
But even if it is expensive, the result would be that either people with take more care, or they'll lose their car.
Maybe it's not a bad thing that people who can't manage a key are less likely to be on the roads - or that its more likely they lose access to their car then it ends up in the hands of criminals. A car can be a dangerous thing, even an inexpensive one.
Yes, but this wouldn't prevent dangerous street criminals from stealing cars. Many of them steal the keys with the car. They go down to the gas station, and wait for an old lady with a nice car to pull up to the pump, and when she hops out they hop in.
The criminals doing more skilled attacks typically aren't joyriding or using it to commit other crimes, they typically doing it for financial gain: they want the car, its contents, or its parts.
Ultimately the overlap between the violent street criminals and those skilled at attacking digital security systems is not much.
> But even if it is expensive, the result would be that either people with take more care, or they'll lose their car.
The entire reason keys were explicitly designed with the functionality to program new ones is because that's not considered by most to be an acceptable solution.
That kind of expands the scope of this conversations to mugging/carjacking, which also comes with a higher penalty, and probably higher priority to the police.
And, it involves interacting with someone, who presumably can call the police afterwards, and activate any lojack / immobilisation device before it can be removed. Presumably the appeal of stealing a parked car it may be a while before it has been discovered and reported stolen.
Also, doing such a thing in a gas-station where there are likely cameras and even other people / attendants make it seem pretty risky to me. Are these dudes just hanging around the pumps in masks? What country is this?
> not considered by most to be an acceptable solution
Things change, but also, it's as much up to the government and/or insurance corps what's acceptable.
The only reasonable way to evaluate risk is as a whole. Real world attackers pick whichever realm is easiest to exploit, they aren't going to waste their time doing something difficult when there are easier ways to accomplish their goal.
> who presumably can call the police afterwards, and activate any lojack / immobilisation device before it can be removed.
Yes, people who carjack usually aren't looking for a nice daily driver to hang on to for the next 3 years. Usually they want to joyride, or use the car for some other crime, in the immediate term.
> Also, doing such a thing in a gas-station where there are likely cameras and even other people / attendants make it seem pretty risky to me. Are these dudes just hanging around the pumps in masks?
Stealing a car, and being in possession of a stolen car, is pretty risky already. I think someone who does this type of crime is probably not very risk averse. Wearing masks is a pretty common way to thwart cameras when committing a crime in many places, I don't think this potential security issue is specific to certain countries. I think what you might be hinting at is that fewer people want to do carjackings in different places, but the same applies to canbus exploits. Nor do I think anyone really needs to "hang out" to find a car at a gas station. Many have cars filling up at them regularly throughout business hours.
> Presumably the appeal of stealing a parked car it may be a while before it has been discovered and reported stolen.
Yes, and while there are some instances of this happening electronically, I don't think closing those avenues will change anything, because towing cars is neither difficult nor suspicious in many places. Again, security is only as good as the weakest link. Nearly all criminals cut locks, even ones are very easily picked.
Buying a tow truck is no different than buying a truck just about anywhere. Or one can simply buy a regular truck and bolt on a towing attachment to make their own tow truck.
One can also purchase, rent, or steal a trailer and attach it to a vehicle. There are several types of trailer which can haul a car, which are all widely available to the public.
A traditional car key can be trivially duplicated at any hardware store. That's the difference. You can make as many spares as you want for a couple bucks a pop. No dependencies. No network.
Do any cars have "traditional keys" anymore? My 15 year old Corolla has an embedded RFID tag in the key, and can only be duplicated at a Toyota dealership.
Assume that for anything new enough to have keyless entry, the answer is no.
The big switchover was in '96 when OBDII/CAN bus became mandatory. At that point it became pretty cheap to do things electronically, often cheaper than mechanically, so lots of things started switching over around then.
Not fully true. Just as it's not true with non-car keys. Some blanks are heavily protected. Now these days with the dissemination of cheap cnc mills, maybe thats a bit more trivial, but you are paying a lot more for a cnc mill than you pay for a old key grinder.
Same issue we have now with ghost guns honestly. CNC mills are powerful tools, with the right software you can essentially just place the properly sized chunk of metal in the box and hit go.
That's why I said traditional key. They're just metal with a few parts cut to a specific profile. It's once you start mucking around with immobilizers and other encrypted things that need the factory tools... Those can cost tens of thousands, and usually require continuous internet access back to the home office.
Because they only have the public key. You need the private key which NO ONE gets, not even the dealer. They send the required info in (which includes the serial / "key") for the new key to the home office. You can't just copy the key, even electronically, as it will have a different hard-wired "seed".
My Ducati bike had immobilizers that would prevent the bike being started without the key or the per-bike code card. When it was stolen, the thieves tried all manner of things to start it, including drilling through the ignition keyhole. I managed to get it all fixed and the bike still ran. Without the immobilizer, someone else would be riding my bike.
That's no different from this proposal. You just give them the keys, or the key card (or red key) if you've lost the keys.
Some of the tools used to steal cars are the legitimate tools used to repair cars. Key programmers aren't cheap, but at under $5k for decent ones, they aren't crazy expensive either. It pays for itself in one job.
You could make these tools more difficult to obtain, but that won't stop the crime.
Immobilizers and requiring a PIN to start the car are cheap, effective ways of preventing car theft without negatively impacting our ability to repair vehicles. It would behoove government agencies to include a list of anti-theft techniques on the window sticker and it would behoove insurance companies to be very upfront with the anti-theft features they think vehicles need.
Right now many of the components of your iphone are paired to the phone through signing. It's a huge fucking pain in the ass, and it makes the whole 'right to repair' a huge can of worms.
I work in CA/PKI, particularly IOT device registration/security via TPM keys.
I cannot imagine a scenario after years working with our own infra and clients where a car manufacturer would restrict access to the vehicle with a private key decryption on the FOB tpm, (that can't be exported or copied.)
Lost/broke fob? 4000 pound paperweight, to no ones benefit. Insurance nightmare that would also be violating right to repair in many states (which is a different issue) .
There SHOULD be a standard like every person has some device or process that is also a CA, who can then generate and dictate what keypairs can access a device, car etc. But we are very very very far away form that.
It's an enormous amount of implementation effort aimed at tampering which, to some approximation, never happens. And as another poster has said elsewhere, partitioning the communications would be cheap.
That they are using the OEM software indicates that there is some authentication going on with the ECU to start the engine anyway. I bet they didn't truly plan for key rotation.
Allow me to offer a different opinion. There is little sense in applying logical security when physical security is lacking. CANBUS should not be accessible by taking apart headlights. Communication buses must be protected from physical access, i.e., trip the alarm system or disable the car upon unauthorized access. There can be no logical security without physical security.
It would be very hard to make CANBUS inaccessible from headlights, since that what controls it. However, the headlight shouldn't be able to tell the rest of the system that the key is in the car.
Logical compartmentalization like you suggest is a fine approach, but even better is to not allow physical access. Unless the car is in maintenance mode at the shop, the chassis should be sealed tight. Maybe the manufacturer decided to favor headlight maintainability over theft prevention, or was simply oblivious.
From what I've been seeing with Toyota and their ECU Security Key, it hasn't been cracked yet but it's close to being cracked and extracted from a running car and the private key extracted (so things that look at CAN bus messages can work again, like comma.ai)
CANbus protocol makes this hard. Payloads are limited to 64 bits, to start with. But the payload for each message could be encrypted, even though secure key exchange would be difficult.
It's so hard that (almost) every European manufacturer figured it out.
There is also FlexRay. There is nothing interesting you can do with CANbus on new mercs. Even unencrypted CANbus messages go through gateways that (could) prevent headlights from reporting key presence.
There is a reason that some cars don't have reasonable attack vectors (excluding parachuting the driver out of the car) and some can be started with a screwdriver (or slight more involved way with CANbus). It's not complexity, it's cost.
The TSA locks have widely circulated master keys because that's a basic requirement of the system–every airport has to have some to be able to open bags. I don't know anything about these OBD port locks, but I don't see any reason they'd have a master key, other than laziness on the part of the manufacturer.
Additionally, I'd imagine that such a tiny fraction of a percentage of cars have these kinds of locks that it'd barely be worth it for thieves to figure out how to bypass them, at least until there's more widespread adoption.
> I don't know anything about these OBD port locks, but I don't see any reason they'd have a master key
Look at it in the picture and the review pictures. They're all 'keyed' alike. It's just a single offset pin. Also one review says it just holds on with friction and can be pulled off with force.
Put the powertrain lockout system on a signed and physically protected network segment. Let the headlights, mirrors, etc live on a less secure segment.
This will impose higher costs when replacing these systems, because it will require key management of some kind. Either central cert management (with 20 year expiry?) or local key management. So only impose this on a tiny subnet for the starter/immobilizer.
Perhaps the OBD port should only work when the car is validly unlocked and the engine immobilizer accepts a key? Maybe it could stay unlocked thereafter while a device is connected?
Android (adb) and iOS (iTunes backup) have solved this issue
years ago.
When I installed a remote starter on my old Jeep, I had to also install a CAN interface that would command a door unlock followed by a door lock command.
That was enough to tell the ECM that it was okay to start the car by simulating the key switch closure for “run” and a temporary closure for “start”. Prior to adding the CAN interface, jumping “start” would set off the alarm.
You don't protect the wiring, you protect the start protocol. Similar to asking "Can we protect the internet by protecting the ethernet cables?"
Put a public key on the engine controller, have it challenge the key with a random start number, have the key respond with the signature of that number, engine starts.
You can't unlock the car with the bus dead. CAN is not like switched Ethernet, it's a bus topology network like LAN over coax cables. They can be split or bridged, that's probably what they do.
We had a specialist shop in the same area. You can disable Security+ with uprev.
Hell we would even use it to remove engines from nissans to make them run in whatever we put them in without the ignition. I can make the start signal just come from a momentary push button.
Locksmiths can make new key fobs for nearly any car with access to the OBD2 port and the right software (though I don’t know if it requires a connection to the manufacturer)
I don't know if I have a clip of it still but that was nowhere near as fast as my neighbor's range rover being stolen during pandemic, broad daylight, four hoodies walk into our car park (flats) and walk out of camera view, 30 seconds later they're driving the range rover past the camera view and presumably rammed the gate we have (since it was broken).
Both car manufacturers and police are useless and it's fucking inexcusable, imo.
> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.
It’s not the 2000s any more. Even national security agencies have trouble with phone decryption, and that suggests a path forward for cars using a tamper-resistant secure element since car thieves won’t spend more money attacking something than they can resell it for. Cars need service regularly you can have a way to replace a damaged SE which is more restricted so a legitimate owner can regain control of their stolen property - if you required, say, a government photo ID check for the owner on the title to reset the encryption keys, car thieves are highly unlikely to spend time getting high-quality fake ID since the odds of getting caught would go up dramatically, and you could deter shady auto shops by requiring them to submit proof of their ID verification for that service.
Yes, because the current design is lax. Now think about what happens if the engine computer won’t start with a bad signature or the entertainment system won’t work. How would that affect the overseas market?
Again, all of those lower the value to the thieves. If they need to create a custom engine controller, they’re going to need to pay a lot more than the $0 they currently spend. If they need to replace the entertainment system, the cost of doing so will cut into their margin.
Don’t make the mistake of thinking that a system needs to be perfect to be worthwhile.
I think you're in a desktop computer "whole product is one computer" moddel. A car is a set of computers, almost nothing in a car is central to itself.
There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.
Infotainment? That's almost literally an aftermarket parts. American reviewers tend to see it as integral part of a car or even a central computer, surely it's important in terms of product experience but architecturally it's more like a printer over Ethernet than a laptop integrated display.
> There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.
This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that! You’d design the driver’s key to pair with the various onboard systems and those systems to do a challenge-response cycle during the boot process so someone can’t easily drive away without the key or resell those parts, with both sides using a private key which never leaves that component. Yes, that kind of design can still be attacked but the goal here is to make it more expensive than it’s worth: needing a flatbed to take it somewhere for a rogue EE to work on it, for example, just isn’t going to make sense except for the most expensive luxury vehicles.
This brings me to:
> Infotainment? That's almost literally an aftermarket parts.
Yes, and those cost money. The entire point is that you don’t need to make it perfect, just expensive. If someone has to replace the display and speakers, that means they’re making less profit on the sale and making it more obvious that the vehicle was stolen which increases risk and reduces the number of buyers, especially for the most valuable vehicles.
> This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that!
The actual real problem I failed to explain is manufacturers don't want to deal with networked authentication, broken physical keys, or day-to-day repair shop operations, so they keep most of the processes offline and send out re-pairing tools that leaks. Very few cars require breaking chain of trust to swap out parts which makes "If they need to create a custom engine controller, ..." part unrealistic as of now. It takes few more years before Apple starts delivering cars.
I work in medical devices. It's no longer sufficient to throw up your hands and assume "well, they have their hands on the device, we can't stop them from doing anything." The new cybersecurity guidance anticipates an attacker having physical access to your Device and you are expected to understand and mitigate any impact that can have.
The FDA should be less strict with their cybersecurity stuff. The amount of lives lost to the increased cost of care is not worth the increase in cybersecurity.
If medical devices have just enough security to stop people who don't have physical access to the device, just enough to make attacks at scale unfeasible, then that should be good enough IMO.
> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.
Can you hack and own my fully patched Pixel phone? Or my GF's iPhone? Sure, sophisticated state-sponsored actors can sometimes do it by burning several million dollars worth of 0days in the process, but some two-digit IQ riff-raffs? Probably not so much.
EDIT: just to be clear - by "two-digit IQ riff-raff" I meant OP's neighborhood car thieves, not you :)
Phone thieves will watch over peoples shoulders for them to input a passcode, which isn't that dissimilar to a lot of the replay/signal extension attacks.
A lot of damage can be done and things successfully owned without needing to hack or exploit the device (car/phone).
> Phone thieves will watch over peoples shoulders for them to input a passcode, which isn't that dissimilar to a lot of the replay/signal extension attacks.
You have any reference regarding how prevalent that is? Everyone I know switched to biometrics a decade ago.
This is done by organized crime with engineers on staff. Sure it’s drug addicts stealing cars but the people shipping them are smart and have access to capital.
I agree, but that brings us back to my original question: why can't same smart organized crime people unlock my smartphone then? Because Apple/Google give a damn about security and car manufacturers do not.
Also: When your phone or computer is hacked, most people think "Wow, the device is flawed." But when your car gets stolen, most people think "Wow, we should stop those criminals." Apple/Google are incentivized to give a damn about security because incidents reflects poorly on their products. We need to start making thefts via security exploits reflect poorly on the car manufacturers and their products.
People will buy a $150,000 SUV for 50k and they can still make money. Phones have less incentive and Apple is going to be better at bricking the phones than carmakers will.
Apple and Google don't sell insecure cheap phones, but lots of other manufacturers do.
I suppose organized crime doesn't systematically take advantage of that because cheap phones are cheap, and the people who own them are poor. You don't get that much benefit from pwning them.
Alternatively, maybe organized crime does take advantage of them but we haven't heard about it. They could have a giant botnet of them for all we know.
a couple of years ago it wasn’t uncommon for victims of phone theft in the UK to end up flooded with iCloud phishing messages to try gain access to their iCloud account and unblock the device so it wasn’t totally worthless for resale.
I still see a lot of iCloud phishing messages, but also understand that Apple has made this vector harder.
Except for you know, the technology of a physical car keys and an immobilizer. There's a reason it's the keyless entry start/stop button cars that are being targeted by thieves, it's simply so much easier.
The frustrating thing is that new cars are being produced that _only_ offer keyless entry, and so eventually the choice is taken away or you have to drive a very old car.
Or make grand theft auto an offense that is actually prosecuted. Make hard penalties for violating another citizens by stealing their property. Start with 5 year minimums off the bat and every offense afterwards adds another 5 years. You'll see car theft plummet.
> How do you calculate this value of zero percent?
This gets messy for obvious topological/continuity reasons, but a shocking number of applications are both correct and simple to reason about if you choose to define 0/0 == 0 (kind of like how if you choose to universally define sum(empty_set) == 0 and product(empty_set) == 1 then tons of higher-level formulae just work and don't have to special-case a base case).
In context, there's no good reason to pick that definition of 0/0 per se (other than my prior that 0/0 == 0 probably simplifies some downstream math), but it's kind of nice to see that if crime is at 0% then there is also zero crime.
I will never, ever keep a car I care about outside anywhere near the city.
I know everyone doesn't have the funds for that, but I'm sorry, we all know how rampant car thefts have gotten since before those 3 Q50s in this video were even purchased. I live in the busiest neighborhood in downtown Denver with which has rampant property theft, cats cut out etc non-stop.
I own 2 vehicles and neither of them are ever parked outside if I can help it. It means I have to pay pretty much twice for rent because now I need a 1-2 car private garage, which means I'm probably now in a condo or townhouse so every expense just gets higher and higher.
But you're in the bracket of living downtown with a brand new Q50. So I don't care what your excuse is, buying a luxury/attention-getter car and parking it outside in cities with rampant car thefts is just absolutely stupid.
Especially the people who buy the $80k luxu-box with the $5k 22" wheel add-on that gets ripped out of their mid-rise apartment parking garage a day later.
I've had a car stolen and insurance does NOT treat you well when it happens and I never, ever want to deal with having a car stolen again no matter how much gaap/etc. I have.
Some of the issue here is that it’s actually a pretty nice area here in Baltimore, but our police force is currently understaffed and overworked.
One big issue here regarding policing is that our city elected officials can’t tell the city police force what to do.
You see, when the civil war broke out, the state took control of the police force so that the mayor couldn’t lead a confederate coup.
Flash forward to today, and those powers still have never been returned to the city. The mayor and city council set the police budget, but the chief of police takes direction from a state run board.
So there is a big disconnect between citizens voicing concerns to city council members, and those members only ability is to “talk to the major”.
When the cats away, the mice will play off with some stolen cars.
If you haven't traveled/lived in many major cities since covid, they are all the exact same now. None of the police are working. I'm in Denver now, previously Austin in 2019, Dallas 2020, Denver 2020+, and Denver banned qualified immunity so the police work even less. Seattle just did the same thing + IIRC king county is doing that "police cant lie on stand" or whatever law. I lived on 2nd and congress in Austin for 12 years until 2016 and the entire downtown has turned to absolute trash.
I'm sure its the same in Chicago, LA, Portland, Tampa, etc and I don't even need to ask.
This sounds like a serious symptom of something being deeply fucked with policing in America.
Qualified immunity doesn’t exist in other first world countries with effective policing, in fact, the police in America have a lot of latitude to do all kinds of insane shitfuckery that doesn’t fly elsewhere.
It would be trivial to hard wire a kill switch to your fuel pump and have it hidden somewhere so no matter what thief’s can’t drive off with your car. Much cheaper and more secure as cars can be stolen from parking garages.
Put a kill switch in it they tow it. Put a Club in it they tow it and cut off the steering wheel. Put GPS on it they throw it in a faraday cage paintshop/train. Put a Dronemobile system in it the Police just won't investigate/track it down.
Really just have to not keep property outside anymore. I used to do the "It's not a big deal, i have full coverage" but had a car stolen and they (insurance) treat you like absolute trash when it happens.
Lock it in your garage and now they break into your house and hold a gun to your head….ya maybe they tow it but not likely as they want to do this discreetly but at the end of the day of course if they were determined they could take anything. My point is a kill switch would stop 99% of theft.
> had a car stolen and they (insurance) treat you like absolute trash when it happens.
You've said this twice, but what does it mean? I have had my car stolen twice and the insurance company didn't give me any trouble at all and just paid out.
Nobody from any of the Infiniti groups is 100% certain how they are doing it, but the best theory out there is above.
Just the other night, a crew of dudes stole 3 Q50’s from my neighborhood with relative ease.
Here is the ring cam video my neighbor posted:
https://video.nest.com/clip/8ef4d060588d4c7289f87cccb00cb55a...