Hacker Shows Off $30 Device to Unlock Nearly Any Keyless-Entry Car

[Bungus]

http://blog.caranddriver.com/hacker-shows-off-30-device-to-unlock-nearly-any-keyless-entry-car/

 

[kamkar]

hey hey heyyyyyy i dident have anything to do with that, and if i did i would not present my findings on a test bord like that

 

[Deleted member 46308]

hey hey heyyyyyy i dident have anything to do with that, and if i did i would not present my findings on a test bord like that

Are you sure

 

[Dashmellow]

The otherwise interesting and well written Car & Driver article on the $30 dollar keyless entry hacking device is yet another example of the poor quality journalism we are seeing so much of these days coming out of publications on the internet. I say this because the article makes the assumption that readers know who Samy Kamkar is. Without knowledge of who he is, the context of his creation of this car entry hacking device is completely lost to the reader.

Samy Kamkar is a "notorius" privacy and security researcher, computer hacker, whistleblower and entrepreneur. He is at the same time highly respected and much reviled.

He is most reviled as the creator of the persistant "Evercookie" otherwise known as "Zombie Cookies or "Supercookies" - the cookies that just won't go away. Kamkar released it as free and open source software. The Evercookie is a tracking cookie that stores its components and data in numerous nooks and crannies on your computer and resurrects itself after you delete it. It is extremely difficult to remove from one's computer, even by experts. There are indications that a growing number of websites such as Hulu, AOL, Spotify and others are now using EverCookies to track visitors to their websites.

Kamkar claims he did not create Evercookie to violate anyone’s privacy. He said he was curious about how advertisers tracked him on the Internet. After cataloging what he found on his computer, he made the Evercookie to demonstrate just how thoroughly people’s computers could be infiltrated by the latest Internet technology. Many feel he might have gone about his "demonstration" differently rather than creating and freely disseminating a very difficult to defeat technology that enables marketing firms, corporations and government agencies to make the problem worse.

See: https://en.wikipedia.org/wiki/Evercookie

Samy Kamkar is also known for and respected for more positive related endeavors which generally revolve around exposing security and privacy vulnerabilities across many platforms including this $30 dollar keyless entry unlocking device. For example, he was the one who discovered that smartphones were continuously sending GPS coordinates, correlated to Wi-Fi MAC addresses back to Apple, Google and Microsoft, in certain cases even after location services were turned off.

See: https://en.wikipedia.org/wiki/Samy_Kamkar

 

[Bungus]

Cannot blame the writer. Putting all Samy Kamkar's background with the article will make it a boring read. This way it catches your attention and can always google to find out more.

 

[Dashmellow]

Cannot blame the writer. Putting all Samy Kamkar's background with the article will make it a boring read. This way it catches your attention and can always google to find out more.

My opinion is that making a brief reference explaining who he is and what he is all about without getting too long winded would be more likely to intrigue people than to bore them. Describing Kamkar simply as a "digital security researcher" doesn't really tell the reader that there is a much bigger story there, so this approach seems more boring and incomplete to me and is the reason I felt the reporter dropped the ball. I guess since these types of articles have a limit to how many words are permitted by the writer there wouldn't be room to go into great detail about Samy Kamkar's background anyway but to my mind, the way it stands seems like an omission on the part of the reporter.

 

[Viking]

hey hey heyyyyyy i dident have anything to do with that, and if i did i would not present my findings on a test bord like that

Sure, Did you nose just grow.

 

[SawMaster]

Since the advent of remote wireless 'keyless' systems (garage doors, car doors, and now house doors too) it has been possible to hack them. Early wireless garage doors were super-easy to open, you just needed enough RF power close-in to overload the receiver. The previous impediments with the newer digital systems was the equipment used being slow and expensive, and the needed programming somewhat obscure. But fast data processing has become common and relatively cheap and 'darkweb' sites abound so you're going to see a huge increase with this, and not only with cars. Convenience always carries risks. That's the point Samy is trying to get us to understand.

One friends new car from a few years ago self-locked when parked up close at one particular store; their wireless security alarms triggered the car door lock system. He could unlock with the button and then they re-locked immediately. We concluded it was using the same protocol and numeric code as his car. He had to park halfway out the lot or use his key to get back in his car when he shopped there. A little internet research gave several other examples of others experiencing the same thing and of people using their button to see if it would unlock other cars at a mall, and a few were occasionally successful.

Phil

 

[DT MI]

...Early wireless garage doors were super-easy to open, you just needed enough RF power close-in to overload the receiver....

I used to work with a fellow that demonstrated this to me one day. He had a 'not quite legal' CB radio in his car and would drive down the street transmitting "zebra, zebra, zebra" over and over. It was amusing to watch how many garage doors would open.

 

[SawMaster]

Whistling would have gotten a lot more to open
I'm loving my old-fashioned workvan more and more each day. It's unhackable by design

Phil

 

[kamkar]

hehe i sure as hell can be without much of the "smart" stuff they cram into cars these days.

Hell if the wire harness in a modern car wasent so large and heavy you could get 1-2 more MPG

I like:

Hemorrhoid grill ( heated seats )
Rear window defroster
Aircondition.
power sterring.

And i think thats about it for the smart stuff i need in my car from the factory.

 

[jokiin]

I've got a 1 year old Fiat full of electronic crap and a 20 year old Mazda, I drive the Mazda in preference, changing AC settings in the Fiat means drilling through multiple menus on a touchscreen, the Mazda you push a button

For all their safety features I think new cars are more dangerous sometimes as they over complicate things that aren't necessary

 

[DT MI]

....For all their safety features I think new cars are more dangerous sometimes as they over complicate things that aren't necessary

Very true - the infotainment systems on many vehicles are more complicated than some software packages, and not nearly as well documented.

 

[jokiin]

Very true - the infotainment systems on many vehicles are more complicated than some software packages, and not nearly as well documented.

I think CanBus systems where everything is controlled through the radio are way overrated personally, software is clumsy and riddled with bugs, same car as a Dodge Journey if you're familiar with those, hate it with a passion, will definitely be gone long before the warranty expires

 

[DT MI]

...a Dodge Journey if you're familiar with those...

My 'almost' brother-in-law (my wife's, sister's husband) has one. Next time I see him I try to remember to ask what he thinks of it.

 

[kgs-wy]

Since the advent of remote wireless 'keyless' systems (garage doors, car doors, and now house doors too) it has been possible to hack them. Early wireless garage doors were super-easy to open, you just needed enough RF power close-in to overload the receiver. The previous impediments with the newer digital systems was the equipment used being slow and expensive, and the needed programming somewhat obscure. But fast data processing has become common and relatively cheap and 'darkweb' sites abound so you're going to see a huge increase with this, and not only with cars. Convenience always carries risks. That's the point Samy is trying to get us to understand.

One friends new car from a few years ago self-locked when parked up close at one particular store; their wireless security alarms triggered the car door lock system. He could unlock with the button and then they re-locked immediately. We concluded it was using the same protocol and numeric code as his car. He had to park halfway out the lot or use his key to get back in his car when he shopped there. A little internet research gave several other examples of others experiencing the same thing and of people using their button to see if it would unlock other cars at a mall, and a few were occasionally successful.

Phil

A year and a half ago, when my fiancée and I got her '14 Escape, we were at the mall over in Rapid City, SD. I went to lock our door, and unlocked a '14 Dodge 1/2 ton truck we were nose to nose with. The owner and I looked at each other, blinked a couple times, and he hit his lock button. Our Escape unlocked. We both kinda chuckled, manually locked our doors, and agreed to manually unlock if the other was still there when we were done shopping.

We all laughed, with a bit of annoyed commiseration against the car companies at the whoops. I used to do car audio and mobile security installation, and despite the ungodly number of 'random codes' available to each unit, it was amusingly disconcerting that, during my two years working there, that six different units ended up working for other manufacturers products, including OEM vehicle security systems.

-Laters...!
kgs-wy

 

[SawMaster]

I can operate every function of my old van correctly without looking away from the road and set it where I want it that way too. None of the newer vehicles with menu-driven controls are like that. Some years back a well-known football player crashed here because he was adjusting his radio which required that he look at it. It may be safer to crash in a newer car than mine, but you're also far more likely to do that for having your attention diverted away from the road and your driving than is necessary.

And now we are seeing that this same kind of 'advanced technology' also greatly reduces your security from malicious intent too so I have to wonder why anyone thinks it's truly an 'advancement' when it clearly isn't. Especially when you have to pay to get it fixed when it breaks I dread the day when I can no longer have a simple reliable vehicle I can fix cheaply by myself like I have now. Other than fuel it has cost me less than $1000 to run the old thing hard for another 15K miles a year and it's never been out of service for more than 24 hours- and that includes it's purchase price. Fuel mileage of a similar new vehicle today is only 25% better; hardly worth the extra cost and downtime of said vehicle and it can still do no more than mine does.

When they make a vehicle that can match mine it will be advanced- until then they're heading in the other direction.

Phil

 

[jokiin]

couldn't agree more and why I drive my old Mazda more, can change all the settings without actually looking at them

 

[Dashmellow]

June 6, 2013.......

Hackers Take Control of Vehicle Door Locks Remotely

"Automotive electronics are becoming quite advanced. In the past, each electrical component of a vehicle would operate independently of the other systems. In modern vehicles, manufacturers utilize CAN bus (Controller Area Network) to allow each computer component to be able to talk to each other. This technology allows for state-of-the-art infotainment systems, radar cruise control systems and other data-driven uses. Like many computerized networks, the automobile has become a victim of a hacking scheme that has law enforcement puzzled.

It appears that the hackers who are breaking into cars (but not actually stealing the cars) are walking up to the passenger-side door of vehicles equipped with a modern keyless entry system and gaining access. Police have determined from the surveillance footage that the hacker is holding a device in his or her hand which, when activated, unlocks the passenger door. Through this process, the device also seemingly disables any anti-theft alarm in the vehicle.

According to Today News, the thieves are not successful with every type of vehicle. It seems that Ford vehicles are not vulnerable to the attack, but Honda vehicles are. Also, it appears to only be effective on the passenger-side of the vehicle.

Security researcher Steve Gibson speculates that the device is emitting some sort of magnetic or electronic interference that causes the on-board computer to treat it like an unlock request. He does not believe that it was an actual decryption of the CAN bus system. Also, keyless entry systems utilize a random “rolling code” that makes stealing an unlock code and reusing it next to impossible.

Until an individual is caught with one of the hacking devices, or a security researcher gains access to one, we will probably not know how the hackers are gaining access. There is a lesson to be learned from this, and it is common sense. Do not leave valuables inside the vehicle that would tempt people to break in and steal it."