[jpnh]

Security flaws and hacking the modern "Connected" car

This stuff drives me crazy because its sooooo unnecessary

Just give me a car with no connectivity except for the radio.....which should be isolated from the rest of the cars systems

And as far as the key fob hacks go....same applies.....BMW should offer an option for nothing other than a physical key option.

https://thehackernews.com/2016/07/bm...smart-car.html

http://www.forbes.com/sites/thomasbr.../#5ce26a45941b

The thing that drives me nuts is that BMW has done squat to actually address the issues.....nor have any of the other manufacturers

[krhodes1]

Someone could walk up behind you and hit you in the head with a hammer too. Probably more likely to happen.

[jpnh]

Quote:

Originally Posted by krhodes1

Someone could walk up behind you and hit you in the head with a hammer too. Probably more likely to happen.

Depends on where you live

But its totally unrelated to the security flaws that are being built into cars these days

If a thief can construct the means to break into your car and every other BMW or VW or <insert car> and leave no trace of entry for $200 bucks you can count on theft increasing and on insurance rates going up

Imagine the hassles of having to file a claim with your insurance company where theres no evidence of theft other than your stuff and possibly your car simply being gone.

In the long run its going to cost consumers a crapload more in losses/increased insurance rates and real losses (cant get to work/etc) than if car manufacturers did the right thing in the first place

[jpnh]

Here's a simpler assessment of consequences of one of the BMW flaws

https://jalopnik.com/bmws-can-now-be...nen-1783371533

[krhodes1]

Quote:

Originally Posted by jpnh

Depends on where you live

But its totally unrelated to the security flaws that are being built into cars these days

If a thief can construct the means to break into your car and every other BMW or VW or <insert car> and leave no trace of entry for $200 bucks you can count on theft increasing and on insurance rates going up

Imagine the hassles of having to file a claim with your insurance company where theres no evidence of theft other than your stuff and possibly your car simply being gone.

In the long run its going to cost consumers a crapload more in losses/increased insurance rates and real losses (cant get to work/etc) than if car manufacturers did the right thing in the first place

Meh. Can't be bothered to be bothered. Much easier for a thief to steal one of the notoriously easy to steal Hondas that have more resale value due to their ubiquity. I rarely even bother to lock my cars when there is nothing in them to steal. Ultimately, if a thief wants your car, they are going to get your car. Most highend cars are simply stolen with a rollback truck.

[Sleslie]

Quote:

Originally Posted by jpnh

Imagine the hassles of having to file a claim with your insurance company where theres no evidence of theft other than your stuff and possibly your car simply being gone.

Isn't that the traditional way of discovering that your car has been stolen? It's just gone...

[amw896]

have access to my vin? lol ... can't they just walk up and read it from my windshield?

[jpnh]

Quote:

Originally Posted by Sleslie

Isn't that the traditional way of discovering that your car has been stolen? It's just gone...

More often than not there used to be signs of forced entry like a broken window

Now they literally have your key

You go shopping and with a $30 tool set they steal everything of value you left in the vehicle

Work computer that was in the trunk is gone along with everything else you may have had in the car and there's no sign of forced entry

Lets take it step further like the recent chrysler/jeep hack where they could remotely control/disable key systems like brakes and steering

http://www.theverge.com/2016/8/2/123...miller-valasek

[raleedy]

A non-problem of great proportions.

[jpnh]

Quote:

Originally Posted by raleedy

A non-problem of great proportions.

It would appear that the WSJ disagrees

http://www.wsj.com/articles/thieves-...ars-1467744606

Wait until the actuaries start further adjusting insurance rates based on demonstrated hacks against individual makes and models of vehicles

[raleedy]

Quote:

Originally Posted by jpnh

It would appear that the WSJ disagrees

http://www.wsj.com/articles/thieves-...ars-1467744606

Wait until the actuaries start further adjusting insurance rates based on demonstrated hacks against individual makes and models of vehicles

I am definitely waiting. Meanwhile I am keeping my head in a Faraday cage.

[Tpeterson]

Quote:

Originally Posted by Sleslie

Isn't that the traditional way of discovering that your car has been stolen? It's just gone...

I agree. Theft isn't the major problem with hacking into a car's electronics. Interfering with operating functions -braking,steering, ignition,-though remote, would be a big problem. It's something that better be solved before autonomous cars are loosed on the public!

[raleedy]

The link shows in video what you can do with . . . stolen keys!

[MaximumG]

I'm trying to understand the prevalence of car thieves exploiting security flaws.

If only 1 in 100,000 owners are being affected, I'm not sure I'd care too much.

If it's one in 10, and my car just got stolen. You bet I'll be ranting and consulting lawyers right about now.

And no, I don't think BMW is sitting idly and not doing anything. Since the invention of the car key, there's been a department in every major manufacture that deals precisely with car security and exploits, and with this.

[rich8566]

Folks have too much to worry about today. This is not something I will worry about.

[raleedy]

Ask General Motors if the key-in-the-ignition concept has worked out well for them.

[jpnh]

Quote:

Originally Posted by raleedy

Ask General Motors if the key-in-the-ignition concept has worked out well for them.

Just curious

What does a faulty ignition switch in a single manufacturer have to do with a poorly designed entry system and central electronics system that can universally be compromised across all manufacturers?

[Hellrot]

This is fear mongering.

"This could allow the attacker to manipulate VIN numbers and configuration settings, like compromising registered or VIN numbers via ConnectedDrive."

This means getting at your account info, not controlling your car.

If you've pissed someone off enough for them to figure out how to remotely operate your vehicle then you probably had it coming either way.

[jpnh]

Quote:

Originally Posted by Hellrot

This is fear mongering.

"This could allow the attacker to manipulate VIN numbers and configuration settings, like compromising registered or VIN numbers via ConnectedDrive."

This means getting at your account info, not controlling your car.

If you've pissed someone off enough for them to figure out how to remotely operate your vehicle then you probably had it coming either way.

that is just one aspect of the security vulns which allow access to the car and perrform functions like unlock the car

one of the other aspect are the subversion of seed encryption in the key fobs to allow anyone with a 30 dollar tool to open your car, start it and drive away

http://www.wsj.com/articles/thieves-...ars-1467744606

[Viffermike]

Quote:

Originally Posted by jpnh

that is just one aspect of the security vulns which allow access to the car and perrform functions like unlock the car

one of the other aspect are the subversion of seed encryption in the key fobs to allow anyone with a 30 dollar tool to open your car, start it and drive away

http://www.wsj.com/articles/thieves-...ars-1467744606

There's a saying: "If a thief wants your car, he's going to get your car." If he wants what's inside your car, he's probably going to get that, too. That's why you don't leave stuff in plain sight inside it. Dude ... that's common sense that doesn't cost a $30 gizmo to figure out.

I used to be a journalist at one of the country's 10 largest newspapers. These kinds of stories are part of what drove me out of the business. It's borderline fear-mongering -- half of the time written by someone who needs to fill a copy hole, and the most intriguing 'study' or PR release that morning is the topic that gets chosen by editors. Do yourself a favor: don't drink too much of the kool-aid that the mainstream media pours, and sip it with a grain of salt (as it were).

True story: Several cars were broken into in my condo building a few months back by someone with a keyless-entry transponder. What was stolen? Sunglasses, almost exclusively--something easily re-sold online, anonymously. Guess which cars weren't among those broken into? Mine: and a $240 pair of carbon fiber Ray-Bans were sitting in the glove box. I don't have keyless entry -- and yes, that's partially why I don't.

You have to understand that it's not the auto companies who are on the hook for 'bugs' in the system. It's insurance companies ... and the security issues with a 'connected' car are nowhere near prevalent enough to warrant serious action by anyone. Insurance companies that are in the business of risk assessment know this. The car makers know this. Lawmakers know this. And now, you do, too.

So, in closing ...

Keep Calm
and
Drive On

[Dylan86]

Thank goodness for MSRP replacement. Take my car, please!

[raleedy]

Quote:

Originally Posted by jpnh

Just curious

What does a faulty ignition switch in a single manufacturer have to do with a poorly designed entry system and central electronics system that can universally be compromised across all manufacturers?

It puts things in perspective: a risk of property loss is less serious than death.