dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to dave

Re: Hackers steal BMWs in 3 minutes using security loophole

said by dave:

For this particular vulnerability: at the least, you could have a configurable option that determined whether or not the id was present on the ODB II interface.

(Reconfiguration would require the presence of a key).

So, would the insertion of a valid key be required before validating another key, enforced by the OBD II? If so, you would still need a failsafe in the event said key itself had been lost. Yes, there are those that choose not to replace lost/stolen keys given their immense cost. Lose the second key here and what would you do?

Electronic identification of keys was added as a protection against limitations of physical security. It was not meant to replace it.

There are many options, all of which themselves either have flaws that make them irrelevant themselves, or run against government regulations.

The requirement to make an industry-standard, public/open interface available to everyone without restriction presents the greatest challenge to security here. Without physical security layered, unless a manufacturer is willing to leave themselves open to the possibility they will provide drivers with very expensive permanently-immobile bricks there will be a risk of "easy" theft.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

Good point... although the config option could simply come with a warning that you're totally screwed if you lose all your keys. So, the owners choices would be (1) leave it alone, or (2) make sure there is always an offsite backup key somewhere.

But I imagine that BMW themselves know the VIN to keycode mapping. At what point is the keycode baked in, and how hard? By definition, if I choose this config option, I am locking out the 'independent garage'.

Does BMW have any vacancies for amateur security programmers?


BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

It does seem like they were backed into a corner, and advertising this exploit in the regulation would have only made the problem worse. Yet hiding it, and claiming ignorance is just as bad.

It would seem a multi-layer method would mostly work, definitely not allow the car to be stolen in a few minutes. A new set of keys comes with a rom controller, you can't just replace it as the cars main controller needs to register it with a series of codes to register the device which even register via the satellite uplink, and when this car is stolen the kit can be tracked to the shop/person who sold it. The kits could only be bought by licensed dealers, and all must be accounted for. Any stolen kits can be reported so they can be blacklisted in the database. This assumes that there is no other exploit to bypass this, and that employees are not part of an inside job. Nothing is perfect. Remotes already tend to have revolving codes, so the next time they communicate they send a different code so a scanner just can't send the previous code, but even that code generation could be cracked.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent out necks before emperors. But today we kneel only to the truth- Kahlil G.


Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to dave

said by dave:

But I imagine that BMW themselves know the VIN to keycode mapping. At what point is the keycode baked in, and how hard? By definition, if I choose this config option, I am locking out the 'independent garage'.

Without going into too much detail, every key has a unique electronic ID along with technology to thwart snooping/copying/replicating, which could potentially include but would not be limited to rolling codes. It wouldn't matter if anyone knew an existing individual key ID alone as this would not be valid. This is where adding an electronic ID to a physical key provides its benefit: uniquely identifying every key with the ability to authenticate only a specific authorized set of keys. That authentication is two factor, combining physical characteristic ("something you have") with an electronic characteristic ("something you know"). Take away either, as is the case with pure electronic key fobs or with pure physical keys, and you have what could now be considered a vulnerability or weakness.

Does BMW have any vacancies for amateur security programmers?

This is by far not limited to BMW, which was noted in the OP's quoted article. Any vehicle that uses an electronic key fob solely as its security is at risk, and this audience grows with every model year.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

said by Shady Bimmer:

This is by far not limited to BMW,

Maybe not, but that's the only one of concern to me!