Car Hacking

Gran Hermano

We've seen this mentioned on several threads where certain BMW models were stolen without their keys.

Sky News running the story on line and on TV today.
Thefts of higher end cars are on the up in Europe and it looks like this method is behind it.
Advice seems to be back to the old days of physical barriers, park behind locked gates/chain around steering wheel!

http://news.sky.com/story/1257320/thousands-of-cars-stolen-using-hi-tech-gadgets

tossy

Best thing for it is what a mate of mine did, relocate the OBD port to a hidden location and wire the existing OBD port the battery 12-14 volts straight into their USB port

ironclaw

Theres money in anyone handy with a soldering iron re-wiring the ODB ports to be disabled unless physically enabled e.g. Switch bank etc.

_Kaiser_

tossy wrote: »

Best thing for it is what a mate of mine did, relocate the OBD port to a hidden location and wire the existing OBD port the battery 12-14 volts straight into their USB port

Don't forget to tell your mechanic/garage tho!

tossy

Kaiser2000 wrote: »

Don't forget to tell your mechanic/garage tho!

that's true.

visual

If its just OBD port it be easy to wire in a switch to disable the port.

There is another problem in that they can gain access to car via fooling the remote key fob receiver

kev1.3s

Kaiser2000 wrote: »

Don't forget to tell your mechanic/garage tho!

That would invoke a whole lot of head scratching alright

Gran Hermano

Is the sky article/video not alluding to more methods than just the OBD port vulnerability?
Scary how they are attributing electronic hacking as the method in 50% of thefts in the London area.

Chris_Heilong

Or have a dummy port and the real one hidden.

Wibbs

I read a stat a few years ago that said that in the greater London area something like half of cars were stolen without the keys. At the time I thought hmmm, bit odd, surely they can't have all been pre 2000 cars or taken by towtruck.

When the BMW security hole fiasco kicked off and BMW finally admitted there was an issue they also said in the statement that other cars were equally affected. It doesn't altogether surprise me. Tech changes at such a rapid rate these days so vulnerabilities in older systems are likely to be found and exploited by the scum. This would mean that a later car is going to be easier to nick than a pre built in immobiliser car with third party alarm and other security.

The best security is layered. Don't rely on just one layer, especially a factory layer that's out of date.

Gran Hermano

Tech seems to be originating from Bulgaria and spreading west.
Reads like places like Germany and Sweden are seriously seeing the impact with even more cases.
Sounds like it'll get worse/more common before manufacturers are forced to recall/redesign.

Elessar

Didn't BMW issue a software fix for this?

Chris_Heilong

Elessar wrote: »

Didn't BMW issue a software fix for this?

Software can always be hacked, thats BMWs biggest weakness right now.

Popoutman

There's another avenue of attack via the wireless functionality of the tire pressure sensors. IIRC there's absolutely no encryption, let alone properly-keyed encryption, on that channel of communication. This allows the likes of buffer overflows and code injection to become a lot easier to the module that reads the pressures, opening possibilities for access to the central bus that the modules use.

It is possible to make things difficult for the attacker, but what was considered sufficient a number of years ago is not sufficient now given the increase in cheap computational power. Brute force software attacks are becoming a lot easier, and the sad thing is that a little proper engineering would make it a lot more difficult for the brute force attacks to be possible.

coolisin

Elessar wrote: »

Didn't BMW issue a software fix for this?

PR bullsh1t as discovered by myself. As my car has being up to date for awhile! And since germanicks has since looked into its useless and doesn't really do anything except remove comfort access.

ironclaw

Popoutman wrote: »

This allows the likes of buffer overflows and code injection

I would be very impressed (And utterly frightened) to see a case study of that. Always had great admiration for buffer overflow exploits. Precision hacking. And before anyone says thats a bad thing, at least by exploiting it we can patch it

Tail Docker

I guess it's called software for a reason.

Northern Monkey

coolisin wrote: »

PR bullsh1t as discovered by myself. As my car has being up to date for awhile! And since germanicks has since looked into its useless and doesn't really do anything except remove comfort access.

I don't even think it does that. I think it just removes the ability to drop the windows by turning the lock in the door.

visual

Popoutman wrote: »

There's another avenue of attack via the wireless functionality of the tire pressure sensors. IIRC there's absolutely no encryption, let alone properly-keyed encryption, on that channel of communication. This allows the likes of buffer overflows and code injection to become a lot easier to the module that reads the pressures, opening possibilities for access to the central bus that the modules use.

It is possible to make things difficult for the attacker, but what was considered sufficient a number of years ago is not sufficient now given the increase in cheap computational power. Brute force software attacks are becoming a lot easier, and the sad thing is that a little proper engineering would make it a lot more difficult for the brute force attacks to be possible.

Phew im lucky my car doesnt use PHP SQL

congo_90

Surely a simple switch hidden like on older non immobilised cars to fuel pump/ ignition relay/ battery disconnect the last may not suit the sophisticated computers. Very easy to retrofit and wont fry mr mechanics computer

dar83

visual wrote: »

Phew im lucky my car doesnt use PHP SQL

Oh Visual.... That's basic.

bmstuff

Northern Monkey wrote: »

I don't even think it does that. I think it just removes the ability to drop the windows by turning the lock in the door.

YEah that's called comfort access

bmstuff

tossy wrote: »

Best thing for it is what a mate of mine did, relocate the OBD port to a hidden location and wire the existing OBD port the battery 12-14 volts straight into their USB port

And then they burn the car down because they are so pissed off at having lost their device.
Obd relocation yes, combined with gearstick or steering wheel lock, they will not even try seeing the big lock most of the time.

tossy

bmstuff wrote: »

And then they burn the car down because they are so pissed off at having lost their device.
Obd relocation yes, combined with gearstick or steering wheel lock, they will not even try seeing the big lock most of the time.

The burn it out of rob it Mick, either way it's not your car any more, i'd sooner get a little retribution in the deal.

bmstuff

tossy wrote: »

The burn it out of rob it Mick, either way it's not your car any more, i'd sooner get a little retribution in the deal.

Yeah ok that's what I am trying to say, by implementing simple measures you seriously mitigate the risk of getting your car taken away.in the first place. The 12v thing is dangerous even for yourself.
Original bmw and after market equipment is very expensive and the last thing you want to do is burn out a dealers/garage device. Even if you tell them when you hand over the keys, the mechani in the workshop might not get the message on time.
Surely they would make you pay in this scenario.

tossy

bmstuff wrote: »

Yeah ok that's what I am trying to say, by implementing simple measures you seriously mitigate the risk of getting your car taken away.in the first place. The 12v thing is dangerous even for yourself.
Original bmw and after market equipment is very expensive and the last thing you want to do is burn out a dealers/garage device. Even if you tell them when you hand over the keys, the mechani in the workshop might not get the message on time.
Surely they would make you pay in this scenario.

The Car in question is not even a BMW so it's probably not at risk, it also only ever gets serviced by the one guy. It's not the solution but it's a cool little thing to do, done by a guy who knows his way around auto electrics.

Obviously not having them touch your car at all is the best outcome.

Northern Monkey

bmstuff wrote: »

YEah that's called comfort access

Comfort access is the ability to open the door with they key still in your pocket. A BMW with comfort access will have a little lip/grove on the handle and if you touch that with a comfort access key in range the car will unlock.

I think you might be mixing it up with "easy access" where the window drops when you open the door after a double press of the key fob to make it easier to get into the car in a tight space. This is normally a feature on the coupes as they have longer doors and frameless windows.

bmstuff

Northern Monkey wrote: »

Comfort access is the ability to open the door with they key still in your pocket. A BMW with comfort access will have a little lip/grove on the handle and if you touch that with a comfort access key in range the car will unlock.

I think you might be mixing it up with "easy access" where the window drops when you open the door after a double press of the key fob to make it easier to get into the car in a tight space. This is normally a feature on the coupes as they have longer doors and frameless windows.

Yes you are right, Comfort Access is the ability to open the car by simply having they key close to it. So you slide your hand around the handle and it opens the car.

The one I am referring too and that I use on a regular basis is called the Convenience Opening/Closing feature. That feature allows you to open/close the windows from the key fob.

I do it regularly so I know, but in the coding settings, it is actually called "Komfort_xyz" in German. I change those setting all the time, mirrors folding etc, and they all start with Komfort, hence the confusion.



The ability for opening/closing the windows from the key fob is standard on any BMW, coupe or not. They all have it.

See a car I did recently, you see the name here.