Software that allows drivers to remotely unlock and start automobiles using cell phones is vulnerable to hacks that allow attackers to do the same thing, sometimes from thousands of miles away, it was widely reported Wednesday. The exploit affecting an undisclosed product used to remotely control cars was developed by iSec …
I guess SMS messages are too short to sign a command with an encryption key, but a thread of SMS messages strung together should work. This seems like a rookie security hole. Security through obscurity.
...thus multiplying the cost of each control message transmitted by 3 or 4 times. In other words, the kind of thing that the devs would have thought of and the beancounters would have rejected...
I doubt it - if you have say a 16-digit car ID and 2 digits of possible commands, you still have space for a lot of authentication code.
Even if you only had 4 alpha-numeric characters for authentication that is 14 million permutations. If based on a strong underlying system and only taking a limited hash/truncation of the signature, you will be waiting a long time to brute-force with approx 7 million SMS.
I suspect it is the usual combination of cryptographic incompetence and lack of formal review/testing/verification of the system before it was implemented and rolled out. Having a not-as-commonly-hacked communication system is no excuse for a lack of proper encryption/authentication.
But as others have pointed out, WTF is this needed for in a car anyway? I prefer a manual switch for the ignition, as I know enough about machines not to trust them.
No they are not
AES-128 has a 16 byte block size, stream ciphers can encrypt byte by byte. A SMS holds 160 characters
Go back to wired modems...
...because it is impossible to climb a pole and connect to the telephone wires.
Seriously folks... anyone doing SCADA on a raw link without a VPN, ssh or whatever is a complete moron.
Many remote stations have been using modem links for decades...
...and I doubt any of them have any encryption.
But then, you'd have to know what the data was to do anything useful with it.
Charlie, do you even think about the problem before you post?
Where's the weak link?
The phone app? Hardly. You can limit the feature to smurt phones that either have you authenticate via a web page, or you download an app where you have the ability to do lots of encryption and authentication to verify its you.
The car company? (Or rather the car communication company where you have the subscription)
They can do lots of encryption from your phone while they authenticate that its you and your command that you want to tell the car.
The process of communicating from the car company to the car itself?
Hmmm this is where the communication is at its weakest link. Security is an afterthought.
You send a short burst message to the car assuming that only you have the capability to communicate with the car.
Now I really haven't looked at the system or the problem, but just spent a few minutes reading the article and your quote. So I could be off base.
The real danger is that some moron in some former eastern bloc country may think it funny to disable a car driving down the freeway in the US during rush hour. When that starts to happen, you can bet lawyers will be suing the crap out of OnStar and such.
The evil thing is that some unethical lawyer could decide to pay a hacker to start doing just that.
(Which would be a good movie plot....) ;-)
Wouldn't surprise me if they were the car related people affected by this.
Software that allows drivers to remotely unlock and start automobiles using cell phones
WTF? What the hell is wrong with a bloody *KEY*???
In any case, why on earth would you want to be able to unlock and start your car from a distance apart from to make life easier for the thief who'll say "thanks for the car, bye bye!"? (There's also the fact that, in England, it's an offence to leave a vehicle unattended with the engine running...)
only an offence on public land.
plenty of people live in colder climates than us, starting your car from the kitchen to warm it up while it's parked on the drive can be quite handy.
For the heater
Although I agree in the UK it's a bit useless there are countries in the world where it can get a bit chilly overnight.
Being able to remotely start the car (albeit from 20 metres) could then be useful - the heater can have the car nicely defrosted by the time you've had coffee...
As for remote unlocking. I can easily see that being excellent for car pool schemes - lock the keys in the boot, remote unlock for the hirer.
There are many reasons to want to remote start.
Warming the interior in winter, quicker de-icing of windscreen etc
Cooling the interior in summer.
Plus isn't it better to discover that a bomb has been wired into the ignition from 100yards away rather than whilst sitting in the car?
Perhaps most importantly you can do the opposite with this system; lock the car and turn off the engine thus trapping the little sod who's just nicked your car.....
"Being able to remotely start the car (albeit from 20 metres) could then be useful - the heater can have the car nicely defrosted by the time you've had coffee..."
I have a friend who lives in a country so cold he needs a heater to thin his engine oil before starting on cold mornings. He also has an interior electric heater which he fires up before he gets in the car. So it sits there with the block/sump heater and the interior heater running for a bit while he eats his breakfast. The car is locked, the engine is off and the keys are in his pocket.
Running the engine on an untattended car is a stupid idea from a security point of view whether you start it remotely or not.
remote start systems
most remote start systems are also tied into the car alarm system, so while you can unlock the doors and start the engine the system still knows that no doors have been opened, once a door is opened you have around 15 seconds to get the key into the ignition before the system shuts down the engine, if the system stops the engine (and it doesnt carry on running because the key is in place) then the doors lock and the alarm goes off.
basicly if you are trying to get a car that has been started remotely you have 15 seconds to hotwire it before the engine is killed, of course that still leaves the steering lock etc
Warming up in winter - easier and safer
Those saying "remote start helps warm up in winter" have missed a simple and obvious trick, one I used back when I didn't have a garage: put a long extension cord to the car, put an electric heater in the car, facing away from anything flammable, put a timer on the cord. Viola! warm car.
If it gets REALLY cold, add a block heater.
Unplug car, drive away. No problems, no chance of a Bad Guy stealing your running car, less pollution.
Re: long extension cord
Might work if your car is parked close enough to your house, but certainly not an option for most of us when at work.
Engine block heaters are not designed nor intended to warm up the engine, but to keep the oil at a temperature at which it will flow when the engine is turned over.
Your engine will be "cold" for quite a bit after starting even with a block heater in any place you actually need one, with all that that implies.
Insufficient caffeine alert
"Go back to wired modems because it is impossible to climb a pole and connect to the telephone wires"
It isn't impossible to tap in to Openretch's cables (or local equivalent) at all, though fibre is trickier than copper, so I presume you were joking. The remainder of your post makes much more sense.
"in England, it's an offence to leave a vehicle unattended with the engine running"
Afaik, not on private property it isn't.
The scenario here is that Wihelmina finds it a little cold outside and the chauffeur is having the day off, so Wilhelmina has the maid start the car (parked on Wilhelmina's private property) five minutes before Wilhelmina intends to travel, and pointlessly burn expensive and polluting fuel to heat the car so that Wilhelmina doesn't have to wrap up warm to avoid feeling cold in the car.
If Wilhelmina doesn't have a chauffeur and a maid, for a few hundred pounds she can have a man fit a remotely controlled pre-heater instead and turn it on herself by phone. Some of them start the engine remotely as a mechanism for heating the car.
I forget the name of the company most famous for original equipment and aftermarket add-ons that do this, but afaik it isn't the GM subsidiary OnStar.
Flame, 'cos that's what they use to pre-heat the car.
How many bytes does it take to signal a car start?
Aren't PGP keys between 8 and 16 bytes? More if they have to be recoded into a different character set but still *well* within the length of a single text.
As for GSM telemetry going with the GSM8 alphabet seems to be anything goes, it's completely open (but 1120 bits max *including* the key)
That's quite a few valve/pressure/temperature readings with proper compression.
Just a little something to kick start some thinking.
Brainless by design
Graham, the entire office here agrees with you.
There is no need for an encryption key in the message, just give each car its own key pair and list the public key in the documentation along with the existing key serial number. But the problem is making each message different. It's no use encrypting "START" into "7Rh£h" if any message containing "7Rh£h" starts the engine. To fix that you need to have some field in the message that changes for every message and that the car can check is correct. Unfortunately, there is very little common knowledge between the phone and the car. I don't think you can even depend on the car knowing the date... although these days they do keep track of days since last service so it might be achievable. Another way would be to include a pseudo-random field. Then the car keeps a hash table of values received and rejects any that it has seen before. 64k of EEPROM is cheap these days.
Of course if you loose your phone whoever finds it can steal your car, but nobody does that.
Something like HOTP might do
or TOTP (or Google Authenticator, as I believe it uses the same system). There doesn't need to be a whole lot of shared state between the phone and the car, but it provides a nicely syncronised means of generating short numbers which are a little impractical to brute force.
I always keep my phone nice and tight.
That way it can not become loose by accident.
It's worse than that - the car does know the date.
The car actually knows the same amount of information that the mobile phone does, because in this situation the car *is* a mobile phone.
So it knows the exact date and time and its approximate location from the local cell. It probably knows quite a bit more than that as well - I don't know exactly what's in the cellular network handshake.
Real-time clocks are also dirt cheap, and GPS receivers are very cheap as well - you only need one satellite to know the time within a couple of seconds, get a position fix and you know the time with the accuracy of a pretty good atomic clock.
Aside from all that, it could simply be done the same way the remote key fobs work with the auto-resynced pseudorandom number generators.
I'm actually rather shocked that it doesn't appear to be.
Re Graham Marsden
coz the Yanks like to 'start their engines' and warm up their car(in winter) or cool down their car(in summer) in the mornings before the little larlings get in and drive the 50yds to work.
Cynical moi? Yep.
ET because sometimes they act like they are from a different planet.
Yes we do.
When its -28c YES, you WANT to warm your car up in the morning! Is that different planet enough for you?
At the sort of temperatures we have where I live at least, NOT pre-warming your car is damaging to the engine. And unless you live in LA or New York, your commute is more like 20-30 MILES to work. And "public" transit is a bad joke, dangerous, dirty, unreliable, and often unavailable.
Though the ones who have to pre-cool their cars I have no sympathy for at all.
No remote anything on mine, I drive a 1974 beetle. The most advanced tech in my car is the cassette player.
we don't live that close to work
The problem with living near work is that the neighborhoods fall into two categories. Completely run down industrial area's that are unsafe to live in or well established areas that cost too much to live in unless you are pulling down 6+ figures. Most of the people I work with live thirty to sixty miles away from work.
And don't even talk to me about living near public transportation. That's how the gangs get to the richer neighborhood to rob house and people.
Paris, because she is a clueless as you are.
"When its -28c YES, you WANT to warm your car up in the morning!"
I'd certainly want a block heater. But I could still do without remote start. I live in Michigan, and don't have a garage; so many winter mornings I go out and scrape the snow and ice off the cars and start them to warm them up. And I enjoy doing it, because it BUILDS CHARACTER. The remote-start types will be the first ones devoured when the zombie apocalypse starts.
Now I admit that we've not seen -28C (around -18F) here in recent memory. In fact, four US states and the DofC have never had a recorded temperature that low, and two others have just barely hit -28C. Average lows hereabouts are around -7C in the winter months. That's barely brisk.
Even International Falls (Minnesota), one of the colder places in the contiguous 48, has average lows of only -23C in the winter. -28C isn't that unusual, but it's not the typical morning.
Certainly there are plenty of folks in the US who see temps that low more often than they'd like (particularly in Alaska, though if you've decided to stick around for winter in Alaska remote-starting your car won't be much consolation). But I'm inclined to think that most remote-start users do not.
(And JFTR, many people have morning commutes of less than 20 miles, too. Since the average commuting time for US workers is about 24 minutes, according to census data, presumably most do. Mine's about 20 feet. Probably thanks to all that character I've built.)
Old tech wins
My car needs a physical key to unlock the doors as well as to start the engine. Maybe I should remove the starter motor and get a crank handle instead - that'd really fox 'em.
But why would anybody want to start their car remotely by text message? Which then leads naturally to the question why would anybody develop the functionality if nobody needs it?
Don't tell me that you could use it to warm up your car in winter. Sod the idea that the control system is insecure, the whole idea of leaving your car running while unattended is much less secure. Do you have any idea how many car thefts a year are down to people leaving the engine running to warm their car up. And no, locking the doors does not help. The thief smashes the window opens the door and drives away.
And no sesnible person would unlock their doors from more than a few feet away which your traditional remote can do anyway. Actually really sensible people only unlock their doors when they are right next to their car. I'm always puzzled by those people you see unlocking their car from 50 yards away. What's the point?
Deadlocks, we've heard of them...
Title says it all
"And no, locking the doors does not help. The thief smashes the window opens the door and drives away."
Dukes of Hazzard
Ever seen the Dukes of Hazzard. You don't have to open the door to get into a car.
Yes, to warm up / defrost / deice the car in winter. And yes, there is the risk of someone stealing the car but there are ways to mitigate the risk if you happen to live or work in an area where that is a concern. For example, steering wheel locks - both "the club" and similar, as well as the kind built in to the steering column that won't allow the steering wheel to move unless the physical key has unlocked it. You weigh the risks & rewards, and decide how much risk is acceptable.
Also, when completely covered in snow (which happens in many places in the world, including where I live), it is handy to be able to start the car and have it warming while you clean the snow and ice off the car. Also helps by starting to melt some of it from inside, and by the time you've cleared off the car the worst of the cold has been banished. Beats clearing enough of the car to get into it, then get in to start it, inevitably bringing a quantity of snow and ice in with you, before clearing the rest of the car. And finally, I've had it happen where a severe ice storm caused enough ice to build up to the point that I couldn't get in the car since the locks were iced and the doors iced closed. Warming from the inside while clearing the windows made a nasty situation much easier to handle - just ask my coworkers who after scraping for an hour and yanking the doors open had to have the weather stripping replaced...
And for those who have managed to lock their keys in the car, a quick unlock via cell phone can be a very handy thing. Just ask my wife! Though I'm with you about those who unlock their car from across the parking lot - what's the point, exactly?
Flames to warm up the car, natch.
Remote unlock to help locate car?
I know I've done this when I can't remember exactly where I parked and can't see the car.
But driving it away...
...with the steering lock still engaged is a bit more of a challenge. If the lock is flimsy enough to be easily broken, make it harder still for the scrotes by disabling the drive by wire throttle unless the physical key is in the ignition. Maybe also prevent the electric parking brake from being released, or the transmission from being shifted out of park...
"and turn off the engine thus trapping the little sod"
Sounds like fun, especially if he happens to be doing 80 on the motorway and somebody is tailgating him at 90.
He probably wouldn't pinch another car after that ... he probably wouldn't be able to. And the chap who's tailgating might think twice about doing it again. But it is probably not going to help get your car back, not in a usable condition anyway, and the insurance people might ask some awkward questions too.
You get a thief and an idiot tailgater with one stone...
...I can live with that.
You can get the same with burglar alarms
The one I was looking at yesterday says it can be set and unset by SMS.
Naturally, there is a user password which has to be part of the SMS. But it is just a simple user-defined string of digits and it is the same string of digits every time. So anybody who can capture SMS (which must include some of the staff at the telcos operating the sending and receiving devices, and possibly others with the right eavesdropping equipment) knows exactly how to disable your alarm.
Probably not a sensible feature to enable until somebody comes up with a reliable encrypted SMS replacement.
Its for when you dont have the keys!
The only use for this system is when the keys cant be in two places at once .
Borrow friends car but he's on holiday with the keys? - no prob sms open
customer drops off car for repair , then fucks off with the keys? - no prob sms open
someone wants to borrrow your second car, but your not at home to hand over keys - no prob sms open
and as pointed out by someone else, useful for hire car transactions.
But... SMS are crap...
Part of me can see why you would allow this functionality from a Bluetooth style connection, but SMS is frankly crap for this application because there's no requirement to deliver the messages at a certain time or (in fact) at all.
Just try sending a text message at 11pm on new years eve and then have a think about how bright an idea it is to use SMS to warm your car.
11pm - send sms start message.
11.15pm - arrive at car, get annoyed the car is still cold, leave for party.
11.55pm - arrive at party just before midnight, get drunk, crash out on sofa
5am - SMS arrives, car engine starts...
Lunchtime - find your car hiding in a fog of exhaust fumes with no petrol left.
You're spot on with this. Also, the GSM standard supports data does it not? So why are they not using an encrypted data connection - thereby not being limited to a 160 character message intended to be used for quick communication.
They're using the wrong tool for the job and then they wonder why it's rubbish.
(Admittedly I'm doing the exact same thing with a phone working as a GPS tracker on my bike - but the delayed delivery/response is actually beneficial in that situation.)
Require each control message to include a timestamp within the message body to indicate when the message is intended to be processed. Ignore any message which arrives more than x minutes after this time.
Wow I would think some of you folks would of looked up how remote starters worked before saying how unsafe they are , or saying it will get your car stolen. First off most only run for 15 minutes. You hit the brake and the car shuts of. New models you open the car door and it turns of. There are some that turn off when you hit the gas .
I agree with you and would have liked your post...
but unfortunately you are one of those people who can't spell the word "OFF" properly.
And what's wrong with your friendly neighbourhood shoe repair/key cutting store?
Well, for starters...
Most key cutting shops cant cut the "laser" keys and, more importantly, they cant code the transponders to the ECU and still cant access the vehicle.
I'd say the most insidious danger is when someone starts your SMS-enabled borgemobile inside your built-in garage while you are asleep.
But as the article says, the idiot desire to control everything from a sodding iClone is not restricted to cars, but has been expanded to some pretty stupid industrial places.
Stupid people with stupid toys.
great so now some spotty tweenager can
get hundreds of cars all to start themselves and flood loads of people's garages with carbon monoxide.
Lovely when your car starts itself and you are busy fueling it, and just remember to disconnect the battery if you intend putting your hands inside the engine compartment.
'kin whoopee, thanks guys, really clever invention that will create lots of real hazards and solve nothing in return.
Remote start doesn't need to be enabled all the time
Do you leave the fuel filler or bonnet open when you leave your car parked up for the night or whilst at work? Didn't think so. So how about requiring those two things (plus all doors and the boot/tailgate) to be closed before enabling remote start?
When I get a car
it'll be an old one. Preferably purely mechanical with not a semiconductor in sight.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- VMware reveals 27-patch Heartbleed fix plan