back to article Watch this Aussie infosec bod open car doors from afar

Silvio Cesare Silvio Cesare has probably spent enough on home alarm systems at hardware stores to buy a small pacific island. The Canberra hacker has over the last three years embarrassed manufacturers by buying remote alarms, baby monitors and locks from eBay and hardware stores and later developing replay attacks that allow …

  1. frank ly

    DMCA breach?

    If he sets foot on US soil, would they arrest him for DMCA breaches?

  2. stu 4

    arduino

    Yup, it'll be basic 433mhz am signals.

    2 quid gets you a set of tx/rx. another 2 quid gets you an arduino.

    listen to the codes, repeat. job done.

    this is how we can use arduino's to 'learn' to control remote power plugs, etc.

    It's nothing new though.

    Obviously fancier ones have rolling psuedo random codes, etc but I imagine many of them when reset start from the same seed too - so you just need to find the seed value to sync up.

  3. Steve Davies 3 Silver badge
    Mushroom

    Dangerous picture

    The picture of 70% Nitric Acid is probably enough to get the SWAT teams knocking down your door at 04:00 in some parts of the world.

    Isn't this one of the key components of Nitro Glycerin?

    Yeah, I know it could be used to get that the circuits inside a chip but that won't stop the jackboots & ski-masked troops from raiding your abode.

    Explosion for obvious reasons.

  4. dan1980

    Sound advice, but . . .

    "Also, obviously, avoid coding in backdoors."

    Ahhh yes, but the problem, I suspect, is that in this day and age so much is more-or-less commodity parts of the shelf. Or, if they are custom bits from a third-party vendor, they will still contain a common core of code.

    Hell, even if you were an auto manufacturer wanting to build a better mousetrap, you'd likely run afoul of IP laws.

    1. TeeCee Gold badge

      Re: Sound advice, but . . .

      I reckon the real problem here is that: "Oh dear Mr Valued Customer, you have lost your car keys. Well tough shit, you need a new car 'cos we can't do anything about it." doesn't go down that well.

      There has to be some mechanism available by which an authorised agent can bypass the security system to access all the ECU programming and initialise new keys, even without an old one, i.e. a "back door" of some sort. The problem is making that bulletproof.....

  5. Anonymous Coward
    Anonymous Coward

    Buzzgasm containment breach!

    Isn't "Watch this x" a classic symptom of a clickbait headline?

    "An Australian went to Black Hat, and YOU'LL NEVER GUESS WHAT HAPPENED"

    "What this security researcher can do WILL TERRIFY YOU!"

    Hint: If a headline tries to tell the reader what to do, or how to feel, it's clickbait shite.

    1. Elmer Phud

      Re: Buzzgasm containment breach!

      "Isn't "Watch this x" a classic symptom of a clickbait headline?"

      I just see the same sort of stuff that seems to happen eventually with most forms of networking as they are introduced into the wild.

      ("Hint: If a headline tries to tell the reader what to do, or how to feel, it's clickbait shite."

      and yours is any different sort of shite?)

    2. MrT

      On Facebook, or Daily Mail, yes. On ElReg...

      ... it's just ironic sarcastic observation - as a 'technology tabloid', the subs are just following current industry form, and taking the proverbial ;-)

    3. Ben Bonsall

      Check This! 10 things you never knew Aussies could do from afar!

      1) Unlock your car!

      2) Fill this jar for you.

      3) If the Aussie is Danni Minogue, she can do anything she does from as afar away as possible as far as i'm concerned.

      4) Something involving the Arapaho.

      5) Err...

  6. http://www.theregister.co.uk/Design/graphics/icons/comment/thumb_up_32.png

    Riveting video. Man locks car. Car unlocks. Man opens car. Oscar material!

    1. Elmer Phud
      Thumb Up

      OI!

      Bastard spolier!

      I've not watched the vid yet and now you've gone and ruined it!

  7. knarf

    Use a Brick

    Never fails to gain quick entry to a car. Not unless the neds/chavs are getting more tech savy these days

    1. Goldmember

      Re: Use a Brick

      Some cars (mine, for instance) have a "dead lock" on them. Once it's been activated the doors can't be opened, even by pulling the handle from the inside. I found out how well this worked when I locked my sister in law in there for 10 or 20 seconds.

      Yes you could still climb in through the window, but is a coded head unit and pair of sunglasses really worth all that risk of injury and effort of climbing through shattered glass?

      1. MrT

        Deadlocks...

        ...I had some nonce just pull the door window frame on an old mk3 Cavalier, but the 'expert' went for the passenger door (deadlocks were activated by turning the driver's doorlock an extra 90°). So, no joy for the crook, but luckily it all bent back into place without shattering the glass.

        Same thing happened to my sister's FIAT Cinquecento - thief got away with a pack of mints and a pair of prescription sunglasses. When telling the police, she said they'd be on the lookout for someone with fresh breath and a headache...

    2. disgruntled yank

      Re: Use a Brick

      Indeed physical approaches to physical security seem to be preferred in my neighborhood. Leave an iPhone in sight on the front seat, be out an iPhone and a window.

  8. Bassey

    How useful is this?

    Keys and locks have never been 100% secure but that is partly because we don't want them to be. We want them to be good enough to deter/delay 99% of people but still able to be broken when we loose the key. After all, it is FAR more likely that you will loose the key to your own car than someone will come along with $1000 dollars worth of kit and spend 30 minutes hacking it. In which case, I WANT there to be a back door.

    1. Anonymous Blowhard

      Re: How useful is this?

      But the problem is that this year's "$1000 dollars worth of kit and spend 30 minutes hacking it" gets repackaged into a box you can buy for $10 on eBay and only needs the time it takes to push a button; technology proliferation in the criminal community is fast because it's a money making business.

  9. Pascal Monett Silver badge

    Oh, bother

    All these things we had to make our lives easier have now become potential security holes that put us at risk.

    Plugging those holes is going to take years and oodles of money. I have to buy an Audi A8 if I want to have a secure car ? Ouch !

  10. Unicornpiss
    Alert

    Safety?

    No matter what the security, cars still have windows that are easily shattered, as those that have mentioned the brick master key have pointed out. And no matter how secure a trunk lock, a beefy crowbar will still make short work of most of them a lot quicker than capturing a signal using electronics. Taking extraordinary measures to secure the door locks on a car is like hanging a high security lock on a door with a window pane in it. You can also buy "tryout" or "jiggler" keys from locksmithing sites that will open a lot of cars with mechanical locks too, and pretty much all cars still have at least one of these for an emergency. Not as elegant perhaps as pushing a button, but it works.

    But more worrisome are exploits that can be used on a car that's in motion--if you can disable a car's engine or other systems, or otherwise cause events to happen that can jeopardise the safety of the car's occupants, these are the holes that need to be plugged. It's always been possible to steal many cars relatively easily, and while a nuisance, it doesn't affect public safety.

    1. NumptyScrub

      Re: Safety?

      quote: "It's always been possible to steal many cars relatively easily, and while a nuisance, it doesn't affect public safety."

      I'm guessing you're not familiar with the phrase "drive it like you stole it" then?

      Cars stolen for resale are generally driven carefully so as not to damage them and reduce the value. Cars stolen for joyrides may injure or kill one or more people prior to becoming a burnt out wreck, and definitely do affect public safety.

      The responsibility is on the idiot behind the wheel, but making it more difficult to steal in the first place helps reduce the number of idiots that manage to get behind the wheel.

  11. tim 13

    I want a back door for my car, preferably two, to make it easier to strap the kiddlywinks in their seats

    1. Michael Wojcik Silver badge

      My car has three back doors. Hah!

  12. ecofeco Silver badge

    Yeah, about that Internet cloud of things

    ...as I was saying...

  13. Toby 2
    Gimp

    Painful stream

    That video stream was just painful to load! Painful I tell you!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like