DUDE, WHERE'S MY CAR? New leccy BMWs have flimsy password security – researcher New BMW cars have security shortcomings that could allow thieves to pop open a victim's flash motor from a smartphone. Ken Munro, a partner at Pen Test Partners, uncovered security issues in the systems that pair the latest generation of beamers with owners' mobiles. By stringing together the flaws, a crook could open doors, …
"What happens when the original owner sells the car?"
The previous owner would need to reliquish the old password, then it would be smart if the new owner changed it.
However, if past experience is anything to go by, that's not going to happen. (as per the anti-theft four digit car radio code that disables the radio when removing the battery).
The new owner will have to go to a dealer, who then takes a form with suitable identification and VIN number, which then gets passed on to the factory who uses a lookup table for that radio's code, then passes that back to the dealer who gets in touch with the owner. Six years later, the ower has sold it to someone else and doesn't care anymore because he pulled out the factory radio and replaced it since then anyway.
This is the same, except the remote functionality is never used, and the car operates much in the same way as any other car. And this bit I learned the hard way: If you're sold a car, that is claimed it drives like any other car, the manufacturer is under no obligation to fix any other special features - because they don't stop it from being a "car".
"Can you disable individual phones from the dashboard/display?"
That would make this system a lot more secure, if an individual mobile had to be verified and activate from the car with the ignition turned on. You wouldn't be able to load the app onto any other phone then and use it as the mobile would not be verified.
BMW, like all other production car manufacturers generate an enormous portion of their operating revenue and have their highest margin products targeted directly at the used car market.
Ideally you trade your BMW back in at the dealership where you bought it and BMW will be more than happy to merge your existing negative equity with your new negative equity. But if you're going to be difficult they'll just get you on the genuine BMW parts and fluids most BMW owners demand. There's fuck all money in new car sales. In 2002 BMW surpassed the $2k per car holy grail in new auto manufacturing. Most production manufacturers tend to hover around the $6-700 per car range. Trade ins, financing, service and parts is where the money is. New cars and game consoles have the same business models with the difference being margins on the post sale products.
Is it any different than an RF radio on your keychain? I can actuate the door locks, open or close the windows and sunroof, move the seats to preassigned configurations, start and turn off the engine and mute the radio if I left the volume to high the night before, so as not to disturb the neighbors with my music while the car is warming up. It's nice because it wasn't so long ago that the key fob was just a transmitter and you had to look out the window to verify the car received your commands. Now the fob is a two way radio and provides command verification without anyone having to look out the window.
Furthermore, the person with the key fob has control of the vehicle. Full stop. No passwords, biometrics, test questions or social engineering required. You are logged in simply by possessing the fob. With the exception of command verification, none of that is new technology. I'm not sure how using that technology via a smartphone instead of 30 year old key fob tech is any different.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
