Is there an car thief app for that?
December 17, 2010 7:00 AM   Subscribe

Recently, a friend's beat up old car was stolen the old fashion way - with a screwdriver to the ignition. This made me wonder about auto theft and newer, computer chip laden cars like the 2011 Volvo that I rode in yesterday. Has the computerization of automobiles led to new ways to steal cars? Basically, is there an car thief app for that?
posted by R. Mutt to Travel & Transportation (8 answers total) 4 users marked this as a favorite
You might find this Wired story of interest.
posted by Lame_username at 7:14 AM on December 17, 2010 [3 favorites]

David Beckham has had two of his BMWs stolen by hackers cracking the keyless entry with laptops.
posted by sharkfu at 7:18 AM on December 17, 2010

Looks like auto theft has been dropping pretty steadily for the last few years. "During the last decade, car thefts have fallen more than 37 percent."
posted by octothorpe at 7:50 AM on December 17, 2010

While at Burning Man this year my travelling companion misplaced our car keys and after packing up on the last day we still hadn't found them. They were from a rental car and we thus had only one set, and it was one of those electronic fob keys. I didn't know what we were going to do -- the prospect of getting towed to Reno was a pretty frightening one in terms of cost. Fortunately we spotted a white van with a big sign saying 'LOCKSMITH' just prowling around so we flagged him down. For a relatively reasonable rate ($250) he was able to make us a new fob, on the spot. Here is how it worked.

There is some kind of password needed to start the car. It's a number with a small number of digits - maybe 9. There is also a 4 or 5-digit number which describes the tumbler positions in the door lock, which can be opened with a physical key. The locksmith is able to discover the tumbler positions by jiggling a blank key in the lock, and noting where the scratches are. He then cuts a key and opens the door, then somehow hooks up his laptop to the ignition system. The tumbler positions are somehow part of the password. The laptop discovers the rest. Push a few buttons, and then ta-da -- the car starts. (It had been almost two days since we'd discovered the lack of keys and almost everyone had left the event. The engine starting was a pretty glorious sound.) Once inside the car, it took him maybe five minutes before the engine was running, and most of that time was spent hooking up the laptop.

I asked what was going on, if the laptop was brute-forcing passwords, but he said no, he's running a program which is "able to figure it out", by which it sounds to me like there is some kind of exploit. The locksmith said he can do any kind of car, even the fancy BMWs -- in fact he'd had to make a BMW owner a key the day before because hers had stopped working. The cost is higher because he has to invest a fair bit of time and money in buying the software to crack the ignition systems and figuring out how to do it.

It places locksmiths in an interesting position. Are they violating the DMCA? Who's writing this software? I don't think it's the dealerships. Does this mean locksmiths and car thieves are sort of working together in figuring out how to crack these security systems? It makes you uneasy... but then you realize that if there was no way for a laptop to "discover" the password, then you would basically be stranded on the playa until you could get the car back to Enterprise, in Reno, 100 miles away and a 6 hour drive during exodus (in the opposite direction from where you live, by the way), and rumor has it the going rate for a tow off the playa is more than $1000. Dear Charlie the locksmith from Lovelock NV, if you're out there, you're a freakin legend. Thanks man.
posted by PercussivePaul at 8:32 AM on December 17, 2010 [9 favorites]

I can't find it now, but I remember reading recently that the increasing difficulty stealing cars the old fashioned way has led to a rise in carjackings, where a gun to the driver's head effectively bypasses all the antitheft measures.
posted by TedW at 9:26 AM on December 17, 2010

I asked what was going on, if the laptop was brute-forcing passwords, but he said no, he's running a program which is "able to figure it out", by which it sounds to me like there is some kind of exploit.

Not necessarily. The locksmith may have purchased the equipment or program from the manufacturer. This is probably similar to the way that auto shops have to buy computerized diagnostic machines from the manufacturer to work on modern cars.
posted by chrisamiller at 9:35 AM on December 17, 2010

An analogue approach to a digital problem from the UK. Break into a house, steal the car keys, steal the car.
posted by Dr.Pill at 10:16 AM on December 17, 2010

ISTR that the encryption algorithm used to authenticate the key to the car immobiliser in modern cars has been comprehensively broken six ways to Sunday. Using a 40-bit key really isn't enough these days, especially when you (IIRC) waste a good chunk of the bits on manufacturer ID codes.

See this New Scientist article for some comments from a security researcher. IIRC Bruce Schneier had something on his blog recently too.
posted by pharm at 3:44 PM on December 17, 2010

« Older A gift more my new, blind nephew?   |   Excel sort for relative placement Newer »
This thread is closed to new comments.