Driver to drive?

[Jasen Betts]

On 2015-04-17, Sylvia Else <sylvia@not.at.this.address> wrote:

On 17/04/2015 6:38 PM, F Murtz wrote:
Sylvia Else wrote:
On 17/04/2015 2:18 AM, Clocky wrote:
http://tinyurl.com/q4wgo8w

Interesting...

Added sci.electronics.design

"Danev said his company was in talks with several car manufacturers to
install a chip that can tell how far the key is from the car, thereby
defeating the power-amplifier trick."

We don't have details, but I'm a little sceptical that this would be the
solution it appears to be. While it's easy enough to send out a signal
and measure the response time, thus determining the distance, it's not
so easy to ensure that the responding device is the key fob.

Normally, the fob proves its identity by sending a code to the car. As
is apparent, this doesn't prevent the signal from being relayed. To
ensure that there's no relay, it would be necessary to measure the
response time of the entire code. The problem here is that it's not know
to any degree of accuracy what that should be - there's some variation
in the frequency used by the fob.

Or is it passive and just get identified by the car like my ignition key?

It's not really passive. There is still a code transmitted.

In RFID passive means ther transponder is powered by the incident RF
rather than by a local power source. passive tags may include
computing capabilities themselves, many include writable flash memories
passive tags typically have a range less than 1 metre. (often around
100mm)


--
umop apisdn

 

[Sylvia Else]

On 17/04/2015 10:17 PM, Chris Jones wrote:

On 17/04/2015 14:36, Sylvia Else wrote:
On 17/04/2015 2:18 AM, Clocky wrote:
http://tinyurl.com/q4wgo8w

Interesting...

Added sci.electronics.design

"Danev said his company was in talks with several car manufacturers to
install a chip that can tell how far the key is from the car, thereby
defeating the power-amplifier trick."

We don't have details, but I'm a little sceptical that this would be the
solution it appears to be. While it's easy enough to send out a signal
and measure the response time, thus determining the distance, it's not
so easy to ensure that the responding device is the key fob.

Normally, the fob proves its identity by sending a code to the car. As
is apparent, this doesn't prevent the signal from being relayed. To
ensure that there's no relay, it would be necessary to measure the
response time of the entire code. The problem here is that it's not know
to any degree of accuracy what that should be - there's some variation
in the frequency used by the fob.

Measuring the time to the first edge of the response is no good - it may
be inserted by the relay device, with only subsequent edges being
relayed from the fob.

Perhaps the whole keyless entry concept is fundamentally flawed.

Sylvia.






I missed the beginning of this thread wherever it is. Are you talking
about this?
https://eprint.iacr.org/2010/332.pdf

No, it was a newspaper article describing crims who are using a similar
approach to steal from cars (though not to steal the cars themselves).

I have a theory that several times in history, some bright engineer at a
car company has come up with a much more secure immobilizer that will
greatly reduce car theft. That engineer is led away to a meeting with
HR, and offered a much higher paid job in the bumper polishing
department, and the secure immobilizer is quietly stashed away in the
cupboard with all the others.

Seriously, many people who have brand A car stolen will go right back to
the dealer with the insurance money, and buy exactly the same model of
car from brand A again. They don't have time to go through the hassle of
choosing a model of car again, just because of what some stranger did.
Every time that an immobilizer fails to do its job, very probably the
same car maker makes a fresh sale.

I suspect that a truly effective immobilizer would have a significant
negative impact on the profitability of a car manufacturer. What
percentage of new car purchases are to replace a stolen, recent model
car? Amongst people I know it is a high percentage (maybe 2 in 5, both
replacements were the same model that was stolen).

To the small extent that customers care about insurance costs due to the
risk of theft when choosing a car, the insurance ratings are probably
based on assessments by some "independent" group (Thatcham etc.) which
may well be box-ticking excercises where they get extra points for
securing against one method of entry whereas the other (more inventive)
ones are not even looked at because they didn't know it was possible.

I would really not trust any immobilizer that comes with the car - as
the incentives are all wrong. The only thing that would fix this
incentive would be for the car manufacturer to be automatically liable
for the vehicle replacement cost in the event that the keys are still in
your posession. I think that would rapidly improve immobilizers, and
they probably already have a cupboard full of good designs that they
have been suppressing.

One should never suppose a conspiracy when simple incompetence is a
sufficient explanation.

Sylvia.

 

[Phil Hobbs]

On 04/17/2015 06:29 AM, Don Y wrote:

On 4/17/2015 2:43 AM, Phil Hobbs wrote:
Move to a better neighbourhood.

Where you live seems to have little bearing on the matter.

Guy from one of the wealthiest, "upscale" households in town recounted
how his floor safe was stolen from his home. The thief was caught
with *it* (still "locked") in a wheelbarrow trying to get it out through
the "back lots" to avoid the guards at the gated entry!

I live in an ordinary neighbourhood in the NYC suburbs. Nobody I know
round here has been burgled, not ever I think, but certainly not in the
last 25 years.

Of course, TV sets and other suburban paraphernalia aren't as easy to
fence as they used to be, because they're throwaway items anyhow. You'd
have to look for people with bundles of cash or serious jewellery (or
drugs or guns, depending on the neighbourhood).

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[Don Y]

On 4/17/2015 8:00 AM, Phil Hobbs wrote:

On 04/17/2015 06:29 AM, Don Y wrote:
On 4/17/2015 2:43 AM, Phil Hobbs wrote:
Move to a better neighbourhood.

Where you live seems to have little bearing on the matter.

Guy from one of the wealthiest, "upscale" households in town recounted
how his floor safe was stolen from his home. The thief was caught
with *it* (still "locked") in a wheelbarrow trying to get it out through
the "back lots" to avoid the guards at the gated entry!

I live in an ordinary neighbourhood in the NYC suburbs. Nobody I know round
here has been burgled, not ever I think, but certainly not in the last 25 years.

Of course, TV sets and other suburban paraphernalia aren't as easy to fence as
they used to be, because they're throwaway items anyhow. You'd have to look
for people with bundles of cash or serious jewellery (or drugs or guns,
depending on the neighbourhood).

I suspect there aren't many Canadians making the 3 hour trek into
The City to visit your "stuff"! You might find things a bit different
if you lived an hour from Mexico.

Aunt who lost her furs/jewels was in Chicagoland. My "winter jacket"
experience was in suburban Boston. (I won't count incidents at school)
Colleague in Denver lost his gun collection. Our vehicle was "vandalized"
(they don't call it burglary unless something was *taken* -- despite the
fact that the door had been opened forcefully) in a very visible
public parking lot.

Neighbor in the next "subdivision" was victim of a home invasion. Cops
claimed it was probably "drug related". Hard to imagine pleasant 80+
year old couple selling drugs! More likely, criminals who got the address
wrong (or used an out-of-date address from a google search).

You'd be surprised at how often this sort of thing happens. People tend
not to "brag" (or kvetch) about it as much as you'd expect. E.g., we
didn't know of *either* of the neighbor's two car thefts until *after*
the second -- when the car was not recovered ("Hey, is your car in the
shop? Haven't seen it for a while..." "No, it was stolen. For the
*second* time. But, this time, they trashed it before the cops found it")

 

[Phil Hobbs]

On 04/17/2015 11:30 AM, Don Y wrote:

On 4/17/2015 8:00 AM, Phil Hobbs wrote:
On 04/17/2015 06:29 AM, Don Y wrote:
On 4/17/2015 2:43 AM, Phil Hobbs wrote:
Move to a better neighbourhood.

Where you live seems to have little bearing on the matter.

Guy from one of the wealthiest, "upscale" households in town recounted
how his floor safe was stolen from his home. The thief was caught
with *it* (still "locked") in a wheelbarrow trying to get it out through
the "back lots" to avoid the guards at the gated entry!

I live in an ordinary neighbourhood in the NYC suburbs. Nobody I know
round
here has been burgled, not ever I think, but certainly not in the last
25 years.

Of course, TV sets and other suburban paraphernalia aren't as easy to
fence as
they used to be, because they're throwaway items anyhow. You'd have
to look
for people with bundles of cash or serious jewellery (or drugs or guns,
depending on the neighbourhood).

I suspect there aren't many Canadians making the 3 hour trek into
The City to visit your "stuff"! You might find things a bit different
if you lived an hour from Mexico.

Sure. So move. Of course I live half an hour from the South Bronx.

Aunt who lost her furs/jewels was in Chicagoland. My "winter jacket"
experience was in suburban Boston. (I won't count incidents at school)
Colleague in Denver lost his gun collection. Our vehicle was "vandalized"
(they don't call it burglary unless something was *taken* -- despite the
fact that the door had been opened forcefully) in a very visible
public parking lot.

Not round here. Go figure

Cheers

Phil Hobbs


--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

I used to have a certain model of a GM all-wheel drive SUV. I Came out one morning to all windows down, all door locks popped open, and the transmission audibly clicking.

The Battery had two dead cells.

Mind you, just removing the battery did not unlock it. Low battery voltage far outside of the design range caused the fault.

I called work, walked a mile to the auto parts place, brought back a battery and dropped it in. It started right up with no electrical system faults when tested.

I came to the conclusion that a smart thief could have as many of these he wanted to take. Especially if he partially shorted the battery from underneath
It did not take too long to figure out how he could do that with the cable arrangement.

I sold the SUV as quickly as possible.

Steve

 

[Don Y]

On 4/17/2015 5:17 AM, Chris Jones wrote:

I would really not trust any immobilizer that comes with the car - as the
incentives are all wrong. The only thing that would fix this incentive would be
for the car manufacturer to be automatically liable for the vehicle replacement
cost in the event that the keys are still in your posession. I think that would
rapidly improve immobilizers, and they probably already have a cupboard full of
good designs that they have been suppressing.

The problem with any "stock" immobilizers, alarms, etc. is that they
self-identify. A would-be thief looks at the car and knows what
vulnerabilities (if any) are present.

Aftermarket items at least add some degree of uncertainty to that calculus.

The same is true of home intrusion/alarm systems that let you proudly
display a placard in the front yard: "Protected by ABC Alarm System".
Potential thieves can go "window shopping" from the comfort of their
cars as they cruise the neighborhood looking for a particular "vulnerability".

[I suspect "wireless" alarm systems would be rather easy to exploit:
either by interfering with the comms between the remote sensors and the
"base" that does the actual reporting/signaling; or, by repeatedly
interfering with those comms and causing the base to signal a "false
alarm" -- which, in many locations, can result in a fine esp if it
happens "often enough" (and, once you've trained the homeowner to
leave his problematic alarm system *off*, you've accomplished your goal!)]

 

[Don Y]

On 4/17/2015 8:36 AM, Phil Hobbs wrote:

On 04/17/2015 11:30 AM, Don Y wrote:
On 4/17/2015 8:00 AM, Phil Hobbs wrote:
On 04/17/2015 06:29 AM, Don Y wrote:
On 4/17/2015 2:43 AM, Phil Hobbs wrote:
Move to a better neighbourhood.

Where you live seems to have little bearing on the matter.

Guy from one of the wealthiest, "upscale" households in town recounted
how his floor safe was stolen from his home. The thief was caught
with *it* (still "locked") in a wheelbarrow trying to get it out through
the "back lots" to avoid the guards at the gated entry!

I live in an ordinary neighbourhood in the NYC suburbs. Nobody I know
round
here has been burgled, not ever I think, but certainly not in the last
25 years.

Of course, TV sets and other suburban paraphernalia aren't as easy to
fence as
they used to be, because they're throwaway items anyhow. You'd have
to look
for people with bundles of cash or serious jewellery (or drugs or guns,
depending on the neighbourhood).

I suspect there aren't many Canadians making the 3 hour trek into
The City to visit your "stuff"! You might find things a bit different
if you lived an hour from Mexico.

Sure. So move. Of course I live half an hour from the South Bronx.

How many of them live in walking distance of your property?
Do any of your neighbors employ them for yard work, household
chores, etc. (i.e., are they *in* your neighborhood, regularly)?

Aunt who lost her furs/jewels was in Chicagoland. My "winter jacket"
experience was in suburban Boston. (I won't count incidents at school)
Colleague in Denver lost his gun collection. Our vehicle was "vandalized"
(they don't call it burglary unless something was *taken* -- despite the
fact that the door had been opened forcefully) in a very visible
public parking lot.

Not round here. Go figure

Or, its happening and you are just not aware of it.

A friend had his truck "broken into" one evening. Thief didn't
take anything and left the door wide open. Friend suspects they saw
the "Danger: Radiation" symbol on some of the radioactive samples
he had stored in a case on the seat and decided to find another
target -- *quickly*!

Filing a claim on your homeowner's/auto policy often does nothing
other than increase your premium (your deductible causes the loss
to come out of your pocket). Filing a police report (usually
required if you want to file an insurance claim) does nothing
other than alter the crime statistics (few stolen items are ever
recovered).

Many places report crimes on public websites (to the nearest block).
It's interesting to examine these and try to correlate with your
own personal observations/conversations.

As a result, most people treat these sorts of things as "cost of doing
business", "cost of home ownership", etc. Grumble and move on with your
life...

 

[John Larkin]

On Fri, 17 Apr 2015 22:17:17 +1000, Chris Jones
<lugnut808@spam.yahoo.com> wrote:

On 17/04/2015 14:36, Sylvia Else wrote:
On 17/04/2015 2:18 AM, Clocky wrote:
http://tinyurl.com/q4wgo8w

Interesting...

Added sci.electronics.design

"Danev said his company was in talks with several car manufacturers to
install a chip that can tell how far the key is from the car, thereby
defeating the power-amplifier trick."

We don't have details, but I'm a little sceptical that this would be the
solution it appears to be. While it's easy enough to send out a signal
and measure the response time, thus determining the distance, it's not
so easy to ensure that the responding device is the key fob.

Normally, the fob proves its identity by sending a code to the car. As
is apparent, this doesn't prevent the signal from being relayed. To
ensure that there's no relay, it would be necessary to measure the
response time of the entire code. The problem here is that it's not know
to any degree of accuracy what that should be - there's some variation
in the frequency used by the fob.

Measuring the time to the first edge of the response is no good - it may
be inserted by the relay device, with only subsequent edges being
relayed from the fob.

Perhaps the whole keyless entry concept is fundamentally flawed.

Sylvia.






I missed the beginning of this thread wherever it is. Are you talking
about this?
https://eprint.iacr.org/2010/332.pdf

I have a theory that several times in history, some bright engineer at a
car company has come up with a much more secure immobilizer that will
greatly reduce car theft. That engineer is led away to a meeting with
HR, and offered a much higher paid job in the bumper polishing
department, and the secure immobilizer is quietly stashed away in the
cupboard with all the others.

Seriously, many people who have brand A car stolen will go right back to
the dealer with the insurance money, and buy exactly the same model of
car from brand A again. They don't have time to go through the hassle of
choosing a model of car again, just because of what some stranger did.
Every time that an immobilizer fails to do its job, very probably the
same car maker makes a fresh sale.

I suspect that a truly effective immobilizer would have a significant
negative impact on the profitability of a car manufacturer. What
percentage of new car purchases are to replace a stolen, recent model
car? Amongst people I know it is a high percentage (maybe 2 in 5, both
replacements were the same model that was stolen).

To the small extent that customers care about insurance costs due to the
risk of theft when choosing a car, the insurance ratings are probably
based on assessments by some "independent" group (Thatcham etc.) which
may well be box-ticking excercises where they get extra points for
securing against one method of entry whereas the other (more inventive)
ones are not even looked at because they didn't know it was possible.

I would really not trust any immobilizer that comes with the car - as
the incentives are all wrong. The only thing that would fix this
incentive would be for the car manufacturer to be automatically liable
for the vehicle replacement cost in the event that the keys are still in
your posession. I think that would rapidly improve immobilizers, and
they probably already have a cupboard full of good designs that they
have been suppressing.

I wish I could turn off all the security "features" of my car. And a
bunch of other "intelligent" over-engineered, over-programmed things.
There is a low probability that my car will be stolen, but a good
probability that it will lock me out, or need to be towed to a dealer,
and a certainty that it will annoy me regularly.

It locks the doors when it's in the mood, even if the key is in the
ignition, or the windows are open. The windshield wipers are insane.
The tire pressure warnings are frequent and bogus. HVAC is a maze of
black-on-black buttons and hidden states.


--

John Larkin Highland Technology, Inc
picosecond timing laser drivers and controllers

jlarkin att highlandtechnology dott com
http://www.highlandtechnology.com

 

[Don Y]

On 4/17/2015 9:12 AM, John Larkin wrote:

I wish I could turn off all the security "features" of my car. And a
bunch of other "intelligent" over-engineered, over-programmed things.
There is a low probability that my car will be stolen, but a good
probability that it will lock me out, or need to be towed to a dealer,
and a certainty that it will annoy me regularly.

I think many "car systems" are designed by third parties and slapped
together by the manufacturer. I'm not sure there is a consistent
design philosophy at play throughout the vehicle (let alone the
product line!)

It locks the doors when it's in the mood, even if the key is in the
ignition, or the windows are open. The windshield wipers are insane.
The tire pressure warnings are frequent and bogus. HVAC is a maze of
black-on-black buttons and hidden states.

My pet peeves (SWMBO's vehicle) are:
- the "multifunction key/remote" (push the button once to unlock
driver side, twice to add passenger side to that, thrice to
roll down the windows). I can't count the number of times
I've walked up to the car to find the windows partially open
from some previous "button overpress".
- the driver side window that rolls itself all the way up/down
if you hold the switch "too long"
- the automatic door locking. As you said, whatever algorithm
is employed is pretty much a mystery! When dropping books off
at the public library, I make a point of *not* closing the door
if I've left the ignition running (out of fear it will decide
to lock the door despite sensing "no presence" in the vehicle!)
- some of the rules for the various control systems. E.g., the
seat sensors try to detect the size of the occupant. If they
"guess wrong", the car often gets confused and reacts inappropriately.
Of course, there's no "reset, try again" button...
- the fact that the power windows are inoperative once a door has
been opened (with ignition off). Even if you were operating a
window at the time the door was opened!

OTOH, I *do* like the ability to command the doors to *lock*
repeatedly -- which results in a brief toot on the horn. Handy
for locating the car when you've forgotten in exactly which aisle
you've parked it!

There are a few "features" I stumbled on in the manual that
are too "non-intuitive" for me to comprehend without making a
very deliberate effort to explore their implementation(s).

I think a good deal of the problem comes from trying to cram too
many features into a "starved" user interface: press once for
this, twice for that, etc.

And, too many features of little value (neighbor's vehicle automatically
moves the steering column *up* to increase leg room when entering
and exiting the vehicle -- then returns it to the operator's specified
position in preparation for driving. Really? Is this necessary?
My God, how did you ever drive when steering columns were *fixed*??).

[Of course, the car also has a little "cooler" built in... don't know
how he ever managed to get to work without *that*, before! :> ]

 

[Phil Hobbs]

On 04/17/2015 11:49 AM, Don Y wrote:

On 4/17/2015 8:36 AM, Phil Hobbs wrote:
On 04/17/2015 11:30 AM, Don Y wrote:
On 4/17/2015 8:00 AM, Phil Hobbs wrote:
On 04/17/2015 06:29 AM, Don Y wrote:
On 4/17/2015 2:43 AM, Phil Hobbs wrote:
Move to a better neighbourhood.

Where you live seems to have little bearing on the matter.

Guy from one of the wealthiest, "upscale" households in town recounted
how his floor safe was stolen from his home. The thief was caught
with *it* (still "locked") in a wheelbarrow trying to get it out
through
the "back lots" to avoid the guards at the gated entry!

I live in an ordinary neighbourhood in the NYC suburbs. Nobody I know
round
here has been burgled, not ever I think, but certainly not in the last
25 years.

Of course, TV sets and other suburban paraphernalia aren't as easy to
fence as
they used to be, because they're throwaway items anyhow. You'd have
to look
for people with bundles of cash or serious jewellery (or drugs or guns,
depending on the neighbourhood).

I suspect there aren't many Canadians making the 3 hour trek into
The City to visit your "stuff"! You might find things a bit different
if you lived an hour from Mexico.

Sure. So move. Of course I live half an hour from the South Bronx.

How many of them live in walking distance of your property?
Do any of your neighbors employ them for yard work, household
chores, etc. (i.e., are they *in* your neighborhood, regularly)?

Aunt who lost her furs/jewels was in Chicagoland. My "winter jacket"
experience was in suburban Boston. (I won't count incidents at school)
Colleague in Denver lost his gun collection. Our vehicle was
"vandalized"
(they don't call it burglary unless something was *taken* -- despite the
fact that the door had been opened forcefully) in a very visible
public parking lot.

Not round here. Go figure

Or, its happening and you are just not aware of it.

Evidence is lacking.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[Phil Hobbs]

On 04/17/2015 12:12 PM, John Larkin wrote:

On Fri, 17 Apr 2015 22:17:17 +1000, Chris Jones
lugnut808@spam.yahoo.com> wrote:

On 17/04/2015 14:36, Sylvia Else wrote:
On 17/04/2015 2:18 AM, Clocky wrote:
http://tinyurl.com/q4wgo8w

Interesting...

Added sci.electronics.design

"Danev said his company was in talks with several car manufacturers to
install a chip that can tell how far the key is from the car, thereby
defeating the power-amplifier trick."

We don't have details, but I'm a little sceptical that this would be the
solution it appears to be. While it's easy enough to send out a signal
and measure the response time, thus determining the distance, it's not
so easy to ensure that the responding device is the key fob.

Normally, the fob proves its identity by sending a code to the car. As
is apparent, this doesn't prevent the signal from being relayed. To
ensure that there's no relay, it would be necessary to measure the
response time of the entire code. The problem here is that it's not know
to any degree of accuracy what that should be - there's some variation
in the frequency used by the fob.

Measuring the time to the first edge of the response is no good - it may
be inserted by the relay device, with only subsequent edges being
relayed from the fob.

Perhaps the whole keyless entry concept is fundamentally flawed.

Sylvia.






I missed the beginning of this thread wherever it is. Are you talking
about this?
https://eprint.iacr.org/2010/332.pdf

I have a theory that several times in history, some bright engineer at a
car company has come up with a much more secure immobilizer that will
greatly reduce car theft. That engineer is led away to a meeting with
HR, and offered a much higher paid job in the bumper polishing
department, and the secure immobilizer is quietly stashed away in the
cupboard with all the others.

Seriously, many people who have brand A car stolen will go right back to
the dealer with the insurance money, and buy exactly the same model of
car from brand A again. They don't have time to go through the hassle of
choosing a model of car again, just because of what some stranger did.
Every time that an immobilizer fails to do its job, very probably the
same car maker makes a fresh sale.

I suspect that a truly effective immobilizer would have a significant
negative impact on the profitability of a car manufacturer. What
percentage of new car purchases are to replace a stolen, recent model
car? Amongst people I know it is a high percentage (maybe 2 in 5, both
replacements were the same model that was stolen).

To the small extent that customers care about insurance costs due to the
risk of theft when choosing a car, the insurance ratings are probably
based on assessments by some "independent" group (Thatcham etc.) which
may well be box-ticking excercises where they get extra points for
securing against one method of entry whereas the other (more inventive)
ones are not even looked at because they didn't know it was possible.

I would really not trust any immobilizer that comes with the car - as
the incentives are all wrong. The only thing that would fix this
incentive would be for the car manufacturer to be automatically liable
for the vehicle replacement cost in the event that the keys are still in
your posession. I think that would rapidly improve immobilizers, and
they probably already have a cupboard full of good designs that they
have been suppressing.

I wish I could turn off all the security "features" of my car. And a
bunch of other "intelligent" over-engineered, over-programmed things.
There is a low probability that my car will be stolen, but a good
probability that it will lock me out, or need to be towed to a dealer,
and a certainty that it will annoy me regularly.

It locks the doors when it's in the mood, even if the key is in the
ignition, or the windows are open. The windshield wipers are insane.
The tire pressure warnings are frequent and bogus. HVAC is a maze of
black-on-black buttons and hidden states.

So find the JTAG port and hack it!

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[John Larkin]

On Fri, 17 Apr 2015 13:17:06 -0400, Phil Hobbs
<pcdhSpamMeSenseless@electrooptical.net> wrote:

On 04/17/2015 12:12 PM, John Larkin wrote:
On Fri, 17 Apr 2015 22:17:17 +1000, Chris Jones
lugnut808@spam.yahoo.com> wrote:

On 17/04/2015 14:36, Sylvia Else wrote:
On 17/04/2015 2:18 AM, Clocky wrote:
http://tinyurl.com/q4wgo8w

Interesting...

Added sci.electronics.design

"Danev said his company was in talks with several car manufacturers to
install a chip that can tell how far the key is from the car, thereby
defeating the power-amplifier trick."

We don't have details, but I'm a little sceptical that this would be the
solution it appears to be. While it's easy enough to send out a signal
and measure the response time, thus determining the distance, it's not
so easy to ensure that the responding device is the key fob.

Normally, the fob proves its identity by sending a code to the car. As
is apparent, this doesn't prevent the signal from being relayed. To
ensure that there's no relay, it would be necessary to measure the
response time of the entire code. The problem here is that it's not know
to any degree of accuracy what that should be - there's some variation
in the frequency used by the fob.

Measuring the time to the first edge of the response is no good - it may
be inserted by the relay device, with only subsequent edges being
relayed from the fob.

Perhaps the whole keyless entry concept is fundamentally flawed.

Sylvia.






I missed the beginning of this thread wherever it is. Are you talking
about this?
https://eprint.iacr.org/2010/332.pdf

I have a theory that several times in history, some bright engineer at a
car company has come up with a much more secure immobilizer that will
greatly reduce car theft. That engineer is led away to a meeting with
HR, and offered a much higher paid job in the bumper polishing
department, and the secure immobilizer is quietly stashed away in the
cupboard with all the others.

Seriously, many people who have brand A car stolen will go right back to
the dealer with the insurance money, and buy exactly the same model of
car from brand A again. They don't have time to go through the hassle of
choosing a model of car again, just because of what some stranger did.
Every time that an immobilizer fails to do its job, very probably the
same car maker makes a fresh sale.

I suspect that a truly effective immobilizer would have a significant
negative impact on the profitability of a car manufacturer. What
percentage of new car purchases are to replace a stolen, recent model
car? Amongst people I know it is a high percentage (maybe 2 in 5, both
replacements were the same model that was stolen).

To the small extent that customers care about insurance costs due to the
risk of theft when choosing a car, the insurance ratings are probably
based on assessments by some "independent" group (Thatcham etc.) which
may well be box-ticking excercises where they get extra points for
securing against one method of entry whereas the other (more inventive)
ones are not even looked at because they didn't know it was possible.

I would really not trust any immobilizer that comes with the car - as
the incentives are all wrong. The only thing that would fix this
incentive would be for the car manufacturer to be automatically liable
for the vehicle replacement cost in the event that the keys are still in
your posession. I think that would rapidly improve immobilizers, and
they probably already have a cupboard full of good designs that they
have been suppressing.

I wish I could turn off all the security "features" of my car. And a
bunch of other "intelligent" over-engineered, over-programmed things.
There is a low probability that my car will be stolen, but a good
probability that it will lock me out, or need to be towed to a dealer,
and a certainty that it will annoy me regularly.

It locks the doors when it's in the mood, even if the key is in the
ignition, or the windows are open. The windshield wipers are insane.
The tire pressure warnings are frequent and bogus. HVAC is a maze of
black-on-black buttons and hidden states.

So find the JTAG port and hack it!

Cheers

Phil Hobbs

I wonder if any of that nonsense can be turned off. The wipers are
especially annoying. There is a rain sensor that constantly, and
erroneously, second-guesses my wiper preferences. If I stop at a red
light, it stops wiping on, I guess, the theory that I don't need
wipers if I'm stopped. Nobody considered that I might want to see when
the light turns green.


--

John Larkin Highland Technology, Inc
picosecond timing precision measurement

jlarkin att highlandtechnology dott com
http://www.highlandtechnology.com

 

[Don Y]

On 4/17/2015 10:11 AM, Phil Hobbs wrote:

Not round here. Go figure

Or, its happening and you are just not aware of it.

Evidence is lacking.

How would you know that -- if you're not "aware of it"? :>

Most of my neighbors are ignorant of the crimes I've mentioned,
here. You won't *read* about them on a web site, police blotter,
newspaper, etc. So, unless you speak to the folks involved,
first-hand, you never know what's happening (I walk the entire
subdivision daily and chat with the various folks I encounter
so am probably "exposed" to more of my neighbors than anyone
else in these ~200 homes). You learn a lot from personal
relationships!

And, that still doesn't count crimes that folks DON'T want to
discuss!

Some people live in fear; others live in ignorance. I choose
neither.

 

[Jan Panteltje]

On a sunny day (Fri, 17 Apr 2015 10:38:24 -0700) it happened John Larkin
<jlarkin@highlandtechnology.com> wrote in
<02h2ja5rqqbi58en45c112nkkhgtt80k6o@4ax.com>:

I wonder if any of that nonsense can be turned off. The wipers are
especially annoying. There is a rain sensor that constantly, and
erroneously, second-guesses my wiper preferences. If I stop at a red
light, it stops wiping on, I guess, the theory that I don't need
wipers if I'm stopped. Nobody considered that I might want to see when
the light turns green.

It is probably the same situation as the programmers for Samsung TVs.
They do not get to use their work, because they simply get payed peanuts, and cannot afford it.
Without that feedback loop ...
This is my theory of course.

 

[Phil Hobbs]

On 04/17/2015 01:38 PM, Don Y wrote:

On 4/17/2015 10:11 AM, Phil Hobbs wrote:

Not round here. Go figure

Or, its happening and you are just not aware of it.

Evidence is lacking.

How would you know that -- if you're not "aware of it"? :

Most of my neighbors are ignorant of the crimes I've mentioned,
here. You won't *read* about them on a web site, police blotter,
newspaper, etc. So, unless you speak to the folks involved,
first-hand, you never know what's happening (I walk the entire
subdivision daily and chat with the various folks I encounter
so am probably "exposed" to more of my neighbors than anyone
else in these ~200 homes). You learn a lot from personal
relationships!

And, that still doesn't count crimes that folks DON'T want to
discuss!

Some people live in fear; others live in ignorance. I choose
neither.

Suit yourself. You don't actually know anything about where I live, but
if your way makes you feel better, bravo.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[Don Y]

On 4/17/2015 11:08 AM, Phil Hobbs wrote:

On 04/17/2015 01:38 PM, Don Y wrote:
On 4/17/2015 10:11 AM, Phil Hobbs wrote:

Not round here. Go figure

Or, its happening and you are just not aware of it.

Evidence is lacking.

How would you know that -- if you're not "aware of it"? :

Most of my neighbors are ignorant of the crimes I've mentioned,
here. You won't *read* about them on a web site, police blotter,
newspaper, etc. So, unless you speak to the folks involved,
first-hand, you never know what's happening (I walk the entire
subdivision daily and chat with the various folks I encounter
so am probably "exposed" to more of my neighbors than anyone
else in these ~200 homes). You learn a lot from personal
relationships!

And, that still doesn't count crimes that folks DON'T want to
discuss!

Some people live in fear; others live in ignorance. I choose
neither.

Suit yourself. You don't actually know anything about where I live, but if
your way makes you feel better, bravo.

My question is whether *you* REALLY know much about where you live!
If you *really* think there has been no crime in your neighborhood
(assuming you define that to be more than your *own* home) in the
past 25 years, I suspect you're just not aware of the crime that
*has* taken place.

Or, there are thousands of fearful people *anxious* to buy a home
in your neighborhood -- just to avail themselves of this little
"pocket of zero crime".

As you said, if your way makes *you* feel better...

 

[Jon Elson]

Don Y wrote:

- the automatic door locking. As you said, whatever algorithm
is employed is pretty much a mystery!

Our Honda Civics do have a few quirks, but you just have to know them.
If you remote-unlock the car and do not open any DOORS, it will relock in 2
minutes. Even if you open the trunk, the doors will re-lock after 2
minutes. If you leave the key in the ignition, you will not be able to lock
the doors at all. If you hit the interior door lock button, they will lock
and immediately unlock. If the key is too far from the ignition lock area,
you may still be able to lock them in the car, though.

Generally, this all makes sense to me.

Jon

 

[Don Y]

Hi Steve,

On 4/17/2015 12:39 PM, sroberts6328@gmail.com wrote:

I used to have a certain model of a GM all-wheel drive SUV. I Came out one
morning to all windows down, all door locks popped open, and the
transmission audibly clicking.

The Battery had two dead cells.

Ah!

Mind you, just removing the battery did not unlock it. Low battery voltage
far outside of the design range caused the fault.

Another "can't happen", I guess. :>

I called work, walked a mile to the auto parts place, brought back a battery
and dropped it in. It started right up with no electrical system faults when
tested.

Do you know if it *logged* an error? Or, if it had "sufficiently lost
its mind" that it didn't even know to do *that*?

I came to the conclusion that a smart thief could have as many of these he
wanted to take. Especially if he partially shorted the battery from
underneath It did not take too long to figure out how he could do that with
the cable arrangement.

And, in the era of social media, pirate web sites, blogs, etc. you *know*
it wouldn't take long for someone to propagate that knowledge. Far faster
than the manufacturer (and unlucky consumers) could react to counter the
threat.

> I sold the SUV as quickly as possible.

In red/blue exercises, the first thing I do is make a list of what the
"defenders" have PROBABLY inherently accepted as "given's" in their
design -- what do they ASSUME to be reliable truths. Then, think of
ways of undermining those assumptions to expose vulnerabilities that
*relied* on them (explicitly or implicitly).

You'd be surprised at how *much* designers "expect" as truths!
("No one would EVER think of remotely hacking an implanted pacemaker,
the control system of a modern car/aircraft, etc. What possible
*gain* would they achieve?? It's not like it's a vending machine...")

We had a natural gas outage (well, more like "insufficient supply to
meet instantaneous demand") a few years back (abnormally cold winter).
I noticed the house getting quite cool in the wee hours of the morning.
Checked the thermostat to discover the furnace wasn't responding to calls
for heat!

Removed furnace access panel, inspected igniter, gas valve, etc. while
it was engaged in an ignition cycle... saw the gas ignite -- then promptly
extinguish (as the valve apparently closed). Combustion chamber exhaust
fan blows for a few minutes to vent unburned gasses, etc. Then, a few
minutes later, the cycle repeats.

And, would have kept on repeating all day (it had obviously been doing this
for a few hours before I noticed the low temperature) had I not diagnosed
the cause and taken the furnace off-line.

Obviously, the designers expected some number of "mis-ignitions" in the
course of normal operation and had implemented a logical work-around: vent
any gasses that may have accumulated (because they don't know that they
*were* burned off) and then try again.

But, when do you stop? You've got a processor (a little PIC) in there.
Can't it do something trivial like *count* the number of misfires and,
after some "extraordinary number" (like, say *3*??) realize that
something is "broken" and react SAFELY? There is no feedback from the
combustion chamber blower so it is conceivable that a fault has caused
the igniter to fail *and* the exhaust blower. So, each ignition attempt
could potentially be spewing natural gas into the (confined) area that
wouldn't be able to dissipate, naturally, by passive means (e.g., the
combustion relief).

Enter a "lockdown" state, blink some code with the three LEDs on the
controller board and wait for the homeowner to call a plumber to resolve
the problem.

I suspect the local plumbers made a killing, that day, as thousands
of residences/businesses had "heating problems" that boiled down to
"Sorry, low gas pressure. Nothing we can do about it! That'll be $80,
please..."

[I'm sure there's an exploit in there but *ASSUME* it's not a worthwhile
target: "What possible *gain* would they achieve?? It's not like it's
a vending machine..." :> ]

 

[Clocky]

On 18/04/2015 1:50 AM, Jan Panteltje wrote:

On a sunny day (Fri, 17 Apr 2015 10:38:24 -0700) it happened John Larkin
jlarkin@highlandtechnology.com> wrote in
02h2ja5rqqbi58en45c112nkkhgtt80k6o@4ax.com>:

I wonder if any of that nonsense can be turned off. The wipers are
especially annoying. There is a rain sensor that constantly, and
erroneously, second-guesses my wiper preferences. If I stop at a red
light, it stops wiping on, I guess, the theory that I don't need
wipers if I'm stopped. Nobody considered that I might want to see when
the light turns green.

It is probably the same situation as the programmers for Samsung TVs.
They do not get to use their work, because they simply get payed peanuts, and cannot afford it.
Without that feedback loop ...
This is my theory of course.

I dunno, my Samsung TV is probably the easiest to use in terms of
scanning the program guide compared to most others but it is a few years
old so maybe things have changed. The only issue is that it occasionally
loses the plot when scrolling though the program guide requiring a power
cycle to reset it but that is pretty rare.