Here's another high-tech nightmare: stealing cars without a key
 

You know how modern cars unlock their doors when you approach with the radio-transmitting key. Many high end cars use the same technology to start the engine. You don't need an ignition key any more; you just enter the car and the engine starts.

It turns out that this system is easy to hack. A device readily bought on the Internet amplifies the signals involved so that the car parked in your driveway and the key in your bedroom drawer can talk to each other as if they were in close proximity. The doors open, the engine starts, and away they go!

The amplifiers cost a lot if you buy them on the dark web but apparently they can be made quite cheaply if you know how.

It fits a pattern, doesn't it, one we're familiar with in computing. People want life to be made easier and easier for them, and all they are doing is making themselves more and more vulnerable.

They are not all that complex to make if you have an interest in electronics and program a little. I think you have the latter and could pick up the former if interested.

However, I'd be more worried about the car's rolling network. It's designed with M$ levels of security such that you can control most aspects of operation, such as turning the brakes on or off, or revving the engine, remotely. Although that is not the intention. The limiting factor is identifying the car electronically if there is a wish to target a particular driver and their passengers.

Several universities have had researchers mapping out the problems. They kept quiet for a few years initially while collaborating with the car manufacturers but opened the discussion to the public a few years ago.

Then there's home electronics: things like Nest. Why on earth would people want to make their heating systems hackable by every Tom, Dick or Harry just so they could switch on the central heating half an hour before they get home?

It's the same pattern again: huge security flaws introduced just for a little extra convenience.

Yes, those and a lot of other appliances also get connected to the 'smart' meters. Those are more or less open to anyone that is with broadcasting range and serve as an easy stepping stone into a house's other devices.

But back Nest, have you poked around in the search engine Shodan at all or read summaries from other people's excursions with it? It's not only surprising what has been (mis-)connected to the net but how little thought was given during the design phase to maintenance or security.

Now that is fascinating! I never heard of Shodan before. And I had no idea there were so many devices with the password "admin"! Actually, now that I come to think of it, my router had that password when I bought it.

Locks are for honest people.

An EX-car thief.

Some people like those gadgets, and the marketing folks know that extremely well. They target potential customers who like the "shiny cool stuff" (not too expensive of course...) and who don't give a damn about the more subtle implications. But such dismissed implications eventually might come back and bite them, and then one hears about those "class actions" in the news.

Despite early problems and obstacles it seems the push to make almost everything in our lives controllable from a distance is unstoppable. Until better solutions come along or unless the owners actually learn something about proper and appropriate security the first line of defense is login security. For most everyday users that boils down to username and password. People must fight the battle between convenience and quality of security and most choose convenience that is child's play to crack. We can get a lot of mileage out of smart passwords and encrypted software but that is by no means the end all in even current security.

Obviously usernames and passwords need to be unique and nothing demands that it must be text. Many here, or at least some, may have laptops with fingerprint recognition as the key and that is very difficult to spoof. Even better, though currently more expensive and used primarily in government and enterprise is iris recognition, which despite Hollywood portrayal, is extremely difficult to spoof or work around. I suspect those and similar unique and fortress-like methods will only grow, both in usage and application and reduced cost, as these difficulties increase demand and application. Just wait and see, someone is going to make a fortune off a keychain fob that stores all of your passwords and is air-gapped. Damn! I'd love to be 20 years younger or just in better health.

Hopefully people on LQN are among the first to improve their understanding of what constitutes a solid balance between convenience and security.

So according to Philip it's gadget envy (love of "shiny cool stuff") that drives this accelerating nightmare, not simply laziness or the desire to have things made easy. I hadn't considered this, probably because I am often lazy myself, but I've never suffered from gadget envy.

I'd say that is a false dichotomy. Take the example Hazel started with, that of the electronic car keys. The things would still work by a press of a button even if they were designed securely, but they weren't. There are many other such cases but in that case it appears that the key/lock manufacturer took some shortcuts and their customers, the car manufacturers, felt they could dodge the responsibility if not the risks. The end users of the car never enter into the equation unless they band together for some class action suits or are otherwise able to collectively affect the bottom line of the key/lock manufacturer's customers.

............. Or... if a company introduces a "better mousetrap" that fulfills an important need. That need will grow in direct proportion to the success of thieves and black hat hackers, so it is a self-compensating equation. All it requires is a tipping point and a little vision.... and startup capital. Then, when you file for a patent, you will learn just how secure the old ways actually were LOL.

How many blank CDs or better, cassette tapes have you bought lately? We won't even discuss buggy whips.

Hello Hazel. I'm probably biased by the fact that I don't consider the action of manually locking / unlocking a car with a key to be particularly difficult, or heavy, for the average person. I also doubt that most people, if they weren't actively offered such option when buying a new car, would even feel the need of it. Of course there will always be exceptions.

What I was saying is that, in my opinion, those gadgets are not being introduced because the average customer actually needs them, but in order to trick people into believeing that the new product is "better" than the old one. After all, if they weren't thought as mere (or little more than) marketing devices, manufacturers would at least care to design them properly (e.g. with actual security in mind) which doesn't seem to be the case.

Yep. Pulling the distributor on my hot rod 1967 Ford Pickup did not keep it from being stolen out of my driveway.
They just hooked it up to a tow truck while I was out riding motorcycle. Stripped the parts, Burned it up.

Cops were the ones who told me they saw it on the road being pulled by a tow truck.

Then there is the time my boys stole my 1968 chevy Nova during illegal house party at my flat and left the car in Mexico.

If someone wants your stuff. Forgetta about it. It's history.

So far. Nobody want's to steal this one yet. Or this one ,Yet.

Notice the lack of locks/doors.

Edit: PS. I guess these new cars door glass is bullet proof?

2nd edit: But I guess pushing a button and away you go is sooo much easier now.

While I find the lack of consideration for security in modern systems alarming I do have to mention, Hazel, that when we were kids cars could be stolen with a coat hanger and a bit of wire -- I was lucky enough to own an old Daimler and it had no real "modern" security at all.
Security is about not being low hanging fruit and having decent insurance to my mind.

One of the reasons I think this technology will evolve and grow (aside from basic laziness) is that everyone has had that nagging feeling" Damn! Did I remember to lock that up (turn off the AC, the lights, whatever)?" and the value of a networked system is that one can check it and even rectify a brain freeze from anywhere. While locks may be primarily for honest people (where I live I don't lock my car) they do discourage casual thievery and how far above that level depends on how good the locks are. There is, after all security that actually works that protects secrets and vast sums of money and once again despite Hollywood, you ain't gettin' in.