LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 10-14-2017, 09:49 AM   #1
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,321
Blog Entries: 15

Rep: Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110
Here's another high-tech nightmare: stealing cars without a key


You know how modern cars unlock their doors when you approach with the radio-transmitting key. Many high end cars use the same technology to start the engine. You don't need an ignition key any more; you just enter the car and the engine starts.

It turns out that this system is easy to hack. A device readily bought on the Internet amplifies the signals involved so that the car parked in your driveway and the key in your bedroom drawer can talk to each other as if they were in close proximity. The doors open, the engine starts, and away they go!

The amplifiers cost a lot if you buy them on the dark web but apparently they can be made quite cheaply if you know how.

It fits a pattern, doesn't it, one we're familiar with in computing. People want life to be made easier and easier for them, and all they are doing is making themselves more and more vulnerable.
 
Old 10-14-2017, 10:01 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
They are not all that complex to make if you have an interest in electronics and program a little. I think you have the latter and could pick up the former if interested.

However, I'd be more worried about the car's rolling network. It's designed with M$ levels of security such that you can control most aspects of operation, such as turning the brakes on or off, or revving the engine, remotely. Although that is not the intention. The limiting factor is identifying the car electronically if there is a wish to target a particular driver and their passengers.

Several universities have had researchers mapping out the problems. They kept quiet for a few years initially while collaborating with the car manufacturers but opened the discussion to the public a few years ago.
 
Old 10-14-2017, 10:19 AM   #3
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,321

Original Poster
Blog Entries: 15

Rep: Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110
Then there's home electronics: things like Nest. Why on earth would people want to make their heating systems hackable by every Tom, Dick or Harry just so they could switch on the central heating half an hour before they get home?

It's the same pattern again: huge security flaws introduced just for a little extra convenience.

Last edited by hazel; 10-14-2017 at 10:21 AM.
 
Old 10-14-2017, 10:27 AM   #4
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Yes, those and a lot of other appliances also get connected to the 'smart' meters. Those are more or less open to anyone that is with broadcasting range and serve as an easy stepping stone into a house's other devices.

But back Nest, have you poked around in the search engine Shodan at all or read summaries from other people's excursions with it? It's not only surprising what has been (mis-)connected to the net but how little thought was given during the design phase to maintenance or security.
 
Old 10-14-2017, 10:36 AM   #5
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,321

Original Poster
Blog Entries: 15

Rep: Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110
Now that is fascinating! I never heard of Shodan before. And I had no idea there were so many devices with the password "admin"! Actually, now that I come to think of it, my router had that password when I bought it.
 
Old 10-14-2017, 10:46 AM   #6
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Locks are for honest people.

An EX-car thief.
 
Old 10-14-2017, 10:46 AM   #7
Philip Lacroix
Member
 
Registered: Jun 2012
Posts: 426

Rep: Reputation: Disabled
Some people like those gadgets, and the marketing folks know that extremely well. They target potential customers who like the "shiny cool stuff" (not too expensive of course...) and who don't give a damn about the more subtle implications. But such dismissed implications eventually might come back and bite them, and then one hears about those "class actions" in the news.
 
Old 10-14-2017, 10:58 AM   #8
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,514

Rep: Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404
Despite early problems and obstacles it seems the push to make almost everything in our lives controllable from a distance is unstoppable. Until better solutions come along or unless the owners actually learn something about proper and appropriate security the first line of defense is login security. For most everyday users that boils down to username and password. People must fight the battle between convenience and quality of security and most choose convenience that is child's play to crack. We can get a lot of mileage out of smart passwords and encrypted software but that is by no means the end all in even current security.

Obviously usernames and passwords need to be unique and nothing demands that it must be text. Many here, or at least some, may have laptops with fingerprint recognition as the key and that is very difficult to spoof. Even better, though currently more expensive and used primarily in government and enterprise is iris recognition, which despite Hollywood portrayal, is extremely difficult to spoof or work around. I suspect those and similar unique and fortress-like methods will only grow, both in usage and application and reduced cost, as these difficulties increase demand and application. Just wait and see, someone is going to make a fortune off a keychain fob that stores all of your passwords and is air-gapped. Damn! I'd love to be 20 years younger or just in better health.

Hopefully people on LQN are among the first to improve their understanding of what constitutes a solid balance between convenience and security.
 
Old 10-14-2017, 11:00 AM   #9
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,321

Original Poster
Blog Entries: 15

Rep: Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110Reputation: 3110
So according to Philip it's gadget envy (love of "shiny cool stuff") that drives this accelerating nightmare, not simply laziness or the desire to have things made easy. I hadn't considered this, probably because I am often lazy myself, but I've never suffered from gadget envy.
 
Old 10-14-2017, 11:06 AM   #10
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Quote:
Originally Posted by enorbet View Post
... a solid balance between convenience and security.
I'd say that is a false dichotomy. Take the example Hazel started with, that of the electronic car keys. The things would still work by a press of a button even if they were designed securely, but they weren't. There are many other such cases but in that case it appears that the key/lock manufacturer took some shortcuts and their customers, the car manufacturers, felt they could dodge the responsibility if not the risks. The end users of the car never enter into the equation unless they band together for some class action suits or are otherwise able to collectively affect the bottom line of the key/lock manufacturer's customers.
 
Old 10-14-2017, 11:24 AM   #11
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,514

Rep: Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404
Quote:
Originally Posted by Turbocapitalist View Post
I'd say that is a false dichotomy. Take the example Hazel started with, that of the electronic car keys. The things would still work by a press of a button even if they were designed securely, but they weren't. There are many other such cases but in that case it appears that the key/lock manufacturer took some shortcuts and their customers, the car manufacturers, felt they could dodge the responsibility if not the risks. The end users of the car never enter into the equation unless they band together for some class action suits or are otherwise able to collectively affect the bottom line of the key/lock manufacturer's customers.
............. Or... if a company introduces a "better mousetrap" that fulfills an important need. That need will grow in direct proportion to the success of thieves and black hat hackers, so it is a self-compensating equation. All it requires is a tipping point and a little vision.... and startup capital. Then, when you file for a patent, you will learn just how secure the old ways actually were LOL.

How many blank CDs or better, cassette tapes have you bought lately? We won't even discuss buggy whips.

Last edited by enorbet; 10-14-2017 at 11:25 AM.
 
Old 10-14-2017, 11:33 AM   #12
Philip Lacroix
Member
 
Registered: Jun 2012
Posts: 426

Rep: Reputation: Disabled
Quote:
Originally Posted by hazel
So according to Philip it's gadget envy (love of "shiny cool stuff") that drives this accelerating nightmare, not simply laziness or the desire to have things made easy. I hadn't considered this, probably because I am often lazy myself, but I've never suffered from gadget envy.
Hello Hazel. I'm probably biased by the fact that I don't consider the action of manually locking / unlocking a car with a key to be particularly difficult, or heavy, for the average person. I also doubt that most people, if they weren't actively offered such option when buying a new car, would even feel the need of it. Of course there will always be exceptions.

What I was saying is that, in my opinion, those gadgets are not being introduced because the average customer actually needs them, but in order to trick people into believeing that the new product is "better" than the old one. After all, if they weren't thought as mere (or little more than) marketing devices, manufacturers would at least care to design them properly (e.g. with actual security in mind) which doesn't seem to be the case.

Last edited by Philip Lacroix; 10-14-2017 at 11:49 AM.
 
Old 10-14-2017, 11:43 AM   #13
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 19
Posts: 6,292
Blog Entries: 21

Rep: Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152Reputation: 3152
Quote:
People want life to be made easier and easier for them, and all they are doing is making themselves more and more vulnerable.
Quote:
Locks are for honest people.

An EX-car thief.
Yep. Pulling the distributor on my hot rod 1967 Ford Pickup did not keep it from being stolen out of my driveway.
They just hooked it up to a tow truck while I was out riding motorcycle. Stripped the parts, Burned it up.

Cops were the ones who told me they saw it on the road being pulled by a tow truck.

Then there is the time my boys stole my 1968 chevy Nova during illegal house party at my flat and left the car in Mexico.

If someone wants your stuff. Forgetta about it. It's history.

So far. Nobody want's to steal this one yet. Or this one ,Yet.

Notice the lack of locks/doors.

Edit: PS. I guess these new cars door glass is bullet proof?

2nd edit: But I guess pushing a button and away you go is sooo much easier now.

Last edited by rokytnji; 10-14-2017 at 11:50 AM.
 
Old 10-14-2017, 01:02 PM   #14
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,585

Rep: Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351
While I find the lack of consideration for security in modern systems alarming I do have to mention, Hazel, that when we were kids cars could be stolen with a coat hanger and a bit of wire -- I was lucky enough to own an old Daimler and it had no real "modern" security at all.
Security is about not being low hanging fruit and having decent insurance to my mind.

Last edited by 273; 10-14-2017 at 01:06 PM.
 
Old 10-14-2017, 04:24 PM   #15
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,514

Rep: Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404Reputation: 3404
One of the reasons I think this technology will evolve and grow (aside from basic laziness) is that everyone has had that nagging feeling" Damn! Did I remember to lock that up (turn off the AC, the lights, whatever)?" and the value of a networked system is that one can check it and even rectify a brain freeze from anywhere. While locks may be primarily for honest people (where I live I don't lock my car) they do discourage casual thievery and how far above that level depends on how good the locks are. There is, after all security that actually works that protects secrets and vast sums of money and once again despite Hollywood, you ain't gettin' in.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Low Tech High Tech LXer Syndicated Linux News 0 06-15-2017 03:54 PM
LXer: Forget Google's robot cars, now it's on to ANDROID cars LXer Syndicated Linux News 0 12-21-2014 08:31 PM
High Tech Hippies masonm General 16 02-23-2007 07:20 AM
Hey! The High-Tech Emperor Has No Clothes Ephracis Linux - News 1 05-08-2005 09:29 PM
Mandrake Tech Support Nightmare Omnigeek Linux - Distributions 6 01-21-2002 10:35 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 11:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration