Karsten Nohl of Security Research Labs, a white-hat hacker, believes that a recent spike in car theft is due to a break in the car immobilizer security systems; thieves are able to re-mobilize the immobilized vehicles. My question is: how long until someone builds a TV-B-Gone for car engines that lets you stop cars with the click of a button?
Juels says that these cracks were possible because the proprietary algorithms that the firms use to encode the cryptographic keys shared between the immobiliser and receiver, and receiver and engine do not match the security offered by openly published versions such as the Advanced Encryption Standard (AES) adopted by the US government to encrypt classified information. Furthermore, in both cases the encryption key was way too short, says Nohl. Most cars still use either a 40 or 48-bit key, but the 128-bit AES - which would take too long to crack for car thieves to bother trying - is now considered by security professionals to be a minimum standard. It is used by only a handful of car-makers...
Criminals find the key to car immobilisers
What's more, one manufacturer was even found to use the vehicle ID number as the supposedly secret key for this internal network. The VIN, a unique serial number used to identify individual vehicles, is usually printed on the car. "It doesn't get any weaker than that," Nohl says.
(Image: Invalidka - Soviet car for disabled people, a Creative Commons Attribution (2.0) image from dittaeva's photostream)
Uganda is so poor that few can afford medical care, giving it one of the lowest life-expectancies on the planet — this toxic combination made the country ripe for infiltration by Tiens, a Chinese Multi-Level-Marketing “nutritional supplements” cult whose members set up fake medical clinics that diagnose fake ailments and proscribe fake medicines, then rope […]
Yahoo’s sale to Verizon means that Yahoo’s sub-companies — Flickr, Tumblr and a host of others — are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public […]
What was last week posed as an indefinite leave of absence is now for good: Travis Kalanick, CEO of scandal-wracked rideshare company Uber, announced that he is leaving the company. “I love Uber more than anything in the world and at this difficult moment in my personal life I have accepted the investors request to […]
Although flagship smartphones are unlikely to adopt heavy-duty outer casing anytime soon, you can always prepare your device for the outdoors with a beefy case and and an external battery like this Nomad Tile Trackable PowerPack, available in the Boing Boing Store for $119.95.The Nomad Tile can fully recharge an iPhone 7 over three times […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]