Rjevski 7 days ago [-]
I used to fix cars for a living. Sometimes it involved “cracking” alarm & immobiliser systems.

My clients all claimed they broke/lost their keys to their car - most of the time they were believable (car stuck in front of their driveway, etc). Sometimes less so, but I’d do it anyway because I needed the money and I had no proof of the contrary (innocent until proven guilty right?), although given the sad conditions of the cars I really doubt anyone would bother stealing them.

Car security is based on obscurity. There is very little cryptography involved (if any), and where there is, the car’s “computers” would happily install new, untrusted firmware through the diagnostics (OBD) port, which means you can do pretty much anything - program new keys, disable the immobiliser or alarm completely (by installing patched firmware) or even rewind the odometer.

I’m frankly surprised it took this long for “high tech” car theft to appear, unless it’s been going on for a while but executed perfectly so nobody would find a trace.

Happy to answer any questions if anyone’s curious.

vbezhenar 7 days ago [-]
In Russia and, I guess, similar countries, it's quite rare to encounter a car which isn't protected by an external protection system (not sure how it's called in English, in Russian it's usually called "Сигнализация") which includes shock sensors, alarm system, remote control and car block which protects some vital engine circuits. There are systems with dialog protocol between remote control and car with actual encryption inside, so it might be not so trivial to break it. In practice such cars are either stolen inside trucks or an entire system is by-passed by a separate automobile computer connected directly to necessary engine sensors, ignition coils, etc. Quite clever technique, you don't need to bypass protected electronics if you can bring and connect your own electronics.
Yizahi 7 days ago [-]
In Russia and ex-USSR in general cars are very often stolen disregarding any car alarm installed and whatever GPS trackers are inside, even rental cars with multiple trackers and a live feed to someone monitoring them. The reason - they only need a few hours to get to their base of operations where car is dismantled in to parts and then sold separately, often under protection by local law enforcement. And people can't do much - yes, you can see sudden appearance of your car parts on the used parts market, same color, same tuning etc. but you can't prove anything, and all part numbers would be destroyed during dismantle.
GFischer 6 days ago [-]
I used to work for an insurance company and I got an entertaining presentation from a 3rd party that showed how ingenious thieves went around car block, special keys, etc, by bringing in the entire front panel of the car (thieves had one for each common model they wanted to steal).

"Casual" thieves are finding it harder though, it's more organized mafia in concert with dismantlers (as mentioned on a sibling comment).

taneq 7 days ago [-]
> not sure how it's called in English

"Immobiliser", usually. :)

Rjevski 7 days ago [-]
"Сигнализация" would be more akin to alarm.
bri3d 7 days ago [-]
Even more modern cars with "protection" (usually against tuning, not theft) use obvious, simple-to-reverse algorithms. For example, the Simos18 ECUs used in modern VWs use flash files encrypted with AES128. Except, they share the same key and IV across all ECUs on the platform, and the key and IV are stored in plaintext in the "upgrade" routines in the flash ROM. So once you've dumped one ECU's flash memory, you own them all.

This wouldn't be that hard for car manufacturers to defeat if they really cared. It's the exact same trusted-boot problem as any mobile phone faces, except (so far) with much more limited attack resources. It's devilishly hard to get perfect (as every iPhone jailbreak proves) but it's easy to get started.

zormino 7 days ago [-]
There is actually a big security push in automotive that's sort of been slowly coming to the fore over the last few years. It's not the OEMs that are driving it really either, they are to some degree, but it's the suppliers starting to make security hardware and system protection available, as it really hasn't been for very long. It's still not really entirely there. Basic things like the microcontrollers and CAN hardware / protocol never had security designed in. No one was willing to invest significant engineering time or do expensive security in software when hardware cost is king, or even invest in the engineering cost of bringing in security from suppliers (seriously, there's like 20+ independent computers in your car and it's going to be 50+ on average soon if it isn't already and out of those you'd probably have to harden 10 or so, or introduce entire new ECUs) There's a number of solutions but none of them are cheap. As hardware support becomes widely available, development time for higher tier suppliers drops and they can economically offer secure solutions, and with scares like the Jeep remote control hack in 2015 and with cars getting more connected, OEMs are starting to see the business case for security.
Rjevski 7 days ago [-]
Seems like an easy problem to solve - every ECU generates its own encryption/signing key at first boot and dumps it over the serial port, which then gets recorded somewhere. This is eventually passed down to the car’s owner in the documentation, and the key needs to be presented before any firmware upgrade or configuration change.

This isn’t bulletproof either, but surely more than “hey I’m legit, here’s your new firmware, could you install and run it please?”.

Also I’m surprised they’d go after tuners, considering those are usually the most loyal customers you could dream of.

bri3d 7 days ago [-]
Yes, like I alluded to it's trivial drawing from any other trusted boot chain implementation.

The even better and less user-intensive way to do it would be with asymmetric encryption - the ECU only trusts flashes signed with the vendor public key and to make things even more secure, you could encrypt each flash file server side with a keypair derived each boot on the ECU and sent over the Internet (many manufacturers require online flashing anyway).

Manufacturers dislike tuners because they make warranty claims for tune damaged parts like blown turbos. VW especially are very, very aggressive about detection and enforcement around this. Long term I think giving a few dishonest tuned customers free turbos is probably fine but they seem to disagree and I assume they have access to the metrics driving this decision (which I don't).

disiplus 7 days ago [-]
they also dont like tuners because cars engines are often made the same for multiple "trims" so the car with 110 and 160 hp have the same engine but different "map" in the ecu. and only with ecu reflash you can get more power that would cost you x amount of money.

imagine a CPU where 6 and 8 core variants are the same but the 6 core is locked in bios and you can unlock it with some tuning software, its like that.

and manufacturers dont like that

Cthulhu_ 7 days ago [-]
Except that CPU manufacturers DO like that, and will give out special unlocked versions of their CPUs and even sponsor overclockers, to see what people can do with their hardware.

This also happens with car manufacturers, in racing and such. Tuners are more under the radar so they don't like that, as well as the warranty claims that were mentioned.

disiplus 7 days ago [-]
no, there is no software that i know of where you can as a consumer make your i3 an i5 with just a software unlock, that you can get for like 10 eur.

the difference on the base model mercedes c class between getting a less powerful engine and the one that is one level up is like 3.5-4k eur.

that is a lot of money. if i could unlock the bigger engine with just 400 eur i would buy the base model.

manufacturers don't want that, and is one part of blocking the touching of the ecu. the other is also that the navigation and a lot of other things is just disabled in ecu, and could be easily unlocked with software.

thedrbrian 7 days ago [-]
It’s not just more power though. My car has two version 130hp and 155. For the 2 grand I got 25 more horsepower and bigger brakes ,bigger clutch , bigger wheels with wider tyres and an LSD. The only time I can recall where the engine has been exactly the same inside was the mini one and Mini Cooper where the ecu only allowed for 86% throttle on the lower powered version. Every other engine has had a mechanical difference internally to support more power.
koffiezet 7 days ago [-]
I'm looking into buying an Alfa Romeo Giulia, and engine-wise the difference between the 200bhp and 280bhp version is 100% software.

There are some other differences, the 280bhp is AWS vs RWD for the 200bhp version, and you can get the 200 with smaller wheels. However when going for larger wheels on the 200bhp, you also get the exact same larger brakes...

It's a cool €6000 difference, for a similarly equipped car. I actually don't want AWD and the chassis can clearly handle this much power on the rear-wheels alone, the top-of-the-line 510bhp version is also RWD - so going for the 200bhp version and giving a reputable tuner €700 is a tempting proposition...

rciorba 7 days ago [-]
Mazda's 2.0 Gasoline Skyactiv is sold as both 120 and 165 HP. Same engine, same brakes, same clutch, different ecu mapping. The only mechanical difference is the gear box's final drive ratio (the 120's has longer gears for better fuel economy). Why would they do this? I assume economy of scale makes it cheaper.
disiplus 7 days ago [-]
f30 bmw 316d and 318d are exactly the same, 2011 325d and 330d also, 2013 114i and 118i of what i can rembember right now, i dont keep the exact list.

and if i would guess you are talking about mx-5 nd, those are natural aspired engines, where something like this is not really viable.

TeMPOraL 7 days ago [-]
> imagine a CPU where 6 and 8 core variants are the same but the 6 core is locked in bios and you can unlock it with some tuning software, its like that.

But isn't this already the case (except locking might be in CPU firmware)? AFAIR this is the case with GPUs.

jdietrich 7 days ago [-]
TeMPOraL 7 days ago [-]
The line between product binning and market segmentation is sometimes blurry.
tikkabhuna 7 days ago [-]
Can't think of an example with CPUs, but you could unlock an AMD 6950 to a 6970[1]. Some brands would actually add features to help do this.

[1] https://www.techpowerup.com/articles/overclocking/vidcard/15...

jinzo 7 days ago [-]
Actually, from my personal experience in the field - they only care for X. years under warranty. Then they don't care. I actually don't think they have much legal ground on their own around modifications in EU. At the end of the day you do own the car.
dmichulke 7 days ago [-]
> signed with the vendor public key

That part doesn't sound very secure to me :-)

bawana 7 days ago [-]
Why go after tuners? Well, if you are a giant automobile firm that has been lying about their mileage and emissions and covering it up with software that detunes the car just to pass testing- well, then you don't want people figuring out your algos for covering up lying.
neuralRiot 7 days ago [-]
So down the line after few years and changing owners you're unable to install any firmware or to install used ECUs, most of the manufacturers are now online-only for diagnostic and flashing of course charging some premium, that destroys independend shops as you need to pay a subscription for every manufacturer, and cars and its parts still get stolen, "high tech thieves" belong to the movies, real ones load your car on a tow and it goes straight to another country.
shawn 7 days ago [-]
I'm not so sure. The key has to be stored somewhere on the car. Why not desolder that and examine it?

(If we're going with "Theoretically possible," that is.)

bri3d 7 days ago [-]
The solution here is a combination of tamper-proof secure enclave and ephemeral keys, just like it is for trusted boot chains. Obviously it's not 100% secure and just like mobile phones (which, again, are the exact same problem space) it's eventually defeated, but the magnitude of difficulty can be multiplied without much effort.
Rjevski 7 days ago [-]
My solution wasn't to protect against that - if you're up for desoldering stuff you may as well just replace the ECU with your own one which is happy to start the car.

This was just an idea to thwart installation of compromised firmware by thieves via the diagnostics port. It's just a little layer of security, not designed to be bulletproof, merely to slow down thieves by forcing them to actually swap the hardware.

shawn 7 days ago [-]
if you're up for desoldering stuff you may as well just replace the ECU with your own one which is happy to start the car.

I demand a source that teaches me how to do this. :)

Orrr if you're in Chicago let's go figure it out ourselves!

GFischer 6 days ago [-]
CESVI in Argentina. Not very close to Chicago though :P , but I'm sure there's an US equivalent.


I remember reading about the people that dismantled cars to find where manufacturers source the parts:


Those guys can probably switch you the ECU :)

shawn 6 days ago [-]
This is awesome. Thank you!
tomaskafka 2 days ago [-]
In Europe: https://ecu.de/
barrkel 7 days ago [-]
Witness Intel's unlocked CPUs: people who want access to the low-level stuff get charged a premium.
outworlder 7 days ago [-]
> program new keys

Yeah. We bought an old Elantra which only came with a single key and no FOB. I bought a cheap gizmo on Amazon that you plug to the OBD port and allows you to program other FOBs.

Modern-ish cars are computers. Once you have physical access, all bets are off.

jinzo 7 days ago [-]
On the other side, MY2015 Audi A3 8V needs online access for remote re-sync (sometimes the RF part of the key looses sync with the car). So yes, generally older cars are easy to modify, newer not (at least yet). Also the cheap gismo was cheap because it was a clone, original tools are not that cheap.
tpxl 7 days ago [-]
You need to connect your car to the internet?
ollie87 7 days ago [-]
It's likely the car has it's own always-on cellular connection.
tpxl 7 days ago [-]
Yeah, this is what I meant, but that sounds insane to me.
Rjevski 7 days ago [-]
It is probably retrieving the "SKC" code which is necessary to program keys.

However, this is by no means secure where the car's ECU will happily dump its entire storage (including the SKC code) over the diagnostics port if you ask nicely.

jinzo 5 days ago [-]
No, not programming keys per se. But re-sync RF part of the already coded key, so you can unlock it with a push of a button.

Also, I have quite a problem with dumping entire storage (EEPROM parts for example, that contain SKC/PIN). Also, my experiance is that getting that info from modern ECUs is not that straightforward/there aren't many (in some cases any) tools to get it.

Rjevski 5 days ago [-]
Look up “VAG Tacho”: http://maltchev.com/kiti/

This tool successfully recovers SKC codes from pretty much any VAG Group’s (Volkswagen, Audi, Seat, Skoda) cars. It can also do other things like edit the odometer and probably more. It’s simply using “undocumented” (although is anything there documented?) commands of the diagnostics protocol to get raw access to the persistent storage.

jplayer01 6 days ago [-]
All bets are off because that's how they were designed. Just look at a modern iPhone, which is designed with security in mind. It's far harder to get the same kind of access.
donkeyd 7 days ago [-]
> unless it’s been going on for a while but executed perfectly so nobody would find a trace

My boss's car was stolen in broad daylight in front of a client's warehouse. This isn't a busy area, but it isn't extremely quiet either. The car had GPS tracking, but it disappeared without a trace.

The police guessed that it was driven into the back of a closed truck and straight away transported to Eastern Europe.

tomaskafka 2 days ago [-]
Heard a similar story except the owner chased the truck while calling police. When they stopped the truck after two hours (not so easy getting police to actually stop a truck on a highway), they found only car parts inside, with destroyed part numbers.
gitgud 7 days ago [-]
Incredible, was there ctv footage?

Reading things like this makes me realise how easy it is to steal things still. Much like the old days when people could exchange fake cheques at banks for cash... Most of the world is still built on trust.

donkeyd 7 days ago [-]
I asked about it at a later time, but after a certain time, the car ownership officially gets transferred to the insurance company, so any updates from the police would go to them unfortunately. From what I heard, however, police wasn't planning on spending too much time on this, because these types of cases never really result in much. Unless this becomes part of a major investigation into similar cases, it'll be dead in the water.

> makes me realise how easy it is to steal things still

So yeah, you're right about this. Statistics actually seem to show that low impact, organized crime pays in the Netherlands [1], since police is too busy with high impact cases. High impact often being being defined as burglaries, robberies, rape, etc. that have long-term impact on the victims well-being.

[1](Dutch) https://www.bndestem.nl/overig/cbs-misdaad-loont-in-nederlan...

donkeyd 6 days ago [-]
> makes me realise how easy it is to steal things still

I just found this through Reddit and had to think of your comment:


smsm42 6 days ago [-]
Years ago, I had a car with a sophisticated ignition lock system (not my choice, but not relevant to the story). It was somewhat finicky, and creating a new key was not easy. And of course no chance of starting it without proper key!

That car ended up stolen right from under my nose (I was within 100 feet of it, indoors but would hear if the alarm turned on) and the only thing I found in there when I came back for it was the sophisticated security system. The thieves just ripped it out in no time and with no sound, and drove away.

Since then I'm somewhat skeptical about how much protection such systems really provide.

kccqzy 7 days ago [-]
Have you taken a look at a Tesla car yet? From PR materials I'm led to believe that they treat their car software seriously. I doubt one can install untrusted firmware on a Tesla car; is that so?
Rjevski 7 days ago [-]
I’ve never worked on a Tesla. I’ve left the trade long ago finding my way in software engineering instead.

Tesla is probably the only one I’d trust though. While I don’t expect them to be bulletproof either (at least not at first), I expect them to quickly catch on should this kind of theft appear, and make the necessary fixes. In any case I doubt they’d be stupid enough to accept arbitrary code over a diagnostics port (if they have one even). I mean, even if we forget security, why would they? Teslas update remotely via the Internet.

StudentStuff 7 days ago [-]
Teslas have been stolen in Europe, their high value for parts makes them well worth stealing. This is primarily Tesla's fault, as they refuse to sell parts to cars that have been in accidents.

Your Tesla is essentially scrap after a non-minor accident, which is why most US insurers refuse to cover vehicles made by Tesla. Its as bad as rolling coal IMO, Tesla has created a massive eWaste problem. Meanwhile, rebuilding any other manufacturers car is doable, even other EVs.

Source: https://electrek.co/2018/07/31/tesla-theft-tips-help-prevent...

todd8 7 days ago [-]
Relay attacks like those mentioned that Teslas are vulnerable to can also affect most other keyless entry cars. On new Mercedes one can turn off the keyless entry system by double klicking the lock button on the key when locking the car. The car key then will have to have its unlock button physically pushed to unlock the car, and in that state relay attacks won’t work.
bjelkeman-again 7 days ago [-]
One can turn it off on a Tesla Model S/X the same way. On the Model 3 it is a different system so not sure how that works.
FredFS456 7 days ago [-]
I believe Telsas have a minimal OBD-II port (where mandated by law) but mostly use an Ethernet port for debugging/service.
acct1771 7 days ago [-]
Stripping or modding a Tesla would be the only way I'd get one...and I'd really like to. Very interested in what happens in this thread.
voidmain0001 7 days ago [-]
A Motherboard article appeared on HN about a rogue Tesla mechanic. Here is his channel to help you get started: https://m.youtube.com/channel/UCfV0_wbjG8KJADuZT2ct4SA#
DenTheRed 7 days ago [-]
That Tesla powered Audi RS5 is an amazing hack! https://www.youtube.com/watch?v=IOYY_AlRWQA
acct1771 6 days ago [-]
Thanks very much!
chriscappuccio 5 days ago [-]
Search IAAI and Copart auctions
King-Aaron 7 days ago [-]
I just unclip my steering wheel, and pull out my main relay (dash mounted, race car spec). I don't think the car is going very far without those.
Zhenya 7 days ago [-]
It'll go damn far - on a flatbed.
aetherspawn 7 days ago [-]
How do they move it onto the flatbed if the hand brake is on?
Scoundreller 7 days ago [-]
Who needs a flat bed? Every tow truck has dollies that they can put braked/geared wheels on.

How else would a tow truck tow away a vehicle in gear or with the parking brake on?

Through there are stories of tow trucks towing away vehicles in 1st gear, things seem fine, and then the transmission causes a fire from overheating...

dsfyu404ed 7 days ago [-]
How do they load wrecked cars, small shipping containers, machinery on skids, etc?

The 8-18k winch on a rollback will have no problem dragging your car.

King-Aaron 7 days ago [-]
It can be done, you just skull-drag it onto the back of the truck. Not great for the car, of course.
acct1771 6 days ago [-]
Plastic skates. 14 seconds added to the job.
King-Aaron 7 days ago [-]
haha! Yeah, but by the time you're involving a flatbed in your thieving, I don't know if any car security is going to be much good :P
Cthulhu_ 7 days ago [-]
I like to think high tech cars can detect when they're being towed and will activate their tracking system and ping the emergency call center.

Of course, all bets are off when it's loaded into an RF shielded truck. It could have an onboard camera to record the number plate of the truck, but that could be shielded.

Long story short, you're probably better off parking it in a firmly locked / secured garage, and have a wheel clamp or chain attached to something solid.

King-Aaron 7 days ago [-]
> I like to think high tech cars can detect when they're being towed and will activate their tracking system and ping the emergency call center.

My GPS tracker does do this in my daily car, but it only sets it off if the rest of the alarm is triggered (i.e. if the door sensor registers it opening while the alarm is set).

With the race car, it generally gets locked up. Although if I'm out in the town or something with it someone could possibly take off with it if they short-circuit the relay, and use something to clamp on the steering column (when the wheel is detached). But honestly, if someone stole the car like that they'd probably be found a few hundred yards up the road wrapped around a tree and on fire, after hitting boost with no steering wheel.

inferiorhuman 7 days ago [-]
> There is very little cryptography involved

Wha? That may have been true about twenty years ago, but not now. BMW was using 256-bit RSA keys to validate ECU firmware and authenticate privileged access in the early 2000s (they're up to 1024-bit keys now) and write-once memory in their instrument clusters for about as long. Other (Euro) car makers using the same vendors offer similar features.

Once you have physical access all bets are off though. That's why the thieves cut the alarm sensors.

Tobba_ 7 days ago [-]
Why the hell does RSA ever get used anymore, esp. in smartcards etc? It's been obsolete for like 10 years thanks to ECC, and ECC is way easier to implement (esp. 127-bit and 521-bit).
rocqua 7 days ago [-]
RSA has value in encryption which ECC can't do.

Beyond that, RSA is so much easier to understand and implement. Because computing powers of numbers is easier than computing multiples of points on a curve.

j88439h84 7 days ago [-]
Seems like that's all you can ask for if the attacker has physical access to the machine. Would be happy to be corrected though.
Rjevski 7 days ago [-]
Not sure I agree.

It’s one thing if you get physical access, replace the engine control module by a crooked one that will send the proper signals to the ignition and all the other actuators and start the car.

It’s another thing if you talk to the real engine control module (which should already be on alert because the car was broken into) and tell it “trust me, I’m legit, here’s your new firmware” and the computer just runs your code no questions asked.

jinzo 7 days ago [-]
But on the other hand, on modern cars that is not nearly enough to get the car started. As OP pointed out, Simos18 was quite conveniently hacked, but that's far from the only ecu family. And usually they aren't hacked as easly/quickly. For example, all that Simos18 "easy" hacking can be done once you have IGN ON, if you have IGN ON it's probably easier to just code a new set of keys, than it is to flash new FW on all related and needed computers.
blattimwind 7 days ago [-]
> I’m frankly surprised it took this long for “high tech” car theft to appear, unless it’s been going on for a while

New, expensive cars are stolen or broken into quite often. When broken into, they'll often rip out the infotainment, with high end cars this can be a five-figure repair.

tlrobinson 7 days ago [-]
"Sometimes less so, but I’d do it anyway because I needed the money and I had no proof of the contrary (innocent until proven guilty right?)."

Huh, is it legal to "crack" alarms/immobilizers without proof of ownership, especially if you suspect it might be stolen?

mygo 7 days ago [-]
anyone can call a mobile locksmith and ask them to help them get into their locked car stuck in the KFC parking lot with their keys inside. It’s usually up to the locksmith to obtain proof of ownership. otherwise they’re running the risk of committing a break-in. they usually have you sign something beforehand that tries to mitigate their liability. however I’ve used some shady locksmiths who just pulled up in the passenger seat of their friend’s ride and did it without a contract and took cash. at least they didn’t scratch my car.
Rjevski 7 days ago [-]
In my case they always had the keys, it was purely the electronics side that was failing. In fact I explicitly remember one idiot who manually broke the transponder chip inside the key in half (no idea what they were attempting to do - replace the battery?). I can’t tell for sure that all the clients were legit, but those ones were so stupid they had to be legit!

I took cash as well, because I was under 18 and couldn’t legally run a business at that time (but still needed to eat and buy drinks every weekend, and family couldn’t afford it).

Rjevski 7 days ago [-]
Not sure, but given the shitty cars I’ve worked on, I wouldn’t care even if they were stolen - nobody would call the police for such things - if anything they’d be glad someone took them away for free!

I would probably feel differently if I got called to work on a supercar but that didn’t happen.

avar 7 days ago [-]
Reading this article is honestly a bit of a domestic culture shock for me, where does this guy live in The Netherlands?

Here in downtown Amsterdam we called the police because the rear window of someone's car had just been smashed outside our office, and the police's response was "Has anyone been hurt? Nope? Then we're not coming".

Meanwhile, wherever this guy lives they're sending officers because some BMW call center calls the police in the middle of the night telling them that some car reported unspecified distress within some radius, and they sent officers to search the whole neighborhood for the car and locate the owner.

I guess the next time I need police help I'll use a burner phone and tell them a BMW is in distress.

hellofunk 7 days ago [-]
> Here in downtown Amsterdam we called the police because the rear window of someone's car had just been smashed outside our office, and the police's response was "Has anyone been hurt? Nope? Then we're not coming".

Amsterdam currently has a big police shortage, that's why. It's not normal, it's just a problem in Amsterdam.


eecc 7 days ago [-]
What? I though they were bored stiff. Every time anything happens - even the most insignificant accident - you’ll see a flock of police offices taping out the scene, parading numerous vehicles and generally making much ado about nothing :)
gerardnll 7 days ago [-]
Well, if you're bored, one of the ways to have fun is to gather up with some friends (other officers) or staying home because you're lazy :P
lucb1e 7 days ago [-]
> It's not normal, it's just a problem in Amsterdam.

Right, the two times we needed police in Limburg (Echt and Maastricht, few years apart) it didn't happen either. It had to be life-threatening and the people didn't literally shout "we'll kill you" so the police wasn't gonna bother.

Meanwhile on TV they're cycling through parks to fine people some 99 euros for not having a well-behaved dog on a leash (could have used discretion there), or fining some poor dude 370 euros for standing literally 2 minutes on a disabled spot to pick someone up.

Freak_NL 7 days ago [-]
Poor dude? You don't park in a disabled spot unless you have a right to be there. That should be common sense.
lucb1e 6 days ago [-]
It was wrong and s/he was caught, but that fine is just ridiculous. Sure, someone who stood there for 2 hours in a busy spot where disabled people were indeed turned away, then they definitely chose to risk that fine. But when someone was standing with the car (not even parked) for 2 minutes, I might (as police(wo)man) decide to give a warning instead. That fine is disproportionate. Most people on HN probably earn enough to sustain it easily, but for many people, that's an entire month's worth of food that just went down the drain. Sure, it's a good deterrent, but is it fair and just? Should we just give exorbitant fines on every petty crime just as a deterrent? That's not the kind of country I want to live in.
seriousaccount1 6 days ago [-]
The police do not make up the height of the fines. It’s a common annoyance that assholes park in places they shouldn’t. This is a way they won’t do it again.
jaclaz 7 days ago [-]
Standing is not partking.
mrep 7 days ago [-]
I think his point is that there are much bigger problems that they should be tackling especially since a disabled person can easily give a good old honk to tell the person to move if they came around and actually needed the spot.
seriousaccount1 6 days ago [-]
The problem with discretion is how do you recognize or punish repeat offenders? How do you know the dog is well behaved? How should they know?

And standing still for two minutes is parking. And someone who is actually disabled cannot park there, and cannot see (and request) for the person to leave.

bawana 7 days ago [-]
not just Amsterdam. I had a car accident on Route 128 in Massachusetts during rush hour. I called the state police - they asked if anyone was hurt and when I told them no they said 'just exchange information with the other driver'. The opportunity here is for fraud prevention. Maybe that's what will eventually drive our desire for ubiquitous surveillance.
fjsolwmv 7 days ago [-]
Why would you need police for an accident? Your insurance companies negotiate liability based on your statements. It's a civil matter, unless want to request criminal charges for reckless driving?
jplayer01 6 days ago [-]
In Germany, a police report is generally recommended in case somebody decides to change their statement. I don't know why you wouldn't call the police. They're also there to settle disputes, or at least establish a protocol for a potential court process.

And if you drive for a company, protocol dictates that you call the police even in the most minor accidents for insurance reasons.

6 days ago [-]
6 days ago [-]
dx034 6 days ago [-]
Most rental companies in Europe require a police report for any kind of accident, their insurance won't pay without one.
unaaaa 6 days ago [-]
Depends if there's damage to the road and/or disruption of traffic I would imagine.
jackson1way 7 days ago [-]
> Amsterdam currently has a big police shortage, that's why. It's not normal, it's just a problem in Amsterdam.

Or maybe Amsterdam has an excess of crime.

woodman 7 days ago [-]
You would be surprised how much effort businesses put into building a relationship with local police, that is a big part of a security director's job. The more people they have on site, or the higher their inventory value, the more they are willing to spend on the local PD. I've seen areas built on company property that are effectively police sub-stations, giving cops a place to do paperwork and take a break, in order to cheaply keep them nearby. I've seen off duty cops hired for show up jobs, just to guarantee timely incident response. I've seen local PDs negotiate a fee schedule... it ain't a bribe if there is a "fee schedule". No, companies aren't doing this in order to break strikes or otherwise oppress employees - there is just a ton of risk when you concentrate hundreds of people in a small place that you're legally responsible for. I have seen some interesting results come out of it though: one holiday night a copper thief got onto the facility roof to plunder the AC units, one call from the off duty officer resulted in the immediate dispatch of a police helicopter and nearly a dozen cruisers. This is from an American perspective, but I'd be surprised if it was different anywhere else in the world.
jacobush 7 days ago [-]
It is different.
woodman 7 days ago [-]
Where, in the Netherlands? I can't think of a way to say this that doesn't sound rude, so I'll just say it: how informed is your opinion? Roughly how big a company are we talking? Have you managed security, or managed security managers?

I ask because a long time ago I worked at a multinational that had facilities all over Europe. I'd have remembered if we got pushback from local management on this matter, but then I suppose they always could have been lying about their security programs... there isn't really a good way to audit law enforcement outreach - until something goes wrong.

jacobush 7 days ago [-]
In Sweden. I have worked at two of the largest companies, never seen anything like that.
Johnny555 7 days ago [-]
The message received from the police was:

The message they passed on was that there was either a burglary attempt or that my car was involved in an accident. They gave the police the exact coordinates of my car...

So I would hope that when presented with an automated report that the car was involved in an accident along with the exact coordinates, that they would come investigate to see if the driver was injured in the accident and unable to call for help.

I can believe that if someone witnessed a car break-in, that they'd give that a lower priority and if the thief is no longer there, that they wouldn't come out at all since there's not much they can do about it other than agree "Yup, someone smashed your window, now go clean your glass off the sidewalk".

donkeyd 7 days ago [-]
> So I would hope that when presented with an automated report that the car was involved in an accident along with the exact coordinates, that they would come investigate to see if the driver was injured in the accident and unable to call for help.

Exactly this. Also, I have some family members working for the police in Dutch rural areas, at 3 am they'd happy to head out, because they're usually just waiting for something to happen.

gst 7 days ago [-]
Several years ago someone tried to climb into our apartment window in Amsterdam (with another guy waiting with a motorbike as getaway vehicle on the street). He was standing on the windowsill and tried to break open the window (it was open but we had one of those locks that limits how far the window opens, so he didn't fit through the gap). They fled once we noticed them.

When we tried to report that incident to the police their first question was: Did they manage to get into the apartment? When we said no they told us there's nothing that they can do as the people who tried to break into our apartment weren't doing anything illegal.

Chris2048 7 days ago [-]
Standing on someones windowsill isn't illegal?
dx034 6 days ago [-]
Probably trespassing but that's no reason to send officers after the event has occurred.
blattimwind 7 days ago [-]
He was just doing isometric exercise. Nothing illegal about exercise.
stingraycharles 7 days ago [-]
You sound frustrated, like you think it’s a bad thing that the police has time to respond to these types of incidents. When you’re not in one of the big cities, it is in fact common that police has time for this type of stuff (I live in Zeist myself and could see this type of thing happening here).

I think this is rather a signal that the police in Amsterdam is underfunded, and/or the types of crimes they deal with are much more severe.

Also keep in mind that it’s not a “search a whole neighborhood” situation, they got the exact GPS coordinates.

avar 7 days ago [-]
I think it's great that they have time to do that. I'm happy that somebody in this country has working public services.

I'm just honestly surprised. I've only lived in Amsterdam inside The Netherlands and wouldn't expect the police to respond to something like that.

    > it’s not a “search a whole neighborhood” situation
In retrospect I may have misread this:

    > They gave the police the exact
    > coordinates of my car and it only
    > took the surveilling car 5 minutes
    > to get to the car
I thought they had somewhat correct coordinates, but took 5 minutes to drive around the area to locate the car, as opposed to 5 minutes from wherever they were located before.

In any case, it doesn't make much difference. I think if someone called the police here in Amsterdam with the exact location of a broken-in car they'd say tough titty and have the owner show up at the closest station and file a police report.

ARCarr 7 days ago [-]
Well the call center said it was a break-in or an accident. I'm sure the Amsterdam police would come if it was an accident and someone could have been injured.
avar 7 days ago [-]
So all I need to do to get Amsterdam police to care about bicycle theft is to install some sort of ribbon that'll get torn off if the lock gets broken, which'll be indistinguishable from the frame getting broken in half ("an accident"). Hook that all up to a GSM modem and a call center and suddenly my local cops will care about crime.
Dayshine 7 days ago [-]
Also known as crying wolf.

Don't you have insurance for theft? Kind mandatory in Amsterdam.

fjsolwmv 7 days ago [-]
Pushing the problem to insure is blaming the victims, making the pay for crime.
Cthulhu_ 7 days ago [-]
Given that there's hundreds of thousands of bikes stolen a year and the chance of the theft being solved is very, very low, it's very much a "prepare for the worst and hope for the best" thing.

Also, in Amsterdam, don't get a fancy bike.

lucb1e 7 days ago [-]
> When you’re not in one of the big cities, it is in fact common that police has time for this type of stuff

I didn't do a nationwide survey, but you can add two places in Limburg (Maastricht and a small town near Echt) to the list of understaffed places since they also wouldn't respond to anything that was not life-threatening (literally asked whether we were threatened with our life).

For added fun, you should try calling the local police on a public holiday. Better have a good reason for bothering these busy bees when they're all out on parking meter patrol!

seriousaccount1 6 days ago [-]
You sound frustrated, but you clearly don’t know anything about how the police works. Parking fines are not issued by police, that’s a job for the municipality.
donkeyd 7 days ago [-]
> the types of crimes they deal with are much more severe.

Not just that, because of tourists misbehaving everywhere, there are also just way more crimes/disturbances than in normal city/town.

Cthulhu_ 7 days ago [-]
Plus the fact that the number of policemen available is set according to the number of inhabitants, not the number of actual people (e.g. tourists).
rconti 7 days ago [-]
As an American, I'm glad I'm not the only one :)

That said, I thought that car theft was all but gone in the US, at least for modern cars, whereas in Europe it still seems common. (Eg, if you follow international forums for newer car models, nobody in the US talks about theft anymore, but our European counterparts talk about these highly complex theft schemes). But then someone was posting about theft in Sacramento, so, I don't know.

avar 7 days ago [-]
There's a huge difference between the US and EU in this regard. If I steal a car in California and try to sell it in Nevada, I can expect to be arrested.

If I have a car stolen in The Netherlands and it's being sold in Romania, and I find out who's selling it and where, I'll be told that I have to travel to Romania and file report with the local police there before they'll do anything.

The only inter-state enforcement we have in the EU is Interpol, which doesn't care about anything like that, they only handle the likes of violent crime.

So it's kind of like expecting to recover your stolen car from Mexico or Belize, except crossing the border is a lot easier.

scscsc 7 days ago [-]
Actually you would just have to file a theft report with the local police and the car would not even enter Romania without the driver likely arrested and the car confiscated, as there is a real time db of cars reported stolen that is shared among the EU members and more. I imagine it could take a bit more effort to actually get the car back. You would probably have to worry much more about the car being torn apart and sold for pieces or leaving Europe through Rotterdam.
tpm 7 days ago [-]
Romania is not in Schengen area so they shouldn't get there, the farthest they would get to in that direction is Hungary, at least in theory.

Anyway a few year ago my car was stolen in Slovakia (the insurance paid out so my loss was minimal) and was found after a year in Hungary - the thieves were trying to sell it but it was found out they tried to change the VIN. Because apparently you can't register a car with a stolen VIN in EU. And that's nothing to do with Interpol as far as I know.

csomar 5 days ago [-]
> Romania is not in Schengen area so they shouldn't get there

Why is that? Plenty of stolen European cars roaming in Algeria and Tunisia. And with the help of corrupt officers they are registered here.

tpm 4 days ago [-]
As I said, in theory, it should be very hard to get out of Schengen with a stolen car. But of course corrupt officials can help. Registering a car with a stolen VIN should not be possible within the EU. Of course "should not".
growlist 7 days ago [-]
Interesting because stolen cars are sometimes broken for parts, but perhaps there's no profit in that in US? There was an 'OEM+' car modding craze here a few years back where certain top-end Audis were being targeted solely for their front seats, which would then be fitted to older VWs.
rconti 7 days ago [-]
And back when the S2000 was new, people were stealing them for the seats, and so on. But overall it seems like auto thefts have dropped precipitously since the 90s. Likely a combination of coordinated efforts and computerized DBs across states, cars getting harder to steal, etc, making it less worthwhile. Whereas, if parent is correct and it's easier to "get away with" in Europe, the remaining hurdle is technical, and quite an interesting problem to work around, even to this non-thief :)
majormajor 7 days ago [-]
Parts-related theft is here, but it targets a fairly different set of cars - generally somewhat older (so needing replacement parts) highly common cars. See: https://www.statista.com/chart/6551/the-10-most-stolen-cars-...

I suppose these make for less interesting news stories since they aren't nearly as tricky to steal.

7 days ago [-]
7 days ago [-]
mcguire 7 days ago [-]
If the old "Top Gear" shows are to be believed, eastern European countries are full of cars stolen from western European countries. Then there's this: (http://articles.chicagotribune.com/1999-12-27/news/991227006...).
rootw0rm 7 days ago [-]
Just got outta jail (again) couple days ago, Vista Detention Facility. Plenty of people were in for GTA (g-ride) or joyriding. My roommate is being bailed out of Banning tonight for joyriding.
nsnick 7 days ago [-]
I think it is easier to sell vehicles stolen in Europe. All a thief needs to do is drive the vehicle to Eastern Europe and there will be a buyer. Selling a stolen vehicle in the US is a lot more difficult.
rconti 7 days ago [-]
Or getting it to Mexico, I suppose.
zdragnar 7 days ago [-]
The key point isn't the BMW, it's the unspecified distress. Lives could literally be on the line, and a fast response might make a difference.
Scoundreller 7 days ago [-]
Intelligent design by BMW. Keep it vague, even though it should totally be able to differentiate between a sudden G-force, a button press, or an electrical issue (wire cut), but the car/call centre doesn’t specify the exact causative issue.
zdragnar 6 days ago [-]
A simpler explanation is that BMW doesn't want to be legally liable if a car crashes but the special sensor algorithm reports it as a break-in, or vice versa.

After all, they're just sensors, and they're still just guessing. Far better for them to report "something is wrong" than to file a false report.

Dayshine 7 days ago [-]
>because some BMW call center calls the police in the middle of the night telling them that some car reported unspecified distress within some radius

Isn't that much more severe than "window smashed"?

It's "Burglary in process, or someone might be dying, and you haven't received a 112 so no ambulance is on the way."

avar 7 days ago [-]
The BMW just reported some ambiguous state of distress, whereas a person calling the police and telling them that some car has had its windows smashed in in downtown is by all reasonable criteria equivalent to a burglary in process. If someone's not stealing from that car now, they will be in 5 minutes.
Dayshine 7 days ago [-]
>The BMW just reported some ambiguous state of distress

It reported damage to the car severe enough to sever the door frame!!

ollie87 7 days ago [-]
Exactly this, not sure what sort of speed of impact you'd have to be in with an F30 3 Series to bend the window frame significantly enough to break that wire, but you'd have to imagine very high.
21 7 days ago [-]
Don't you read the news? There have recently been articles in the international press that Amsterdam is a jungle right now:

> Official ombudsman, Arre Zuurmond told Dutch paper Trouw that "the city centre becomes an urban jungle at night". He added: "Criminal money flourishes, there is no authority and the police can no longer handle the situation."


stevesimmons 7 days ago [-]
This article and the other one quoted from the Guardian are cherrypicking quotes to make it sound far more dramatic than it really is.

Total crime numbers in Amsterdam are down substantially on prior years (https://www.ois.amsterdam.nl/popup/1663). The number of Dutch prisoners have halved over the last 10 years. Dutch prisons are now so empty the space is being rented out to other countries (https://www.bbc.co.uk/news/magazine-37904263).

At the same time, the number of tourists to Amsterdam has increased 60% over the last 10 years. It is not surprising the numbers are sometimes difficult to manage.

But, speaking as someone who since 2000 has lived in Amsterdam or visited at least monthly, I have never felt safer in the city.

justin66 7 days ago [-]
That is a British tabloid.
PuffinBlue 7 days ago [-]
A most damning indictment indeed.
stevesimmons 7 days ago [-]
No it is not.

I was in Amsterdam last weekend, at the party mentioned at the very end of the article. Thousands of people packed into the square on a Friday evening having fun. Minimal police and security guards present.

On the Saturday, hundreds of thousands of people visited Amsterdam to watch the Canal Pride on the Prinsengracht. The police reported minimal disturbances, and arrested a grand total of 25 people, 17 of which were for pickpocketing [1]. That is a substantial reduction on prior years.

[1] https://www.politie.nl/nieuws/2018/augustus/6/05-zakkenrolle...

PuffinBlue 6 days ago [-]
You miss the implication of the comment I was replying too.

The comment I was replying too was able to dismiss the legitimacy of the offending 'news' article with a simple observation.

I was commenting on the efficacy of such pity denigration, not the quality of Amsterdam's nightlife.

ashildr 7 days ago [-]
That’s how you sell newspapers and clicks.

Im in Amsterdam quite often, it just a short drive from where I live in Germany, and it’s a safe and fun place to be, if you take into account that it’s very touristy. I’ve been watching the canal pride from a park this year and was amazed that people even actually cleaned up their mess. Very unlike than at home, unfortunately.

thijsc 6 days ago [-]
The quote is specifically about a few areas like the red light district that see so many drunk and/or high tourists that the situation gets too unwieldy. Quite a specific situation that's not saying too much about the general crime level.

It's rich that a British paper publishes an alarming story on this since British tourists are a huge part of these crowds.

NightlyDev 7 days ago [-]
They didn't search the whole neighborhood. They got a call about a potential accident and ofc checked it out.
MisterTea 7 days ago [-]
> The officer I spoke to was unable to tell me which phone number or external call center it was, but that it was, in fact, a call center. The message they passed on was that there was either a burglary attempt or that my car was involved in an accident.

That last bit is key: "or that my car was involved in an accident." An accident means people could be hurt which is something the police have to respond to.

nodesocket 7 days ago [-]
> "Has anyone been hurt? Nope? Then we're not coming".

Sounds like San Francisco as well. Petty crime and theft go uninvestigated and run rampant.

Scoundreller 7 days ago [-]
The BMW customer engineers are smart: perhaps by design, their system doesn’t know if someone is having a heart attack, or a broken window, so they can push the emergency services to respond quickly and find out.
jacquesm 7 days ago [-]
I had a camper stolen from in front of my house in about 30 minutes. The police never even bothered to show up and only put an alert out a good 5 hours after the theft, by which time I suspect it was either out of the country or parts in some chop shop's bins. Highly annoying. For all the cameras and tracking going on it is surprisingly ineffective to actually do something about a crime.
endless1234 7 days ago [-]
Why should the police be sent to a smashed window? Not much they can do at that point unless you caught somebody red-handed. "Yup, that window is totally smashed. OK, just file a claim with your insurance company."
lucb1e 7 days ago [-]
Maybe I read too much about fooling fingerprint readers and think this is easier than it really is, but isn't it easy to check for prints in the car? In the general case, a shattered window means someone stole something and must have touched something in the car.

Of course not everyone is in the database, but if they are ever caught with anything they will be.

usrusr 7 days ago [-]
I suppose that cross-checking hundreds of possible prints against those of the owner and legitimate passengers would be quite a lot of effort for the slim chance of the burglar not having used gloves...
7 days ago [-]
7 days ago [-]
7 days ago [-]
Cthulhu_ 7 days ago [-]
I know the guy, he lives in Utrecht, west of the A2.
barbegal 7 days ago [-]
This definitely isn't the first time this technique has been used. I'm sure I've heard many similar stories before and the internet backs me up.



mrooding 7 days ago [-]
Hi guys, very cool to see how this is being picked up over here. Shame on me, but I actually forgot to submit it to Hacker News.

The key fob method is out of the question for my car. I've known about it for a while and store my keys in special bags.

I see quite a few people asking why a sting wasn't organised. I of course shared the M.O. with the police and we actually had a few phone calls from them over the past few days. They are sharing the information with their colleagues but to be frank, they are not going to spend an entire night waiting around for a potential car theft.

We live in Ijsselstein, a city just south west of Utrecht, and car burglary and theft is quite a big issue in our area. My previous car, a BMW F20, actually got broken into twice in 2 weeks. Both times they stole the entire nav system. I've become quite adapt at filing reports but besides filing a report the police can't do anything for you.

The first time it happened they asked me whether or not I saw visible blood stains. Only then would they send a patrol car to do sample research. In any other case, they just ask you to file a report and be done with it.

Let me know if there are any questions you'd like me to answer while I'm at it.

I'm also interested in writing some follow-up articles about car security/theft prevention. If there's anyone willing to contribute, let me know!

Scoundreller 7 days ago [-]
You may want to look into rewiring your OBD port so that it doesn’t work without you flipping a switch somewhere, or building a “key” with a male and female port + some wires, then storing the “key” in some hidden location (spare tire?).

Or just expose two data lines from the OBD wiring harness and jump them together. Remove the jumper to operationalize the OBD port.

FYI: cutting off VCC may not always work since some devices may derive enough power through other lines that have pull-up resistors to function. I’ve seen it happen in other industries.

Not sure if such products exist commercially, but it would have some value for someone to build them.

mrooding 6 days ago [-]
A few days ago, I read on the most reliable source in the world, the internet, that if you have a class 3 alarm system from BMW, the OBD port is blocked as soon as the alarm goes off. I do want to verify this with the dealer once my holiday is over.

I also read about the OBD key cloning, but I'm not sure whether or not that was an issue with the first F30s. I'm unsure whether or not it still works with the F30 LCI from 2017 that I have

Scoundreller 7 days ago [-]
Oh, and get a dashcam with parking mode!

Front and rear. Maybe the sides too?

They’re increasingly inexpensive, and you can move them car to car as you buy/sell.

I originally bought a forward facing, and as i’ve upgraded, my old forward facing is now my rear facing.

mrooding 6 days ago [-]
I've been thinking about that. A good one with parking mode and cloud support sets you back about 800 euro including installation. It could be worth it but the chances of the cops actually catching someone based on the footage is quite slim.

For hit and run accidents in which you can record a license plate it might be worth it.

Scoundreller 6 days ago [-]
Cut the cloud storage, install yourself, and buy direct from Asia. Except the flash card, buy that from Amazon. Then it should cost less than US$100 per side.
jackson1way 4 days ago [-]
Oh dear. So we figured out that SD cards „directly from asia“ are either counterfeit, fake or low quality. But apparently cameras are fine? Well, good luck then.
giobox 7 days ago [-]
I've anecdotally heard a lot of stories about the relay/replay attacks on keyless ignition systems used in many BMW models and other cars as well. No need to smash the window at all in some cases. Remarkably simple attack in principle, and probably a nightmare to explain to your insurer given there will be no evidence of a break in.

Makes you wonder if you should start storing the key in a metal/RF shielded box at home...

> https://www.bbc.com/news/uk-england-birmingham-42132689

jasoncartwright 7 days ago [-]
This has happened so many times (I've heard of at least 5) in the UK to Tesla cars that Tesla themselves sent out a warning with instructions on how to turn off the passive entry feature that allows this attack.


Here's a video of a relay theft (of a Merc) from West Midlands police in the UK...


Photo from a camera of attempted theft, from a UK Tesla owner...


maym86 7 days ago [-]
Maybe you could stop this attack by having an IMU in the key so it only broadcasts the unlock signal while it's being held/moved.
jasoncartwright 7 days ago [-]
Many suggestions for foiling this (including some interesting Tesla specific ones, like having the screen ask for a PIN), but the simplest is to just have the key not unlock the car unless a button is pressed.

Not a massive inconvenience.

gambiting 7 days ago [-]
If you had a receiver with a nanosecond precision you can measure the distance to the key with enough accuracy that the relay attack doesn't work anymore. I don't know why manufacturers don't do that yet - I guess the parts necessary are still not available at scale yet?

I personally just keep the keys in a metallic bag at night, blocks all signals perfectly.

yc-kraln 7 days ago [-]
I have built an access control system that does a similar thing. Long story short: Time Of Flight is patented and no one can use it. Our system used a nice workaround... We tried to convince car manufacturers to use or license our tech and they seemed happy with their current stuff.
williamscales 7 days ago [-]
How can one patent something so obvious as measuring how far away something is based on how long the signal takes to bounce back? That principle underlies...so many things.

Edit: I looked up the patent. Here it is: https://patents.google.com/patent/US8930045. I understand that patents protect novel inventions and that under some standard this may be considered "novel". On the other hand, I myself have frequently used the technique of sending a signal, awaiting a response, and then using timing to derive the distance. It seems such an obvious application to this use case that there is nothing novel here.

rachelbythebay 7 days ago [-]
Hmmm. 2013? I beat them by a year.


fjsolwmv 7 days ago [-]
db48x 7 days ago [-]
You just have to convince the patent examiner that it's not obvious. There's bound to be prior art (radar), so it could probably be invalidated if you want to spend the money on it, and you don't have some alternative ready to hand.
matthewdgreen 7 days ago [-]
It's coming in the next generation of keyless systems: https://www.3db-access.com/
Rjevski 7 days ago [-]
I’m curious, why not just proper cryptographic challenge-response?

Key sends a “wake up” signal, car hears it and sends a random challenge, key receives it, signs it with its private key and send is back. If the response is correct the car unlocks, otherwise not and the user can try again.

Seems like à solved problem really.

giobox 7 days ago [-]
The entire point, rightly or wrongly, of keyless entry is that you never have to touch the key, simply have it somewhere in the vicinity of the car, such as in your pocket. No button pressing or user input. You approach the car and it is already magically unlocked and ready to be started, usually via a starter button on the dash.

Therefore the same concerns regarding relaying still apply, unless I’ve misunderstood your reply, but your later post suggests pressing a button on a key. If buttons on the key are pressed, this ceases to be “keyless” as the car industry understands it - this is back to conventional remote locking.

gambiting 7 days ago [-]
This is precisely how it works already, exactly as you described. The issue is that the relay just boosts the signal,so the car thinks your key is nearby, while in reality it's in your bedside drawer.
leot 7 days ago [-]
Why not relay that, too?
Rjevski 7 days ago [-]
Relaying would still require the owner to push a button on the keyfob, right?
maym86 7 days ago [-]
No. The point of this whole thread is there is no button so that when you approach the car it unlocks automatically. That's why this attack is possible by extending the range with repeaters. The key likely already has something similar to what you suggested but that can't prevent this attack.
dzhiurgis 7 days ago [-]
Is that how contactless payment cards are protected?
gambiting 7 days ago [-]
No, contactless cards could be hacked in the exact same way cars are, but it's not worth the trouble since you would need an authorized terminal and the most you could steal is £30 - it's just not worth the trouble.
gargravarr 6 days ago [-]
Steal £30 off enough people, though - RFID/NFC has been demonstrated to have a range of several meters under some conditions, so just stick your equipment in a bag and wander through a shopping centre. Probably pickup a dozen or so. I understand those who buy RF-shielded wallets all too well.
gambiting 6 days ago [-]
But like I said, only an authorized terminal will process transactions, so you need to figure out how to get one. And then, visa and MasterCard take at least a week to pay out any money from card transactions - so your terminal and likely the entire account will get banned before you get a penny out of that money.

It's not that £30 is little money - it's that it's nearly impossible to secure a working terminal and then once you have that actually get any money out of it.

gruez 6 days ago [-]
Like the parent comment said, you need an authorized terminal, which is linked to a merchant account, which is linked to your bank account (and thus your identity). What do you think visa/mastercard is going to do when the fraud reports start flooding in? Chances are, you're going to be caught before your first payment arrives in your bank account.
dzhiurgis 6 days ago [-]
If you get a pin number then it’s different. AFAIK there are contactless ATM’s.
gambiting 6 days ago [-]
Contactless ATMs still require a pin - one of the defining features of contactless is that you can't get cash with it. If you ask for cashback at the till and use contactless then you also need to enter the pin.
7 days ago [-]
maym86 7 days ago [-]
Sure. Was just trying to solve the problem while keeping the same experience, which some automotive manufacturers must think is worth providing to customers.
raverbashing 7 days ago [-]
Well, for some people, pulling the parking brake is a "massive inconvenience" which ends up having serious consequences.

Technology can't solve everything.

hvidgaard 7 days ago [-]
The entire idea of passive keyless entry is that you just have the keyfob in your pocket, and can enter the car as you approach it without touching your keyfob.

That also means that relay attack is always going to work. So either accept the risk or disable the feature.

tbrock 7 days ago [-]
The attacker could just wait outside your house for you to hold or move it as you head off to work in the morning then come back at night to pick the car up
maym86 7 days ago [-]
It doesn't work like that. This can't be recorded and replayed later. This attack works by extending the range of the exchange between car and key in real time using handheld repeaters.
blensor 7 days ago [-]
That's actually not hard to explain to your insurance or the police at all. This happened to me 5 weeks ago. The car was parked directly in front of my entrance door and the key was basically on the other side of that door.

The scene of my car not being where it was supposed to be was so surreal that I did not even realize it was missing the first time when I walked out the trash. I basically walked around an invisible car.

Only when I wanted to leave the house and thought, well shouldn't my car supposed to be there did it dawn on me that something is amiss.

When I went to the police, the first thing they asked me was how far my keys were away from the car. My insurance was asking the exact same thing.

Remarkably the car was found when the police in our neighboring country stopped a driver under the influence of drugs.

Getting the car back (still ongoing) was so much hassle that I almost would be happier if it would not have been found.

It goes without question that all my keys are now stored inside a metal box when not in use.

I was a bit worried that the box does not shield the signal enough. The best way I could think of to test it was to put the key inside the box and hold the box to the steering column and try to start the car. It's probably not foolproof but I hope it is enough.

tjoff 7 days ago [-]
Well, now when that technique is well known it's another story.

It's like the case where PIN numers on credit-cards where cracked but because noone knew it could be done people where assumed to have been negligent if the thief knew the code and automatically denied any compensation.

... until they caught the guys.

mysterypie 7 days ago [-]
> Getting the car back (still ongoing) was so much hassle

I'm very curious to know why was it was such a hassle? Unless the police were keeping the car as evidence in a truly major crime, why wouldn't they immediately give back your property?

blensor 7 days ago [-]
Ok, I'll try to post a quick summary.

As a background info. The car was stolen in Austria and 5 hours later stopped in the Czech Republic close to the border to Poland. It is a leased car, so there is also the leasing company involved in all decisions.

Since it seems to have been part of a bigger operation (several cars stolen over the weeks prior) a special unit working on this case got involved (from the Austrian police).

When I contacted the insurance they had me sign a waiver that I will also take back the car if it takes longer than a month to return it. This should have rang some alarms bells but I was still optimistic, after all I could have basically taken a train to the Czech Republic and drove back on my own.

Then it was week after week of people shoving the responsibility back and forth.

The Austrian police wanted to get the car to do a forensic analysis, and wanted it to be hauled back on a truck instead of driving. The insurance company flat out told them no, because it is to expensive.

Then I had to send my key to Poland (kind of ironic since this was the intended destination of the car all along) because the employee of the company that would collect and return it was located there.

After 3 weeks the officer in the Czech police was on vacation (pro tip: don't let your car get stolen during the summer vacation period :) ). The following week the insurance company wanted to know if they can finally collect the car. The Czech police told them basically yes, but the Austrian police had not given their OK, and now the Austrian officer on the case was on vacation.

After the 4th week when everyone finally thought that it could be returned, the Czech DA said the< needed to wait a bit longer because they still needed it for the case against the thief.

Now it's week 7 and I at least have seen my car after it was hauled back to the car dealer where the insurance company has sent an adjuster to check what needs to be repaired (the y have cut the connection to the car telemetry unit and caused a few scratches on the front fender).

I am not yet allowed to drive it home since those things need to be repaired first.

So my expectation if that I will get it sometime later next week, which would then be 8-9 weeks in total.

foobarian 6 days ago [-]
> The scene of my car not being where it was supposed to be was so surreal that I did not even realize it was missing the first time when I walked out the trash. I basically walked around an invisible car.

This reminds me of the street cleaning hazing ritual most newcomers to Cambridge, MA go through. I was about to call the police and report a stolen car when I saw the street cleaning sign and realized the day it specifies was the present. Either way not a happy feeling.

akira2501 7 days ago [-]
> I was a bit worried that the box does not shield the signal enough.

They make "Faraday Bags" exactly for this purpose.

jaclaz 7 days ago [-]
>They make "Faraday Bags" exactly for this purpose.

Only "they" do not certify them in any way (for several reasons, including the fact that there is not - yet - an accepted standard for measurement) and in any case a Faraday bag (in the sense of a mesh) may be very effective at a given frequency and almost transparent to another one).

A tin box should always outperform a Faraday bag in shielding RF.

JFYI: https://www.forensicfocus.com/Forums/viewtopic/t=3914/

blensor 7 days ago [-]
I needed a quick fix that everyone in our house would be adopting quite quickly, and it should also fit into the style my wife used to decorate the entrance area. So the bowl where our keys were usually collected was replaced by a metal box with a lid.

However, in the long run I won't bet on workarounds to prevent the signal to be repeated, I will rather use one of those steering wheel locks that's brightly visible from the outside. That does not prevent someone from breaking into the car, but it will prevent them from easily driving away with it.

A security camera has also been placed there, so I hope overall it is enough of a deterrence

Cthulhu_ 7 days ago [-]
I think you can also disable the keyless entry (that is, entry without hitting a button on the fob) in most cars. Said cars should also just stop if it doesn't detect the key while driving, so starting keylessly should still work.
MichaelApproved 7 days ago [-]
> "probably a nightmare to explain to your insurer given there will be no evidence of a break in."

Is that really an issue? This isn't the first type of theft that doesn't require a break-in. Tow the car and there's no evidence either.

If you say it's been stolen then it's been stolen. File the police report and that's the end of that, no? Unless they have specific reason not to believe you personally (history of fraud), it'd be a crappy insurance company that would question it.

giobox 7 days ago [-]
True, it's probably not _that_ hard, but I doubt it's all that great an experience either. At least with towing there is arguably a significantly higher chance of witnesses or CCTV footage of a number plate, and on most modern luxury vehicles will trigger the alarm. With this attack it looks like the driver simply opened the door and drove off as if they were the owner, which is far less likely to arouse suspicion in most neighborhoods I would imagine.
bostik 6 days ago [-]
A personal anecdote from this side of the table.

Back in early 201x I was asked to take a look at a certain car manufacturer's project proposal. They wanted to introduce keyless unlock and ignition to their line.

I got the spec and the proposal. There was no security - the number of possible signalling combinations was in low thousands and the system was completely open to trivial replay attacks. So I got back and laid out my concerns and requirements: unique keys per car, strong nonce and proper cryptographic setup to make replay attacks impossible. The manufacturer balked, claimed it was too expensive and we lost the project.

Less than a year later certain mr. Miller demonstrated the very same type of key-fob replay attack against a different manufacturer.

city41 7 days ago [-]
gambiting 7 days ago [-]
I already do. I keep the keys to my mercedes in an rfid-blocking bag next to my bed at night, because unfortunately it's vunerable to that exact type of attack.
mabbo 7 days ago [-]
The thieves would have been wiser to take something, anything to make the narrative of the original break in more believable. They didn't sell the narrative well enough, which left people curious.
giarc 7 days ago [-]
Maybe there was nothing in the car, but you are correct, should have taken something or at least opened the glovebox to make it seem like they were searching for valuables and found nothing.
Cthulhu_ 7 days ago [-]
Given that they knew exactly which system to disable, they probably also knew that the call center will be contacted the second they broke the window, and the police could be there within minutes. I don't know how well secured anything stealable is nowadays, but I can imagine it'd take a few minutes to remove e.g. the navigation system.
Nasrudith 7 days ago [-]
I wonder why they bothered with the smash - broken glass would make people take their car to a dealer. Just the "failed jimmying" might have gone if not unnoticed as a police issue procrastinated in fixing. Maybe they were just frustrated auto thieves.
flak48 7 days ago [-]
How would they have disabled the alarm without breaking into the car?
TheCowboy 7 days ago [-]

  The other one was an air pressure sensor, used for 
  detecting sudden changes in air pressure. This is the
  sensor that will, among other things, detect a broken window.
Might be related to tripping this sensor in advance.
test6554 7 days ago [-]
There's an old saying about not committing more than one crime at a time.
slededit 7 days ago [-]
The cops probably scared them away while they were in the act.
ironjunkie 7 days ago [-]
Why did they not park the car back and wait with the police on call in order to catch the thieves that would have come back the next night?
Rjevski 7 days ago [-]
I had a phone stolen recently at knifepoint (attempting to sell it on a classifieds site). When I told the police I could make them come back next day (posting another ad, etc) they wouldn’t give a shit.

I suspect this is the same reason.

chrischen 7 days ago [-]
You'd have to get the Japanese police involved.


test6554 7 days ago [-]
With the alarm disabled, they could wait a month.
Cthulhu_ 7 days ago [-]
I'd argue they would have to act quickly though - there was an alarm going on the dashboard when the car was started.
stingraycharles 7 days ago [-]
I would assume because of the short timeline, the novelty of the technique, a lot of paperwork being involved, and possibly a whole different police department that would have to do it.
noncoml 7 days ago [-]
I was sure he would wake up next morning and find the car missing. I think he was really lucky that this wasn’t the case and the thieves waited(?) for the next night.
jimmy1 7 days ago [-]
Yeah, I don't understand this. After you went through all the work of disabling the SOS, you can just take the car then, unless breaking the window was the way they initially got inside, and maybe they were thinking that the person would blindly repair the broken window to increase the value of the car on the black market? I don't know.
cptskippy 7 days ago [-]
When they broke the window SOS was triggered. They knew this and that Police were en route.

When they cut the wire in the pillar, they didn't disable SOS, they disabled the triggering mechanism. The idea being that they would return and break the window again only SOS wouldn't be triggered because that wire was cut.

7 days ago [-]
rconti 7 days ago [-]
Because the police arrived 5 minutes after they disabled the SOS button.

The next night, there would be no SOS notification when they broke the window again. Or maybe they'd only have to tear away a plastic bag, if the owner hadn't gotten the window replaced.

Or maybe they were hoping to find a valet key in the car, making their job even easier, either that night, or the next night.

7 days ago [-]
rosege 7 days ago [-]
I don't know why he didn't talk to the police and tell them what he suspects and see if they would set up an ambush for the car thieves that night. Put the car back in place and wait for them to show up
justwalt 7 days ago [-]
The thieves didn’t have to come back the first night. Could have done it weeks later.
Cthulhu_ 7 days ago [-]
Yeah but would you drive around in your brand new car for weeks with a big SOS error light in the dashboard? Knowing it's covered by insurance and/or warranty, too.
flak48 7 days ago [-]
The theft relies on the few people who would actually ignore the error light, I mean theft shouldn't be so easy...
N0RMAN 7 days ago [-]
Wouldn't a jammer do the thing?
Coding_Cat 7 days ago [-]
After the frst paragraph(s) I was expecting the security center to be fake, the actual thieves, and have them send out a 'customary repair service' that would have to take the car back to the dealer or something.
purpleidea 7 days ago [-]
The smart thing to do would have been to leave your car outside again, and have the police hidden down the street, so when they returned they could catch the crooks!
jasonmaydie 7 days ago [-]
I think the proper cause of action in that case was to return the car and do an old fashioned stake out with lots of beer.. I mean redbull and catch the burglars redhanded.
ironjunkie 7 days ago [-]
yes. I honestly don't know why this was not done. It sounds like the most obvious thing to do if you know that the burglars are going to come back anyways the next day.
Freestyler_3 7 days ago [-]
Way to catch some sophisticated thieves, and if they don't show up anyway. Then stop going to that dealership.
londons_explore 7 days ago [-]
It's clear what has happened here...

Cutting that wire loom disables the cars 'call home' functionality (probably by cutting it's antenna), as well as conveniently disabling the alarm.

The thieves who cut it this time were too slow though. Presumably, the 3G connection takes ~30 secs to boot up, find a cell tower, and connect to BMW servers. The thieves hoped to break the window and cut the loom immediately, before the connection to the server was made.

rtkwe 7 days ago [-]
Aren't they just always on? Also the modem would have to be on the other end of that cable loom for that to work when it's much more likely to be down in the glove box with the rest of the control modules and you don't need an antenna that long for a WAN modem.
londons_explore 7 days ago [-]
You probably want the antenna away from all the metal body panels of the car. Hence normally running a cable up the A pillar.

The modem itself probably isn't booted up to reduce vampire power drain. If it was always on, it would drain the battery after a few weeks. More likley, when the alarm goes off it starts booting up.

rtkwe 6 days ago [-]
My cell phone still gets decent signal sitting down in the center console in the cubby below the entertainment system, enough to stream music at least which is more than it'd need for an SOS function. If your phone can send a text it's got more than enough signal to do the SOS functions.
Rjevski 7 days ago [-]
I’m surprised they wouldn’t just arrive with a GSM/3G/LTE jammer to begin with.
lucb1e 7 days ago [-]
Assuming it's not always-on.
gagabity 7 days ago [-]
More surprising that the car has some call home feature that the owner doesn't seem to know about.
drglitch 7 days ago [-]
Having recently gotten a new BMW (in USA), they give you a huge packet of about 30 pages explaining the BMW TeleService and the "SOS" button. They also make you sign a power of attorney-style doc giving them rights to notify police in case they believe your vehicle is in trouble and provide police/EMS with its exact location.

Mercedes and Audi have similar systems, as do others via OnStar. This is one of few cases where i believe having an "oh shit" button/system that automatically activates in case of serious accident or another event is valuable.

EDIT: oh, and this is entirely opt-in, at least on BMW.

netsharc 7 days ago [-]
BMW offers a car-sharing service in some cities in Europe through a joint venture with Sixt, called DriveNow. Some assholes like to take these cars and go for joyrides/street races. One of these idiots ran over a bicyclist and killed them. The court/prosecution asked DriveNow to give them the "black box" data of GPS location/heading/speed, but the company doesn't monitor GPS during trips. The court asked BMW, and BMW could comply. A bit freaky...

(After reading more about it, the black box is only for cars used in this service, and apparently BMW and DriveNow have a "data protection firewall": BMW only tells DriveNow where the trip started and ended, and doesn't know who rented the car, and DriveNow knows who the renter is but doesn't know more other than the start/end of their trip)

mynameisvlad 7 days ago [-]
It's in some cities in the US too. It's not freaky at all for a company to want to protect their assets (the DriveNow cars). Mercedes Benz does this with their Car2Go cars as well, and I'm sure ZipCar also does this too. They have custom software running to enable all the DriveNow/Car2Go functionality.
jiveturkey 7 days ago [-]
No, not entirely. Please give me the instructions on how to opt out. Whenever someone asks (which is rare), the forums are filled with replies like "why would you not want BMW to monitor you? are you a fraudster?" IOW the forums do not know how to opt out either.

Everytime I take my 2016 in to service, I ask both sales and service to disable teleservices. They say they cannot. I then call BMW teleservices (every time), and they tell me that the dealer has to do it.

There are explicit instructions from BMW online that in Germany you can take it to the dealer to have it disabled. No mention of any other country.

Yes, the emergency aspect of it is valuable. It's not worth the compromise in privacy, at the complete discretion and ineptitude of a corporation that has a profit motive.

In 2016, I certainly did not sign (and was not asked) any kind of doc authorizing location disclosure. My car definitely does have teleservices activated. (don't know if they will report my location)

drglitch 7 days ago [-]
There are three components to my knowledge. below is my anecdotal knowledge so pls verify if needed :)

- remote car monitoring/bmw connected app. this can be tweaked (its off by default) via idrive. I believe there is also some anonymized sharing with "parknow" and real time traffic apps.

- maintenance notifications. this is on by default and can be disabled in bmw's new "my car" website. They also send you a postcard letting you know its on periodically.

- "sos" services - I would call BMW and ask to have it turned off (its on by default). The signing of the doc might be depending on the state you're in. Mine's NJ reg, but NY dealer.

If BMW ever shares the location data with third parties other than police, I would have major issues with all of this.

To answer sibling post, SIM cards are located inside the Navi computer, which is a big gray/black metal box behind one of side access panels within the trunk (or under trunk for most sedans). BMWs can also be coded (google that- dealer wont do it) to not use SIM data completely. If you truly want teleservices disabled, find a friendly BMW modder shop adept at coding and they'll help you void your car's warranty :)

jiveturkey 7 days ago [-]
> If BMW ever shares the location data with third parties other than police, I would have major issues with all of this.

By that time it would be too late. And the problem with privacy-related info (like location history) is that once revealed, it can’t be re-secured. So the only proper fix is to not collect it in the first place.

Also BMW is a car company. Consumer data protection is not their core competency. Then info may not be intentionally revealed. A rogue employee may decide to listen in (as in OnStar case). We can’t know what controls they have in place to mitigate risk. Since I obtain almost no value I want to be able to opt out. That they make this difficult is so aggravating. But I love their cars. I wish I could quit you BMW.

I wonder if GDPR is a factor for new car sales. In fact maybe that’s why you got a big packet and had to opt in, and back in 2016 it was instead quite impossible to opt out.

hvidgaard 7 days ago [-]
GDPR is quite hard on the fact that you must opt in. It can be argued that using the services they provide is enough of an opt in, but the GDPR states that they must explain in detail what the collect and what they'll do with the data.
jacquesm 6 days ago [-]
Under the GDPR you could force BMW to hand over what data they have on your car. That way you would at least have some idea of what gets stored and for how long.
jiveturkey 6 days ago [-]
As a US citizen residing in the US, no I couldn't. (They might voluntarily disclose, applying GDPR globally, but they aren't required to do so.)

Additionally, my interaction is with BMW USA, not BMW AG. If teleservices is instantiated locally in the US for US customers, then it's doubly the case the BMW need not respond to any such inquiry.

jacquesm 6 days ago [-]
> I wonder if GDPR is a factor for new car sales.

You brought the GDPR into it.

driverdan 7 days ago [-]
Can you pull the SIM card?
drglitch 7 days ago [-]
Cards can be pulled physically but not replaced without changing out hardware associated with telenav units. See: https://f30.bimmerpost.com/forums/showthread.php?t=1149540
chrisper 7 days ago [-]
No, because this is an embedded system and fiddling around with that is maybe going to void your warranty?
driverdan 7 days ago [-]
Not in the US. So long as your changes don't cause damage your warranty can't be voided.
mrooding 7 days ago [-]
I've known about the SOS button since I've been driving BMW for over 6 years. Luckily, I've never been in a situation where I needed to use it.

What I didn't know is that it would dial home if the connection was lost. Even the person I spoke to at the dealer wasn't aware of this.

ashleyn 7 days ago [-]
Almost every major luxury car has a feature that reports on the operation of its self-driving(-like) features, data which is used to refine the next generation.
umvi 7 days ago [-]
Many products have features the owners don't know about. Intel ME was a hidden feature of Intel processors for a while before anyone figured out it existed.
grkvlt 7 days ago [-]
No it wasn't, it was well documented in marketing, sales and technical literature/documentation.
vanous 7 days ago [-]
Would it be possible, that the order of actions was actually different? The thief first pushed thin tools through the door gasketing and actually cut the wires from the outside. Not sure how well and how successfully, but i actually presume that this wasn't as good cut as they tried to achieve. Then, they tried to break the window and continue with the theft, but the system reported them too fast anyways...?
mrooding 7 days ago [-]
I doubt that this is what happened. I'd like to see someone remove the jamb cover from the outside and also cut the loom from the outside. Not sure what kind of tool would be able to fit through the door and do these things. You can clearly see on the third image that they forcefully removed the cover with a screw driver or something else since it's completely bent
Cthulhu_ 7 days ago [-]
The author also mentions that these cars have radar and air pressure sensors - I don't know how accurate these are, but forcing something through the gasketing could cause a change in air pressure enough for it to trigger.
hartator 7 days ago [-]
It seems overly complicated when just relaying your key fob is a known attack that's working. The scenario of them just failing to steal the car seems more plausible.
danielovichdk 4 days ago [-]
Funny reading this. I had the same experience with a rental bmw 530 in italy.

Nothing stolen, only window shaddered and SoS going blind.

I left for Germany that day though, so I must have been lucky.

Thanks for posting

post_break 7 days ago [-]
If you have a car that has keyless entry store your keys in a metal box and confirm it wont unlock the vehicle even if you take the box and put it next to your door. Also if you drive a modern ford do everything you can to block access to odbii port as they can clone a key in seconds using special tools.
spockz 7 days ago [-]
BMW burglars appear to be very skilled. The entire board computer was taking from a friend’s car and the screws and cables etc were all tidily set aside as if it was a professional replacement. And this within an hour, on the front porch..
monocasa 7 days ago [-]
Well, I assume that the burglar was paid, de facto making it a professional replacement.
mschuster91 7 days ago [-]
> The entire board computer was taking from a friend’s car and the screws and cables etc were all tidily set aside as if it was a professional replacement.

Probably the thief didn't want to risk any kind of damage on the board caused e.g. by shorting two wires during cutting the cabling and thus shorting a capacitor on the board.

samstave 7 days ago [-]
Makes me wonder how many of the thieves of modern cars are professionally trained service people from the respective car companies who are paid off to get the vehicle into a state where it can be cleanly taken away.

You are basically just paid to bypass security.

Rjevski 7 days ago [-]
The difference is that in IT, whether you are a professional or not, the systems you’re working on will still ask you for authentication.

In cars, it’s security by obscurity. If you know the protocol to talk to the car’s computers via the OBD port, you are pretty much root without even providing any credentials.

dig1 7 days ago [-]
Since all protection in cars (no matter how complex is) is mass produced, it is very easy for thieves to purchase same/similar car and study it. However, I'm wondering what will happen if an ordinary Hacker Joe (a guy who knows a little bit of electronics and software) installs custom protection, no matter how simple is?

Knowing that for thieves, the most precious resource is time and if you force them to work more than expected, they might gave up...

trukterious 7 days ago [-]
Thieving isn't a good life -- for one thing, thieves lie awake at night worrying that someone's going to steal their stuff.
danieltrembath 7 days ago [-]
I wonder if they were in fact intending to steal the airbag, but were disturbed in the process. Airbag theft is fairly common and lucrative. You can extract the A-Pillar bag through the window without opening the door. In cars without the radar/pressure sensors you have some chance of doing that without setting off the alarm.
ashleyn 7 days ago [-]
Immediately, I'd be wondering what very powerful spy agency or organisation felt the need to break into my car, and why.
soneil 7 days ago [-]
I'm not sure I'd be so paranoid. We've read of people managing to hack the key openers, etc. They're an attractive target.

I mean, if you were going to leave a box containing $30,000 on your doorstep. A box not only containing 30k, but a box that was labelled that it contained 30k. How would you protect it? Put a serial number on it so you can prove it's yours? A bike lock? A motion sensor? Cement it into the ground?

What lengths would you expect someone to go to, to try to walk away with this box? Just give it a little kick to see if it moves? A screwdriver or a pry bar? Angle grinder?

Once you divorce yourself from the commonality of a car, it's quite bizarre to think that not only do most people leave their second most valuable possession (or most valuable, if you rent your home) on their doorstep .. but that they just assume it won't happen to them. It doesn't take a targeted attack for someone to realise that that exposed, valuable, mobile asset is .. well, exposed, valuable and mobile.

dsfyu404ed 7 days ago [-]
$30k in cash is not the same as a $30k car. A $30k car that's been stolen is not worth $30k, then there's liquidity, risk and a bunch of other things. Having your car parked outside is not at all like having a box containing $30k outside your house.
soneil 7 days ago [-]
I have to worry about a $1,000 bicycle. For some reason it's just socially accepted that this will happen to a $1,000 bicycle. But park a car worth an order of magnitude, and the level of worry actually goes down. That's the bit that throws me for a loop.

I'm not trying to argue that anyone should live in fear. Just that assumptions of state-sponsored action severely overestimate which ballpark this lives in. This is more complex than an opportunistic thief, but well within career criminal - and probably well below "steal to order".

vkou 7 days ago [-]
That's because most of us recognize that 20 seconds with angle grinder will make that $1,000 bicycle disappear. 20 minutes at a stolen bike dealer - which are everywhere - will turn it into $50.

20 seconds with an angle grinder will not make a $30,000 car disappear. Selling it on the black market is also a much bigger pain in the ass, then selling a stolen bicycle.

People leave $300,000 dollar homes unattended all the time - protected by nothing more then a flimsy lock, and a few panes of glass. Yet, most of the time, people don't worry about someone stealing their house.

8xde0wcNwpslOw 7 days ago [-]
A bicycle is also often more than an order of magnitude easier to steal; you can't just pick up a car, and a bolt cutter won't cut it even for a car worth $5,000.
lphnull 7 days ago [-]
well then is it closer to having a box with $15k? $10k? $5k? In all these situations, the incentive is still there.
pc86 7 days ago [-]
Probably $3-6k but with the associated risks and punishments of a $30k crime, and much more if you happen to have a firearm on you while committing it.
avar 7 days ago [-]
This is Europe, nobody stealing a car is carrying a gun.
xkcd-sucks 7 days ago [-]
Presumably it takes a business and facilities to to realize its value, so the barrier to entry is high. Like the thief needs access to a shady used car dealer or shady used parts business, unless it's a low volume rural thing where they can strip cars in the backyard and sell parts on eBay.

Assuming the 30000$ car is one ton, that's only 15$ per pound of car... Not too valuable.

soneil 7 days ago [-]
Amsterdam to the Polish border is 8 hours. Do you think it'd be worth $1000/hour?

(Yes, this is perpetuating a horrible stereotype. Nothing personal, Poles, you just happen to be the closest border for this particular stereotype.)

wjnc 7 days ago [-]
Nah, BMW-thieves are incredibly resourceful. They managed to steal parts of the dashboard and airbag from my neighbours car, without further damage, while in the driveway with the alarms not triggered on a modern 3-series. All the neighbour noticed was the dog barking a few times at night. We all sleep within 30 ft of that car. Practice makes perfect. Those parts are sourced to eastern Europe and are stolen on demand.
hvidgaard 7 days ago [-]
It's a widespread problem right now. It happens in waves, and if you go to BMW dealers in larger cities it's not uncommon to see 4-5 5 series missing the dashboard and airbags.

What I don't understand is what are they using it for? Can they upgrade older models with it?

wjnc 5 days ago [-]
Sorry for the late reply. The story (I'm in insurance, but no means to check for validity) is that in Europe total losses are sold for their chassis numbers and then pretty much built up from stolen parts in Eastern Europe. I had a bad run in with a likewise situation when someone crashed into my rear and the offer for the wreck was way high. That meant I had to go get a new one, since via technical total loss I could not get my own car repaired without financial risk.
ollie87 7 days ago [-]
Crashed vehicles will need replacement dashboards and airbags, probably stealing them to do dodgy repairs on cars that have been in big accidents.
barbegal 7 days ago [-]
Hardly, this was a very unsophisticated attack, they cut through the entire loom as opposed to through individual wires so it was quickly noticeable what had occurred.
modells 7 days ago [-]
Did you even read the article? They knew enough to disable SOS and interior car alarm sensors in a seemingly subtle way most people would dismiss. Maybe they should’ve taken their time and waited around for police?

What’s unsophisticated is stealing a radio or nav by slashing the back of the wiring loom, and then the owner having to replace the entire loom at the cost of many thousands of dollars. It sucks but that’s life. Car thieves aren’t your friends, DGAF about damage, and those that don’t operate on a “speed is life” principle get caught. Maybe you should show a little respect to the knowledge and tactics demonstrated?

tempestn 7 days ago [-]
Why should they show respect to these car thieves? They made a valid point; it's easy to imagine an attack like this being done better.
21 7 days ago [-]
That agency would have jammed communications in the area so no alarm would have been raised, unless raising an alarm was their actual purpose.
vwelling 7 days ago [-]
Signal jamming will trigger high-end car alarms as well.

Also, if the alarm is connected to a security provider, a disruption in communication with the car will also cause them to follow up on it.

madeuptempacct 7 days ago [-]
What is this magical land you live in where signal jamming triggers a CAR alarm?
vwelling 7 days ago [-]
Rjevski 7 days ago [-]
I wouldn’t trust a mobile carrier with anything - they can’t even protect their mobile customers from basic stuff as SMS spam or eavesdropping via SS7.

Not to mention, I technically can’t see how this thing will be able to phone home if the mobile phone frequencies are being jammed.

frockington 7 days ago [-]
That would make me crazy. Before an important meeting that would seriously throw me off. It's a good play
whataboutism 7 days ago [-]
They were in posession of a 0-day for this car
draw_down 7 days ago [-]
Probably not necessary to flatter oneself in such a fashion.
ransom1538 7 days ago [-]
In Sacramento car theft is a big problem. The scheme there is to steal a nice car, purchase a wrecked one at a lot (salvaged) for pennies, then swap the vins and serial numbers with the salvaged car then sell it. It works really well. So if you buy a used car in sacramento there is a %90 chance it has a salvaged title.
tempestn 7 days ago [-]
However large an issue it is, I'm pretty confident a majority of used cars sold in Sacramento are not stolen, let alone 90%. (Maybe you were just exaggerating.)
jmnicolas 7 days ago [-]
The author should feel lucky that he encountered "fancy" thieves.

Modern cars are so hard to steal that mots thieves resort to violence to get your car.

Contrary to insurance companies, I'd rather have my car stolen than to be knifed.

hashifynet 7 days ago [-]
It would seem the person took the time to review a wiring diagram or had some previous experience.
7 days ago [-]
mobilemidget 7 days ago [-]
Hope he still went on vacation as planned, I kind of miss that information
mrooding 7 days ago [-]
We are actually. Not with the BMW as intended but with my girlfriends car. Currently driving from the south of France to Bretagne for our last week. The car has been fixed by now and will be picked up the 18th. I'll update the article later today too!
multjoy 7 days ago [-]
Amateurs, frankly.

The current modus operandi is to find your BMW/Land Rover/Mercedes. Wait for it to come to your hand carwash, tyre company etc and get uninterrupted access to the OBD port along with the key. Program new key, find the address of the vehicle, walk up a few days later and drive it off at 3am in seconds.

If that's too much like shooting fish in a barrel, then the 'keyless relay theft' is probably more your bag. Using a relay transceiver, if the key is in the house within range, then you can trick the motor into thinking the key is present. Many cars will allow you to continue to drive them even if the key if out of range. Provided you don't turn the engine off, this gives you plenty of scope to get away and clone a new key in the meantime.

Tl;DR, OBD and keyless technology is basically flawed. The best countermeasure is a good old fashioned crook lock.

chrischen 7 days ago [-]
Sounds like a perfect opportunity to do a sting.
jeroentrappers 7 days ago [-]
Just use a steering wheel lock.
stealthmodeclan 6 days ago [-]
Theives are usually lazy and they don't make more efforts then required.

My friend has holes in the front of the car to make it easier for theives to attach a hook and then tow the car into a truck.

But if you put pressure above a threshold on any of the holes, car keeps sending one SMS to his number every 5 minutes.

This is in Romania.

gok 7 days ago [-]
How is cutting the line to a car's panic button unlike cutting a car's brake line? (that is, attempted murder)
tempestn 7 days ago [-]
Even cutting brake lines wouldn't automatically be attempted murder; it would depend on circumstances. Equating that to cutting off the panic button is quite a stretch though. I've never owned a car with a panic button, nor known anyone whose life one has saved (unlike brakes).
siliconwrath 7 days ago [-]
I imagine they hoped to steal it before anything were to happen to the owner.