I’m gonna h4x0r j00r Ferrari


Hacking cars, what next? I have fears for the IPv6 generation (if it every happens), when every toaster and light bulb has an IP address, yeah…I’m gonna hack your house then and make your lights blink.

High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key ‘mechanical or otherwise’ to start the engine, so-called ‘keyless’ setups require only the presence of a key fob to start the engine.

The expert gang suspected of stealing two of David Beckham’s BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car’s computer, open the doors, and start the engine.

Poor Beckham, he got had twice.

I wonder how simplistic the system they are using is? 20 minutes to break the encryption? A simple XOR or something, it must be.

“It’s difficult to steal cars with complex security, but not impossible. There are weaknesses in any system” Tim Hart of the Auto Locksmith Association told the U.K’s Auto Express magazine. “At key steps the car’s software can halt progress for up to 20 minutes as part of its in-built protection” said Hart.

Because the decryption process can take a while ‘up to 20 minutes, according to Hart’ the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham & the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.

I’ve heard an experiment was done by some students at John Hopkins, they connected 16 FPGAs together at a total cost of under $3,500. Texas Instruments provided them with 5 DST tags whose keys they did not know. The 16-way parallel cracker was able to recover all 5 keys in well under 2 hours.

Source: Left Lane News

Posted in: Hardware Hacking

, ,


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


One Response to I’m gonna h4x0r j00r Ferrari

  1. ydef May 15, 2006 at 8:06 pm #

    All the more reason to figure out a way to program your own car alarm, with your choice of encryption algorithim or combination of algorithim’s, since beckham’s beamer’s exemplify how quickly the ‘top of the line’ keyless car alarm becomes 0bsoleted/0wned.