I’m gonna h4x0r j00r Ferrari


Hacking cars, what next? I have fears for the IPv6 generation (if it every happens), when every toaster and light bulb has an IP address, yeah…I’m gonna hack your house then and make your lights blink.

High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key ‘mechanical or otherwise’ to start the engine, so-called ‘keyless’ setups require only the presence of a key fob to start the engine.

The expert gang suspected of stealing two of David Beckham’s BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car’s computer, open the doors, and start the engine.

Poor Beckham, he got had twice.

I wonder how simplistic the system they are using is? 20 minutes to break the encryption? A simple XOR or something, it must be.

“It’s difficult to steal cars with complex security, but not impossible. There are weaknesses in any system” Tim Hart of the Auto Locksmith Association told the U.K’s Auto Express magazine. “At key steps the car’s software can halt progress for up to 20 minutes as part of its in-built protection” said Hart.

Because the decryption process can take a while ‘up to 20 minutes, according to Hart’ the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham & the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.

I’ve heard an experiment was done by some students at John Hopkins, they connected 16 FPGAs together at a total cost of under $3,500. Texas Instruments provided them with 5 DST tags whose keys they did not know. The 16-way parallel cracker was able to recover all 5 keys in well under 2 hours.

Source: Left Lane News

Posted in: Hardware Hacking

, ,


Latest Posts:


OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.


One Response to I’m gonna h4x0r j00r Ferrari

  1. ydef May 15, 2006 at 8:06 pm #

    All the more reason to figure out a way to program your own car alarm, with your choice of encryption algorithim or combination of algorithim’s, since beckham’s beamer’s exemplify how quickly the ‘top of the line’ keyless car alarm becomes 0bsoleted/0wned.