Using a Freezer Faraday Cage to Protect from Theft

New York Times journalist Nick Bilton’s Prius was almost stolen electronically three times, so he goes looking for an answer. He finds a clue from a Toronto Police warning, which leads him to a guy in Switzerland, who explains what likely happened.

The attack – boost the car’s keyless entry signal range to trick it into unlocking.

The defence – store keys in a makeshift Faraday cage (like a freezer) where signals cannot get in or out.

This was my Friday news story for the paper.

Read it online at Autonet.

Blog tag = Auto Security

 

 

Cadillac’s CT6’s 1st-of-its-Kind Security System

Found on Cadillac’s all-new flagship luxury sedan – the CT6.

How it works:

It uses the many cameras mounted around the car’s perimeter.

When the security sensors detect either the sound of breaking glass, or the car being moved, the cameras record 360-degrees around the carthen save the footage to the car for later retrieval to a memory card.

Seems obvious how to defeat the system – the thief deletes the footage. However, GM is at the forefront of WiFi in cars, so I expect soon for the video to be uploaded to the cloud, or sent to the owner’s phone.

Read it online at Autonet.

For more on auto security, see either the blog tag Auto Security, or the security section at the newspaper, I own it

 

 

BMW is 1st Automaker to Admit a Security Flaw

Hat tip to BMW – they may be one of the first automakers to publicly admit to a security flaw in their vehicles.

What Happened

The potential breach was found in BMW’s ConnectedDrive infotainment system.

In Germany, the ADAC (their CAA) discovered a potential security gap during data transmission.

It would have allowed an attacker to use ConnectedDrive to remotely unlock the car’s doors, then potentially access the SIM card to control some of the vehicle’s functions (not critical ones though, like steering or braking.)

What BMW did

They promptly sent out a mass software patch to over 2.2 million vehicles, switched to using HTTPS (like a bank) to encrypt traffic between their servers and the vehicles, and then even posted a press release about it, here.

Why this is meaningful

It’s not the first time an automaker has experienced some sort of potential security breach.

What’s different is how they handled it – swiftly, and openly talked about it, something which often only happens when the manufacturer is publicly shamed.

 

 

Auto Security 40 Years Ago

If I was blogging about auto security back then, here’s what I’d be saying.

– when parking, turn off the ignition and take the key with you

– when returning to your parked car, make sure both your licence plate and VIN number plate aren’t missing

– remember to add a gas line shut-off lock

– they had car alarms back then

***

Blog tag = auto security

 

 

Defeat New Car Tech by Using a Wire & Wedge

I was locked out of my car at the airport a few weeks ago, and had to call for help.

A gentleman showed up with these primitive tools, and as I watched I realized how ironic that all the electronic this and automatic that can be defeated using a wire and rubber wedge.

How it works:

1 – jam the wedge between the door’s window jam and frame, creating a gap
2 – slide the wire through the gap
3 – use the J-hook on the end of the wire to unlock the door

Sorry for the grainy photos, it was like:

Guy – woah wait, are you filming this?
Me – no no, they’re just photos, it’s okay.