Stories
Slash Boxes
Comments

SoylentNews is people

Biker Gang Gains Access to Database Used to Program Car Keys; Steals 150 Jeeps Worth $4.5 Million

posted by takyon on Sunday June 04 2017, @12:06AM   Printer-friendly
from the wrangled dept.

McGruber writes:

Federal and California state law enforcement authorities have broken up a sophisticated auto-theft ring run by a Tijuana-based motorcycle club that swiped 150 Jeep Wranglers in San Diego County over the past several years. The Jeeps, worth $4.5 million, were sold in Mexico or stripped for parts that were then sold in Mexico.

Authorities said the thieves exploited a design feature of the Jeep Wrangler, gained access to a proprietary database that contains codes used to create duplicate keys for each car and then used a high-tech computer to get away with the cars.

Thieves would target a Jeep in a San Diego neighborhood, getting the critical vehicle identification number. Armed with that, they accessed the key database, which contained two special codes: one for creating a pattern to make a new key and the second that programmed a computer chip in the key that was linked to the car's computer system.

It's not precisely clear how the thieves got access to the database, but a car dealership in Cabo San Lucas at the tip of the Baja peninsula appears to be involved.

Link: http://www.sandiegouniontribune.com/news/courts/sd-me-countywide-crime-20170530-story.html

Original Submission

 
This discussion has been archived. No new comments can be posted.
Biker Gang Gains Access to Database Used to Program Car Keys; Steals 150 Jeeps Worth $4.5 Million | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday June 04 2017, @01:38AM (4 children)

    by Anonymous Coward on Sunday June 04 2017, @01:38AM (#520052)

    I was speaking globally, *ALL* electronic control systems in cars is bad, not just the keylock system. That was just another example.

    ( you can keep them out of my house too.. I do NOT need my damned toaster online... )

  • (Score: 2) by kaszz on Sunday June 04 2017, @01:53AM (3 children)

    by kaszz (4211) on Sunday June 04 2017, @01:53AM (#520059) Journal

    So they are all incompetent. The problem is not a bad concept, but crappy implementation. It can be made very secure.

    • (Score: 2) by lx on Sunday June 04 2017, @10:53AM (2 children)

      by lx (1915) on Sunday June 04 2017, @10:53AM (#520168)

      That's like saying communism can work even though history has shown us otherwise.

      • (Score: 2) by kaszz on Sunday June 04 2017, @11:41AM (1 child)

        by kaszz (4211) on Sunday June 04 2017, @11:41AM (#520175) Journal

        The problem in the example system is that the number plate or VIN can at all be used to get a clue on the cryptographic key(s). The second is that there is a database at all that contains cryptographic key material that can be used to gain access. Remove these possibilities and it becomes much harder to compromise the lock.

        • (Score: 0) by Anonymous Coward on Monday June 05 2017, @05:15PM

          by Anonymous Coward on Monday June 05 2017, @05:15PM (#520845)

          The proposed value in the system is that only dealer produced keys can start the vehicle, and that owner's can obtain replacement keys when needed. How could a dealership provide a user with a replacement key without storing the key related info required to create that key?

          If a dealership can create a replacement key, a third party could as well, once they had all the info the dealership does.

          Car keys are basically security by obscurity and there aren't many other options. (The requirement that a replacement can be created means there is not a singular "something you have" but the obscured knowledge of creating the right key for that car...)