Stories
Slash Boxes
Comments

SoylentNews is people

Biker Gang Gains Access to Database Used to Program Car Keys; Steals 150 Jeeps Worth $4.5 Million

posted by takyon on Sunday June 04 2017, @12:06AM   Printer-friendly
from the wrangled dept.

McGruber writes:

Federal and California state law enforcement authorities have broken up a sophisticated auto-theft ring run by a Tijuana-based motorcycle club that swiped 150 Jeep Wranglers in San Diego County over the past several years. The Jeeps, worth $4.5 million, were sold in Mexico or stripped for parts that were then sold in Mexico.

Authorities said the thieves exploited a design feature of the Jeep Wrangler, gained access to a proprietary database that contains codes used to create duplicate keys for each car and then used a high-tech computer to get away with the cars.

Thieves would target a Jeep in a San Diego neighborhood, getting the critical vehicle identification number. Armed with that, they accessed the key database, which contained two special codes: one for creating a pattern to make a new key and the second that programmed a computer chip in the key that was linked to the car's computer system.

It's not precisely clear how the thieves got access to the database, but a car dealership in Cabo San Lucas at the tip of the Baja peninsula appears to be involved.

Link: http://www.sandiegouniontribune.com/news/courts/sd-me-countywide-crime-20170530-story.html

Original Submission

 
This discussion has been archived. No new comments can be posted.
Biker Gang Gains Access to Database Used to Program Car Keys; Steals 150 Jeeps Worth $4.5 Million | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by kaszz on Sunday June 04 2017, @01:53AM (3 children)

    by kaszz (4211) on Sunday June 04 2017, @01:53AM (#520059) Journal

    So they are all incompetent. The problem is not a bad concept, but crappy implementation. It can be made very secure.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by lx on Sunday June 04 2017, @10:53AM (2 children)

    by lx (1915) on Sunday June 04 2017, @10:53AM (#520168)

    That's like saying communism can work even though history has shown us otherwise.

    • (Score: 2) by kaszz on Sunday June 04 2017, @11:41AM (1 child)

      by kaszz (4211) on Sunday June 04 2017, @11:41AM (#520175) Journal

      The problem in the example system is that the number plate or VIN can at all be used to get a clue on the cryptographic key(s). The second is that there is a database at all that contains cryptographic key material that can be used to gain access. Remove these possibilities and it becomes much harder to compromise the lock.

      • (Score: 0) by Anonymous Coward on Monday June 05 2017, @05:15PM

        by Anonymous Coward on Monday June 05 2017, @05:15PM (#520845)

        The proposed value in the system is that only dealer produced keys can start the vehicle, and that owner's can obtain replacement keys when needed. How could a dealership provide a user with a replacement key without storing the key related info required to create that key?

        If a dealership can create a replacement key, a third party could as well, once they had all the info the dealership does.

        Car keys are basically security by obscurity and there aren't many other options. (The requirement that a replacement can be created means there is not a singular "something you have" but the obscured knowledge of creating the right key for that car...)