When I started learning how to pick locks, I was shocked to find out how simple most house and apartment locks are to pick. I went to a fellow picker who had been in the scene way longer than I had. I asked "why don't more criminals use lockpicks or hacks to get bypass security?"
The reply has always stuck with me: if ones objective is to steal something of value, then picking or hacking a lock -- or a desire to be undetected - is outweighed by a necessity for speed."
If you are trying to break into a car to take something out of it -- or take the car itself -- then a glass breaker or even a brick will turn your 20 to 30 minute hack into a 3 second breech. Besides, they will know someone was in there when they realize everything is missing, whether you picked the lock or not. So minimize risk, not detection.
Interesting. I am a car nut but have never heard of this keypad thing under the door handle of cars, so i went to google it and found it to be mostly (only) present on US models. I am from europe and have never seen it here, but maybe it never came to my attention.
Even with modern systems i think that there are alot of security issues. Keyless Entry Systems for example in theory allow you to drive off in a car without having the key present (atleast thats true for many VW models). You can basically open, start and drive off if the owner is nearby.
Does anyone know how complex is it to crack those wireless key things ?
It's actually still available on 9 current models. Ford calls it SecuriCode. They keypad layout is the same, though perhaps the implementation has been hardened. Realistically, it probably hasn't.
Similarly, in Australia, I've only seen it once, and it was on a (from what I was told) special edition F-150 won in a contest in the US, that was converted to right hand drive.
Seems to be a security vulnerability all by itself, to me. I'm not sure I see the appeal.
It's a convenient way to loan a car to someone; just lock a key inside and give him the code. I did this in the middle east often, but the car itself was either in a place where it was guarded by someone with an AK or M4, or was in a country where they'd cut your hands off for theft (and was a Lincoln LS parked next to a bunch of Cayennes and Lambos), so I considered it a fair security trade.
'Convenience.' That is all. US'ians are notoriously lazy and require convenience everywhere. Convenience overrides security and often convenience overrides safety.
It's surprising how many devices and service businesses have been created to allow people to continue to be lazy under the guise of "increasing productivity" - 'You just keep sitting on your backside at your desk and we'll run your errands!'
It's worth noting that security/safety and convenience are almost always in opposition.
There are probably cultural trends as to where different groups make the trade-off (I've never dug into it), but the principle is the same everywhere.
You could put all of your money and attention into guarding your stuff, if you so chose, and guarantee that the work required to defeat your security was far greater than any potential benefit. Never take your car out of its concrete bunker.
Or you can ignore security in favor of convenience -- always leave your car key in the ignition, and thus never be locked out accidentally, never fumble to find your keys in a large bag, never drop your keys in a snowbank....
But obviously most people try to fall just on the side of "safe enough that no one will steal my car", depending on how high they perceive that risk.
For a car keypad entry -- if trying all of the possible combinations would take 20 minutes, that's probably not any less secure than driving a slightly older car with a fairly-easily pickable lock, and in return you will never accidentally lock your keys in the car again.
I don't think I'd go for the keypad lock on a new car, but I have locked my keys in my car twice in my life, and it's really annoying.
One of those times there was a three-year-old in a carseat, inside the locked car... fortunately it was the loaner, sitting in the parking lot at the mechanics (where my normal car was being repaired).
The first time it happened I was driving an old car, and I was at the grocery store... so I went back in, bought a screwdriver & coathanger, and broke into my own car in about a minute. In that security context, having a keypad would have been convenient without adding anything to the security risk whatsoever....
I had it on my Mercury Cougar back in the 90's. The main use for it was so I could lock my keys in the car if I didn't want to bother with taking them with me (such as at the beach -- hard to swim with your keys in your pocket).
If you're interested becoming afraid around your cars, some of my security friends at the University of Washington have been busting up cars for research: http://www.autosec.org/faq.html
Of course, their exploits are a bit more complex and involve various side channels and hardware vulnerabilities, while the keypad issue can be executed by someone just typing in numbers with their fingers.
The first time I did this it took me ten-fifteen minutes. (now it takes 30 secs) I disagree with the argument that anyone fiddling with a lock for twenty minutes is going to attract attention, I wasn't bothered and I was in a busy urban parking lot with lots of passers-by.
Few seem to know about it, if anyone's used it to get in my truck in the 7 years I've owned it I haven't noticed.
It seems this could be automated to be done a lot faster than twenty minutes, even just mechanically.
I'm somewhat curious if it would be possible to push a kind of needle/wire through the buttons and automate key presses via electronic signals instead of a physical push.
I'd guess that these results vary based on the make, model and year of the car. It doesn't seem likely that all car companies get their keyless entry systems from the same manufacturer.
I think it seems likely there are few manufacturers of these devices. That aside, seems to me a simple firmware update could prevent this long string of numbers from opening a door - as soon as a failed code is entered, require re-entry from the beginning, forcing the would-be attacker to try every combination.
If they did, you can bet people would stir up trouble by just wandering through a parking lot locking everyone out of their cars.
The better fix would be a substantial cooldown (maybe a minute's worth) after inputting a failed code, which would be sufficient to ward off a brute-force attacker while still allowing the owner access even if they miskey it a few times.
The trouble is they're working with a very limited UI.
Lockout after X attempts (as another comment mentioned) is a terrible idea, because that makes it a simple DoS mechanism.
But forcing a delay, for example, is tricky -- how do you notify the user that they're in a delay period? Or when the delay period has ended and they can try again after a mis-key?
There don't even seem to be LEDs to work with....
If they keys light up, that's easier (e.g., flash the key lights for 10 seconds if they enter a wrong code before they can start over).
Sounds like it doesn't only let you try again, it actually only checks if last [password length] numbers match the password (that's why he can compress it into one long number)
Right, even removing that flaw would make it closer to two hours than 20 minutes (although half that to get in on average). Significantly less if you leave finger smudges on the keys though.
That said, agreed with the above: anywhere someone fiddling with the lock for 20 minutes would go unnoticed, a brick would go unnoticed too. I highly doubt a car has even been stolen through hacking the keypad lock in this manner.
"Significantly less if you leave finger smudges on the keys ..."
Those that I have seen have this plastic covering that allows some tactical feedback (a small pop under the finger.) And people are lazy and don't change codes. So the plastic wears and even comes off, leaving the silicone exposed on the numbers that are used. Well beyond smudges, and much shorter than this 20 minute code.
Which type of master lock? This technique surely wouldn't apply to the kind with a dial, since those involve reversing direction. There are other techniques that make those locks very weak, but I don't think this article is relevant to them.
The reply has always stuck with me: if ones objective is to steal something of value, then picking or hacking a lock -- or a desire to be undetected - is outweighed by a necessity for speed."
If you are trying to break into a car to take something out of it -- or take the car itself -- then a glass breaker or even a brick will turn your 20 to 30 minute hack into a 3 second breech. Besides, they will know someone was in there when they realize everything is missing, whether you picked the lock or not. So minimize risk, not detection.