Create an Account
username: password:
 
  MemeStreams Logo

Security Watch: Gone in 60 seconds--the high-tech version - CNET reviews

search

dmv
dmv's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

dmv's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Security Watch: Gone in 60 seconds--the high-tech version - CNET reviews
Topic: Miscellaneous 11:54 am EDT, May  9, 2006

Let's say you just bought a Mercedes S550, a state-of-the-art, high-tech vehicle with an antitheft keyless ignition system. After pulling into a Starbucks to celebrate with a grande latte and a scone while checking your messages on a BlackBerry, a man in a T-shirt and jeans with a laptop sits next to you and starts up a friendly conversation: "Is that the S550? How do you like it so far?" Eager to share, you converse for a few minutes, then the man thanks you and is gone. A moment later you look up to discover your new Mercedes is gone as well. Now, decrypting one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car--making the hack tempting for thieves. The owner of the code is now the true owner of the car. And while high-end, high-tech auto thefts like this are more common in Europe today, they will soon start happening in America. The sad thing is that manufacturers of keyless devices don't seem to care.

As the F-Secure blog put it -- you wouldn't dream of securing 100$K of information with a 40-bit encryption system, right?

And my first thought -- as in general with electronic locks -- is that as Matt Blaze has shown, analog keys are far worse. Look at your car key, or your house key -- how many real bits of information are encoded?

But the electronic start and everything else... it feels too clean. The advantageous property of analog cracking is that in public, it requires the criminal to act in some way that is different from a legitimate user. The scenerio presented was that I sit near the car or key holder for a couple of minutes -- no sign of entry -- and then to steal the car I just walk up to it, laptop in bag, like I had pressed the remote in my pocket, car starts and off we go.

Also, traditional lock-picking also requires the criminal to possess a skill that requires practice. With these electronic systems, people will download the right script... Script-kiddie car thieves?

Security Watch: Gone in 60 seconds--the high-tech version - CNET reviews



 
 
Powered By Industrial Memetics
RSS2.0