[HN Gopher] A surprisingly simple way to foil car thieves
___________________________________________________________________
A surprisingly simple way to foil car thieves
Author : giuliomagnifico
Score : 184 points
Date : 2023-07-17 16:04 UTC (6 hours ago)
(HTM) web link (news.umich.edu)
(TXT) w3m dump (news.umich.edu)
| fdasfdmfdm wrote:
| [dead]
| HumblyTossed wrote:
| Great, so a Konami Code for cars. SMH.
| dfox wrote:
| After my first car was stolen I went out to design and build an
| immobilizer system based on these PIC16F84 AlphaCard
| "smartcards". Along the way I realized that what matters most is
| that it is obvious that there is something obscure like that and
| the real security does not matter. So I ended up with very
| consciously placed smartcard reader, complete with two blinking
| LEDs and 12wire rainbow flat IDC cable coming from that. In
| reality only thing that it did was that the card-present switch
| activated an relay that was wired in series with fuel pump relay
| coil. It didn't get stolen and I ended up shoving my drivers
| license into the slot, which for various onlookers made the
| "security system" look even more like some kind of high-end
| technology.
|
| Edit: the original idea was that there would be some kind of
| reader unit that converts the ISO 7816-ish protocol to RS485 and
| the actual cryptographic challenge-response verification will
| happen in a unit buried deep inside the engine bay. Well, as long
| as it is one-off obscure hack, you don't really need any of that.
| calvinmorrison wrote:
| this is 'cool but stupid'.
|
| Running a relay into the car to a switch thats protected just
| moves a analog electrical problem somewhere else, it' still just
| two wires to jump at the end of the day
|
| What you want is what smarter cars have, integration to the ECU.
| So you put in the wrong key, it does a crypto exchange with the
| ecu, and the ECU won't crank. Even if you crank it by jumping the
| solenoid, it won't power the fuel pump, the computer will still
| say 'I am off' sorry no fuel no timing, nothing.
| okl wrote:
| Right, the image shows it connected to the battery pole. Just
| pop the hood, bridge the contacts. Any proper solution has to
| be integrated into some essential part that is difficult to
| access (like the ECU).
|
| Maybe they want that thing to talk to the ECU? Otherwise, how
| is it locking the car?
| calvinmorrison wrote:
| a lot of cars have cutoffs switches for all sorts of stuff,
| like rollover switches, overboost limiters etc... you could
| tap into any of those to immobilize a car.
|
| but you need to tuck that shit up under neath in the dash or
| wherever the ECU is, and that doesn't solve any issues
| because it's still just one wire to short out. You need
| something tucked up underneath you can use wireless
| transponder so theres nothing obvious preventing it from
| cranking.
| barbariangrunge wrote:
| Car theft isn't such a big problem in the town I live. The
| problem is random vandalism. Kids party in the parks all night
| and at random times go out to spray paint buildings, break off
| rear view mirrors, smash windows. I haven't been hit yet, but two
| neighbours have.
| blastro wrote:
| Security by obscurity in automotive?
| Brusco_RF wrote:
| Couldn't a thief just observe the car's
| wipers/headlights/blinkers to obtain the secret combination that
| unlocks the starter ?
| nlawalker wrote:
| What's the value of the underlying implementation here? Is it
| just the ability to retrofit?
|
| From a user perspective, this is "you need to physically be in
| the car and scan your thumbprint or type on a keypad to start
| it"; it seems like there are lots of simpler ways that such
| functionality be built into a car by the manufacturer that are
| just as secure, it's just that there's no demand for it.
| kyrofa wrote:
| Essentially port knocking for cars.
| buro9 wrote:
| The problem with this defense is that it is invisible... the
| thief will only know about it after they've caused external
| damage trying to get access to the system.
|
| I just use a steering wheel lock, one of those bright yellow
| chunks of steel that bolts onto the steering wheel:
| https://www.milenco.com/products/automotive-security/automot...
|
| This is visible to the theif and just raised the theft effort
| from "jump these cables just behind the headlight" to "jump these
| cables behind the headlight and then use a loud angle grinder in
| a very enclosed space". I'm in a residential area, this is a
| strong deterrent and avoids the initial damage being done to the
| car.
|
| PS: Some sports cars kill their CAN when the car is turned off...
| but we do insist on keyless entry and this is what we get for it.
| alwaysbeconsing wrote:
| "then use a loud angle grinder in a very enclosed space" They
| don't need to cut the lockbar:
|
| > What we knew was that the Club is a hardened steel device
| that attaches to the steering wheel and the brake pedal to
| prevent steering and/or braking. What we found out was that a
| pro thief would carry a short piece of a hacksaw blade to cut
| through the plastic steering wheel in a couple seconds. They
| were then able to release The Club and use it to apply a huge
| amount of torque to the steering wheel and break the lock on
| the steering column (which most cars were already equipped
| with). The pro thieves actually sought out cars with The Club
| on them because they didn't want to carry a long pry bar that
| was too hard to conceal.
|
| https://freakonomics.com/2010/06/what-car-thieves-think-of-t...
| hodgesrm wrote:
| The freakonomics folk must have loved this one. They live for
| unintended consequences. That phrase occurs as expected in
| the article.
| Terr_ wrote:
| > a short piece of a hacksaw blade to cut through the plastic
| steering wheel in a couple seconds
|
| I'm having trouble visualizing that part, unless it refers to
| steering-wheels of the past with a lot less material.
| Wouldn't a _piece_ of hacksaw blade also be much less
| effective, without the rest of the hacksaw to provide
| tension?
| nomel wrote:
| With a bit of leather/cloth wrapped around the blade,
| they're perfectly capable of cutting through softish metals
| and hard plastics. The tension is mostly optional, since
| the teeth usually only point towards the pull, resulting in
| the blade providing usable tension.
|
| Source: Not a car thief, but have misplaced my hacksaw, for
| small tasks, far too many times.
| whinenot wrote:
| Simple? Not if Furiosa is programming the start sequence.[0]
|
| [0]https://www.youtube.com/watch?v=uq5rQlfEcjY
| whatever1 wrote:
| It does not help. These days the most frequent theft I see is
| related to wheels theft, catalyst theft and broken windows.
| sleepybrett wrote:
| Is the whole security around this burying the relay bypass so far
| inside the car that no thief would be able to easily bypass this
| by just bridging the relay?
| hunson_abadeer wrote:
| There's a lot of people remarking about this not being novel or
| the grant being too high, but I'd make two other critiques.
|
| First, what happens if the electrical characteristics of your
| vehicle change in some way? New vs old battery? Busted headlight?
| Phone plugged into an outlet? Diesel air intake heater grid
| kicking in on a cold day? What if you need to jumpstart your
| vehicle? It just seems so finicky in the real world.
|
| Second, what's the point of using this analog signaling system to
| begin with? I don't see the supposed simplicity of it. Both the
| transmitter and the receiver are more complex than would be
| needed for digital. The other argument is that it is somehow more
| "hacker-proof", but using analog signals doesn't make it so. You
| can have a similar scheme operating on the CAN bus with no added
| risk. In fact, I bet there are devices on the CAN bus that can
| both measure and modulate battery drain, so the isolation may be
| illusory.
|
| Ultimately, it's not about not having the technology. It's just
| that your average customer favors convenience features over
| having a fortress on wheels. Plus, the returns on sophisticated
| defenses are diminishing, given that a car can always be loaded
| onto a tow truck, the hood can be popped open, or the whole thing
| can be stripped for parts with a Sawzall (as catalytic converter
| thieves tend to do).
| function_seven wrote:
| This is a two part system. There's the relay under the hood,
| and a keypad plugged into the cigarette lighter port. When you
| put the correct code in, the device will induce the voltage
| fluctuations that tell the under-hood relay to close.
|
| I think the whole "flip on wipers, flash high-beams twice, turn
| on map light" thing is a fallback for when you don't have the
| keypad or don't want it to always be plugged in. If the voltage
| variances for those actions changes, I suppose you can retrain
| it with the keypad plugged in.
|
| And the point of that analog signalling is to make installation
| easy. You just plug the keypad into the lighter port. It
| handles the rest.
| riffic wrote:
| drive a manual - it's an inherent anti theft device
| flangola7 wrote:
| No such thing as a manual EV
| riffic wrote:
| this triviality is not something I concern myself with.
| tmh88j wrote:
| https://www.theverge.com/2023/6/15/23762020/electric-ev-
| manu...
| yanellena wrote:
| Not in Europe.
| jameslk wrote:
| It seems really sluggish to do all this. Just spitballing here,
| but what if instead we have some sort of key... and it goes into
| a keyhole... and that starts the car? /s
| teleforce wrote:
| Most of these car thieves are probably repeated offenders. You
| need to catch them not only foiling them. The simplest way to
| catch and prevent these petty thieves is to enable the car's
| available 360 camera (or install after market solutions) that
| always monitor its surroundings and backup this data to the cloud
| (could be real-time connection or intermittently with local-first
| technology). The camera data should be kept only for several days
| and rotated as any backup in order to keep the cloud storage
| affordable for the masses. This simple way should easily catch
| more than 99% of the car thieves even the most sophisticated
| ones.
| matsemann wrote:
| This is a tech solution for a non-tech problem. Why is there an
| uprising in car thefts? Why do people feel the need to steal
| someone's expensive property?
|
| Deal with those issues first. Or someone will smash a window to
| steal something valuable no matter what you try.
| jack_riminton wrote:
| You want to eliminate all crime before doing anything to
| prevent crimes? Righto boss I'm off to remove all locks from my
| house for the cause
| matsemann wrote:
| No, that's not what I said. Don't straw man me.
|
| We already do stuff to prevent crimes. The cars have locks,
| alarms, cryptographic key fobs, tracking, cameras etc. etc.
|
| None of that works.
|
| Adding a new layer of security is surely not going to help.
| That's my point. The resources are better put elsewhere.
| SoftTalker wrote:
| People used to use horses for transportation. You can't lock
| a horse, but there were substantial penalties for stealing a
| horse. It maybe was a capital crime at some point?
| bookofjoe wrote:
| Short answer: yes
|
| https://en.wikipedia.org/wiki/Horse_theft
| jack_riminton wrote:
| You're right, the technology of horse locks wasn't
| available so people went to other lengths: branding,
| guards, registering of horses. In societies where there was
| the death penalty for such things there was still horse
| theft.
| boringg wrote:
| Yes great idea Captain! Let's solve all of societal issues
| before bothering to do any protection for your own personal
| assets. You've figured it out.
|
| And you know property crime is only a recent phenom of the last
| couple years. Never existed before the 1980s or you know tomb
| robbers etc.
| matsemann wrote:
| I'm not saying don't bother protect personal assets. I'm
| saying don't bother _with an additional_ and pretty stupid
| protection. Just a game of cat and mouse.
| autoexec wrote:
| I promise that you'll never once deal with the stress of
| knowing that someone has raided your tomb.
| boringg wrote:
| A promise you can't keep!
| anonu wrote:
| If you think like that, then no problems should be solved by
| tech because there are completely viable non-tech solutions:
|
| Uber: just hail a taxi
|
| Amazon: just visit your local bookshops
|
| netflix: Renting DVDs is perfectly fine.
|
| Spotify: all the music you need is on AM/FM.
|
| Instagram: just meet up with friends in person
|
| Zoom: Conduct face-to-face meetings
|
| Zillow: Work with a real estate agent
|
| Yelp: Ask locals for restaurant or service recommendations
|
| Doordash: Call the restaurant directly for takeout or delivery,
| or cook at home.
| fargle wrote:
| netflix does rent physical DVDs. Ending around next month.
| autoexec wrote:
| Most of those aren't actually solving the same problems, but
| the point wasn't that non-tech solutions are always better,
| rather that if you solve the source of the problem you don't
| need annoying tech workarounds.
| matsemann wrote:
| Not what I said. Read my other reply.
| jtriangle wrote:
| You should be doing both really.
|
| This, however, is not a good solution. A starter relay kill
| switch, hidden somewhere non-obvious, is far better. Not a
| suitable solution for mass-market of course, but, for a hacky
| intermediate solution, it'll work just fine, which is all the
| power sensing keypad is good for but with way more steps.
|
| The actual solution is to have real cryptographic security that
| isn't subject to replay attacks. Not difficult to do, or
| expensive, and already exists.
| jedberg wrote:
| The main problem here is that manufacturers aren't incentivized
| to make great security systems for their cars. There isn't a ton
| of press about cars getting stolen like there is about data
| privacy.
|
| Imagine if the folks who built FaceID, TouchID, and Secure
| Enclave were tasked with building car security. Cars are a lot
| more expensive than phones and laptops, it would be worth the $50
| or $100 in extra hardware to secure them.
|
| And as an added bonus, you wouldn't even need a key anymore
| because you could start your car with your face. :)
| kibwen wrote:
| As shown in Max Max: Fury Road (1:35):
| https://youtu.be/gpeqFXT_amU?t=95
| sschueller wrote:
| In the US the simplest solution is to just buy a stick shift car.
| postmortembees wrote:
| This is a very engineering solution to a very not-engineering
| problem.
|
| Would this deter thieves? Possibly! Would thieves eventually be
| able to work around it? Also probably! Would it increase the
| friction of getting in and driving? Definitely!
|
| Today, your house keys are basically useless for security --
| getting into your house is trivially easy both destructively and
| not. But we all use house keys because they feel safer. Ask
| people to provide biometrics or long passkeys or keycards and
| eliminate the existing locks? It's a hassle most folks won't
| tolerate.
|
| Likewise, people are comfortable with the walk up, push button,
| leave nature of fobs. Replacing that with "walk up, scan
| fingerprint" or "walk up, type in password" is going to tick off
| a lot of people.
| mrweasel wrote:
| > This is a very engineering solution to a very not-engineering
| problem.
|
| True, the solution very obviously to reduce poverty. It's a
| social problem, not an engineering nor a policing problem.
| teach wrote:
| Land Value Tax would fix this!
| bagels wrote:
| We already have a land value tax. It's called "Property
| Tax"
| postmortembees wrote:
| Agreed. It's surprising how often we are great at post mortem
| analysis in engineering contexts (asking "why" five times),
| but we find it uncomfortable to do the same in social
| contexts. We jump straight to "How" rather than "why", and
| build locks that inconvenience people in hopes of stopping
| that one "how" rather than investing in fixing the root
| causes.
| IshKebab wrote:
| > getting into your house is trivially easy both destructively
| and not.
|
| Absolutely not the case. With toughened glass and modern
| reinforced doors it is very far from trivial. At least in the
| UK. I understand security standards can be much lower depending
| on the country.
| hutzlibu wrote:
| "Today, your house keys are basically useless for security"
|
| They are not useless. Only some people have the skills and
| tools to open them - so they are useful at keeping most people
| out, even though they don't provide perfect protection.
|
| Most thieves are not professionals, but for example junkies who
| look for something easy. A simple automatic light, is already
| doing wonders to keep them away.
| dharmab wrote:
| A friend of mine was bored and bought a Lishi tool online
| recently. Within 10 minutes and with no previous lock picking
| experience he was able to silently pick his house's deadbolt.
| zerkten wrote:
| This can be true while it still keeping most criminals out.
| It's going to depend on the location and context. I'd say
| an analogy for this is engineer thinking versus economist
| thinking. My observation is that criminals prefer the
| latter. Rather than doubling down on engineering, they try
| to move to a more lucrative venture. Getting better at
| burgling houses doesn't change the upside as much as other
| crime.
|
| In my suburban area, the biggest problem is unlocked doors
| on houses and cars. Despite this problem existing for many
| years, doors are still regularly left open. The criminals
| don't attempt to exploit the same neighborhood repeatedly.
| They pass through in waves and then go elsewhere before
| returning when everyone has let their guard down. When they
| attempt forced entry, or anything more than casual theft,
| they get a lot of attention and caught.
|
| They could improve their takings by developing some lock
| picking skill, but it's also higher risk since they have to
| spend some more time on each target which increases the
| risk that an observer will actually notice them. I could
| easily imagine a dog walker ignoring someone entering a
| home through an unlocked door, or making it look like they
| are checking a door is locked when entry fails.
| postmortembees wrote:
| Raking house locks is a) not difficult and b) not expensive.
| You don't need to be a professional to do that.
|
| But also, bricks through windows are equally not difficult
| and not expensive, though they do leave a bit more evidence.
| When my neighbors have been burgled, this is the preferred
| method of entry I've seen.
| naavis wrote:
| At least here in the Nordics no one uses easily pickable
| locks for house or apartment doors. Those kinds of locks
| are mostly found in cheap padlocks and maybe bike locks.
| Doors usually have Abloy locks or similar.
| hutzlibu wrote:
| "But also, bricks through windows are equally not difficult
| and not expensive, though they do leave a bit more
| evidence"
|
| But that would be loud. You don't want attention when
| breaking in. (Unless you are a fucked up junkie not caring
| about anything anymore)
|
| But yes, my parents for example are paranoid about always
| locking the front door 2 times(and get angry if I don't do
| it when I visit), but have a glass door in the back. There
| are also glass cutters.
|
| "Raking house locks is a) not difficult and b) not
| expensive. You don't need to be a professional to do that"
|
| But you do have to make some investment. They are illegal
| to purchase (in most places), I would not know, where to
| start looking. And then you have to learn to use them. And
| I know someone who did play with those a bit - yet he still
| could not enter my door at all. So it is a barrier.
| OkayPhysicist wrote:
| > They are illegal to purchase (in most places)
|
| Lockpicks are legal almost everywhere in the US.[0] Even
| in places where they aren't legal, they're not exactly
| difficult to obtain, given that a perfectly adequate rake
| can be made from any key that fits the target lock, and
| there are only ~3 keyways in common residential use.
|
| [0] https://www.toool.us/lockpicking-laws.php
| autoexec wrote:
| > They are illegal to purchase (in most places), I would
| not know, where to start looking.
|
| amazon. Not much of an investment needed
| https://www.amazon.com/Stainless-Steel-20-School-
| Toolbox/dp/...
| hutzlibu wrote:
| Not avaiable. (at least for me from germany)
| velosol wrote:
| If you're interested they're also available on Amazon.de
| https://www.amazon.de/LockCowboy-Transparent-Practice-
| Beginn...
| hutzlibu wrote:
| I wasn't planning to, but why not pick up a new hobby ;)
|
| (It is indeed cheap)
| empiricus wrote:
| I got one lockpick kit as a gift, and found out I can
| open the door of my apartment in 20 sec with it as a
| complete beginner. The fun part was that it was not
| possible to open it from the inside. That was how I
| learned that the lock was mounted with the inside part on
| the outside (it was a rented apartment).
| jrockway wrote:
| The best locks offer is that you have to plan a break-in
| in advance; i.e., you have to have your lockpicking tools
| with you. That said, you can pick master locks with a
| paperclip; I've done it. So it's not much of a barrier.
|
| That said, just because people have low-security locks on
| their house doesn't mean that better options aren't
| available. I have Medeco locks. They are harder to pick
| than what you get at the hardware store. So far, no
| break-ins from lockpickers! Also, I'll sell you a rock
| that keeps tigers away.
| maratc wrote:
| Number three is binding, we've got a nice click out of
| three!
|
| https://www.youtube.com/watch?v=4fh6IHCr7uo
| jrockway wrote:
| It has a couple of spools. Step above the no-security-
| pins hardware store locks.
| brewdad wrote:
| > But that would be loud. You don't want attention when
| breaking in. (Unless you are a fucked up junkie not
| caring about anything anymore)
|
| Pre-Covid, it didn't matter if you were loud. You and
| your neighbors were all off at work all day. So long as a
| thief felt confident there was no alarm to trigger, they
| could make all the racket they wanted and no one would
| hear.
|
| Today, it's a little more risky but of the half dozen
| houses on my street I'd probably only hear one getting
| broken into and that's only if I were downstairs. Our
| homes aren't on especially large lots either (7-10k sq
| ft).
| hutzlibu wrote:
| But a thief does not know, if no one is there in the
| neighborhood, unless he is indeed professional and scouts
| the area in advance. Also in my area, there are plenty of
| old people always watching and listening ..
| rkagerer wrote:
| It's funny, I have the opposite problem. I have a
| particular door lock for which three different locksmiths
| have all failed to cut usable keys. The originals work
| fine, but the copies don't. The last set barely works, if
| you wiggle it around a lot and ram to get it in, but then
| it gets stuck in there and is nearly impossible to remove.
|
| They've tried various blanks, and I've never gotten a
| satisfactory explanation from any of them. It's possible
| all my local locksmiths are inexpert.
| hutzlibu wrote:
| Yeah, I have the same problem with some old locks.
| Impossible to get a copy for a key, because it does not
| meet some modern standard.
| sleepybrett wrote:
| want to post a picture anonymously? it may be that the
| biting is difficult. It may also be that one or more of
| the locks pins is sightly out of spec.
| knodi123 wrote:
| > Only some people have the skills and tools to open them -
| so they are useful at keeping most people out,
|
| No, not really. A large part of the security of locks comes
| from most people _not knowing_ that they have the tools and
| skills to open them. It 's like if everyone taped their door
| shut, and we depended on most people not knowing that tape is
| easily removed.
|
| My kid accidentally locked us out of the house the other day
| by twisting the knob lock on our garage door. Turns out we
| never got a key for that lock when we bought the house -
| oops! And we didn't have keys for the back door, for
| complicated reasons. No worries, I took my wife's key ring
| and used the key to her parents' house to open our back door.
| In my experience, most keys work in most locks, if you just
| apply a light turning force and then rake the key in and out
| a bunch of times, ending with the key sticking all the way
| out except for a millimeter or two.
| hutzlibu wrote:
| Erm, maybe the locks in germany(europe) are different - but
| what you describe I only know from very old or cheap locks,
| no one would use for a front door (insurance would not
| accept that).
| akira2501 wrote:
| > (insurance would not accept that).
|
| Which is always hilarious to me considering insurance has
| no problem with glass windows or fenced in backyards.
| SoftTalker wrote:
| I haven't had a key for my house in probably 10 years. I
| used the garage door opener PIN pad to get in. I recently
| replaced the front door lock with a new one that also has a
| PIN keypad, but I still mostly enter and leave through the
| garage out of habit.
| Ekaros wrote:
| Being in country that uses proper locks... Yep, people aren't
| picking them in field.
|
| Good locks are expensive, but they also last a long time. And
| nearly unpickable is good enough. There is wall of window
| next anyway that then becomes much easier.
| HPsquared wrote:
| Security is always a trade-off. The most effective, and also
| most costly, way to avoid car theft is to not own a car at all
| (for example).
| radiator wrote:
| How is this the most costly way?
| gruez wrote:
| Opportunity cost of the additional travel time[1] that you
| have to spend because you don't have a car.
|
| [1] Yes, I'm aware of european cities where cars aren't
| necessary or are actually slower than public transit.
| That's not applicable to most of the US though.
| postmortembees wrote:
| I wonder how many instacart/uber orders I would need to
| have to offset the cost of a car, assuming I can bike to
| most of my needs.
|
| The only reason I have a car is because there are some
| specialized transportation needs (towing) that I cannot
| get from my bike. I use my bike for everything from
| hardware to Costco to groceries to child care to ... lots
| of stuff.
| gruez wrote:
| > I wonder how many instacart/uber orders I would need to
| have to offset the cost of a car, assuming I can bike to
| most of my needs.
|
| Not that much. One site[1] lists the TCO of a compact car
| at around $33k/year if you drive it for 15k mi/year for 5
| years. That works out to $550/month. Of course, if you're
| comparing this to getting ubers, there's no way that
| you'll be driving anywhere near 15k mi/year, so the TCO
| of a comparable car is probably $450/month. That's a lot
| of money to spend on uber/instacart, but keep in mind
| that if you have a modest commute of $20 each way, that
| only works out to 11 round-trips a month, or half the
| working days. So if your lifestyle is such that you don't
| need to drive to work most days, and you don't any other
| similar uses for cars (eg. picking up kids from school
| and/or driving them to extracurriculars), then by all
| means uber everywhere rather than owning a car.
|
| [1] https://www.kbb.com/new-cars/total-cost-of-ownership/
| thomastjeffery wrote:
| I have a friend whose only reasonable option to commute
| to/from work is uber/lyft. He spends more each month on
| that than I do on my car loan. He can't afford to make a
| downpayment for a car loan of his own, because he is
| spending that money on uber/lyft. This is a vicious and
| familiar cycle in America.
| SoftTalker wrote:
| You're in the minority. Most people cannot use a bike for
| this stuff. They live too far away or the roads and/or
| terrain are not suitable for bikes.
| EA-3167 wrote:
| Most locks on most residential facilities are not about
| security so much as a "tamper evident" seal for insurance
| purposes.
| postmortembees wrote:
| I guarantee you I, or anyone else with ~30m of training can
| get into 95% of homes without leaving much evidence that the
| locks were tampered with. House locks are _very_ easy to pick
| open.
| jerlam wrote:
| And yet, the universal way to break into homes is with
| brute force, by smashing a window or kicking the door in.
| talldatethrow wrote:
| If I know my door is locked, and you get in, I can still
| shoot you since I know I locked it, thus you'll have the
| tools somewhere near you showing you broke in.
|
| If it's just a code, tons of legal ambiguity comes up. Can
| a gf shoot her exbf that she gave the keycode to last
| month?
| jjnoakes wrote:
| > Can a gf shoot her exbf that she gave the keycode to
| last month?
|
| How is this different from a physical key?
| AnnikaL wrote:
| If anything, it might be easier to change a keycode than
| to change a lock.
| talldatethrow wrote:
| This a good point, except that I've found that people
| with keycode locks on door and garages hand out the
| keycode like candy for some reason.. way more than anyone
| else hands out physical keys.
| EA-3167 wrote:
| Most thieves are not trained in covert entry, they aren't
| lock pickers, they're desperate addicts looking to get some
| things to pawn for a fix.
| postmortembees wrote:
| Of course. Most thieves break in use the time honored
| "brick + window" method.
|
| But I was refuting the specific idea that house locks are
| a tamper evident seal. They are _trivially_ easy to
| bypass in a tamper evident manner.
| Clamchop wrote:
| Evidence of what? I can't see how it would prevent fraud, the
| occupant can damage the "seal" just as well, and a burglary
| without damage is still a burglary and lock-picking is a
| thing so it doesn't have much to say about due diligence
| either.
| talldatethrow wrote:
| Another reason you have locks is to show intent to keep others
| out.
|
| You can't shoot someone that walks into your home through an
| open door.
|
| You can shoot someone that rams your door to open it.
| goodpoint wrote:
| You cannot shoot anybody in the largest majority of countries
| on this planet. Thankfully.
| pdonis wrote:
| How do you get criminals to obey this nice rule?
| master-lincoln wrote:
| By making it hard to obtain weapons. The US thinking to
| me seams to go along the lines of handing out nuclear
| weapons to everybody so forces are balanced...
| pdonis wrote:
| _> By making it hard to obtain weapons._
|
| If the legal rule is "you can't shoot anybody", which is
| what the post I responded to said, wouldn't that make it
| _impossible_ to legally obtain weapons? Why just "hard"?
|
| If, OTOH, you mean make it hard to _illegally_ obtain
| weapons, where has this actually been done successfully?
| My reading of human history is that criminals who want
| weapons have always been able to get them somehow.
|
| _> The US thinking to me seams to go along the lines of
| handing out nuclear weapons to everybody so forces are
| balanced..._
|
| I don't know where you are getting that from. The US
| thinking is very simple: since it is impossible for
| governments to prevent all violent crimes or to ensure
| that police show up in time to protect citizens from
| being harmed by violent crime, citizens must be allowed
| to have the means of self defense. The best way to
| minimize the number of citizens that feel the need to
| have weapons for self-defense is to extirpate crime--but
| unfortunately the US in recent decades has been moving in
| the opposite direction.
| Minor49er wrote:
| Shinzo Abe might disagree with this
| jtriangle wrote:
| For 500 bucks worth of crypto anyone in the world can get
| a reasonably competent full auto AK with a box of milsurp
| ammo.
|
| If that's your definition of "hard", I'd say you're
| setting that bar far too low.
| bscphil wrote:
| And the overwhelming majority of people, including
| thieves, don't do this, because the raised barrier to
| entry makes gun crimes vastly less attractive. Combine
| that with a broad social safety net that reduces poverty,
| and you miraculously get homicide rates dropping through
| the floor: https://commons.wikimedia.org/wiki/File:Map_of
| _countries_by_...
| akira2501 wrote:
| > because the raised barrier to entry makes gun crimes
| vastly less attractive.
|
| Is that assertion based on study or "common sense?" It
| may well be that they don't feel the need to bring a gun
| because they know their victims are definitely not going
| to be armed anyways.
|
| The real question would, do the criminals not use a
| weapon at all, or do they use weapons that just don't
| happen to be guns?
|
| > broad social safety net that reduces poverty
|
| People aren't being shot in the US because of poverty.
| The _majority_ of "gun violence" in the US is actually
| suicides. It's nearly 2/3 of that terrible statistical
| category. The remainder of murders typically involve
| alcohol and arguments.
|
| The majority of murder victims in the US know their
| murderer by name and have been acquainted with them for
| years. Means. Motive. Opportunity. These things don't
| change.
| talldatethrow wrote:
| This is a lame response. A man with a knife or a bat has
| the tools he needs to easily kill your whole family. So
| what is the plan to protect a family since knives and
| bats will always exist?
| talldatethrow wrote:
| What do you do if two criminals break into your house and
| you don't have a gun?
| talldatethrow wrote:
| I love that this got downvotes but no responses.
| master-lincoln wrote:
| WTF? Do you mean that you can't shoot someone without legal
| consequence in some US jurisdiction if you have an open door?
| You can still shoot them...
|
| >You can shoot someone that rams your door to open it.
|
| So somebody destroys a door and that entitles you to take
| their life?
|
| I think in both situations you should just refrain from
| shooting at all. Seems to work in most of the rest of the
| world..
| talldatethrow wrote:
| No, you can't legally shoot someone that walks in through
| an open door. You can ask them to leave, but youre going to
| have big problems if you shoot them and all they did up to
| that point was not leave instantly when asked, if they
| walked through an open door.
|
| If the door is locked, and they break in, you are not
| shooting them because they broke a lock. You are shooting
| them because theyve shown criminal intent by forcibly
| making their way through a locked door.
| wizofaus wrote:
| I'm curious in how many jurisdictions simply "showing
| criminal intent" is sufficient to mean they're legally a
| target to be shot at, potentially fatally. I'd be pretty
| horrified to know I was living in such a jurisdiction.
| Whereas somebody walking through my open door while
| clearly posing a threat to my life, or the life of family
| members (e.g. holding a weapon) I would have no
| hypothetical qualms over aiming a gun at, and should they
| continue to approach, firing. Mind you if that did result
| in their death I'd still expect to be required to provide
| evidence that it was a reasonable course of self-defence
| given the circumstances. Are you saying that isn't the
| case wherever you live?
| talldatethrow wrote:
| Instead of trying to catch me making a language error on
| exactly what criminal intent is... Why don't you think
| about this like a human.... You are at home with your
| wife and kids. A large man wearing all black with his
| face covered has broken your door lock and forced the
| door open. He is now making his way up your stairs where
| all your family is. Should you be able to legally shoot
| this man? If not, what is your plan for protecting your
| family members from this person?
| wizofaus wrote:
| Not a question of language error, I'm just interested in
| how different parts of the world have different takes on
| when taking a life can be legally justified. FWIW, in
| your scenario, if I simply shot the man and killed him,
| then I would fully expect to be questioned and possibly
| charged, and only acquitted if I could demonstrate
| killing him was a justifiable act of self-defense. I
| don't imagine whether he'd broken the door lock would be
| considered particularly relevant. As it happens, I've
| forced locked doors open with no criminal intent - I'd
| simply lost my key and needed to get back inside my own
| house. It's not impossible the man in question had got
| confused about which house was his and was doing the same
| thing.
| talldatethrow wrote:
| I got it. If a man breaks into your house, begins walking
| up the stairs while your wife and kids are there, you're
| going to be cautious to see if stopping him with deadly
| force is necessary. Maybe first let him strike you in the
| face too. You wouldn't want to kill him if he's punch
| only knocks you down and allows you to get up and fight
| him off like a super hero! And if he punches you so hard
| you loose consciousness, what's the worst he's going to
| do? Rape your wife?
| wizofaus wrote:
| Yes, I absolutely would be cautious - if nothing else,
| attempting to stop him with deadly force may well be what
| triggers the situation to become violent and life-
| threatening for my family and myself. But more
| importantly, all the circumstances I can realistically
| imagine myself trespassing into somebody's house do not
| involve me intending any harm to any of the occupants, so
| I would very much hope most people would approach such
| scenarios with similar caution.
| mynameishere wrote:
| Are you sure you can run all those calculations while
| breaking and entering is occurring in your home? It
| varies quite a bit from place to place, as you can see...
|
| https://en.wikipedia.org/wiki/Castle_doctrine
|
| But the basic idea is that the natural right of self-
| defense extends to certain areas, including one's home.
| (That is, you do not have to wait until the intruder has
| his hands around your neck in order to defend yourself.)
| If you would prefer to not be allowed to defend yourself,
| that's you. In many countries (not just the US) invading
| people's homes makes for a dangerous and short career, as
| it should.
| wizofaus wrote:
| Thanks for that link, that is pretty interesting and I
| can't honestly say I know exactly what the law is where I
| live (in Australia, but not in the state that gets a
| special mention in that article). And absolutely, if I
| happened to have access to a lethal weapon and I was
| sufficiently fearful I might well be tempted to use it on
| an intruder even well before they posed an immediate
| threat. But if I really were responsible for taking an
| intruder's life and the courts determined that they were
| never a realistic threat to anyone, nor was there any
| good reason for me to believe they were (e.g. I had a
| clear view of them, could see that had no weapon, and
| they weren't acting in any sort of hostile manner), I'd
| fully expect to go to jail for it.
| neilv wrote:
| I imagine some Non-Americans reading this are horrified.
|
| But Americans know that this (a pre-shooting checklist) isn't
| a reason for door locks for every American. And I'd guess it
| only is for a small minority of Americans.
| [deleted]
| TheRealPomax wrote:
| Own a manual?
| gloryless wrote:
| Sounds like a simple layer that can be retrofitted easily, but
| "there's nothing to hack" is absurd. The truth is that car
| security is bad, and any killswitch at all is something they
| don't come with standard.
| dhruvkalaria wrote:
| Classic man in the middle attack can be easily dealt with PKI.
| Why go through such a hassle?
| sidewndr46 wrote:
| isn't this just an absurdly complex re-imagining of the on/off
| switch? I've spoken to numerous people who either had their
| vehicle stolen or it was broken into. The ignition cylinder was
| damaged in the process. Rather than spend money replacing it they
| just wired in an on/off switch in a random place on the dash. The
| car got broken into again but was never stolen.
| constantly wrote:
| Valets HATE this one weird trick
| matsemann wrote:
| Huh, never considered valet parking to actually be a real
| thing. Isn't it annoying having to wait for someone to drive
| your car? I'd almost pay more _not_ to have to do it.
| elzbardico wrote:
| Pal, I've seen wallet parking across several countries in
| the world. Latin American, Western, and Eastern Europe, I
| just got curious about where you live to never have seen
| it.
|
| And to answer your question: No, valet parking is usually
| useful because the parking place is far from where you're
| going (usually a hotel or restaurant). Having the valet
| saves you the walk from the lot to the place where you're
| going. It is even more useful when it's raining and you're
| having a formal dinner.
|
| The wait for getting the car back is also pretty short
| because someone radios a driver already in the parking lot
| to bring your car in most circumstances.
| thomastjeffery wrote:
| I suspect you are parking your wallet in the most
| tourist-equipped areas of each country you listed. I
| would bet that within a 5 mile radius of each, you could
| find 1,000 people who have never used valet parking in
| their lives.
| matsemann wrote:
| Norway. I guess the less denser cities I've lived (that
| were somewhat car dependent) it was never an issue just
| parking right outside. And in the city I now live (Oslo)
| I would never use a car to get to dinner anyways.
| Toutouxc wrote:
| Not who you're replying to, but I'm from the Czech
| Republic, have been driving for 10+ years, live in Prague
| (the capital), I have never even seen valet parking
| anywhere. Even the local Hilton hotel doesn't have it.
| retzkek wrote:
| Sometimes it's a lazy rich person tax, but sometimes it's
| required because there's limited parking, and the valets
| can jam the cars in double-parked (or more), since they can
| shuffle them around as needed.
| r00fus wrote:
| At my work at the time (pre-pandemic) we used to have an EV
| valet - attendant would take your car, park it and then
| move it to an EV spot when one opened up, then put it back
| into normal parking - you would get a text with the
| location on each move.
|
| It was quite nice and let me focus on work instead of
| worrying about charging and only initial paperwork (we had
| QR stickers on the car and keychain QR).
|
| That's about the only time I've used a valet regularly.
| sidewndr46 wrote:
| Most places that I have used a valet they had a number you
| could dial and they'd bring your car up for you then
| callback when it was ready.
| drw3 wrote:
| It's fairly common in the US at hotels and some parking
| garages, especially in bigger cities.
|
| It can be nice if you're in a hurry or worried about
| walking alone in a parking garage at night.
|
| But yes, it can be annoying, especially because you're
| expected to tip them in the US too.
| ke88y wrote:
| It's common in denser cities, primarily with two
| applications:
|
| 1. at parking garages so that cars can be double- or
| triple-parked. This is by far the most common use case for
| valets today. At these lots, you actually do have to pay
| more (or arrive early) for a spot that doesn't require
| valet parking.
|
| 2. at high-end restaurants or other similar venues where
| there is no immediately nearby parking and limited or no
| street parking. The valet drives the car to a lot or garage
| a few blocks away and returns it to you when they are done.
| You can almost always opt out of these, although you may or
| may not save money by doing so and at some places it can be
| worth it to just pay up and deal with the inconvienance
| because the nearest parking is a bit far.
|
| I've also seen it as a weird status symbol thing in cases
| where it's entirely unnecessary, primarily used by people
| who have never had to put up with #1 or #2. Think up-scale
| hotels but located where parking is extremely ample. I
| think that only exists because there's a general impression
| outside of super-dense cities that valets are a "fancy"
| thing because they are only really common in "fancy big
| cities". (Which, to be fair, owning a car in midtown
| definitely makes a person fancy in some sense even if I'd
| never ency that person :p)
|
| But actually, for the most part, valets are not a fancy
| optional service. They are mostly a non-optional service
| that you have to pay more or go to significant
| inconvenience to not use.
| TRiG_Ireland wrote:
| Simplest way to avoid using a valet service is probably
| to not turn up in a car.
| constantly wrote:
| Very common. My work in the big city used to require us to
| use it when driving to take advantage of commuter parking
| benefit for the other reasons mentioned. Also use it at
| shopping malls where the valet price is the same or
| substantially similar to regular parking.
|
| Surprisingly many of them use a text system so you text
| them to the number they confirmed with like 10 minutes
| before you need your car and they have it waiting -- very
| convenient.
|
| Also use it at big events like operas or plays or whatever
| where parking is awful but valet, despite being a little
| expensive, puts you right up at the front door when walking
| in and then they get it when you leave.
| ghaff wrote:
| I used to have a car that had a kill switch requiring the
| turn signal to be turned on or some such thing. It was
| periodically a pain with valets or parking garages where your
| car might need to be moved. I'd leave a big note but it was
| ignored about half the time.
| zerd wrote:
| A friend had a car that required that you hold a magnet at
| a very specific spot in the back of the arm rest to be able
| to start ignition. Don't think he ever tried to valet that.
| progman32 wrote:
| Had a valet ignore a huge, printed instruction taped over
| my steering wheel on how not to food my car (leave it
| running for at least 60 seconds). Sure enough, they flooded
| it really bad trying to start it over and over. Killed the
| battery. Never used a valet after that.
| nso wrote:
| I have an old beater. It cost me 2300 USD when I bought it.
| Last year the ignition cylinder broke. My friend is a mechanic
| and he told me he could replace the cylinder for 90 USD, or buy
| him a beer to just install a button. I now jokingly call my car
| a Tesla since it starts with a button (it also requires the
| key)
| mavhc wrote:
| Tesla cars don't need a button to start
| _flux wrote:
| The brake pedal is _almost_ like a button.
| incahoots wrote:
| The button was my go-to when I got a new car, I would defeat
| the lock cylinder without damaging the steering column, and
| place a button in a obscure spot to start my cars.
| thatcat wrote:
| Lol. I soldered in an alligator clip jumper wire for my
| friend to temporarily bypass the failing ignition switch and
| he left it like that, says he likes the sparking.
| bookofjoe wrote:
| Off topic: My first car was a 1966 white Buick Skylark
| convertible that I bought for $500 cash in the summer of 1976
| in Los Angeles when I was 28 years old.
|
| Prior to that I had lived in LA from 1966 on and got around
| on foot and on my bicycle and city buses.
|
| I drove that giant Buick -- I mean it was HUGE, both in terms
| of length and width as well as weight -- for about five
| years, the final 2-3 of which featured a caved-in non-
| functional driver's side door resulting from having been
| T-boned by a little old lady who ran a stop sign.
|
| No worries: I'd just hop over the side or use the passenger
| side door.
|
| After the crash I never worried about theft.
|
| Also, amusingly, when I was on freeways, cars in adjacent
| lanes would quickly move away.
| randcraw wrote:
| But on modern cars, cigarette lighters are disabled when the
| ignition is turned off. So you can't use any device powered by
| the lighter to start the car.
| unsupp0rted wrote:
| Couldn't they just make the car blare non-stop alternating sirens
| for 10 minutes at a time, 4 times an hour for 12 hours, loud
| enough to get through drywall and double-paned windows, at the
| slightest perturbation?
|
| Although I don't own a car, I'm happy when I hear throughout the
| day and night that my neighbor's cars are well protected.
| breischl wrote:
| I've come pretty close to keying "FIX YOUR ALARM" into people's
| doors for this. In the end left them notes about it, which did
| result in it getting fixed, so I haven't had to actually do it.
| Someday, though.
|
| I still think car alarms are a net negative to society.
| Thousands of hours of disrupted sleep and it prevents
| approximately no thefts.
| toast0 wrote:
| Not to mention all of the mockingbirds that have learned the
| song of the car alarm. It's the most complex birdsong out
| there, so many mockingbirds picked it up while it was
| regularly sung, and now it's passed down from each generation
| to the next.
| pawelmurias wrote:
| It's a travesty that's legal.
| ilyt wrote:
| We had that in the 90's and 00's, cars still got stolen
| SoftTalker wrote:
| I lived in Chicago at that time, you heard those car alarms
| constantly and they were just ignored. I still remember the
| sequence of beeps, whoops, and buzzers of the popular alarms.
|
| For the device in TFA, I don't see what prevents a thief from
| just bypassing the thing with a jumper from the battery +
| terminal.
| Eisenstein wrote:
| Do you remember the the birds which adapted their calls to
| mimic the alarm noises?
| bagels wrote:
| The mocking bird in my backyard knows all the car alarm
| sounds, it's part of his daily routine.
| TeMPOraL wrote:
| I guess it wasn't only me who mentally associated that sound
| with "uh oh someone's car was hit by a small branch carried
| by the wind" and/or "a cat walked over the car".
| devsda wrote:
| This approach is not mischief proof and will become an easy way
| to get back at the owners and/or your neighbors.
|
| All a thief has to do is trigger enough false alarms (directly
| or indirectly) to annoy you and the neighborhood that you
| either disable it or learn to ignore it as false alarm.
| boobsbr wrote:
| I think it was sarcasm.
| jrm4 wrote:
| This seems very goofy:
|
| But also, what seems very goofy to me is the removal of the
| requirement of sticking your key in the ignition.
|
| It really feels like this older thing, plus the wireless
| crypto/radio bit they also have, really ought to be sufficient
| for all of this?
| binarymax wrote:
| How about working car alarms?! Two of my family members were hit
| in the same week (back window smashed) and the alarm never made a
| sound. Luckily both of their cars weren't susceptible to the
| common attack...so the damage was minimal.
| obblekk wrote:
| The receiver which measures the voltage pattern and decides if
| the rest of the voltage is allowed or not becomes the weak point.
| Like the encrypted key system used today, this could be buried
| deep inside the engine, but unclear why this is better than keys
| today.
|
| In addition, if the driver should be able to manually recreate
| the voltage pattern by actually flicking the lights/wipers, there
| will be a relatively small number of voltage combinations which
| could be iterated through an automated device connected directly
| to the wires very quickly.
| hulitu wrote:
| Plus DOS when the battery is exhausted after a couple of "turn
| lights on off, turn wipers on off".
| talldatethrow wrote:
| You could flash headlights probably 500+ times before a
| healthy battery had even a little trouble starting.
| Brusco_RF wrote:
| We're considering the entire battery lifecycle. So the
| correct way to think about this change is:
|
| More energy required to start engine --> Minimum battery
| health required to start engine increases --> battery
| lifecycle decreases.
| talldatethrow wrote:
| I don't see how this could possibly reduce the battery
| lifespan. Flashing the lights takes a few watts. The
| vehicle will then be started and charged and never reach
| any lower level of discharge where damage would occur.
|
| Yes, if you flashed your lights everytime 500+ times and
| got your battery to a meaningful low voltage where it
| barely started every time, sure. But not in the use case
| presented here.
| Brusco_RF wrote:
| Consider two cars with fading batteries at the end of
| their lifecycles. They are on their last start before
| needing to be replaced. They both have exactly enough
| energy to start the car with nothing left over, however
| one car has this system installed so it needs to flash
| the headlights/wipers/windows first. That car fails to
| start
| talldatethrow wrote:
| That's like saying we should also turn off keyless entry
| sensors to make our battery last an extra day too, since
| theyr draining power as your car sits all weekend, and
| then one Monday morning your car won't start when you
| need to go to work. Does it really matter if your car
| starts 3000 times from a battery or 3001 times?
| jeron wrote:
| I simply drive a manual - ultimate theft deterrent these days
| toomim wrote:
| Not true. My manual civic was stolen 5 times in 5 years.
|
| Car thieves learn how to break into various makes and models of
| cars and hotwire them. They have also figured out this thing
| called a "clutch".
| jeron wrote:
| in the last 5 years? thieves these days are young kids who
| have never seen three pedals
| Havoc wrote:
| Another DIY solution I've seen is magnet activated switch in a
| place in the panels & magnet on keychain. Short of tearing the
| car apart you're gonna have to know where to hold the magnet.
| justinlloyd wrote:
| Paraphrasing: "And you would have to turn the windshield wipers
| on and off, switch the radio off, flash the headlights and our
| clever device will then permit the car to start."
|
| Yeah, that kinda sounds like my Caterham 7 back in the 1990s
| during wet weather.
| Kerrick wrote:
| My grandfather invented, marketed, and maybe patented a device on
| this premise before he died decades ago. I still have one in its
| retail packaging in my curio cabinet.
|
| IIRC the first iteration he made used a keypad to enter the code,
| and the second used the blinkers.
|
| https://web.archive.org/web/20010206124335/http://www.kapinn...
| DavidPeiffer wrote:
| Does the timer restart with each ignition start? I'm imagining
| a thief who is aware of the system diligently putting the car
| into neutral and turning the car off and on every 40 seconds
| during their getaway.
| alexchamberlain wrote:
| So they've spent $1.2million to develop a pre-patented device?
| nomel wrote:
| This is low tech, available since the late 80's. It's a bit
| ludicrous to think it wasn't invented, and reinvented, many
| times within the last 43 years.
| 0003 wrote:
| Thus begins the spiral coming back to "physical" security vs
| abstracted tech. Imagine the sales of a new BMW M5... "Yup this
| baby has it all. Top of the line security. Worried the thieves
| will see your finger prints on the keypad no worries. Just
| manually hit the windshield 3x, run the blinkers so many times.
| Etc etc. And there she goes..."
| shadowtree wrote:
| Way better would be a system of sliding metal panels to cover the
| windows when parked. Most break ins here in SF just smash and
| grab your shit.
|
| Give me a way to protect the inside of the car.
|
| Plus the fact that neither SFPD nor Oakland deploy decoy cars to
| actually go after the thieves - what a total failure of basic
| policing this area is. Can I get a 10mil grant to propose that!?
| boobsbr wrote:
| You want the Tom Jane Punisher's car?
| samtho wrote:
| This will always be a cat and mouse game: as cars become more
| complicated and have more security features, there are just more
| points of failure. A toolmaker for thieves or locksmiths will get
| a new car and automate the exploitation of a vulnerability. Some
| new lamps are fully computer controlled with pins for 12v, GND,
| CAN-H, and CAN-L instead of just a switched leg and a common. If
| I can get access to the inside of the housing, it's game over
| anyway.
|
| A sufficiently motivated actor will steal your car if then want
| to. The immobilizer is kind of a joke when you can, with an
| Arduino and access to the CAN bus, just dump the memory of your
| immo controller or instrument cluster and find your pin, then use
| that to pair a new key you had cut to a vin.
| akira2501 wrote:
| If your car can be repossessed, it can be stolen, and the set
| of tools in a repo mans arsenal for moving vehicles is much
| larger than most people might expect. If I can get my hands on
| your vehicle, I can take it.
| rpcope1 wrote:
| GM seemed to have had this right in the late 80s and early 90s
| with VATS: my Camaro had a resistor integrated into the key, and
| if the ECM sensed the wrong resistance, it wouldn't start or run
| the ignition. I think there were a large number of possible
| values, and it would lock you out for a while if it detected a
| couple of failed attempts. It also seemed pretty good at
| preventing theft, and can't possibly be more complicated or
| expensive than the silly fobs everything comes with.
| jshprentz wrote:
| Another way: the Batmobile's Anti-Theft Activator [1] from the
| 1966-1968 Batman TV series.
|
| [1] https://batlabels.tumblr.com/post/158029360040/anti-theft-
| ac...
| anjc wrote:
| It's interesting to read how many comments here underestimate the
| sophistication and expertise of mechanics and car thieves, and,
| all of the poor suggestions to overcome theft. This despite the
| userbase being technical.
|
| I wonder if there's a mechanics forum somewhere in which posters
| are confidently proposing Caesar ciphers and so on.
| localtoast wrote:
| As a kid, I watched my father pull a single fuse from the family
| 4x4's fuse box whenever we left the vehicle unattented for any
| extended period. Does a practical, lower-tech deterent exist?
| indymike wrote:
| This is the 2C/ solution to the problem... and usually doesn't
| even require you to pop the hood if the fuse is inside the car.
| localtoast wrote:
| Yup; in our case it was in the cabin, a little to the left of
| the steering column.
| jaclaz wrote:
| The "traditional" way (many years ago) was to open the
| distributor (no tools needed, they had spring clips) and take
| the rotor with you.
| camhenlin wrote:
| My buddy has an 89 Prelude that got stolen a couple of times.
| It basically got driven around and left with an empty tank
| around town both times and no signs of break in. I think the
| keys are relatively common for those so maybe the thief has
| one.
|
| Anyways, I installed a switch up under his dash the disconnects
| the fuel pump +12v wire. It takes just a moment to flick the
| switch if you know where it is, and afterwards, the engine will
| crank and crank and crank and sort of sound like it wants to
| start at first, but never do anything. It would probably take
| several minutes to find it if you had to look for the switch,
| especially if it were at night and you were trying to steal the
| car. Seems like a good lower tech deterrent to me! The car has
| not been stolen since.
| 1024core wrote:
| > I think the keys are relatively common for those so maybe
| the thief has one.
|
| I have a buddy who had an old Ford in San Francisco. Once in
| a while he'd get in the car in the morning and notice that it
| felt .... strange. He couldn't put a finger on it. Then one
| day he had to get to work a little early and showed up at his
| car much earlier than normal. He found a guy sleeping in his
| drivers seat. Needless to say, both were startled and the
| homeless dude ran off, leaving a big bunch of keys behind in
| a keychain. Those were "master" keys to get into a whole slew
| of older vehicles.
| wongarsu wrote:
| Some cars also have unused switches on the dashboard
| (presumably features you didn't pay for) that are perfect for
| such use cases.
| jaclaz wrote:
| I remember (in the late '70's or maybe early '80's) a
| friend's car where he added (it was not unusual at the time
| to add "accessories" to cars, like fog lights or rear
| lights ) a number (four or five) lever switches (connected
| in serie) that acted like a dip-switch, you had to set them
| in a given pattern (like up-down-up-up) to be able to start
| the car.
| cdchn wrote:
| A million drivers of Hyundais that the manufacturer cheaped out
| on immobilizers in the US would be interested in this as a
| finished product.
| betimsl wrote:
| $1.2 million down the drain.
| GeorgeTirebiter wrote:
| My buddy uses a big-ass knife switch on the battery + terminal,
| under the hood.
|
| Since you have to open the car to 'pop' the hood, the only way to
| steal it is to get inside somehow (slim jim, smash the window,
| etc), pop the hood, pop the hood safety, know which black plastic
| box has the knife switch, open that, close the switch, close the
| hood, hotwire the ignition, and, finally... drive away.
|
| Too much trouble. some other victim car will be chosen by the
| typical car thief.
| post_break wrote:
| That works on older cars, on newer cars they will run like shit
| if they are constantly killed. The ecu likes to learn things,
| the transmission ecu, the radio, all your settings. A knife
| switch on the fuel pump or starter would be better.
| soared wrote:
| Cool idea! Seems like car thieves could probably just carry
| around another device to hack it, but certainly could be a
| deterrent.
|
| I don't know much about it but it seems like a key is supposed to
| be the password for the car, so seemingly the key is where
| improvements could be made. Like add unique and random
| differences in the metal on each key and have the key slot read
| those and only turn on the car if it matches (since I guess the
| metal bumps are easily bypassed by thieves?)
|
| Or couldn't the bumps on keys just be replaced by.. pretty much
| anything that is physically secure and not multiple hundreds of
| years old technology? Credit card chips, magnet strips, 2fa fobs,
| fingerprint sensors, etc?
| pc86 wrote:
| > _Like add unique and random differences in the metal on each
| key and have the key slot read those and only turn on the car
| if it matches_
|
| So turn a $100 ignition switch assembly into a $3,000 1-of-1
| monstrosity? Would you need to replace the entire ignition
| assembly if you lose your keys, or would you be able to
| generate a key from the ignition assembly (or VIN or other
| unique identifier)? Thieves would probably just do that for
| high end vehicles anyway.
|
| > _Or couldn't the bumps on keys just be replaced by.. pretty
| much anything that is physically secure and not multiple
| hundreds of years old technology?_
|
| Isn't this exactly what push-to-start tech is? I'm not sure the
| percentage of vehicles that have push-to-start at this point
| but I'd imagine it's well into the majority, and increasing.
| wongarsu wrote:
| High security door keys commonly use magnets embedded in the
| key as an additional security layer. A lot harder to pick by
| hand, and also doesn't appear in photographs of the key.
|
| For car keys manufacturers try to get away from physical keys
| for years, and for a remote keyfob it's just a cost question.
| Bidirectional communication allows for good cryptography with
| challenge-response protocol, but costs more than
| unidirectional. But then people want to be able to open their
| car when the battery of their fob is dead ...
| incahoots wrote:
| I imagine the purpose is to extend the timer when attempting to
| steal a vehicle.
|
| Ford had their dial pad on their vehicles for the longest time
| to prevent entry if you were using a non factory key to enter.
| I always thought that was a neat feature, but heavily under
| utilized.
| ilyt wrote:
| The hacks that are being used are bypassing the authentication
| device so improving authentication device is pointless.
| incahoots wrote:
| The boomer in me suggests that you buy a manual transmission
| automobile to deter would-be thieves...
|
| Regarding the article, I get the idea that essentially this is a
| stripped down version of using something like a Yubikey to access
| a workstation (in this case, a car). I chuckled at the idea of
| doing certain actions within the car to get it to operate.
|
| ^ ^ v v < > < > B A Start Start
| anaganisk wrote:
| LB LT RB RT left right left right LB LT RB RT left right left
| right
| cjdoc29 wrote:
| I know someone who wired their turn signal / high beam stalk to
| need to be pulled while turning the ignition key. Back in the
| early-mid 90s, my dad had a tiny light switch that needed to be
| toggled before starting the car.
|
| It's ridiculous this sort of thing is needed, but it's sort
| of...fun?
| marcodiego wrote:
| I was once told that you can buy on of those realistic baby doll
| and leave it on the back seat.
| anaganisk wrote:
| Great way to get your windows broken everyday
| waihtis wrote:
| tl,dr: 2FA for cars
| excalibur wrote:
| Getting strong flux capacitor vibes from this
| thriftwy wrote:
| Commercial immobilizers do that, but with much more sophisticated
| technique than this amateur hour.
|
| Mine sits straight near the car CPU and is protected by a metal
| box.
| johnea wrote:
| A surprisingly simple way to foil car thieves
|
| It's so simple, it can be done "With a new $1.2 million dollar
| grant from the National Science Foundation"...
|
| I guess simple doesn't mean what it used to mean...
| hulitu wrote:
| > I guess simple doesn't mean what it used to mean...
|
| "You should see our new, redesigned, UI/UX" /s
| ilyt wrote:
| The amount is comical but there is still some development
| required to turn DIY hack into actual product.
| boringg wrote:
| Wow - the solution is to overlay a physical keylike component to
| the system tied to the battery. The whole point of keyless fob
| was to make it easier. This negates that benefit. Why not just
| put a key back to start the engine. Whoever is signing off on
| that grant money doesn't understand product design.
| TheDudeMan wrote:
| Maybe we should insist that production key fobs are secure. It is
| only pure laziness and incompetence that has resulted in them not
| being secure. The tech is not difficult.
| SoylentOrange wrote:
| Q: if this is the equivalent of a password, what's the mechanism
| for resetting the password? For example, you are selling a used
| car. Or you have many cars each of which you don't use too
| frequently. Or you have a tractor that you use seasonally. In
| those cases, it's totally reasonable that you would have
| forgotten the password. How do you reset it if it's wired into
| the power line?
| codedokode wrote:
| This must be April 1st article.
| bagels wrote:
| They invented a less reliable immobilizer?
| threeio wrote:
| Maybe I'm missing something, but in some of my international
| travels, rental cars had a keypad that had to be entered
| correctly prior to the key working. No key code entry, no run.
|
| Put the keypad in 3 times incorrectly in a row, system blinks
| rad, you sat for an hour unless you called the rental place for
| an override key.
|
| Voltage fluctuation aside, it seems like the same system.
| giobox wrote:
| I haven't seen a separate keypad immobilizer (the kind where
| you put key in ignition and turn, but engine wont start until a
| pin is entered into a separate keypad in the cabin) since I
| last sat in a Peugeot 205 in the early 90s - I'd be shocked to
| see one on anything made in the last decade that isn't a weird
| aftermarket accessory. I've never seen this on a rental car in
| Europe/US in recent memory.
|
| The pin pads Ford often fit to doors are not the same thing -
| those are to provide cabin access without a key at places such
| as worksites or camping trips etc.
| maratc wrote:
| In Cyprus, rental cars also have them (of course these are
| aftermarket).
| threeio wrote:
| Travel to Israel, its in -every- car.
| tguvot wrote:
| required by insurance
| kotaKat wrote:
| The GM EV1 had this solved early on: they didn't use keys at all
| - just a numeric PIN that you entered on the door and on the
| center console to start. ;)
|
| http://www.kingoftheroad.net/charge_across_america/graphics_...
|
| Slap your PIN in and hit the RUN button and it'd fire right up.
| dharmab wrote:
| I believe Ford has a patent on keypad entry. Many of their
| vehicles have it.
| monkeywork wrote:
| I love the keypad on my F150 I seriously wish all vehicles
| had it.
| mrguyorama wrote:
| It used to be that the PIN logic was just a simple rolling
| buffer and substring(ish) search, such that for a 6 button
| keypad, an optimized 80ish button sequence would open every
| single vehicle with those keypads.
| gcanyon wrote:
| if/when this becomes common, what prevents thieves from
| carrying/providing their own positive cable to bypass the
| authenticator?
| onetimeuse92304 wrote:
| Whatever is posted online, thieves will soon learn and figure out
| how to circumvent.
|
| What you want is to be original. You just need to think like a
| thief.
|
| What thieves don't like? _Surprises._
|
| Just do something surprising that will make the thieve think it
| is just too risky to try and they will go for an easier
| alternative.
| jheriko wrote:
| surprisingly simple to circumvent from the sounds of it too...
| ecf wrote:
| I'll let you in on a secret that would deter care thieves.
|
| Adequately punish the ones police happen to catch.
|
| It'll create a reinforcing cycle. Police are more interested in
| pursuing these cases because it's worth it for their time, and
| thieves will be dissuaded from car theft because there might
| actually be consequences if caught compared to the current slap
| on the wrist.
| mauvehaus wrote:
| Easier solution: take off one highly visible trim piece from the
| dashboard or console of your car, and throw a $20 DMM on the
| passenger seat. A couple random bits of loose wire in various
| colors for effect, maybe a half roll of electrical tape, and
| nobody's going to take a second look.
|
| Source: nobody has ever stolen any of the cars I've owned while
| I've been troubleshooting the ongoing electrical problems.
| koliber wrote:
| In Israel, all the rental cars we rented had a keypad and you had
| to enter a 4 digit pin to start it. That sounds simple. This
| sound a bit more complicated.
| oxfordmale wrote:
| What about an old fashioned mechanical key?
|
| Car manufacturers are directly to blame for the increased theft
| of cars. It is a win win for them, as it results in higher car
| sales. If a dood manufacturer would sell doors that can be easily
| opened, everyone would complain. Far less so with cars.
| Spivak wrote:
| It wouldn't stop anything. You have a car that has everything
| it needs to start and go just sitting there. Whether you have a
| physical key, password, retina scanner, you name it the issue
| is that the thief has physical access. For physical security
| they can just short some wires to make the car think it has the
| key, and for digital systems they gain access to the cleartext
| internal message bus of the car and tell it to start. The
| latter is the one that has more promise on making it actually
| secure because you can make the software required to drive the
| car and the car physically can't move without it but that comes
| with a lot of usability and performance trade-offs.
| woobar wrote:
| Do you believe that mechanical keys were a deterrent before the
| introduction of the immobilizers? And if they were why did they
| bother with immobilizers, anti-theft alarms, and GPS trackers?
| oxfordmale wrote:
| Car theft rates were lower with mechanical keys. See below UK
| statistics
|
| Keyless cars top the list for most stolen cars across the UK,
| with around 93% of all stolen vehicles in 2020 being taken
| without vehicle keys.
| woobar wrote:
| This is not statistics. What percentage of the new cars are
| keyless?
|
| Here are stats for UK. Total cars stolen in UK dropped from
| ~300K to ~100K in the last 20 years. [1] Even though number
| of cars keep growing [2]
|
| [1] https://www.statista.com/statistics/303551/motor-
| vehicle-the...
|
| [2] https://www.statista.com/statistics/299972/average-age-
| of-ca...
| austin-cheney wrote:
| My ultimate anti-theft device: standard transmission.
| swores wrote:
| > _In a field test study on eight vehicles published in July
| 2022, the researchers showed that a prototype of Battery Sleuth
| was more than 99.9% effective at detecting and preventing
| illegitimate activity without interfering with normal vehicle
| operation_
|
| Would anyone be able & kind enough to explain what sort of
| testing could go from a sample of eight vehicles to a result of
| "more than 99.9%"?
|
| Does that mean they tested 1000 ways of hacking (or 125 ways on
| each of 8 cars) and found 0 of them were successful? Or...
| phendrenad2 wrote:
| I'm surprised no one has resorted to chemical warfare. Add a can
| of skunk spray under the driver's seat, wired up with a motor to
| spray it if someone else tries to drive off in your car. Have an
| audible beep a few times before it goes off, to remind YOU to hit
| the secret switch to disable it. Car thieves will continue on
| their merry way, wondering what that beeping is. Of course, you'd
| probably be sued by the car thief, who wouldn't spend a minute of
| jail time because city governments don't want to do their job, so
| probably not actually a good idea...
|
| (Maybe instead of skunk spray, you could turn the radio up full
| blast, playing some CIA-approved heavy metal music?)
| mulmen wrote:
| Just take your battery out and carry it with you.
| jeffreygoesto wrote:
| Colleague had a Mini Cooper in the 80es where the Choke could be
| pulled but pushing it back did nothing. There was one traffic
| light that was always red (for the street with no priority) where
| the owner went around and pushed the lever back. The car was
| stolen once and found with the carb flooded after a mile or so.
| K0balt wrote:
| 1.2 million grant for this?
|
| Now I've seen grift, but come on. I want to hire their grant
| writer.
|
| Literally a relay in the starter lead. This looks like one of my
| afternoon projects, and I'm not even joking. I have a 1990s
| montero diesel and it leaks power, and I often forget to
| disconnect the terminal.
|
| So I bought a relay from AliExpress (same one shown in this photo
| but one size up) and hooked it up with an esp32 and some discrete
| components.
|
| It senses my phones Bluetooth radio and energises the relay if I
| turn the key on when I'm within a few feet, as well as any other
| Bluetooth radios I authenticate.
|
| I can also just turn on the wipers momentarily and it will latch
| the relay. If the vehicle is not running, the relay unlatches in
| 15 minutes.
|
| That way I can basically forget that it exists, problem solved.
| It has been working flawlessly for two years now. The whole thing
| took me about 3 hours to put on strip board and program, another
| half hour to enclose and mount it.
|
| Give me an hour more in micropython and I could make it require a
| passcode entered on your phone with a secret wiper switch
| sequence as a backup. If I threw a five dollar Hall effect
| current sensor (as shown in their project) it could require a
| whole dog and pony show of switch activations to unlock it.
| Adjusting it to different vehicles would be a one- time
| calibration sequence like I use for my water flow meters.
|
| I guess I should have applied for a grant.
| SanderNL wrote:
| Hate to say it, but the tech itself is the easy part. It
| usually is.
| AnotherGoodName wrote:
| https://xkcd.com/664/
| K0balt wrote:
| Lol. So true.
| pseingatl wrote:
| I thought I had the only 1980's-vintage Montero diesel. 4D55 4
| cylinder engine, no turbo. That engine with a turbocharger was
| sold in Mitsubishi pick-ups, but as of 1985, the 4D55 was not
| imported. Had to import it myself, long story. I understand
| there are replacement engines in Chile.
| duxup wrote:
| There was a news story a while ago that detailed a paper that
| coined a term, something like "time battery". It detailed how
| data centers could save money and power by processing intensive
| tasks during off hours.
|
| It seemed like a simple crib job would cover the entire
| premise. Let alone all the other strategies out there.
|
| It wasn't clear to me if the paper in question recognized that
| people already do that with computers. I tried reading it but
| it was pretty hard to get through.
| woobar wrote:
| This is very close to what the original LoJack did in 1979.
| They added keypad to replace switching on lights:
|
| [LoJack] could also include the incorporation of a scheme
| whereby an additional step was required to activate the
| ignition. Prior to starting, it would require the activation of
| any number of the usual vehicle features such as the radio,
| headlight switch, or other switched device. Without knowledge
| of the proper procedure, it would be almost impossible to
| activate the ignition. Modern transponder key based systems
| made the original LoJack starting system obsolete
|
| https://en.wikipedia.org/wiki/LoJack
| [deleted]
| KennyBlanken wrote:
| > Modern transponder key based systems made the original
| LoJack starting system obsolete
|
| Transponder keys aka immobilizer systems.
|
| All those Kias being stolen in the US are being stolen
| because the US does not mandate any form of immobilizer, and
| thus Kia on their cheapest models didn't include one.
|
| Canada mandates immobilizer systems. Guess where the whole
| "Kia boys" phenomenon isn't a problem?
|
| This is one of many examples of how our "democracy" isn't
| working. The vast majority of the US populace would agree
| that an immobilizer system which prevents a car from being
| started with a screwdriver is a good thing.
|
| Every time it's been proposed in congress, the automotive
| lobby has told congress how very expensive it would be for
| them (and by very expensive, we're talking probably less than
| $100 per car.)
|
| The expense to society (the owner losing their likely sole
| means of transport to work, health care, social activities
| and suddenly having a massive expense), police response to do
| something (er, just collect the report, I guess), the lost
| productivity, emergency services, and medical costs of people
| injured (victims or perps) from joyriders...all that goes
| unmentioned, because nobody's spending money to put someone
| in front of Tommy Tubletone from chucklesville to tell him
| that it'll cost everyone less to mandate the things.
|
| Consider that ABS was not mandated in the US until 2012,
| along with traction control.
|
| Compared to a lot of european "socialist" countries, we have
| much worse alignment between public opinion and legislation,
| and it's because of how powerful lobbying and corporate
| election funding is here, and a pervasive, insidious effort
| to portray anything other than wild-west free-market
| attitudes as "communism."
| K0balt wrote:
| As they do this system as well lol.
|
| But good for them. They will learn a lot.
| StevenXC wrote:
| Speaking as someone who's reviewed for NSF before, I'd have
| expected this grant to also include resources to get the
| product to market, which I'm assuming you haven't done.
| K0balt wrote:
| Not on the battery relay, no, but I have done some small
| scale hardware projects (>10k units) , and for something like
| this I'd need about 250k to make 10k units of a <$10 BOM
| setup like this. Not sure what any relevant certificates
| might cost though. At any rate it's not going to be good for
| your vehicle warranty lol.
|
| But they might be funding for marketing costs and other soft
| expenses. Nice project and a great jaunt for a year or two.
| I'm sure they will learn a lot. Good for them.
|
| The real screwy thing here is it's like they did no market
| research or customer testing here. There are already a
| multitude of cheap, sophisticated, highly effective solutions
| in this segment that are much less user hostile than this
| gadget seems to be .
| hanniabu wrote:
| Doesn't take much to put a few notes together
| [deleted]
| 0xdeadbeefbabe wrote:
| Well say we give him 30 more minutes?
|
| (Also, their device is supposed to be tamper proof. That
| sounds more difficult)
| K0balt wrote:
| Hmm. If the can figure out how to make it so I can't just
| tear their device out and hook up my own battery cable they
| might be on to something, but most new cars already come
| with sophisticated anti tampering measures.
|
| At any rate, good for them. It will be a great learning
| experience at least.
| sbohacek wrote:
| I don't think so. NSF Small Business Technology Transfer
| (STTR) and NSF Small Business Innovation Research (SBIR)
| grants include getting products to market. But this is a
| regular research grant from NSF Secure and Trustworthy
| Cyberspace (SaTC)[1].
|
| The SaTC does have a Transition to Practice (TTP) option.
| However, this research is CORE (see the text "CORE" in the
| project title [2]). The objective is to write research
| papers.
|
| [1] https://www.nsf.gov/pubs/2022/nsf22517/nsf22517.htm [2] h
| ttps://www.nsf.gov/awardsearch/showAward?AWD_ID=2245223&His..
| .
| K0balt wrote:
| Holy shit, so 1.2 mil to develop this and write some
| papers? This is some oceans eleven shit right here lmfao.
|
| That's amazing!
| chriskanan wrote:
| Here is the link to the award (I think):
| https://www.nsf.gov/awardsearch/showAward?AWD_ID=2245223&His...
|
| Probably half the award is taken up by indirect costs at the
| university, leaving the remainder for a few PhD students to be
| funded, money for the devices, and any studies where they are
| probably paying participants to use the device.
|
| $1.2M doesn't go that far in terms of grants. As far as whether
| this is a good investment for the government's money, I'm a lot
| less clear. Given all of the recent car thefts due to TikTok, I
| assume that influenced NSF and the reviewers.
| sushid wrote:
| Half is taken by the university? How does that work?
| etrautmann wrote:
| Overhead is required to pay for space, electricity, admin,
| etc. This is not inherently a problem, but the percentages
| getting too high is...
| gonzo wrote:
| Happens all the time, nearly everywhere.
| justinclift wrote:
| Renting the space to the departments and other similar
| things probably.
|
| I wish I was joking, but a friend who works at a Uni was
| recently complaining of their budget being affected by
| (mandatory) things like that.
| magicalhippo wrote:
| And an evergrowing administration, at least where my mom
| works. She said they used to take 1/3 not that many years
| ago, now it's 1/2. In the same period the administration
| has grown considerably.
|
| A big problem is they don't always get all the money they
| apply for, and so with the added overhead there's
| sometimes very little left to do actual science.
| ModernMech wrote:
| Space is limited and coveted. What better way would you
| propose to allocate it than to give it to who can bring
| in the money to pay for it? That money goes to building
| new spaces, which is good for everyone.
| justinclift wrote:
| Sure. Because Universities are all about "bringing in the
| money" rather than education, research, and similar yeah?
| sclarisse wrote:
| Yeah :(
| ke88y wrote:
| _> What better way_
|
| Open up all federal grants -- especially NSF grants -- to
| anyone with credentials or experience necessary to PI
| (so, a PhD or equivalent industry experience). Broaden
| the reviewer pool so that each panel is at least 51% non-
| Professor expert citizens.
|
| I can do a LOT of advising and conduct a LOT of research
| with close to 0% overhead. But most NSF grants are only
| possible to get if you attach yourself to a university,
| and at that point it's just not worth the effort.
| Everyone loses, except for the academic industry, which
| gets heinously immoral labor laws exceptions so that TT
| professors and admins can retire-in-place on the
| taxpayer's dime in their mid 30s.
|
| What possible actual reason does the NSF have for
| requiring research work to be done at universities?
| chriskanan wrote:
| It varies per university. Looks like for UMich it is 56%.
| https://orsp.umich.edu/develop-proposal/budget-and-cost-
| reso...
|
| I believe Stanford is 60%. My university is 54%.
|
| Here is an explanation for the justification of this:
| https://spo.berkeley.edu/guide/fa.html
|
| It does certainly feel excessive as an academic. I've never
| seen actual tracking of where the F&A money goes in terms
| of a quantifiable breakdown, e.g., what fraction goes to
| university accounting for doing their needed work for
| supporting a sponsored project, what amount goes toward
| electricity, etc. Universities always seem to be
| negotiating with the Federal government to raise the rate.
| When I was at an institution with a 45% rate, though, it
| let me stretch my grants a lot further by allowing me to
| fund more students.
| ModernMech wrote:
| Consider it rent+taxes to live in the University
| environment. You get access to libraries. IT
| infrastructure. Special equipment and space for your
| research. Lots of competent smart people eager to help you
| with your project. How much would you pay for that?
|
| I worked at a startup and between the rent for our office
| and our individual rents, like 80% of the VC money went
| into landlord pockets.
|
| Also there are plenty of "tax breaks" you can get so that
| you don't have to pay so much. Capital expenditures will be
| taxed at 0%, so you can get your overall rate down
| significantly.
| throw9away6 wrote:
| Only half. The university bureaucracy is great and all
| powerful
| samstave wrote:
| Curious, what % of costs of a grant are usually consumed by
| the UNi - are these to pay for equipment, power, lab time,
| etc?
|
| Or are they slurping funds for other aspects of the uni's
| operations?
| intrasight wrote:
| Universities typically take 50%
| HWR_14 wrote:
| Usually about half. It's designed to cover the costs of
| running a university research program spread across all the
| projects. So a 10MM project provides 10x the funding that a
| 1MM project provides. Think things like health insurance
| for the researchers, covering time between projects, lab
| capital costs, electricity, administration, accounting,
| even the cost of writing grants.
|
| There's a valid question of if that number can be smaller,
| but the general concept makes sense.
| klodolph wrote:
| https://academia.stackexchange.com/questions/25910/what-
| does...
|
| Overhead includes things like administrative & support
| staff, equipment depreciation, etc.
|
| It's often calculated as some percentage of the grant. Then
| you fill out your timesheet to bill hours to specific
| grants, so it can all be tracked.
| K0balt wrote:
| Honestly good for them. I'm sure they will learn a lot.
| bozhark wrote:
| If you need a grant writer...
|
| 100% acceptance of every grant proposal I've ever submitted.
| coldtea wrote:
| > _That way I can basically forget that it exists, problem
| solved. It has been working flawlessly for two years now. The
| whole thing took me about 3 hours to put on strip board and
| program, another half hour to enclose and mount it. Give me an
| hour more in micropython and I could make it require a passcode
| entered on your phone with a secret wiper switch sequence as a
| backup._
|
| So, basically a custom rig, with some shit that might or might
| not work from AliExpress, is out of the question for anybody
| not knowledgable in electronics ("hooked it up with an esp32
| and some discrete components"), and needs even more work to
| have a functionality that would come in standard in a
| commercial solution.
|
| Some of the strongest https://news.ycombinator.com/item?id=9224
| vibes...
| montag wrote:
| No offense to the GP, but geez that comment belongs in some
| kind of Hacker News hall of fame
| Mizoguchi wrote:
| Not sure about the details of this particular grant, but with
| federal grants usually you don't get a million dollar check to
| develop your idea. The money is divided in phases each
| requiring a set of milestones to be completed, reviewed and
| approved for you to have access to more resources. The total
| grant may be a million, but you may first get 100K and 6 months
| to show a working version then the next phase if approved gives
| you 200K more and so on.
| s1artibartfast wrote:
| Most federal grant I've worked with don't have internal
| milestones gating funding. That is taken care of by separate
| grants at each phase.
|
| You might need to lay out your whole road map for the first
| grant, but but that entire grant only covers 6mo or whatever.
| jaboutboul wrote:
| If you're already done with development then why not beat them
| to market?
| K0balt wrote:
| Because there's no product market fit here. There are a
| myriad of far more secure and user friendly alternatives. I
| briefly investigated the market thinking maybe I had
| something cool, but there are a thousand better solutions
| under 20 dollars.
|
| The only way something like this gets traction is "as seen on
| TV" marketing to naive consumers, and I have no interest in
| building for that market.
| soligern wrote:
| That's what people said about Dropbox too. I can set this up in
| 5 mins with rsync blah blah. There is value and effort involved
| in making it production ready, seamless, general population
| ready etc.
| [deleted]
| mcpackieh wrote:
| > _There is value and effort involved in making it production
| ready, seamless, general population ready etc._
|
| This wasn't done. Well, it wasn't done by these researchers,
| but it has been done countless times before by other people.
| This research is a joke.
|
| Edit: I've realized the dropbox comment reference is an
| appropriate reference, but in the exact opposite way you're
| suggesting. All the ignition interlock switches already on
| the market are dropbox. This researcher is the one saying
| "look what I can do with rsync."
| beerandt wrote:
| Agreed. This is just fancy marketing for what is is essentially
| a battery with an obscure and overly convoluted password scheme
| to output >x amps.
|
| Also:
|
| Plugging in a battery booster down stream of the device's
| imposed amp bottleneck seems like a stupid simple
| circumvention.
|
| Maybe it isolates the starter circuit, but that starts
| diminishing it's selling point of being simple and universal,
| if you need to start dealing with differences in wiring.
| cobertos wrote:
| Huh, the house I'm living in was built with a $300k NSF grant.
| Though I bought it for $2k at auction (it's 220sqft). Funnily
| enough, also from U of M
|
| Crazy to think you could build at least 4 of these with the
| same amount of grant money.
| pohl wrote:
| Prototyping is a tiny fraction of product development.
| memetomancer wrote:
| This is a frustrating yet common sort of take. Yes, this is
| simple, as the article clearly points out. Yes it is obvious in
| retrospect. But did you do anything with your brilliant work
| besides bodge your terrible car a few more miles down the road?
|
| There is value to developing the entire system... to ensuring
| the keypad mechanism is reasonably robust and tamper proof.
| There is value to understanding the vehicle as a system and
| reasoning out this defense strategy. There will be value in
| preliminary productization of something this for mass
| production, especially as regards the use of that terrible 12v
| power port and providing the 'fingerprint' in a safe range of
| voltage fluctuations to avoid catastrophic and probably non-
| obvious failure modes. There will likely be D.O.T. paperwork,
| and UL listing.
|
| $1.2 million is probably a bit meager to truly develop
| something like this.
|
| Yes, you can hobble some crap together on your Montero.
| Congratulation. Hardly a solid foundation to speak ill of this
| team doing something genuinely productive.
| Gordonjcp wrote:
| > There is value to developing the entire system... to
| ensuring the keypad mechanism is reasonably robust and tamper
| proof. There is value to understanding the vehicle as a
| system and reasoning out this defense strategy. There will be
| value in preliminary productization of something this for
| mass production,
|
| https://a.allegroimg.com/original/03e206/1de3f26447d79428246.
| ..
|
| Optional extra on Series 1 Citroen XMs, an immobiliser keypad
| programmed into the engine ECU. It cost about 100 quid in
| 1990 money, on a 40 grand luxury car. Most V6es and 2.5
| diesels had them, few 4-cyl petrols or 2.1 diesels had them.
|
| There's no need to spend $1.2M developing something that's
| already existed for a long time. This was actually a
| development of a similar keypad fitted to most Citroen CX
| Turbos, from the mid-1980s. The idea is nearly 40 years old.
|
| It's inexpensive proven technology, and it works well.
| dghlsakjg wrote:
| There are dozens of similar mechanisms for sale on
| Amazon/aliexpress. A car alarm with an immobilizer is more
| advanced than this "innovation".
|
| They are claiming that the novel part is using voltage
| fluctuations to unarm the immobilizer and claiming that it
| requires less installation since the signaler device can plug
| directly into the cigarette outlet. A wireless relay requires
| the same cuttoff relay installation as their "new" idea, but
| is even more convenient because you don't have to install a
| bodged together keypad on the cigarette lighter, and short
| your electrical system to cause voltage fluctuations.
|
| They have blown through 1.2mm in grant money and their
| product is a bunch of prototype parts from a $50 arduino
| starter kit. It isn't polished, it isn't ready for consumers,
| it is a single prototype.
|
| I guess the idea of causing voltage fluctuations is novel,
| but they sort of reinvented a $30 wheel for 1.2 million.
| olyjohn wrote:
| That's the problem with the whole concept. Anybody can build
| a shockingly simple kill switch for $5 and a 5 video on
| YouTube. What are they trying to bring to market exactly?
| Cars have been around for 100 years and there have been
| hundreds if not thousands of these things brought to
| production during that time. They're all junk, they all fail
| and flop.
|
| And great if you thing that those voltage fluctuations are
| gonna be consistent. Eventually some switch will corrode and
| then the person's wiper switch won't fluctuate the voltage
| properly. Nobody will want to reset their clocks using this
| every time they get in the car. Your break-in alarm won't
| work with the battery disconnectred. Car manufacturers will
| be pissed that you're disconnecting the battery because they
| can't get your telemetry and the car can't update while
| you're not int it. And then when you have problems, this will
| be the first thing ripped out of the car by your mechanic.
| This whole concept is flawed, and anybody with basic car or
| electronics knowledge will stay away from this thing because
| they can do it themselves.
|
| And here's the kicker... anybody who doesn't have basic
| knowledge won't be hooking this thing up to their battery.
| They are terrified of even touching the battery.
| Congratulations on your marketing BS, but it's clearly not
| thought out from a common sense perspective at all.
| dcow wrote:
| If you read TFA then you'd realize they've solved almost
| every issue you throw down. They allow enough current
| through to power electronics (like your break-in alarm) but
| not enough to turn the engine over.
|
| The target market for this is not "anyone with basic car or
| electronics knowledge who can do it themselves"... it's,
| "people who want an extra level of defense against car
| thieves".
| pavon wrote:
| There is zero novel research here, and the entire purpose of
| the 1.2 million dollar grant was research. All the value you
| are mentioning is related to bringing a product to market,
| which is something that the grant did not require and
| universities don't usually follow through. Most of the time
| transition to industry happens is when there are motivated
| companies who do all the work to bring the device to market,
| but need university patent licenses and expertise to do so.
| This would be a great senior project, but it is a complete
| waste of money for a cyber security grant.
| memetomancer wrote:
| I disagree: the device monitors battery fluctuations to
| 'authenticate' the driver. the fluctuations need to be a
| specific pattern - delivered either by a device plugged
| into the 12v accessory port, or by some specific pattern of
| driver behavior, such as quickly flashing lights,
| activating wipers, etc. This is indeed a novel approach.
|
| And it is a fair sight more involved than a simple kill
| switch, by the look of things. The research aspect comes
| from exploring the practicality of such an approach. This
| exploration requires prototypes, test beds and
| investigators.
|
| Who's really to say what the results of the research will
| be, at this point? In my opinion, I think smart phones and
| NFC are probably the way to go... but I'm not going to hop
| on the internet and make scornful remarks until I know
| more. I'm not sure why you have done so?
| mNovak wrote:
| To be fair, most universities are great at interesting
| research but are also terrible at even preliminary
| productization. I highly doubt this $1.2M will go towards DOT
| paperwork and UL listing. This will go to a research
| prototype, then either get dropped off at the tech transfer
| IP office (good luck there), or spin out a startup. In the
| latter case, I'd have much rather seen this grant go directly
| to the startup, than pay the high Uni overhead.
| K0balt wrote:
| No, really, good for them.
|
| But don't be talking down on my car. That's just not cool.
|
| That beast is the workhorse of the farm and it gets the job
| done.
|
| None of the windows roll down though and it's hot as hell
| inside, so it discourages unnecessary use, saving the planet.
|
| It rarely sees pavement but it drags what needs to be dragged
| and it pulls the utility rigs out after they deliver to us.
| DanHulton wrote:
| And that's all well and good, but maybe introspect here for
| a second? You're upset that your accomplishments aren't
| being respected, immediately after discounting the
| accomplishments of others.
|
| The point is that your car's modifications and the
| university's are similar, but different, particularly in
| scale and broad robustness, which adds difficulty in ways
| you may not be appreciating.
|
| $1.2 million may sound like a lot to you, but to pay a team
| of people to work on, and provide materials for them to
| work with (especially cars, which generally aren't cheap,
| especially used cars right now!)... Well, it likely doesn't
| go as far as you think it does.
| fdr wrote:
| The professor did gloss over briefly the difficulty in
| making the system work for a large number of vehicles,
| before arriving at a viable "signature" idea, as the
| article describes. Sounds like an area with a lot of
| false starts (heh) and time consumption, and dead ends.
| K0balt wrote:
| Vectorising the power profiles makes this a no brainier.
| I've done it, and I have no brain.
| dghlsakjg wrote:
| The professor should have seen that he could send a
| signature over the airwaves to his relay since that is
| even more universally compatible... plus, you can buy
| that exact device for about $20 at the online retailer of
| your choice.
| Gordonjcp wrote:
| Given that it's an idea that has been in production
| vehicles for 40 years, I doubt you'd need to spend $1.2M
| to "develop" it.
| K0balt wrote:
| I'm not disparaging their work. It is probably really
| cool, and they probably published some great information
| that will be useful to many. I don't doubt it was
| challenging for them, but I do doubt that the problem was
| fundamentally challenging from en engineering
| perspective.
|
| As for my "work" it is literally insignificant tinkering
| by a bored old fucker with nothing better to do than chat
| on hacker news.. I don't even respect my work, and anyone
| who thinks more of it than digging a ditch is just wrong
| and has obviously never dug a ditch.
|
| But, just calling it like it is, the "signature " thing
| they are working on is something that is already solved
| for decades and if it took anyone more than a week they
| may not have a clue what they are doing. I have
| implemented a version of it myself in a technically
| adjacent application.
|
| In case anyone cares enough - and you probably shouldn't-
| feel free to read my incoherent ranting that follows:
|
| In my case I use load vector analysis it to detect and
| characterise loads on our microgrid. We have several
| buildings and houses, and we run 100 percent solar on an
| off grid system.
|
| Using an esp32 and a current transformer coil on each of
| the three phases, with some good 16 bit ADCs, we monitor
| and characterise loads. Each of the refrigeration
| compressors has a somewhat unique starting and load
| profile. Each water pump in our utility system similarly
| has a unique startup and load profile. Same with air
| compressors, fans, and other equipment.
|
| The profiles are programmed into the esp32 by putting it
| in calibration mode and switching the load off and on 10
| times. It's a pain in the ass because you have make sure
| no big changes happen in the power system in the
| meantime, but it works.
|
| The MCU saves the signature as a vector and assigns it a
| number if it doesn't sit too close to any existing vector
| signature.
|
| It is really good actually, even being able to
| discriminate between identical pumps on the system
| because of their supply impedance and loading.
|
| I'm not a data scientist or an actual engineer so I
| adapted some vector code from a DSP project, and the
| whole thing took me about 2 days using the Arduino IDE
| (please kill me)
|
| I'm basically an idiot. Anyone who does this for a living
| should be able to do it in less than half the time.
|
| There are still some rare false negatives because a grid
| can be quite chaotic, but in general it's very accurate.
| In a simple D.C. system like a car in the off condition
| with predictable loads I would fully expect 4 nines
| discrimination.
|
| What they did was cool, but it wasn't hard. Not saying it
| wasn't hard for them, and maybe they learned a lot, but
| I'm pretty sure that 1.2 million to solve the problems
| described in the article is two orders of magnitude off
| of reasonable.
|
| From the provided description, If a single engineer with
| decent tools could not have this from zero to a
| production ready GERBER file with masks, stencils, and
| the works to send off for automatic assembly inside of a
| month they should probably look for another line of work.
|
| Of course, if they work like I do which is to say they
| don't, very much, and they mostly drink coffee and fuck
| off all day, then I'd give them a month and a half
| knowing full well they did all of the actual work in a
| week of panicked thrashing, creating months of technical
| debt in every line of code to build the glass house that
| somehow works without passing any of the tests but that's
| fine you just rewrite the tests.
|
| Of course certification and things like that are a whole
| different beast, but this was a CORE research grant.
| ModernMech wrote:
| $1.2 million will fund 4 years of research for 2
| professors, and 2 PhD students. It's not exactly a career
| making grant.
| xwdv wrote:
| That seems extravagant. By my calculations it should fund
| approximately 6 or so years.
| neuronerdgirl wrote:
| Cover the two PhD students at the NIH payscales for PhD
| students on a standard training grant[1] ($43,894 not
| including benefits) and you've used up over a quarter of
| your budget on less than half the salary needs,
| completely ignoring any research costs that need to be
| covered on top of the much higher payscales of the
| professors. Plus a large number of PhD students in this
| kind of work make more than the states stipend above. Not
| extravagant.
|
| https://osr.ucsf.edu/news/nih-update-ruth-l-kirschstein-
| nati....
| lasfter wrote:
| Where are you seeing $44k? The link you gave shows
| payscales for postdocs, and points to another page [1]
| showing that predoctoral trainees get $27k.
|
| Also, in my field and in my region, $27k is massive
| funding. I don't know anybody who makes that much, let
| alone $44k, and we also don't get tuition or benefits
| covered. Our TA/RA union is currently striking because
| it's essentially impossible to live off of funding alone.
|
| [1] https://grants.nih.gov/grants/guide/notice-files/NOT-
| OD-23-0...
| neuronerdgirl wrote:
| I'll give you that I misread bullet 2, so the total is a
| little over 31k. But grants that fund salaries for
| predoctoral scholars don't just fund the salary itself,
| they also cover the additional funds listed on that page.
| You can't partially fund a trainee on a grant. In any
| case, this wildly misses the forest for the trees - 1.2
| mil in grants does not cover 6 years of salary plus
| research costs for 2 trainees and 2 professors full stop.
| xwdv wrote:
| But it's not 4 years either.
| xwdv wrote:
| This was my conclusion as well. Will wait to see what the
| response is here.
| totoglazer wrote:
| No way. Half goes to overhead. 600k/4 people/4years =
| 38k/person/year.
| dghlsakjg wrote:
| Did you see the picture of what they built? I wouldn't
| describe it as refined or particularly professional.
|
| It sounds like his system is more refined than the
| academic one. It certainly has more features.
| spell-slinger wrote:
| He sounds like a monster of a vehicle. Loyal and strong.
| The goodest of cars.
| seemack wrote:
| 1 line barely acknowledging the criticism, 4 lines
| defending the car whose feelings I can assume have been
| mortally wounded. The defensiveness around the car is
| ironic given how casually you threw out your needlessly
| negative hot-take.
| brk wrote:
| It is obvious in retrospect because this concept has been
| around for 30 years. A common killswitch mechanism that I
| remember being implemented in the early 90's was a system
| that tied into accessory devices. On my friends car you had
| to put the key to ACC, then turn the cruise control on and
| off, and then engage and disengage the parking brake before
| the car would start. No other obvious lights, buttons,
| switches, etc. And you could install the killswitch device to
| tie into basically any 2 systems that used battery power.
| pmontra wrote:
| My father disconnected the distributor (correct word?) and
| took a piece of it with him. Definitely a killswitch. That
| was in the 70s. Cars got more complicated around 1980.
| function_seven wrote:
| Mine removed the starter relay at night. (The car didn't
| have a distributor AFAIK, or if it did, it wasn't as
| accessible).
|
| This wasn't to foil thieves, it was to frustrate the repo
| man.
| Tempest1981 wrote:
| Yep, removing the rotor from under the distributor cap
| (correct), which disabled the ignition system.
| passer_byer wrote:
| My hack was to purchase a 2017 vehicle with a 5 speed
| manual transmission. I reckon 95% of would be thieves
| can't easily drive it away!
| sitzkrieg wrote:
| my trick too, esp in some areas. getting harder and
| harder to find outside of sports cars :-(
| jjav wrote:
| > My father disconnected the distributor (correct word?)
| and took a piece of it with him.
|
| Yes, my dad was used to removing the rotor from the
| distributor (small piece, easy to pop off and unless the
| thief just happens to have the correct model handy, the
| car can't run) back in the 60s (maybe he did it earlier).
|
| I'm pretty sure some form of this has been popular for
| just about as long cars have had an electrical system.
| borski wrote:
| Dropbox wasn't a new idea either. rsync had existed for
| many years.
| brk wrote:
| But Dropbox made rsync more user friendly and available
| to people who weren't techies.
|
| The concept of a starter interrupter has been around
| almost as long as the automobile itself. Ways to engage
| and disengage that interrupter have evolved and advanced
| over the years. Older folks will remember cars with a
| keyswitch on the front fender, and then a keypad inside,
| and then hidden switches like I described in my OP, and
| then IR and RF remotes, and so forth.
|
| The basic concept in the linked article is not very
| novel, IMO. The specific implementation is cute, and
| somewhat current in the sense of evolution of these
| systems. But the whole thing is as noteworthy as the next
| arm64 advancement.
| positron6000 wrote:
| "i'm not a 'car guy' - where can i get a simple interface
| for a killswitch that only needs to be installed once and
| can be controlled from an app?"
|
| ^ this is where the value is, which is what the $1.2m is
| intended to explore.
| dghlsakjg wrote:
| 30 seconds on aliexpress found me this:
| https://a.aliexpress.com/_mPSrPR0
|
| No Bluetooth, but it does have a dedicated RF remote.
|
| Edit: figured out the keywords I needed for the exact
| product you want "bluetooth immobilizer"
|
| https://a.aliexpress.com/_mNgigFk
| andirk wrote:
| I love rsync. Used it to batch some few million image
| files for Sephora makeup company to a couple different
| servers.
| dghlsakjg wrote:
| So does this "project".
|
| There are dozens of already existing products that are
| designed to do _exactly_ this for pretty cheap.
|
| https://a.aliexpress.com/_mPSrPR0
| rhaway84773 wrote:
| And despite being around for 30+ years it's not broadly
| adopted despite a significant rise in car thefts.
| thriftwy wrote:
| In some countries, it is.
| darau1 wrote:
| I would say because of how it must be installed, and that
| it is probably not common knowledge. In my country, it is
| not unheard of, but I hadn't heard of it until my
| electrician mentioned seeing one on a car he worked on
| recently. I asked if he can install one for me, and he
| said he doesn't know how, nor did he know the name of the
| person that installed the one on the other car.
| vkou wrote:
| Is there actually a significant rise in car thefts? Or
| did we just hit an acute rise in car thefts of two
| particular models, caused by the discovery (Well,
| publication, really) that they are still using 30-year-
| old security?
| janalsncm wrote:
| Good question, it seems like car theft is on the rise,
| yes. And it's spiking in particular metro areas
| (Milwaukee, Chicago) more than average, although national
| trends are also up.
|
| https://counciloncj.org/wp-
| content/uploads/2023/01/CCJ%E2%80...
| andirk wrote:
| In California, if youre car is stolen and then found, the
| cops will give you a fat ticket and tow your car and then
| give you a ticket for it getting towed. Somehow getting
| the car towed is also a ticket.
| kid64 wrote:
| Yep. Shameless re-victimization.
| balder1991 wrote:
| Another question you can ask is was there any incentive
| before to not report car thefts?
| mywittyname wrote:
| A salient issue has been that Hyundai/KIA didn't
| implement any anti-theft mechanisms on certain models,
| and recently the details about how to steal these cars
| has become popular knowledge, and now people who own the
| affected models can't even get insurance on them.
|
| There's been some other exploits to infotainment systems,
| but AFAIK, they are all limited to proof of concepts. And
| the radio-repeater that almost works occasionally on some
| cars with wireless key access (better implementations
| have proximity detection which prevents this attack
| vector).
|
| As it turns out, immobilizers are pretty damn effective.
|
| If I owned an effected Hyundai/KIA, I'd do like we all
| did with 90s cars and put a killswitch in. It's not
| professional car thieves hitting the bulk of these cars,
| but mostly bored people showing of. So if YT can't show
| them what to do if the car won't start, they will go
| away.
| xattt wrote:
| > On my friends car you had to put the key to ACC, then
| turn the cruise control on and off, and then engage and
| disengage the parking brake before the car would start.
|
| That's a cute trick, but if a current day equivalent is
| integrated into modern day cars (i.e. CANBUS-based), then
| the security is already defeated.
|
| No one challenged the security of the "cruise control cheat
| code" of the 1990s simply because there were no devices
| small enough. The other bit is that criminals weren't
| sophisticated enough.
| jabart wrote:
| $1.2 million sounds like a lot but there is a team of people
| working on it for a whole year. There is some insurance OP
| doesn't have in case it's proven one of these devices did
| cause a crash. If this was some Kickstarter I feel like it
| would cost more and be 3 years behind already.
| cdchn wrote:
| This is the same kind of take as going to a nice restaurant
| and loudly exclaiming "$50 for a steak?! I could pay $8 at
| the butcher and make the same thing at home!"
| mcpackieh wrote:
| It's more like a researcher getting a $1M grant to study
| whether putting salt on a steak makes it taste better, and
| a chef saying _" Wtf, we've been doing this forever"_
| foooorsyth wrote:
| I work for a major OEM in automotive. Getting ANYTHING
| "simple" into real cars, especially anything related to
| physical access and starting the vehicle, is a huge
| undertaking. $1.2 mm is cheap for this sort of feature,
| assuming that money goes to the actual implementation,
| standardization, homologation, and integration on the
| assembly line.
| f1shy wrote:
| Car OEM are far as example of efficient work...
| foooorsyth wrote:
| It's not efficient. That's the point.
|
| The car is a complicated product. It's not a website.
| It's not an app. My employer has 120k+ employees and
| factories in every continent except Antarctica.
| Regulatory bodies interject with anything related to
| access and security, and those bodies are different in
| every country/region. The product itself is massive
| physical good that many countries consider domestic
| production of which to be a matter of national security.
| Every single physical change to the product is analyzed
| by bean counters. Shipping the product requires at least
| some level of expertise in mechanical engineering,
| chemical engineering, hardware, software, and
| manufacturing. You need factories, regulatory approval,
| supplier networks, programmers, drivetrain engineers,
| management, people to lobby the government, accountants,
| and much more. You need it all.
|
| You'd be shocked at how difficult adding a single
| physical button to any given car can be. Scoffing at
| $1.2mm for a new ECU that relates to security is naive.
| "I could do this in one day in my garage" is not how
| shipping a change to automotive products works.
| jsight wrote:
| > $1.2 mm is cheap for this sort of feature, assuming that
| money goes to the actual implementation, standardization,
| homologation, and integration on the assembly line.
|
| Maybe I'm reading it wrong, but it sounded like the $1.2mm
| went to some prototypes and a research paper.
| foooorsyth wrote:
| Well if that's the case then it is indeed a rip off for
| the taxpayer.
| dghlsakjg wrote:
| They already spent $1.2mm. They have a prototype hand wired
| together. This isn't even close to production ready, and it
| never will go into production because almost every new
| vehicle has an immobilizer built in that is authenticated
| via an nfc chip in the key that does exactly what this
| does, but transparently without driver input.
| unsui wrote:
| > I guess I should have applied for a grant.
|
| But you didn't.
|
| Echoing the sentiment from many of the replies, it's easy to
| arm-chair quarterback and criticize others' work (and moreover,
| the existence of the work itself) as intuitively obvious, and
| therefore lacking value.
|
| Besides the fact that it has value to someone (therefore the
| grant award), the devil's in the details, and a grant like this
| isn't just for the idea, but also for development and
| productionizing.
|
| But, going back to your point... if you think you can do
| better, than by all means do so. Seems like sour grapes that
| someone else is capitalizing on something that is intuitively
| obvious to you.
| [deleted]
| draw_down wrote:
| [dead]
| nnurmanov wrote:
| What if thieves steal cars for their parts? They can tow car and
| beat such security systems:)
| joe_the_user wrote:
| I think chip-keys are extremely common now - my twenty year old
| Infiniti has one. Car theft rates have been declining for thirty
| years [1]. I think thieves focus on either the remaining old cars
| or very specialized efforts for new cars.
|
| [1] https://www.statista.com/statistics/191216/reported-motor-
| ve...
| fragmede wrote:
| They were first designed (and patented) in _1919_. More
| importantly is that they 're now required on all new cars sold
| in the US according to Standard No. 114; Theft protection and
| rollaway prevention, though I'm not totally clear on when that
| got passed.
|
| https://www.law.cornell.edu/cfr/text/49/571.114
| tonymet wrote:
| this is a case where they should have run the idea by an ex car
| thief.
|
| How is this any better than a hidden killswitch under the glove
| box or behind the gas pedal?
|
| Once the attacker knows they can just short the circuit.
| kodt wrote:
| Also this does nothing to hinder armed carjacking where the car
| is already running. These are way up since 2020.
| ZiiS wrote:
| It looks like if I connect a standard jump-pack to the starter
| motor it bypasses this new deterrent? Given the 50 years arms
| race leading to current immobilizers this seems a bit comical.
| Waterluvian wrote:
| I knew someone with a shitty pickup truck where he wired a light
| switch into the fuel pump and hid it under the steering column.
| The truck would be stolen something like 5 times a year and every
| time he would find it abandoned a km or so away when the gas in
| the line ran out.
|
| I drove in it once to get lunch and near the beginning the car
| begins sputtering and he's like, "oh right, you're thirsty" and
| reached under and flicked the switch. So understated, I still
| laugh at the memory.
| gorkish wrote:
| Our local police department had a guy get his squad car stolen
| TWICE during traffic stops, and they installed an ignition
| interlock switch on their entire flee to prevent it happening
| again. Also they relegated the guy to motorcycle duty after
| that.
|
| Another story is once my friend called me for help because his
| car would't start. I looked it over; tested his battery etc,
| but it wouldn't turn over. I asked him if he had an interlock
| of any sort and he said no. I didnt do any more investigating
| since the car was still new, so I showed him how to push start
| it and drove it over to the dealer. Come Monday morning the
| dealer called him to ask where he had put the interlock loop
| that he had pulled out from under the dash. "Oh that thing?
| Yeah I thought that was weird." SMH
| the__alchemist wrote:
| Wow! Who steals a police car, and with the cop nearby? Would
| love to hear more.
| x86x87 wrote:
| You wouldn't steal a car!
|
| https://youtu.be/ALZZx1xmAzg
| red-iron-pine wrote:
| i wouldn't.
|
| but i'd totally download a car
| JohnFen wrote:
| I'd download it, but my 3D printer doesn't have the print
| volume to make it. :(
| [deleted]
| acomjean wrote:
| My last century GTI had kill switch (it was one of those
| circular keys and a spring loaded button) under the steering
| wheel. The engine would turn like it was trying to start, but
| it wouldn't unless it was unlocked. The other thing the switch
| did which I didn't realize at first was lock the hood. I bough
| the car used and trying to lift the hood initially I thought
| the latch was broken..
| titanomachy wrote:
| > The truck would be stolen something like 5 times a year
|
| Damn, I thought _I_ lived in a bad part of town.
| Waterluvian wrote:
| Mind you it didn't have doors that locked and you started it
| by twisting a screwdriver.
| Ancapistani wrote:
| Super common in simple vehicles used to "run into town" in
| rural areas. We call them "kill switches".
|
| My previous vehicle was a '97 Jeep Wrangler. There were two
| kill switches installed when I bought it: one down by the
| driver's seatbelt latch for the fuel pump, and one reachable by
| inserting your finger into the opening for the 4wd shifter the
| disabled the starter. Neither was easily visible.
| technothrasher wrote:
| Yup, I put an ignition kill switch in my old Triumph Spitfire
| behind the dashboard when I was living in a not so great part
| of town. Just had to reach my hand up behind and flick it. I
| didn't hide it too hard, figuring anybody that tried to drive
| away in my Triumph and couldn't get it to start would figure
| it was just being a typical Triumph.
| firebat45 wrote:
| Cars built with Lucas electrics typically have 3 modes of
| operation. Off, Dim, and Flicker. Which two of the three
| end up on your switch is entirely random.
| rpcope1 wrote:
| The only thing that Lucas built that didn't suck was a
| vacuum cleaner.
| mhandley wrote:
| Oh yes, those of us of a certain age remember well Lucas,
| Prince of Darkness.
| pjot wrote:
| During the summer when I was 16 I bought a pair of subwoofers
| and promptly installed them into my mom's Honda Accord.
|
| To make it so that she could drive without bumping Delilah, I
| wired them to the defrost switch.
|
| It wasn't long into winter until I was forced to take them out.
| wing-_-nuts wrote:
| My family's little econobox had a few interesting 'features':
|
| The slushbox would shift into high gear and lug the engine
| unless you drove it like you stole it. The ignition didn't
| really _need_ the keys unless you purposefully locked the
| steering column The exhaust split down the middle, giving the
| car a great sporting growl, and last but my favorite, the
| radio would often lock itself to the particular station and
| volume you were last playing. Sorry mom, hope you like metal
| at 11!
| pavel_lishin wrote:
| My car in high school had a similar system. The radiator fan
| didn't turn on automatically, so my dad wired it directly into
| the AC controller. (The AC also did not work. It was not a
| great car.)
|
| If you got in the car, and did not specifically turn the AC to
| the correct setting, the car would overheat about a mile down
| the road.
|
| Luckily for me, I never had a chance to put this into practice,
| because nobody stole my car. Unluckily for me, there were
| several times where I forgot that I had to do this, and my car
| overheated about a mile down the road.
| mikestew wrote:
| _The radiator fan didn 't turn on automatically, so my dad
| wired it directly into the AC controller._
|
| All that trouble, rather than run to NAPA to spend $12 on the
| thermo-switch that would be easier to install than hacking
| into the A/C controller. Yeah, I've known some dads like
| that.
| derefr wrote:
| "Run to NAPA" in what car? Presuming the nearest auto parts
| store is more than 10mins down the road (probably much
| more), you won't make it there without first doing
| _something_ hacky.
|
| And then the stupid solution is already working, so...
| tadfisher wrote:
| Sounds like a recipe for blowing head gaskets!
| hodgesrm wrote:
| Or destroying the pistons. I did this once. It was a long
| walk as in _many_ kilometers from where we broke down to
| Mannheim train station so we could get home. Normally you
| could hitchhike but it was late at night and for some
| reason the locals didn 't want to pick up a couple of
| scruffy looking American GIs.
| pengaru wrote:
| I'm the type of person who will start a cross-country road
| trip with a nearly broken car with locking pliers and zip
| ties in the trunk just to try create some fun adventure along
| the way.
|
| And even I wouldn't do something that stupid.
| progman32 wrote:
| In one of my old cars I reach down under the dash and partially
| unplug the clutch switch. Prevents any starting because the car
| thinks you've forgotten to press the clutch in. You'd need to
| know that one connector is a bit too far out, super stealth.
| tbihl wrote:
| You had the thief at _clutch_ , of course. But I love this
| idea.
| idiotsecant wrote:
| I did similar, except wired into the ignition circuit and with
| the control being a little cheap ebay RFID thing with the
| sensor on the underside of the dash. I kept a little RFID tag
| on my keys, chuck my keys up onto the dash when i'm ready to go
| and the truck is started with a pushbutton. I also put a
| cheater switch in the glove box in case i forgot my RFID tags.
|
| In my case it was motivated more by maintenance headache - the
| mechanical linkage that went from the ignition switch to the
| ignition control device at the base of the steering column was
| busted and I was too cheap to buy another one and it was a pain
| to replace.
|
| Project trucks that nobody can drive but you are the best
| trucks, IMO.
| Scoundreller wrote:
| I guess this works if you don't have immobilizers. In Canada
| they're mandated, so the ECU is expecting some kind of
| digital signal from the key before turning on (but sometimes
| you can just shuck the rf chip inside they key and glue it in
| the right spot, or uncode it from the ecu).
| idiotsecant wrote:
| 1996 ford pickups have about the simplest ignition wiring
| you could possibly imagine. I wouldn't even dream of doing
| this on anything new enough to have an immobilizer.
| Karellen wrote:
| Hey! How do you know how to do that? Nobody can start this
| car but me, butthead!
| hammock wrote:
| Watched this movie last night :)
| phendrenad2 wrote:
| I believe this is a story told by comedian and author Adam
| Carolla.
| gadders wrote:
| In the UK in WW2 for a period of time everyone had to disable
| their vehicles when unattended by removing the rotor arm
|
| https://www.britishpathe.com/asset/47622/
| chiph wrote:
| A local Chevy dealer once got a Silverado pickup with the 454
| (7.5 liters) V8 in it. As an anti-theft measure, they
| disconnected four of the spark plug wires when they parked it
| on the lot. It got stolen anyway - it turns out that a 454
| will still run on half it's cylinders.
| jakogut wrote:
| Seems it would be more effective to slightly disconnect the
| coil wire, in addition to being less work to reverse.
| [deleted]
| dtgriscom wrote:
| I wired the cigarette lighter socket in my old MR-2 so that, if
| the lighter wasn't pushed in, the fuel pump would work for the
| first half mile. Then, the gas gauge would go to zero and the
| car would stall. Bonus: I kept a second cigarette lighter in
| the car with its heater removed, so I could leave it in the
| socket and there's no way to disable it (unless you brought
| your own cigarette lighter).
|
| Of course, my system was just a bit flaky, and time and again
| I'd be on the highway, desperately pumping the lighter trying
| to keep the car going. I ended up yanking the whole shebang.
|
| Same car had an alarm system, which over the years got
| triggered several dozen times by yours truly. The one time
| someone else triggered it by bumping my car, I came outside and
| thanked them.
| dahwolf wrote:
| When I was younger here in the Netherlands a lot of us had
| tweaked motorcycles/scooters that would go much faster than the
| allowed cap of 50km/h.
|
| Many had a "cop switch". Cops suspecting you messed with the
| engine would put the scooter on a test belt to measure its
| maximum speed. The cop switch would instantly cap it to the
| allowed speed. Mine was hidden in the left mirror, a minor
| adjustment would activate it.
| jeremy_wiebe wrote:
| Sounds like a VW: behaves differently under test.
| rootsudo wrote:
| 1. It's re-inventing a kill switch.
|
| 2. It adds tons of uselees innovation to a kill switch.
|
| 3. If your car is antique/valuable/interesting, the people
| stealing it know the starting diagram/circuit and can easily rip
| it out/bypass it.
|
| 4. IF your car is antique/valuable/interesting you wouldn't add
| this as it can depreciate the car value/make it more ugly. You're
| not installing this in a brand new BMW M6, or a new Honda Civic,
| or a E24/1980's BMW M6 or a 1990's Honda EK Civic.
|
| Solutionism at it's worse. Ignores the whole idea of what a car
| is. Ignores the innovation in Transponder tech that has been the
| standard for a while - only Kita/Hyundai in the USA has been
| avoiding it because if added BOM.
|
| Outside the USA car thefts are not as common and in Domestic
| Japan/India/Asia a transponder is still _pretty_ rare.
|
| But back to the article - seeing this was sponsored by
| "University of Michigan- " - WTH is going on there? That is
| Ford/GM.
|
| Ford has had PATS technology for the longest time -
| https://en.wikipedia.org/wiki/SecuriLock
|
| GM has PK, same idea.
|
| "Battery Sleuth bypasses both the wireless communication that key
| fobs depend on and the standardized onboard communication network
| that's used in today's vehicles. Instead, it authenticates
| drivers by measuring voltage fluctuations in a vehicle's
| electrical system. "
|
| Worthless, so it knows the cars resting voltage usage (easy
| enough) and if theres a drain, it means something is connected
| and that it can _lock_ it up, but the same as a killswitch, it
| can be removed or bypassed.
|
| "Battery Sleuth also has defenses to guard against hacking or
| physical attacks on the device itself, including a siren that
| sounds if illegitimate activity is detected and a resistor that
| shuts down the vehicle's electrical system if an unauthorized
| power source is connected to the vehicle. "
|
| Very easy to pop hood, pull siren out/disconnect. and lol
| "resistor" means anything/nothing.
| incahoots wrote:
| I'd argue your 3rd point is more based in the reality of movies
| that involve unique cars (Gone in 60 Seconds, etc).
|
| Most unique rides are typically stolen due to owner
| laziness(leaving keys on top of a tire, keys in the visor, left
| running, etc.).
| rootsudo wrote:
| I disagree - many cars are kept in parking lots - especially
| in HCOL. Access is basically whenever - if someone sees it
| there, and not moved often and such they know they can most
| likely attack it.
|
| Stripping an security system is also doable, via the can-bus
| attacks we see of late, but more personalized can just be to
| replace the ECU. In many cars this can be done in less than
| 15 minutes.
|
| Car shopping as presented in gone in 60 seconds is somewht
| common - ask people on any enthusiast forum and you'll see.
|
| Miatas in Bay area, stolen for the hard top/car itself.
| Skylines Honda Civics - just spare parts basically, though if
| it's a mint enough model I can see people vin swap because
| 2000's Honda S2000 - mint models reach 30K now, so it's own
| market.
|
| And that's just from what _I 've_ kept up* in.
|
| Now would someone pull up to someones garage, open that, and
| drive out? Probably not - but alot of people do drive cars to
| a parking space for _work_ , or if they live in a condo -
| have shared/communal parking, and such.
|
| And to add an extra layer of paraonia, it is very inexpensive
| to attach a GPS/Air tag to a car and track it - within a week
| or two you can see a pattern of where it goes, for how long
| and what amount of time its standby.
|
| The VIN number is also viewable from the windshield, meaning
| if the thief has any sort of connection - they could even
| just order a replacement key thats preprogrammed with a base
| code and potentially just turn up to the car and drive away.
|
| But for opportunistic theft, yes - keys left within
| car/visible and then stolen but there are many different type
| of thieves for different markets. For unique/"antique" cars
| or any cars that were in the first three gran turismo - being
| targeted is a very big thing now in the community.
| incahoots wrote:
| Thanks for reminding me of the Miata/Civic thefts, I nearly
| forgot how big that was in the mid 2010s. I recall so many
| articles of that happening.
|
| I was living in Miami during that time, a friend had his EK
| hatch stolen, beautiful example too, spent a fortune on
| that car and it showed. Of course the aftermath was the
| same ole story of it being stripped, and cut to a near
| nonexistent state.
|
| Now thinking on this "solution" the amount of social
| engineering that happens today will defeat this pretty
| quickly. Most of the thefts for cars like my friends were
| done by people who knew the owners.
| rconti wrote:
| > Outside the USA car thefts are not as common and in Domestic
| Japan/India/Asia a transponder is still pretty rare.
|
| My priors are that car theft inside the USA is fairly rare now,
| but exceedingly common in Europe. I'm constantly hearing about
| all kinds of sophisticated electronic attacks on vehicles
| particularly in the UK, that are simply not an issue in the US.
| gruez wrote:
| >At the end of the three-year project, the team aims to have a
| commercially viable prototype that can be scaled up to commercial
| production, first as a theft deterrent device, and potentially
| later as a complete vehicle entry and control system that could
| replace traditional keys and fobs.
|
| What's the point of this? Modern cars already have engines that
| are cryptographically tied to keys[1]. They're not perfect, but
| is adding a whole new rube goldberg machine into your car really
| better than fixing the existing system?
|
| [1] https://en.wikipedia.org/wiki/Immobiliser
| goodpoint wrote:
| Just like the one from TFA, mass production devices are easily
| defeated because they are all the same.
| EGreg wrote:
| So let me get this straight
|
| Modern cars have engines that are cryptographically ties to
| keys
|
| But the Pentagon couldn't put biometric locks on their humvees?
|
| https://www.ibtimes.co.in/isis-takes-dozens-captured-us-humv...
|
| They can't account for trillions of dollars... but we vote them
| more money they didn't even ask for
|
| https://www.nytimes.com/2019/03/11/us/politics/trump-budget....
|
| _"Mr. Trump's budget, the largest in federal history, includes
| a nearly 5 percent increase in military spending -- which is
| more than the Pentagon had asked for"_
| kube-system wrote:
| Locks are often _intentionally_ omitted from equipment in
| environments where high availability is prioritized. They are
| also often omitted in locations where physical security is
| provided at a broader level.
| EGreg wrote:
| Sure, let's _intentionally omit_ locks from equipment that
| is designed not to fall into enemy hands. Let 's not have a
| kill switch, either. Sure, makes sense for an agency with
| more money to spend than every corporation in America!
| seabird wrote:
| Even if you put the locks on, they would _never_ be used.
| If you need it you need it right now, and it 's usually
| life or death. If somebody is trying to steal it, you
| shoot them. The last thing you want to be doing in a
| gunfight is fucking with a lock.
| EGreg wrote:
| This is a strawman
|
| All you have to do is have every soldier who is
| authorized to use your equipment unlock the vehicle
| through an affirmative phrase -- and the vehicle can
| check their voice for instance, or other biometrics like
| their fingerprint. Or each of them can wear a beacon or
| smartphone which does that.
|
| Cars today open with you just getting into the car. This
| is easy stuff man
| alistairSH wrote:
| _every soldier who is authorized to use your equipment_
|
| You do realize that in a war zone, that list of
| authorized users can change rapidly (as people are
| injured, die, or rotated out of combat)?
| kube-system wrote:
| Solders in warzones frequently wear gloves, encounter
| debris, shoot guns, or are exposed to extremely noisy
| conditions, which would result in an inadequate signal-
| to-noise ratio for reliably and quickly sensing
| fingerprints and/or voices. They also tend to avoid
| unnecessarily emitting RF which would give away their
| position to enemy forces who have advanced signals
| intelligence gathering.
|
| Yes, it would be possible to do what you are saying.
| However, militaries find this undesirable because they
| find the drawbacks outweigh the benefits.
| mcpackieh wrote:
| Voice recognition under combat stress? That shit barely
| works under optimal conditions.
| EGreg wrote:
| Not true, now it is very robust
| kube-system wrote:
| It doesn't matter how robust it is, any voice recognition
| less than 100% reliable and any more expensive than $0
| would put your equipment at an operational disadvantage
| when put on the battlefield against an opposing military
| with vehicles that exhibit a 0% rate of authentication
| failures because they lack authentication.
|
| There is no realistic scenario in which a military has
| lost physical control of the vehicle, and the situation
| is mitigated by locks on the vehicle. It is _always_
| already too late at that point.
| mcpackieh wrote:
| When shrapnel and bullets are flying and your nerves are
| completely shot, your voice wavering and you're croaking
| from smoke inhalation, do you really want to entrust your
| life to voice recognition? Come on dude, you're being
| absurd. We're talking about military hardware, not tech
| gadgets for your home.
| alistairSH wrote:
| Or you're wearing your gas mask. Or it's cold so you're
| wearing a balaclava.
| sleepybrett wrote:
| I'm saying what everyone else is trying to tell you 'you
| have no fucking idea what you are talking about, you are
| trying to solve a problem that does not need to be
| solved, that no one has a desire to solve and is in fact
| not even a problem'.
| elzbardico wrote:
| If the enemy gets physical access to the vehicle that
| you're going to use to escape, you're already toasted.
|
| And on the other hand, if you are ambushed, you don't
| want you and your unit to die because the soldier who had
| the keys just got fragged by the enemy and now you can't
| escape.
| Terr_ wrote:
| > Sure, let's intentionally omit locks from equipment
| that is designed not to fall into enemy hands.
|
| Slow down there with the sarcasm and think about the
| actual requirements or use-cases first. Your average
| operable military vehicle is in one of three situations:
|
| 1. Actively occupied or guarded from theft by current
| owners/operators with guns who will not tolerate
| strangers getting close.
|
| 2. Parked somewhere in the middle of a whole bunch of
| people who are generally guarding the whole area, and
| those people may need to be able to operate it very
| quickly.
|
| 3. In some long-term storage which is well-fenced, under
| surveillance, guarded by people with guns, and typically
| very far from both overt enemies and opportunistic
| thieves.
|
| So there's already an access control system tuned to a
| particular set of needs... and one of those needs
| includes "using it to escape from something dangerous
| even if the prior-driver and everything in their pockets
| got vaporized."
| EGreg wrote:
| How many tanks and materiel did Ukrainians take from the
| Russians? On October 2022 it was an estimated 453 Russian
| tanks. I guess 1, 2, 3 don't work that well in battle
|
| https://www.newsweek.com/how-russian-tanks-captured-
| ukraine-...
|
| Also for other things too:
|
| https://nypost.com/2023/05/11/ukrainians-strike-russians-
| wit...
| Terr_ wrote:
| _So what?_ None of that wall-spaghetti supports an
| argument for keyed ignition locks as the solution. It 's
| not like those Russian troops had just stepped away to
| get coffee.
|
| If anything, it suggests other things like:
|
| 1. Russia shouldn't have tried a desperate blitzkreig
| through muddy terrain.
|
| 2. The Russian military should have had better
| policies/equipment to _destroy or scuttle_ the
| ofabandoned tanks.
|
| 3. Russian tank-drivers should have had better training
| so that they didn't get their vehicles stuck in
| embarrassing ways.
|
| Plus it's not like the opposing force will be a bunch of
| joyriding delinquents: Even if you completely remove your
| abandoned truck's steering-wheel and pedals, your way
| out, they've got mechanics and tools and factories, they
| can just fit their own. Truly denying them any valuable
| salvage is actually a lot of work/damage.
| sleepybrett wrote:
| No fucking key is going to stop them from finding that
| tank in a field, towing it back to a farm behind friendly
| lines, and bypassing the fucking lock using a fucking
| hammer or a soldering iron.
| kube-system wrote:
| Are you suggesting that locks would have prevented this?
| EGreg wrote:
| Certainly kill switches would
|
| Every TV show has a self destruct mechanism to prevent a
| ship from falling into enemy hands and blabla etc
| somerandomqaguy wrote:
| So... you're basing your opinion about machines used by
| soldiers in combat.... on fictional television shows?
|
| Just a question, have you ever worked with soldiers
| before?
| kube-system wrote:
| An opposing military capable of leading the Russian
| military to abandon their tanks would also have the
| capability of defeating a kill switch once they have
| unhindered physical access to it.
|
| Scuttling has been a common military practice, for
| literally millennia. This practice is unrelated to the
| presence of any locks on the vehicle. Militaries are
| equipped with explosives and weapons and can perform
| these actions without them being built into the vehicle.
| The reason this did not happen is not due to the
| construction of their vehicles, it is because they did
| not take action to do so.
| https://en.wikipedia.org/wiki/Scuttling
|
| The automated self-destruct countdowns you have seen in
| movies and TV shows are used for dramatic effect. In
| reality, it is cheaper, more reliable, and safer to
| scuttle a manned vehicle manually.
| habinero wrote:
| My guy, I believe the enemy already knows about our WWII-
| era "large truck" technology. It's fine.
|
| You don't want either of those things in a widely used
| military vehicle. Soldiers do not need to die because
| they're fumbling and dropping keys under fire. They also
| don't need their truck dying in the middle of a maneuver
| because the kill switch accidentally went off.
|
| Also, in war, trucks will be getting destroyed left and
| right. It'll literally be a rounding error.
| kube-system wrote:
| Yes, it does make sense that the DoD is more concerned
| about their own soldiers' lives than whether or not the
| Iraqi military has their vehicles stolen from them. These
| vehicles were already given away, adding some stupid
| biometric system would increase _both_ the price of the
| vehicles and the number of lives lost due to failures.
| Throwing technology at problems is not always a solution.
| The vehicles typically have better security than a lock
| anyway, they 're occupied or guarded by soldiers with
| guns.
|
| You might be familiar with locks on vehicles due to your
| own experiences, but deterrence to unoccupied theft is a
| requirement that is somewhat unique to civilian passenger
| vehicles. It is completely normal for many other types of
| vehicles to have very minimal or zero theft mitigations
| due to operating in different conditions with different
| requirements. For example, multi-million dollar jets have
| no anti-theft systems at all.
| velosol wrote:
| What a nightmare that would be: wearing gloves, fast entry
| and exit, injury/swapping drivers, sand.
|
| Also those were Humvees taken from Iraqi personnel.
| elzbardico wrote:
| Or: "Our unit was ambushed while setting up camp. We could
| all have escaped alive in our truck, if not for the fact
| that the first of us killed by the enemy was Private Jeane,
| and she was the one with the keys."
| Eisenstein wrote:
| Let me get this straight -- there is graft, waste, and
| incompetence in the defense industry??
| galaxyLogic wrote:
| The men in power always abuse that power, more or less.
|
| We need oversight but politicians are not very interested
| in doing oversight because corporations use their money as
| free speech helping their favorite politicians get re-
| elected, because of the Supreme Court decision that allows
| that to happen.
|
| So we need a more informed population to stop corruption
| from happening, but some politicians don't like the idea
| that people should be able to read whatever books they
| want.
| alistairSH wrote:
| That's probably true, but tangential to the absurd point
| made above.
|
| There is almost zero reason to include robust locks or
| immobilizers on military vehicles. They're either occupied
| by soldiers with guns. Or in a locked facility, guarded by
| soldiers with guns. Or abandoned on the battlefield (in
| which case, they should be scuttled, but shit happens and
| sometimes you need to GTFO ASAP).
| sleepybrett wrote:
| Even if you put this device in a car or a biometric device in
| a car or even a normal keyed system. An enemy who has
| possession of that car for more than a few hours can easily
| bypass most locking devices.
|
| This one is nothing more than a relay on the battery line.
| Simply find the relay and bridge it. Problem solved. Might
| take you a few hours to dig under the dash to find the damn
| thing, but once you do 'problem fucking solved'.
| alistairSH wrote:
| _But the Pentagon couldn't put biometric locks on their
| humvees?_
|
| The tanks that were stolen belonged to the Iraqi armed
| forces, not the US Army.
| oxfordmale wrote:
| What about a classical mechanical key? I am referring to a
| laser cut key, the type that can't be easily lock picked, other
| than in Hollywood movies.
|
| The problem is relay theft, where thief's relay the signal of
| your fob key inside the house to the car via a simple antenna
| and amplifier system. Cryptographically signing won't help.
|
| However, this can be fixed by adding a motion sensor that makes
| key fobs go into a sleep mode when they have been inactive for
| a minute. Upmarket car manufacturers like Mercedes have started
| to add this. The only reason this is not yet widespread as
| increased car theft is good for car manufacturers.
|
| Keyless cars top the list for most stolen cars across the UK,
| with around 93% of all stolen vehicles in 2020 being taken
| without vehicle keys. Addressing this stupidity would be the
| first step. It is like projecting your bank account details and
| security details on the facade of your building, and then being
| surprised your bank account is drained.
| scintill76 wrote:
| > However, this can be fixed by adding a motion sensor that
| makes key fobs go into a sleep mode when they have been
| inactive for a minute.
|
| Now I'm wondering how hard it would be for the thieves to
| shake the ground outside the house enough to fool the motion
| sensor...
| oxfordmale wrote:
| Most thieves try to be quiet to avoid detection. However,
| one should be open minded to new technologies, and the use
| of a loud jackhammer on the drive way sound like an
| excellent solution to this problem.
| boobsbr wrote:
| Why not put a button on the fob, like old car alarms had? Car
| won't start unless button is pressed on the fob, enabling the
| embedded radio.
| gruez wrote:
| > What about a classical mechanical key?
|
| can be picked
|
| >The problem is relay theft, where thief's relay the signal
| of your fob key inside the house to the car via a simple
| antenna and amplifier system. Cryptographical signing won't
| help.
|
| AFAIK the attack you describe only applies to keyless entry
| systems (ie. you can open and start a car without having to
| pull your key out), which is related but not the same as an
| immobilizer. Transponder keys without keyless entry systems
| still exist on today's models, and is the default on most
| cars unless you opt for an upgrade.
|
| >However, this can be fixed by adding a motion sensor that
| makes key fobs go into a sleep mode when they have been
| inactive for a minute.
|
| That helps against someone cloning your key while you're at
| your desk, but it seems way easier to clone the key while the
| driver is walking away from the car? That way you know which
| car to steal and don't have to follow the victim into the
| building, which might be secured (eg. office building with
| badge system). Measuring RTT time and/or trilateration
| (multiple antennas inside car) should be much more reliable.
| rocqua wrote:
| The modern versions of these keys cannot be cloned, they
| are challenge response. So you need to relay the challenge
| from the key, and then relay the response from the key back
| to the car.
|
| This is often used by thiefs who bring the relay close to
| the front door, hoping for the keys to be in a bowl or a
| hook near the door. Then they can open and start the car
| using the relay. The car then won't turn off when it loses
| connection to the key (because that is dangerous) which
| allows stealing of the car.
|
| There are cases where this was done over much larger
| distance, but those attacks are more easily defeated by
| having tighter tollerances on the latency of the reply. The
| latency tollerance does not do much for the 'keys near the
| front-door' attack, which is what the 'stationary keys do
| not reply' solution is aimed at.
| dcow wrote:
| > (because that is dangerous)
|
| I've always wondered why the car doesn't warn the driver
| that there's 100 yards left before it will cut the engine
| (or limit it to idle), keep the power steering, turn on
| the hazards, and warn the driver that the vehicle won't
| continue to function because the key is not in range.
| Doesn't seem dangerous at all...
| hdctambien wrote:
| I dropped my wife off downtown in her car and she had the
| key in her purse. The car did make a weird beeping noise
| as I drove away, but I had no idea what it meant and I
| was pulling onto the highway which would have been a bad
| time for the car to stop driving on me.
| genocidicbunny wrote:
| That's still dangerous, and it doesn't matter how far out
| you warn the driver. The moment the car cuts to idle, the
| driver will lose some control. Imagine this happens while
| you're in less-than-ideal road conditions and you need to
| be able to accelerate. And there are a lot of reasons
| that the key might lose connection to the car other than
| the 'not present inside the car' case, like for example,
| the keyfobs battery running out, or the driver dropping
| their keys into some kind of shielded bag (my car for
| example has problems sensing the key when it's in an
| insulated shopping bag that I have).
|
| I think at most you could do something like have the car
| go into 'limp home' mode if it senses the key was never
| present in the car for some amount of time after the car
| is started.
| fragmede wrote:
| > The modern versions of these keys cannot be cloned
|
| The persistent rumor, of course, is that this has been
| cracked for specific models from specific manufacturers,
| with the help of someone at the dealership, maybe someone
| who owes large amounts of drug or gambling money to local
| criminal syndicate types. "All" you'd need to do then is
| use a valid challenge response pairs off as a
| cryptographic oracle to brute force the challenge-
| response algorithm and recover the seed value computation
| algorithm for the key and the car. Then "all" you need to
| do is record a challenge-response pair from the real key
| talking to the vehicle, and maybe the VIN, in order to
| duplicate the key, in order to steal the vehicle.
|
| If this _has_ been been done, the algorithm and seed-
| value recovery technique have not been publicly shared
| over the Internet, so it 's only a rumor that it's been
| done, but given how high-tech thieves are these days, I
| don't consider it outside the realm of possibility.
|
| What _isn 't_ outside the realm of possibility is the
| Rolling-PWN attack, which can be done with a $32 device
| and has been demonstrated against 10 years of Honda
| vehicles, up to 2022.
|
| https://rollingpwn.github.io/rolling-pwn/
| nomel wrote:
| That's the wireless implementation.
|
| I've had cars with chips, with contacts, in the
| mechanical keys [1].
|
| Seems like one solution is to go back to the good old
| days of physical intent.
|
| [1] One implementation: https://www.uhs-
| hardware.com/cdn/shop/products/df4ddf21436c4...
| oxfordmale wrote:
| Picking a laser cut key isn't trivial. Even picking a
| standard house lock isn't trivial, especially not in the
| dark.
|
| They don't clone the key, they use an antenna to amplify
| the signal from your key fob and then drive off. In
| principle you can do this by following someone, but much
| safer to do this at 2am at night. Similar to a one time
| password, the signal is only valid for a short period of
| time.
| sleepybrett wrote:
| Darkness doesn't have anything to do with anything. Once
| you get the tensioner and pick into the keyway you aren't
| using your eyes anymore, at that point it's all feel.
| oxfordmale wrote:
| If you are that good a lock pick, you are better off as a
| locksmith. In real life the people send out to steal the
| car aren't the most talented and brightest, otherwise
| they would be running the operation safely from an office
| somewhere.
| sleepybrett wrote:
| I spent maybe 2 hours with my first set of picks to
| unlock my first shitty masterlock padlock. An hour later
| I was through my front door deadbolt. It's not a hard
| skill to learn, especially when it comes to typical
| american door locks (pin tumbler). But this is all non-
| destructive. I used to keep a set of picks in my desk
| specifically to open up people personal rolling underdesk
| drawers/file cabinets, when they lost or forgot their
| keys.
|
| My understanding that your average ignition is a little
| more complicated (or at least different .. wafer locks)
| circa 70s-90s and then they started adding radios and
| other things into the mix. I dunno, I've never tried to
| pick one of these.
|
| Destructively bypassing your average old-school ignition
| is still something you can do blindly with a bent
| flathead screwdriver and some elbow grease in about 15
| seconds flat. As is destructively bypassing any given
| door lock.. well not bypassing the lockper se, but
| instead the bolt/doorframe generally.
| mdorazio wrote:
| Bypassing the door locks is not as difficult as you think
| with the proper tools. See:
| https://www.youtube.com/watch?v=vLy65ASXuEQ
|
| Standard house locks don't require picking at all - you
| can bump them in a few seconds in any light conditions.
| LadyCailin wrote:
| > The only reason this is not yet widespread as increased car
| theft is good for car manufacturers.
|
| Not if your brand is one of the ones known to be easy to
| steal. I doubt I'd buy a Hyundai in the future given my
| understanding of their reputation as easy targets.
| IshKebab wrote:
| I don't know if that completely solves it. People keep keys
| in pockets.
|
| The full fix is time of flight measurement but as I
| understand it that's still beyond cheap electronics.
|
| Or just.. you know press a button when you want to unlock
| your car.
| IanCal wrote:
| This is two factor auth but when the "thing you own" is the
| standard case.
|
| I don't get why it's not a keypad and relay though. Sounds
| like a complex solution to a fairly simple problem. I might
| be missing something though.
|
| Edit - ah it's intended to work with many other options like
| controlling indicators or wipers or something - so you choose
| some pattern that is your password.
| bscphil wrote:
| > it's intended to work with many other options like
| controlling indicators or wipers
|
| I think you're asking exactly the right question though -
| how is all this not just a more complex, less secure,
| shittier version of a keypad that you enter a 4-6 digit
| code on?
| thomastjeffery wrote:
| Doesn't the system already check the latency from key fob to
| car antenna? Better yet, you could use two antennas in the
| car, and triangulate the key fob.
| rocqua wrote:
| The latency check is usually not sensitive enough to
| prevent a car being stolen from the drive-way from a
| relayed key that lies near the front door.
|
| For reference 20 meters is about 66 nano-seconds.
| sebk wrote:
| UWB is augmenting Bluetooth for car keys solving this
| exact issue; The Car Connectivity Consortium came up with
| the Digital Key 3.0 standard that's available today, as
| implemented by some makes like BMW and the Hyundai/Kia
| group and Apple, and resists relay and replay attacks
| through precise ranging.
| gsich wrote:
| So, solvable?
| gruez wrote:
| Why not? A 2GHz is very attainable in modern CPUs and
| translates to 0.0005ns per cycle. This isn't theoretical
| either. 802.11mc[1] is a real standard and is accurate to
| 1-2m.
|
| [1] https://en.wikipedia.org/wiki/IEEE_802.11mc
| hanche wrote:
| Aren't you off by three orders of magnitude? 2GHz
| translates to 0.5ns per cycle. Or perhaps you meant to
| write ms.
| screamingninja wrote:
| Exactly. What's even worse is that it takes a huge research
| grant to come up with this.
|
| > With a new $1.2 million dollar grant from the National
| Science Foundation...
| hospitalJail wrote:
| The more politics I see, the more its just grifting.
| fnimick wrote:
| That amount of money is absolutely nothing compared to the
| waste that goes on in the startup industry. Remember the $445
| million self driving pizza oven delivery van?
| henryfjordan wrote:
| If you could get that robot-cooks-as-you-drive idea right,
| even without the self-driving bit, you can out-compete
| Dominos by saving half the trips (back to store from
| delivery address).
|
| The technology was immature but the fundamentals were
| there, and they'd save a not-insignificant amount of gas.
| Eisenstein wrote:
| > they'd save a not-insignificant amount of gas
|
| I wonder the efficiencies of cooking in a vehicle as
| opposed to a fixed pizza oven.
| henryfjordan wrote:
| It all comes down to insulation I'd assume
| Brusco_RF wrote:
| It will necessarily be worse than the fixed oven.
| [deleted]
| tetraca wrote:
| That's easy. Put it on treads, and add a tree
| cutter/stripper, and a hopper, so that it can pick up all
| the fuel it needs to wood-fire the pizza off the side of
| the road before it goes to the next destination.
| Eisenstein wrote:
| Vertical integration. Great idea. It could also have a
| grain mill so it can stop by some wheat fields and make
| its own flour.
| tgv wrote:
| I really can't imagine that. So you save some driver
| time. They're usually idle before delivery already,
| there's no driver shortage, and drivers/delivery isn't
| expensive. So there's only a small amount to undercut.
| For the profit to become interesting, you'd need a
| massive volume, but then you'd be forced to maintain a
| large fleet of mobile ovens. There's no automated
| driving, so you'd need drivers anyway. You'd have to pay
| everything from their idle return time, including the
| increased energy consumption.
|
| Back-of-the-napkin says no.
| henryfjordan wrote:
| The fact that Dominos practically begs people to come in
| and pick up their pizzas themselves undercuts your
| arguments about driver idle time. Maybe in your market
| they sit idle, but in mine I'd imagine they are spending
| 90%+ of their time fulfilling orders. My orders often
| spend 10min in the "Quality Check" state (waiting for a
| driver under a heat lamp).
|
| Automated driving is orthogonal to the bake-as-you-drive
| model. Dominos will also switch to self-driving when they
| can.
|
| The cost of owning 10 oven-vans vs 1 store + 10 regular
| cars will be the tough part and will require scale, but
| pizza is big business.
| barbazoo wrote:
| > Remember the $445 million self driving pizza oven
| delivery van?
|
| What I find hilarious about our industry is that this could
| be completely made up ... or not.
| bookofjoe wrote:
| >Pizza robot truck startup Stellar snags $16.5M from
| Jay-Z
|
| https://www.restaurantdive.com/news/Stellar-pizza-robot-
| truc...
|
| >Stellar, which was founded by former SpaceX employees in
| 2019, uses a robot to cook mobile ordered pizzas which
| are then delivered by the truck driver.
| gruez wrote:
| That's nowhere near the $445M claimed though. Crunchbase
| lists them as having only having raised $25.5M. The $445M
| if real, must be the valuation.
|
| https://www.crunchbase.com/organization/steller-pizza
|
| edit: looks I'm looking at the wrong company, see replies
| for details
| bookofjoe wrote:
| Also, the vehicles have a human driver rather than being
| self-driving.
| retzkek wrote:
| The $445M figure is for _another_ mobile pizza startup,
| Zume.
|
| https://www.axios.com/2023/06/12/softbank-pizza-robot-
| shuts-...
|
| Discussed last month:
| https://news.ycombinator.com/item?id=36293636
| bbarnett wrote:
| Wait... so the pizza would be delivered, fresh from the
| oven?? Is... do you know ... are they taking investors?
| jrockway wrote:
| Yeah, that startup doesn't sound terrible to me. Like the
| other comments say, it's a multi-billion dollar industry.
| If you cook the pizza while you're driving it to the
| destination, then you change the time 15 minutes cooking
| + 15 minutes driving to just 15 minutes cooking and
| driving. Twice as fast.
|
| But of course, you could offer the same latency by having
| a non-customizable menu and having pizzas ready to go
| when they're ordered. If it's 6:30PM on a Friday night,
| odds are someone wants the Pepperoni pizza that just came
| out of the oven. No fancy hardware required. The pizza is
| technically less fresh, but are minutes of freshness
| worth millions in VC? I don't know.
| s1artibartfast wrote:
| People get irate about government spending here's a big
| difference between someone wasting your money and someone
| wasting their own money.
| mcpackieh wrote:
| How could one justify the other? Justifying waste by
| pointing to more waste is insane.
| ilyt wrote:
| whataboutism
| Nextgrid wrote:
| Startup waste is generally funded from investors though.
| This seems like it might be funded by government grants
| which are funded by taxes.
| COGlory wrote:
| Investors using 0% interest loans funded by taxpayers.
| SV_BubbleTime wrote:
| I've noticed 10-15 years of almost no innovation, but a
| ton of wealth transfer... but the FED still says ZIRP was
| a good idea.
| ke88y wrote:
| _> almost no innovation_
|
| The last 15 yrs in Biotech (esp genetics) and ML were
| more exciting than the previous 50.
| gruez wrote:
| Are you referring to quantitative easing/ZIRP or specific
| government programs that give favorable loans to specific
| industries?
| COGlory wrote:
| QE
| gruez wrote:
| The Fed is the cause of QE/ZIRP, but it's not "funded by
| taxpayers" in any meaningful sense. The mechanism by
| which QE is done is that the fed prints money and uses it
| to buy government bonds and other assets, which pushes
| bond prices up, and consequently yields (and therefore
| interest rates) down. All of this doesn't cost the fed
| anything. The money is printed by them, after all. It's
| not like they're borrowing money from some other bank at
| 2%, and then distributing to the wider economy at 0%.
| COGlory wrote:
| 100% of the direct monetary cost of QE is borne by the
| American people.
| calderwoodra wrote:
| Domino's has a near $14B market cap. Disrupting pizza
| delivery is a worthwhile venture!
| alphazard wrote:
| The "waste" in the startup industry has corrective
| mechanisms built in. Investors can pull their money out and
| take their business elsewhere.
|
| Taxpayers cannot pull their money out of the NSF and
| reallocate it to a different government agency.
| janalsncm wrote:
| Sure. In theory, investors can behave as rational actors.
| In practice, you get all sorts of chasing the Next Big
| Thing because there's too much money flowing around to
| too little fundamental research.
|
| So I'm ok if we spend $1.2M on research. That's like 5
| developers for one year who would otherwise be allocated
| by _the invisible hand_ into effectively useless
| endeavors like high frequency trading or ad tech.
|
| _Cut to the alternative universe where they're working
| at Blackrock and a car thief is driving their car away._
| boobsbr wrote:
| > So I'm ok if we spend $1.2M on research.
|
| I'm not. Where do I opt out of funding government grants?
|
| At least I can decide not invest in something if I don't
| want to risk losing money.
| fnimick wrote:
| You don't get to, because you don't get to opt out of the
| social benefit that they result in.
|
| (remember that government spending basically created
| transistorized logic, microchips, and computer networking
| as we know them today. would you have opted out of those
| too?)
| tstrimple wrote:
| You can opt out here:
| https://www.irs.gov/individuals/international-
| taxpayers/expa...
| dralley wrote:
| Government funded research gave us computers, the
| internet, EUV technology, GPS, lasers, and all sorts of
| other shit.
|
| If you're on HN in the first place, there is an
| approximately zero percent chance that the few dollars of
| your tax money spent on this kind of research hold a
| candle to the benefits you've gained from it.
| pavel_lishin wrote:
| Wasn't there a rash of thefts of Kia and Hyundai cars recently?
| mrexroad wrote:
| Yeah, they're targeted specially because they do not have
| immobilizes.
| dharmab wrote:
| Because Kia tried to save money by removing said security
| systems from base models.
| commandar wrote:
| That was because the base model of those vehicles didn't have
| an immobilizer like every other car on the market as a cost
| cutting measure. They also have ignition switches that are
| relatively trivial to bypass.
|
| It's possible that some other manufacturer may try it again
| in the future, but the hit to Hyundai/Kia's reputation has
| been substantial.
| dharmab wrote:
| This would be nice to retrofit onto my old Honda, which has an
| easily exploited flaw in its rolling code system.
|
| Modern cars also have new vulnerabilities:
| https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...
| gruez wrote:
| > This would be nice to retrofit onto my old Honda, which has
| an easily exploited flaw in its rolling code system.
|
| There are aftermarket immobilizers systems as well, that also
| use cryptographically bound keys.
|
| > Modern cars also have new vulnerabilities:
| https://www.wired.com/2015/07/hackers-remotely-kill-jeep-
| hig...
|
| If car manufacturers can fuck up implementing today's
| immobilizer systems, what makes you think they won't fuck up
| implementing the rube goldberg contraption? Why do we have to
| switch to it just to get a non-broken cryptographic
| implementation?
| myself248 wrote:
| The problem with security by obscurity is that as soon as it's
| widely used, the crooks learn to bypass it. It's literally a
| relay in the starter wire, all you gotta do is hotwire the
| starter and you're back to the status quo.
|
| A whole lot of people have these on their own cars, any DIYer can
| do it in an hour or two. I may or may not have one on mine. But
| the "security" comes from there being no standard location for
| any of the components.
| drdaeman wrote:
| Looking at the prototype photo, it seems trivial to open the
| hood and remove the whole thing in a minute or so. Unless the
| plan is to have it somewhere way down there, and not simply
| sitting on top of the positive terminal.
|
| The video says "alarms sound the when authenticator is
| removed", but that's a gimmick. They should be entirely
| disconnecting the whole negative terminal (duh), not just the
| wire to the device, leaving the whole car without power until
| the positive terminal is freed.
|
| And if anyone bothers to ask what the thief is doing, they have
| a 100% plausible reply "got a parasitic drain, so I've put a
| cheap relay and now this crap is failing on me".
| karmakaze wrote:
| > They might perform some combination of flicking the windshield
| wipers, turn signal or headlights on and off, or locking and
| unlocking the doors.
|
| I'm just imagining having this technology become ubiquitous, then
| using it without knowledge of how it works. We end up with magic
| incantations that a general population does without reason.
| People already do so many things on their computers etc because
| that's how they learned it the first time--whether or not the
| specifics of their actions are relevant.
| dboreham wrote:
| This seems to be the automotive version of port knocking, but
| deployed in an environment where the attacker has the equivalent
| of physical access to your server.
___________________________________________________________________
(page generated 2023-07-17 23:01 UTC)