this post was submitted on 29 Feb 2024
134 points (96.5% liked)

Technology

59466 readers
3653 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 18 points 8 months ago (2 children)

When chipped keys launched, wasn't there a lot of talk about how the system would negotiate a new set of keys for the next interaction making the simple act of recording radio exchanges impossible? All hot air by the manufacturers?

[–] [email protected] 25 points 8 months ago

Oh, boy, story time!

One of the first manufacturers to include asymmetric encryption as a standard component of their engine immobiliser across all their cars, at least in the UK, was Fiat in the 1990s. But they faced a quandary: once they keys were encoded with the appropriate codes, what should Fiat do with the codes? If they kept a copy it would be an expensive project and charging customers to access them every time they wanted a new key cutting would be terrible PR. They could gimp the security so you could just clone a key, but then it would be very easy to sidestep the encryption.

The solution they came with was pretty clever: in addition to the standard pair of blue keys the car came with, there was also The Big Red Key. The Big Red Key contained a code that could be used to program other keys or to change any of the parts of the engine that were part of the ECU without having to involve Fiat at all if that's what you wanted. The customer was given an advanced security system without being beholden to the manufacturer. The Big Red Key was comically oversized, and it came with a sticker, fob and in a bag all with clear warnings to the effect: "Do not use this key. If you lose it your car is ten kinds of fucked. Do not use this key. Keep it secret, keep it safe."

So what happened? People happened. A small mibority of people saw The Big Red Key and insisted on using it as their day-to-day key, but it wasn't as hard wearing as the blue keys (hard plastic instead of silicone) so it would crush or crack and, of course, people would lose them. Then when they needed a new key or needed work doing on some easily-stealable components that the ECU would validate they didn't have their The Big Red Key, so they'd need the ECU security module wiping or replacing - which was expensive, over £1000 if I remember right.

Naturally the shitty tabloids got hold of it and every week The Daily Mail and The Sun were full of stories of Innocent British Motorist™ Conned™ By Foreigners™. "If Mandy Pleb had known how evil Fiat were she'd have bought a Rover," they'd moan, and Fiat had a real PR disaster on their hands, despite bringing a quality security technology to market, including it as standard and resisting the temptation to profiteer off it.

So they gimped the security. Future Fiats didn't have a The Big Red Key. You got your blue keys which were dumbed down and, at least for a time, went back to inferior symmetric encryption to the detriment of the overwhelming majority, but at least a handful a prats were saved from themselves and the power of tabloids to change the world for the worse went unchallenged.

In short, fuck tabloids.

[–] [email protected] 15 points 8 months ago

If someone has enough technical ability to use a flipper zero to defeat the rolling codes and knows enough to use it to steal a car ... they probably have no need to steal a car.

While possible, these are not things that your average thief knows how to do.

I'm sure it's happened, but going as far as Trudeau did and banning this learning tool because a handful of incidents it's just stupid.

There are more important things the government should be worried about.