>Lopez said the smuggling organization was able to get a duplicate key from a locksmith in El Paso, who got the codes after calling up a Ford dealership.
>An FBI affidavit says someone at a Dallas auto dealer accessed the codes in Ford's database, giving out more than 2,300 codes over an 18-month period.
I think dealerships, of all places, would be (should be) allowed to have codes for cars in their lot. I trust dealerships to have these codes. If they do nefarious things with them, they should be punished, but I don't think Ford should be punished for having a dealership-accessible database of key codes. Whoever was cooperating with the criminals is, to me, the person to blame here (along with the criminals).
It makes sense for dealerships to have codes for cars in their lot. But it sounds like dealerships have access to codes for all Ford cars, which is a pretty clear least-privilege violation.
A Ford dealer must be able to service any Ford vehicle, including replacing lost keys. The dealers have access to the central database.
Ford failed to monitor access to the database. The whole problem would have been avoided if they just emailed the service manager every time a database lookup is made. Unfortunately he is in Texas, so Ford needs to be 51% at fault for a judgement. The lawyers are playing this out in the press so Ford will pay to make it go away, even though they would likely prevail in a Texas court.
Ford needs to cut this kid a check for $500k, and implement some better auditing of access to the database.
> A Ford dealer must be able to service any Ford vehicle, including replacing lost keys.
Edit: No, you don't. The lock is just a password. You don't store unhashed passwords.
Have an override code to reset the lock code in the car. That'd stop things like this because the original keys would no-longer function and the owner would know that something was wrong. But if the owner loses her keys, then she'll have the new keys anyway and won't have to worry about the old ones being found and used against her.
The problem comes when you not only have to replace the keys (which typically sell for about $120-$240 these days) but the lock cylinders in the door(s), the glovebox, the trunk, and the steering column. The latter of which is typically held in place by a single-use bolt that has to be drilled out to remove.
The module that responds to the keyless entry signals can easily be reprogrammed, often without tools. However, sometimes they can only hold so many codes before they get "full" and have to be replaced. Honda is 10, I think. Ford is probably similar. So don't lose your keys too often.
He is using computer security as a metaphor.
Security is the same, whether it is digital or a physical lock. It is just much easier to implement these sorts of algorithms in the world of bits than it is to implement them in the world of atoms.
A couple years ago, my used '98 CRV's battery died. I got it replaced, and when I started it back up, the radio was locked out; I needed an unlock code that they'd have given me when I bought the car, if the car hadn't passed through at least a dozen hands before finally reaching me.
I called up my nearest Honda dealership, gave them the VIN, and they gave me the radio code.
I like that they can do that. Maybe it makes more sense from a security standpoint if I would've had to call some centralized Honda location, but that doesn't really solve the problem, does it? I have the VIN -- so does anyone who looks through my windshield. I have the title number -- so does the dealership who originally sold the car. We'd have to enter a few concurrent bits of information to verify that I own it, that this car I'm calling about is mine, and I can identify both it and myself, and then the centralized Honda location would have to be able to verify all that on their end.
Or we can assume some modicum of trust at dealerships, and accept the fringe cases where criminals use information they wouldn't have access to in a perfect world.
Very few stereo thieves write down the vehicle VIN on the deck as they're running away. No point in making it even easier for the police to figure out its stolen property, and they're usually in a bit of a hurry. Assuming they have a sharpie marker in one hand instead of a screwdriver or window smasher. Assuming they can read and write.
One interesting problem "security" guys have is overcomplicating plots. Your average meth head is waaay too zonked out of his mind to memorize which VIN goes with which radio, or even which OEM radios need a code.
Another problem is via the VIN they know instantly that your car is a '98. Well my cheapo commuter car is also a '98, and its approximately worthless at this point. Anyone stealing my worn out, partially broken, approx 2002 model year aftermarket deck pretty much deserves the pain they're about to experience. At a flea market I might be able to give it away... That may very well be Honda's point of view. Now try that again with a new 2013 $2000 GPS DVD player deck and they might hassle you.
Almost every OEM radio needs a code - I've not seen a radio in a car manufactured in the last 10 years that hasn't mentioned this fact. Nobody needs to memorize everything. Even methheads carry cell phones with cameras, and can take a snapshot before even breaking in.
Good points, though there should be some steps manufacturers could take. They could check for unusual usage patterns, much like credit card companies do.
The article doesn't specify but does imply that, in this case, the dealer in question made more PIN requests than is normal. If so, Ford should have seen that and investigated.
It sounds from the article like a rogue dealership. In any case Ford should audit access logs for these keys and look for odd access such as a high volume in area beyond statistical clustering.
Well dealers sort of have to have hte access in order to provide service. You're a Ford customer and you drop you key into the sewer as you're fumbling with your keys. Your dealer can help you make a new key (or sell you one for an extortionate price).
agreed - but they should at least check id to match dmv records - seems a common sense check.
[to the nitpicking gallery: yes - bad guy can use fake id to do this, but any key code pull should be accompanied by a letter to the registered dmv address notifying the pull - all simple checks that would make it harder, costlier and with more points where it could be caught]
Parent to your comment is saying that dealer 1 can provide access to a car in dealer 2's lot. They can each provide service without having access to the other's cars. Therefore, this is a principle of least privilege violation.
My car was purchased at a dealership in central MO. I live in TN now, and there happens to be a dealership about 10 minutes away. If I need something fixed, why should I have to drive all the way back to MO (especially since if I needed something fixed, my car wouldn't be in any condition to drive for 6 hours)?
Fair enough, I can believe that they can provide a secure key scheme, but understand why they don't. The risk/value trade-off in the general case is small for mid-range cars. The article demonstrated that you could make it high value with right circumstances, which is a clever hack. Of course security camera footage at this guys office would show who was sneaking up to unload his trunk when he was at work.
So once they sell those cars, then they shouldn't have those codes? when a customer loses their key and needs a new key made, then what? what about a customer losing key while he's far away from home or where he purchased his key? people do move you know? how about losing your key when you are out of state? it's one thing to lose a key, it's another to have to wait a day to get a key made and be stranded.
iMHO, a better solution would be tracking how often locksmiths request for key codes and have an algorithm that can detect unusual patterns which will then be followed up by human eyes.
It's not that simple though, they do maintenance on cars as well so they'd need to be able to access those access codes as well. There probably should've been some oversight to make sure someone looking up thousands of VINs gets flagged somewhere, but it's reasonable to allow dealerships access to codes for cars they'd need to work on.
Regardless of Ford's procedures, this could happen to anyone who crosses a border, if the smugglers have access to the person's car or bags. And almost inevitably, the person set up in this way will be disbelieved and prosecuted. This guy was relatively lucky.
The ultimate fault lies with the drug laws, which provide for punishment of victimless behavior, incentivize smuggling - and as this case shows, indirectly trap innocents.
On a practical level, this incident shows that it's necessary to examine the trunk, the underside of the car, one's luggage and so on, every time - and still something may have been hidden.
I don't know think about it how many times does a locksmith call a dealership with a legit reason, or the dealership have to look up this internally. We are looking at an average of 4.2 look ups a day. If the national average is only 1 database look up per day per dealership then it should have been a red flag but what if 5 is the national average and this dealership had 9.2 then it would just be an anomaly than an automatic red flag
is it possible that the code is part of the standard screen displayed for the car? If its part of some standard display it may not raise any flags. Type VIN in, get all sorts of information they consider common to inquiries.
For physical keys there are not that many variations per model of car, some are even interchangeable between related brands. I wonder how unique coded keys are?
The code situation definitely isn't secure. I was at a hacker con, in a remote location, and someone locked themselves out of their car. Folks were able to create a key, on site, using the code. I'm not sure if it was a Ford, but it does show it's a significant security issue in the automotive industry.
The problem is a security model where all trust is exclusivity and irrevocably granted to a single external entity. An entity that an owner of property has to go through to access their own property.
This kind of security model has both pros and cons. This is one of the cons and all the internal process in the world at the external authority doesn't change the weakness. The best they can do is push to limit the number of abuses of the authority (for all definitions of abuse as defined by the external power, not product owner).
>Lopez said the smuggling organization was able to get a duplicate key from a locksmith in El Paso, who got the codes after calling up a Ford dealership.
>An FBI affidavit says someone at a Dallas auto dealer accessed the codes in Ford's database, giving out more than 2,300 codes over an 18-month period.
I think dealerships, of all places, would be (should be) allowed to have codes for cars in their lot. I trust dealerships to have these codes. If they do nefarious things with them, they should be punished, but I don't think Ford should be punished for having a dealership-accessible database of key codes. Whoever was cooperating with the criminals is, to me, the person to blame here (along with the criminals).
I'd have sued that dealership, not Ford itself.