[Ovmsdev] OVMS as Antithft/Alarm system

Michael Eymann michael.eymann at me.com
Tue Feb 3 10:37:13 HKT 2015 

Hi, just found that - sorry in German - i'll copy English version below (Google translate)

So technology IS already implemented in beamers as welll  ;-)
Let's sell the App to BMW drivers than

FAZ.NET:
Sicherheitslücke bei BMW: Den Dieben reicht ein Handy
http://www.faz.net/-i2l-7z6z6


English translation by Robot:

30/01/2015 • A freely available software and some technical expertise - that was enough until recently to open a BMW. Quite by chance, the ADAC has encountered this vulnerability.

Technically savvy car thieves had until a few weeks can open the doors may at 2.2 million BMW vehicle rental via mobile phone. The functions for unlocking or for controlling the heating had been protected for cars with the so-called Connected Drive system for years inadequately protected against hacker attacks, the ADAC said on Friday. The problem has been corrected, like a BMW spokeswoman said.

The Auto Club had discovered the vulnerability by chance during testing. Affected were cars that were shipped with the networking system Connected Drive Since March 2010.

BMW has now increased safety

The ADAC BMW had already informed in July 2014 his discovery. The BMW was able to increase the security of the system, "before any active data could be accessed by unauthorized persons from outside or was also launched just an attempt of this kind," said the spokeswoman. A trip to the repair shop was needed to do that, stressed BMW. The adjustments are done automatically online, without the customer had to do something.

Networked vehicles with BMW ConnectedDrive a built-in wireless module. This allows the transfer of functions in addition to Internet service data as well as the condition of functions such as heating, door lock or air conditioning via smartphone app. Exactly these functions were affected. Unlike, say, the Internet, this system was less protected. This encryption BMW have now adjusted. Now also transfer these systems the data through a secure https connection.

The Auto Club had found the loophole random. "We were not even looking for vulnerabilities. We mainly wanted to know what kind of data transfer such cars, "said ADAC technology expert Arnulf Thiemel. "To find out, our mobile expert has looked at the control unit of the vehicle. There we found the gap. "With the necessary equipment, the car was then opened in a few minutes.

"The technical effort to open the car with this knowledge is manageable. It is worth of hardware than 1000 euros needed and a freely available software ", Thiemel said. However: For a car thief, the method should greatly mean more effort than the vehicle to mechanically open.

Cheers
Michael

Mit freundlichen Grüßen / Kind regards


Michael Eymann 


> Am 02.02.2015 um 22:33 schrieb Michael Balzer <dexter at expeedo.de>:
> 
> As the server does not know where the App device is, this is more an App side feature.
> 
> The firmware does not need to be changed because it already supports remote stopping of the car by using the LOCK command. You can already do that now, but you need to do so manually.
> 
> So first step would be a distance alarm, second step would be an automatic LOCK on alarm.
> 
> Sounds pretty simple... I'll have a look at it.
> 
> Regards,
> Michael
> 
> 
>> Am 02.02.2015 um 13:23 schrieb Julien Banchet:
>> This could be fairly doable without touching the actual oVMS firmware code, and working only on the server and client app, right?
>> 
>>> On Feb 2, 2015 1:21 PM, "Gianluca Magalotti" <gianluca at magalotti.net> wrote:
>>> Hi,
>>> it's a bit that I'm using OVMS with my Twizy and I would like to share with you an idea I have.
>>> 
>>> Can we use OVMS as an antitheft (or at least as an alarm)?
>>> 
>>> That's the idea: OVMS (module, server, app) to decide if the car is "properly used" or "probably stolen" by means of car position AND device with mobile app position.
>>> 
>>> Simple rule: If car is moving then send an alarm to the device if the the device position is not compatible with car position (Alarm can be changedc into stop the car, or whatever can be done by means of ovms module).
>>> 
>>> Case of more than one device connected: All of devices positions are not compatible with the car position.
>>> 
>>> There are more complex situations that can have "social aspects" (i.e. having an alarm if a device AND the car exit/enter a specific area).
>>> 
>>> Brainstorming on this are welcome!
>>> 
>>> Gianluca
>>> 
>>> 
>>> _______________________________________________
>>> OvmsDev mailing list
>>> OvmsDev at lists.teslaclub.hk
>>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
>> 
>> 
>> _______________________________________________
>> OvmsDev mailing list
>> OvmsDev at lists.teslaclub.hk
>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
> 
> -- 
> Michael Balzer * Paradestr. 8 * D-42107 Wuppertal
> Fon 0202 / 272 2201 * Handy 0176 / 206 989 26
> <dexter.vcf>
> _______________________________________________
> OvmsDev mailing list
> OvmsDev at lists.teslaclub.hk
> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20150203/eb3103b1/attachment.htm>

More information about the OvmsDev mailing list