Hyundai will let you start your car with an Android Wear watch

[Dietrichw]

Source

 

 

Hyundai owners with Android Wear smartwatches will be able to control their vehicles in new ways with the Hyundai Blue Link app (the app doesn't have Link in a water tunic ). The App gives access to remote vehicle operations like starting the engine to warm the car, locking or unlocking doors, flashing the headlights and honking the horn (useful for messing with friends). Owners will be able to locate their car and use emergency services within the app. There is no range limit, users just need a data connection. All commands can be voice activated. Keep in mind that modern vehicles that have remote start still require the key or key fob to be present to put the vehicle into gear. 

 

The Blue Link smartwatch app works with first and next generation Blue Link equipped Hyundai models. The first generation Blue Link system rolled out on the 2012 Sonata and expanded across the lineup through 2013. Next generation Blue Link equipped models include the 2015 Genesis, Sonata and Azera.

 

[A Bubble]

That's gonna have some security issues..

[Bogica]

I already hate it... Please don't do this. We don't need more "USEFUL" tech in our cars, the maintenance and service costs are already insane even on budget cards, we don't need more things that ARE GOING to break down and cause security issues.

[terrytek]

Can it warm our seats in the winter and cool our seats in summer? Cause leather can roast our asses or freeze them.

[Guest]

Car theft just got so much easier...

[Xorbot]

That's gonna have some security issues..

 

Car theft just got so much easier...

 

Because it was impossible to steal a car before public/private key encryption...

[KungPaoChino]

Introducing....the one thing that will make car theft twice as likely and lawsuits triple.

[Xorbot]

Introducing....the one thing that will make car theft twice as likely and lawsuits triple.

 

this forum .... -_____-

[Victorious Secret]

Introducing....the one thing that will make car theft twice as likely and lawsuits triple.

 

Right, because cars were bastions of security before and were entirely theft proof?

Jesus, this forum sometimes. 

[Bogica]

Well if you have an expensive car and use the "stock" security system you kinda had it coming, I mean a proprietary security measure is so easy to install anyone can do it on the cheap and have a safe car. From hidden buttons and so on, I've done it on all my cars, even the cheap ones I had.

But this would sort of eliminate the option to install something proprietary unless you do not want to use this system which defeats the whole purpose of it.

[Master Disaster]

Lol, 4 numerical digit pairing key, anyone else see the issue here?

[Slick]

Right, because cars were bastions of security before and were entirely theft proof?

Jesus, this forum sometimes. 

 

 

this forum .... -_____-

 

 

Because it was impossible to steal a car before public/private key encryption...

 

Yeah. Cars are far from bastions of security. But adding even more vulnerabilities can be scary. Even if the networking components are secure(pfft) there are issues with stealing someones watch or phone.

 

Sure there may have been an over reaction. But "This forum sometimes" is also a bit of an over reaction, no?

 

Snide remarks suck - get off your high horse and explain why you disagree with those statements properly instead

[KungPaoChino]

Right, because cars were bastions of security before and were entirely theft proof?

Jesus, this forum sometimes. 

I'm surprised you took that seriously....

[Victorious Secret]

Yeah. Cars are far from bastions of security. But adding even more vulnerabilities can be scary. Even if the networking components are secure(pfft) there are issues with stealing someones watch or phone.

Sure there may have been an over reaction. But "This forum sometimes" is also a bit of an over reaction, no?

Snide remarks suck - get off your high horse and explain why you disagree with those statements properly instead

Yes, that was an overreaction, How about this:

Yes, this tech can be hacked. Or stolen. But so can my keyless fob. I can lose that too, and I actually have. That's RFID based and if a thief was so inclined they could actually crack that. Heck, RFID systems in BMWs have been spoofed to allow access to a car.

So this app on a watch is no different. I could lose my watch. I could lose my phone too. Just like I could lose my keys. Why panic over the remote possibility of theft in the face of a far more user friendly app or smart watch implementation? If we're gonna cry foul and yell Bloody Mary that your phone or watch could get stolen and used to steal your car, let's axe the keyless entry systems entirely since those have the same flaws. They can be hacked, they have been before, and really nothing short of a physical key will be foolproof from external intrusion.

Call it my "not giving a damn about the downsides" approach. Having my phone or car be able to start my car is no different from a keyless system. If I can live with the chance of someone hacking in my RFID fob and driving away, I can live with someone hacking into the app and doing the same.

[Master Disaster]

Err, the weak point in the modern car is the key, stealing a car without the key these days is all but impossible hence why traditional car thefts are now non existent while house burglaries for keys and car jackings have gone up by one billion percent. Car security is fine, its the owners that pose the risk.

Changing things so you only have to brute force a 9999 combination to start the car is a stupid idea.

Yes, that was an overreaction, How about this:

Yes, this tech can be hacked. Or stolen. But so can my keyless fob. I can lose that too, and I actually have. That's RFID based and if a thief was so inclined they could actually crack that. Heck, RFID systems in BMWs have been spoofed to allow access to a car.

So this app on a watch is no different. I could lose my watch. I could lose my phone too. Just like I could lose my keys. Why panic over the remote possibility of theft in the face of a far more user friendly app or smart watch implementation? If we're gonna cry foul and yell Bloody Mary that your phone or watch could get stolen and used to steal your car, let's axe the keyless entry systems entirely since those have the same flaws. They can be hacked, they have been before, and really nothing short of a physical key will be foolproof from external intrusion.

Call it my "not giving a damn about the downsides" approach. Having my phone or car be able to start my car is no different from a keyless system. If I can live with the chance of someone hacking in my RFID fob and driving away, I can live with someone hacking into the app and doing the same.

Except that RFID requires a specialist device to crack, almost everyone in the world currently carries a Bluetooth device in their pocket.

[Xorbot]

Yeah. Cars are far from bastions of security. But adding even more vulnerabilities can be scary. Even if the networking components are secure(pfft) there are issues with stealing someones watch or phone.

 

Sure there may have been an over reaction. But "This forum sometimes" is also a bit of an over reaction, no?

 

Snide remarks suck - get off your high horse and explain why you disagree with those statements properly instead

 

Although it is not known the type of cryptography used in the locking/unlocking or starting mechanism by myself at this time, it should be something similar to the concepts explained in these videos.

 

 

 

The one thing that should be re-watched is the part at 3:08 of the second video.  Here is a text quote from the video clip:

 

Discrete Logarithm Problem. 3:08

 

How hard is this?

 

Well with small numbers, it's easy.  But if we use a prime modulus which is hundreds of digits long, it starts to get seriously hard.

 

Even if you had access to all of the computational power on Earth, it could take thousands of years or more to find the answer.

 

So the strength of a one-way function is based on the time needed to reverse it.

 

 

 

In a nutshell, what is being explained is why exactly it is hard to brute-force a person's "key" to their car using their Android device.  So, my "sigh inspired" reaction to the original comments was that if an appreciation for the knowledge of how digital cryptography actually works, it would be downright silly to presume that it is a bad security decision to implement for cars and phones.

 

Another way of explaining this is that since it can take thousands or millions of years to brute-force the solution, which is more likely: someone picking the lock or someone cracking the key?  And which is the easiest of all?  That's right, just smashing the window and hot-wiring the car.  So to suggest that now it is even more likely that cars will be stolen due to a cryptography solution to locking and/or starting a car with an Android device is very short-sighted.

 

There is nothing inherently wrong with these encryption systems.  It is frequently an issue on how it is actually implemented, which is not the fault of the encryption solution at its core.  Take for example the office password policy at a local H&R Block.  Instead of remembering the passwords, the middle-aged office attendants and accountants who work there use a system of writing all passwords for all computers onto a piece of paper, and tape it to the inside door of a cupboard at the front desk.  While the concept of using a password to secure their network is actually good, when you place the network's security not-so-intelligent workers, you are going to easily get a compromised network.

 

For the final point, my reply of "this forum sometimes" is just as valid as if I revealed all of this information and my knowledge on the topic, or not.  Bringing this information to light does not change the fact that stating that car theft will become twice as likely (yes, I am aware it is a comment of hyperbole or exaggeration) is actually haphazard.  So let me be clear: I don't add this information => his comment is haphazard.  I DO add this information => his comment is still haphazard.  I feel that my original reply is actually quicker, and to-the-point in this age of skimming articles, forum posts, and replies very quickly.

[Slick]

-snip-

 

So we are assuming brute force is the only means of attack? That seems quite elementary. Often circumventing security systems or tricking them into receiving a false positive are ways to beat them. There are people MUCH more well versed than you or I in this field and assuming that there are impenetrable systems has proven to be a silly assumption in the past.

 

Also

You don't add information -> Your comment was useless garbage. His comment was exaggerated.

You do add information -> Your comment has meaning. His comment is exaggerated.

 

If you know more then share your knowledge, snide remarks don't make you a better or more intelligent person. They waste space on my message boards.