Hacking Comfort Access

T Bone · 02-20-2007, 01:15 PM

This was a popular topic on the M5 forums but with comfort access is anyone concerned about gettting it cracked?

Has anyone heard of someone getting their comfort access hacked?

I am not too worried about it, I ordered it with my Xi.

Opinions (hopefully with data)?

Bemve · 02-20-2007, 01:17 PM

It could be possible!

Reminds me of the movie independence day where will smith and that other guy hax the mainframe of the mother ship and upload a virus!!!!

FirstClass · 02-20-2007, 01:42 PM

Anything can be hacked. Anything. It's a matter of how difficult it is to do.

trib · 02-20-2007, 02:06 PM

Quote:

Originally Posted by FirstClass

Anything can be hacked. Anything. It's a matter of how difficult it is to do.

and whether its worth hacking...

teknochild · 02-20-2007, 02:44 PM

Quote:

Originally Posted by trib

and whether its worth hacking...

yea my encrypted porn stash isnt exactly national secrets (i dont actually have a porn stash)

BeeEmDubU · 02-20-2007, 05:18 PM

I heard David Beckham got two X5's stolen this way.

azbmw · 02-20-2007, 05:37 PM

Quote:

Originally Posted by BeeEmDubU

I heard David Beckham got two X5's stolen this way.

Dont spread net rumors.

The X5s were never recovered so no one knows exactly how they were stolen. Plus those X5s werent available with CA. Since BMW was starting to put CA in some of its vehicles it made for a good story based completely off some "jounalists" imagination. There is more to the story but nothing that points to a security hole by BMW.

calvino · 02-20-2007, 05:54 PM

Yes is possible to hack CA if I'm not mistaken CA use RFID technology the same that Mobil speedpass use just different frequencies.

there are videos of people hacking the speedpass and them cracking the inscription. CA is the same just different frequencies and different inscription

however, I would not worry about it

d3l0n · 02-20-2007, 05:58 PM

Quote:

Originally Posted by Bemve

It could be possible!

Reminds me of the movie independence day where will smith and that other guy hax the mainframe of the mother ship and upload a virus!!!!

LMAO!!

IT IS EXTREMELY POSSIBLE. THEY HAVE DEVICES THAT INTERCEPT THE SIGNAL SENT FROM THE KEY REMOTE FOR OPENING AND LOCKING THE CAR (Specifically for BMW? I don't know yet, but I have seen it work on other cars). THEN THEY RECORD IT AND WRITE IT TO MEMORY AND DUPLICATE IT THE DEVICE. Real nice stuff... but scary when it comes to thinking bout the car. I am considering CA for now or when i trade up my e90 later in the year

BlueLion · 02-20-2007, 06:13 PM

Quote:

Originally Posted by teknochild

yea my encrypted porn stash isnt exactly national secrets (i dont actually have a porn stash)

lies

JSpira · 02-20-2007, 06:22 PM

Quote:

Originally Posted by d3l0n

LMAO!!

IT IS EXTREMELY POSSIBLE. THEY HAVE DEVICES THAT INTERCEPT THE SIGNAL SENT FOR OPENING AND LOCKING THE CAR. THEN THEY RECORD IT AND WRITE IT TO MEMORY AND DUPLICATE IT THE DEVICE. Real nice stuff... but scary when it comes to thinking bout the car. I am considering CA for now or when i trade up my e90 later in the year

Intercepting the signal won´t work since the codes are rolling.

JSpira · 02-20-2007, 06:23 PM

Also, I believe that the cars now have 128 bit encryption so you would have to crack that also.

But Comfort Access doesn´t really make it easier or harder to get in compared to the same car sans CA.

Chris.G · 02-20-2007, 06:40 PM

Quote:

Originally Posted by Bemve

It could be possible!

Reminds me of the movie independence day where will smith and that other guy hax the mainframe of the mother ship and upload a virus!!!!

Yeah dude thats very possible

FirstClass · 02-20-2007, 10:31 PM

Quote:

Originally Posted by JSpira

Intercepting the signal won´t work since the codes are rolling.

Intercept multiple signals (number depends on how lazy/stupid the engineers were) and reverse engineer the algorithm.

Quote:

Originally Posted by JSpira

Also, I believe that the cars now have 128 bit encryption so you would have to crack that also.

Indeed, but tbh 128 bit is rather (read: really) weak as far as encryption standards go.

r3za · 02-21-2007, 12:29 AM

Quote:

Originally Posted by FirstClass

Intercept multiple signals (number depends on how lazy/stupid the engineers were) and reverse engineer the algorithm.

Indeed, but tbh 128 bit is rather (read: really) weak as far as encryption standards go.

hm.. i don't know if you have ever tried to hax0r an algorithm but it takes a lot of data.

also, ssl 128 bit is standard, and isn't really (read: online banking standard) weak as far as encryption goes. sure there is better encryption such as aes256, but its not easy to hax0r ssl encryption if you cant do a man in the middle attack.

voerman · 02-21-2007, 06:31 AM

Quote:

Originally Posted by JSpira

Also, I believe that the cars now have 128 bit encryption so you would have to crack that also.

But Comfort Access doesn´t really make it easier or harder to get in compared to the same car sans CA.

Non-CA cars have a transponder in the key which is required to start the car. The transponder RF is very localized and would be extremly difficult to intercept. The only reasonably interceptable RF in a non-CA car is the remote signal that if hacked would only allow opening the doors. Hacking the interceptable RF from CA would allow unlocking the doors and starting the car.

I see a larger risk with CA, but I also agree hacking it would most likely be extremely difficult.

Lou

d3l0n · 02-21-2007, 06:51 AM

128bit encryption with ssl is still pretty good. I am not sure if these devices use ssl (Secure Socket Layer), i believe that is a term used with protocols in networking and internetworking (internet).

The higher the encryption, the harder and more time consuming it is to break the find the algorithm or break it.

Keep in mind, with security, you are always at risk. You are never truly really secure. You just have to make it harder to have it less likely that your security will be breached.

T Bone · 02-21-2007, 10:31 AM

Hacking is much easier when you get data on the source / protection scheme....

Not much data on the web about the protection scheme / algorithms etc....the less data about CA the harder it is to hack....

LEDZEP · 02-21-2007, 11:20 AM

Quote:

Originally Posted by d3l0n

128bit encryption with ssl is still pretty good. I am not sure if these devices use ssl (Secure Socket Layer), i believe that is a term used with protocols in networking and internetworking (internet).

The higher the encryption, the harder and more time consuming it is to break the find the algorithm or break it.

Keep in mind, with security, you are always at risk. You are never truly really secure. You just have to make it harder to have it less likely that your security will be breached.

SSL is a protocol encryption standard for TCP/IP (port 443 tcp/udp). I seriously doubt that BMW is using wireless TCP/IP with comfort access. But I understand what you mean...

d3l0n · 02-21-2007, 12:40 PM

Quote:

Originally Posted by LEDZEP

SSL is a protocol encryption standard for TCP/IP (port 443 tcp/udp). I seriously doubt that BMW is using wireless TCP/IP with comfort access. But I understand what you mean...

Yeah i was lazy to mention wireless as well. lol, but your right

mikepinkerton · 02-23-2007, 11:03 PM

I am a l33t haX0r and I can haCK da 330!!!!!!!!!!!!!!!!!!!!!!!!

\/\/hatever.
-Mike

Bemve · 02-23-2007, 11:13 PM

Im getting CA in my next car and when i do get it...... im moving out of my house and into my car!!!!!!

Problem fixed!!!

02-20-2007, 01:15 PM	#1
T Bone Brigadier General 536 Rep 4,021 Posts Drives: 2008 335xi Coupe Join Date: Feb 2007 Location: The land where we kill baby seals iTrader: (0)	Hacking Comfort Access This was a popular topic on the M5 forums but with comfort access is anyone concerned about gettting it cracked? Has anyone heard of someone getting their comfort access hacked? I am not too worried about it, I ordered it with my Xi. Opinions (hopefully with data)? __________________ "Aerodynamics are for people who cannot build engines"......Enzo Ferrari
	Appreciate 0 Tweet Quote

02-20-2007, 01:17 PM	#2
Bemve Second Lieutenant 26 Rep 261 Posts Drives: AW/FR e92 M3 Join Date: Dec 2005 Location: Mtl iTrader: (0)	It could be possible! Reminds me of the movie independence day where will smith and that other guy hax the mainframe of the mother ship and upload a virus!!!!
	Appreciate 0 Quote

02-20-2007, 05:18 PM	#6
BeeEmDubU Captain 18 Rep 718 Posts Drives: AW 325i Join Date: Apr 2006 Location: So Cal iTrader: (2)	I heard David Beckham got two X5's stolen this way. __________________
	Appreciate 0 Quote

02-20-2007, 05:54 PM	#8
calvino Lieutenant Colonel 311 Rep 1,928 Posts Drives: had e90, 330i mystic blue Join Date: May 2006 Location: Weston,Florida iTrader: (4) Garage List 2006 e90 330i [0.00]	Yes is possible to hack CA if I'm not mistaken CA use RFID technology the same that Mobil speedpass use just different frequencies. there are videos of people hacking the speedpass and them cracking the inscription. CA is the same just different frequencies and different inscription however, I would not worry about it __________________ E90 Mytic Blue 330i 07-20-2006. 05-17-2011 Doesn't the idea of making nature against the law seem to you a bit . . . unnatural? Support NORML
	Appreciate 0 Quote

02-20-2007, 06:23 PM	#12
JSpira Freude am Fahren 339 Rep 5,254 Posts Drives: Fünfer, Dreier, + Join Date: Aug 2005 Location: New York, München, Wien iTrader: (1)	Also, I believe that the cars now have 128 bit encryption so you would have to crack that also. But Comfort Access doesn´t really make it easier or harder to get in compared to the same car sans CA. __________________ Freude am Fahren. Jonathan E90 2006 330xi E90 2006 325i E39 2003 530i Sport* E46 2000 328Ci* E36 1996 328iS* E36 1992 325i* E30 1991 318is E21 1982 320iS* E21 1979 320 (6-Zyl)* *retired Nominated: Most Contributing Member
	Appreciate 0 Quote

02-21-2007, 06:51 AM	#17
d3l0n I love the ///M3, but I want 550hp ///M5 141 Rep 3,276 Posts Drives: BMW330iE90 Join Date: May 2006 Location: NYC iTrader: (1) Garage List 2006 BMW 330i (E90) [9.00]	128bit encryption with ssl is still pretty good. I am not sure if these devices use ssl (Secure Socket Layer), i believe that is a term used with protocols in networking and internetworking (internet). The higher the encryption, the harder and more time consuming it is to break the find the algorithm or break it. Keep in mind, with security, you are always at risk. You are never truly really secure. You just have to make it harder to have it less likely that your security will be breached. __________________ .::d3l0n::. FS: OEM SG Side Skirts - Sparkling Graphite - PRE-LCI FS: OEM Carbon Fiber Rear Diffuser FS: (SG) E90 OEM Rear Bumper - Sparkling Graphite - Pre-LCI 328/330 i/xi
	Appreciate 0 Quote

02-21-2007, 10:31 AM	#18
T Bone Brigadier General 536 Rep 4,021 Posts Drives: 2008 335xi Coupe Join Date: Feb 2007 Location: The land where we kill baby seals iTrader: (0)	One comforting thing Hacking is much easier when you get data on the source / protection scheme.... Not much data on the web about the protection scheme / algorithms etc....the less data about CA the harder it is to hack.... __________________ "Aerodynamics are for people who cannot build engines"......Enzo Ferrari
	Appreciate 0 Quote

02-23-2007, 11:03 PM	#21
mikepinkerton Private First Class 6 Rep 196 Posts Drives: '06 330i Join Date: Jun 2005 Location: Northern VA iTrader: (0)	I am a l33t haX0r and I can haCK da 330!!!!!!!!!!!!!!!!!!!!!!!! \/\/hatever. -Mike
	Appreciate 0 Quote

02-23-2007, 11:13 PM	#22
Bemve Second Lieutenant 26 Rep 261 Posts Drives: AW/FR e92 M3 Join Date: Dec 2005 Location: Mtl iTrader: (0)	Im getting CA in my next car and when i do get it...... im moving out of my house and into my car!!!!!! Problem fixed!!!
	Appreciate 0 Quote