Vehicle Security - Theft Methods Deployed By Thieves

[Ian.g]

I don’t know the mechanics of it well enough but when changes to the law made it available for any registered business that provided key replacement services the ability to have access to the programming software previously only supplied to the manufacturers authorised dealers this issue sky rocketed.

We have the EU to thank for that - another well-thought-out policy from Brussels

[Bazza06]

I don’t know the mechanics of it well enough but when changes to the law made it available for any registered business that provided key replacement services the ability to have access to the programming software previously only supplied to the manufacturers authorised dealers this issue sky rocketed.

We have the EU to thank for that - another well-thought-out policy from Brussels

Correct. I was one of many that opposed it but was peeing in the wind.

[Bazza06]

I’m also taking into account the cost and time involved in updating the vehicle software to the thousands of affected vehicles each time the code is cracked .

I don’t know the mechanics of it well enough but when changes to the law made it available for any registered business that provided key replacement services the ability to have access to the programming software previously only supplied to the manufacturers authorised dealers this issue sky rocketed.

It sounds like a single point can break the whole system, they'd need rethink it - security isn't just about stopping the bad guy, it is assuming you can't and how do you limit what they can get for given effort - I find it amazing at work (top half of FTSE 100), when I am inside the n/w I don't encounter barriers between areas.

Updating software shouldn't be expensive - arrives in dealer, plug in card, vehicle confirms by encryption certificate it is valid and untampered and updates - 2 mins work, but they don't design it to be easily updatable.

One problem though, engineers and programmers don't generally think like hackers, so tend to not see the holes.

Re internal barriers / access control. How robust is your building entrance? If your building has good access control measures there is an argument that additional internal controls are not necessary except to areas such as sever rooms as the people you have allowed in are likely to have free movement anyway.

[John_M]

Re internal barriers / access control. How robust is your building entrance? If your building has good access control measures there is an argument that additional internal controls are not necessary except to areas such as sever rooms as the people you have allowed in are likely to have free movement anyway.

Building? Think more like sites world wide (pretty much all servers though are in secured data centres.) with user numbers in order of tens of thousands plus outsourced support around the world and remote working connecting by VPN - pretty large computer network. The computer network all seems fairly open, personally I would be keep parts isolated from each other if only to limit damage virus could do.

[Bazza06]

Re internal barriers / access control. How robust is your building entrance? If your building has good access control measures there is an argument that additional internal controls are not necessary except to areas such as sever rooms as the people you have allowed in are likely to have free movement anyway.

Building? Think more like sites world wide (pretty much all servers though are in secured data centres.) with user numbers in order of tens of thousands plus outsourced support around the world and remote working connecting by VPN - pretty large computer network. The computer network all seems fairly open, personally I would be keep parts isolated from each other if only to limit damage virus could do.

Sorry, I missed the NW part of your post and had in mind you were talking about the building you work in
IT isn't my area - thankfully

[John_M]

Sorry, I missed the NW part of your post and had in mind you were talking about the building you work in
IT isn't my area - thankfully

IT security N/W isn't my worry now, but I do have a background in it. I write software (or atm direct writing), most of my stuff is for internal use only and not web based so not hugely worried about hackers. But I am not convinced our IT security staff are much better than the script kiddies that knock on the door so to speak.

[Col Lamb]

IT guys are not necessarily the smartest kids on the block, a few years ago I was the Engineering Services Manager at a Bank’s Computer Centre.

One Saturday one of my shift guys rang me to see if I had heard that there was a Worldwide problem with the server controlling the Hole in the Wall Cash machines, apparently an IT guy wanted to test run a new server and he totally ignored the label and pulled the plug of the Cash machines server to use its supply.

Being the Engineering Boss I was in charge of Security hardware, typically IT server rooms require a swipe card being scanned by a card reader together with entering on a keypad a four figure access code. Plus very few IT guys were given access into the server room, those that needed temporary access were escorted.

You think server rooms are secure, now a Banks cash centre takes the biscuit, no radio electronics, only mechanical and electro-mechanical interlocked airlocks.

[Bazza06]

Sorry, I missed the NW part of your post and had in mind you were talking about the building you work in
IT isn't my area - thankfully

IT security N/W isn't my worry now, but I do have a background in it. I write software (or atm direct writing), most of my stuff is for internal use only and not web based so not hugely worried about hackers. But I am not convinced our IT security staff are much better than the script kiddies that knock on the door so to speak.

I did hear recently that companies are favouring younger IT workers over older more experienced workers in the same field.

The company I work for made redundant two IT guys with 50 years experience between them and replaced with a 20 year old. It hasn’t worked and that person, a contractor, is now leaving.

[Bazza06]

IT guys are not necessarily the smartest kids on the block, a few years ago I was the Engineering Services Manager at a Bank’s Computer Centre.

One Saturday one of my shift guys rang me to see if I had heard that there was a Worldwide problem with the server controlling the Hole in the Wall Cash machines, apparently an IT guy wanted to test run a new server and he totally ignored the label and pulled the plug of the Cash machines server to use its supply.

Being the Engineering Boss I was in charge of Security hardware, typically IT server rooms require a swipe card being scanned by a card reader together with entering on a keypad a four figure access code. Plus very few IT guys were given access into the server room, those that needed temporary access were escorted.

You think server rooms are secure, now a Banks cash centre takes the biscuit, no radio electronics, only mechanical and electro-mechanical interlocked airlocks.

Wasn’t there a similar story in the news not so long ago with someone unplugging a piece of IT equipment that sent the business in turmoil? Was it an airport? I can’t remember.

[John_M]

One Saturday one of my shift guys rang me to see if I had heard that there was a Worldwide problem with the server controlling the Hole in the Wall Cash machines, apparently an IT guy wanted to test run a new server and he totally ignored the label and pulled the plug of the Cash machines server to use its supply.

We had someone working on our SAN - I believe they were pulling redundant PSU for servicing, unfortunately they pulled the wrong one - no problem mistakes happen, unfortunately it was at this point they find the SAN configuration hadn't saved to disk so when it came back up it didn't know where any partitions etc. were - I think there was something like a thousand oracle databases on it. They got almost everything back, but it took out about 2/3rds of our systems for a period. There are several lessons that needed re-learning painfully yet again.