Mazda Switches To USB Keys 623
kv9 writes "The new Mazda Sassou while being 'cool and promoting a positive state of mind' has a most important feature, that every geek will love. Instead of the classic key it uses a usb flash drive for starting up. The key can also be used to transfer things like driving instructions or music to the car's hard drive."
This should be an adventure (Score:2, Interesting)
Security (Score:3, Interesting)
Woohoo, my first first post
Anyways, back on topic, I think that the idea of using a USB key that holds directions and other information, as well as starting the vehicle, is a nice and innovative idea. However, the article nor the specifications state anything about where the information about starting the car is stored on the USB drive. My only potential worry about this is the failure of the USB port or computer inside of the vehicle (you can't start your car manually), and whether or not we'll see "Mazda bootkits" widely available online by crackers who now have something else to break in to.
Still, it is quite innovative.
Security for everything (Score:3, Interesting)
"And I thought I was just loading some new tunes!"
SCIF (Score:5, Interesting)
Re:This should be an adventure (Score:4, Interesting)
The point is, just because you see a failure mode in it doesn't mean that that he old way didn't have the a similar one
Ignition may not be in the drive (Score:4, Interesting)
Re:great, another point of failure (Score:4, Interesting)
Re:This is a BAD idea. (Score:3, Interesting)
I think it could be used to implement a "use twice" key, so that if the valets try to use it on a joyride, the owner would know.
Re:What happened to RFID? (Score:5, Interesting)
Re:This is a BAD idea. (Score:5, Interesting)
Today I can borrow a key for a few hours and go get a copy made, or I can make an impression of that key in just a minute, cast a model, and spend a few hours with my dremel tool making a duplicate that may or may not be good enough. I can duplicate a USB key in just a few minutes while you're in the bathroom. This just makes it even easier for someone with common off-the-shelf technology to make a copy. It has added functionality, but it is also less reliable and may be a vector for computer viruses to infect your car. Personally, I'll stick with an old fashioned key and a hidden kill switch.
Re:What happened to RFID? (Score:3, Interesting)
Rich
Why possession based Key? (Score:1, Interesting)
I prefer knowledge based keying.
The distinct advantages:
-> You can't loose the key. You could forget it
but that is easy and cost free to "back-up"
your key code. That means no more griping in
the morning "Where are my damn keys?"
-> No cost for "copying" the key. Everyone in
your household could have the key without any
extra expense.
-> Improved security over tumbler lock keying
since all you have to do is break the
mechanism or "hot wire it"
-> It would be easy to implement special access
keys. For instance keys that expire if
you want to lend the car to someone without
giving them your key. Key that have time
access restrictions for such things as
teenagers.
-> Trivial and cost free to change the key if
you feel it has been comprimised.
I for one frown on this USB key for some of the reliability reasons previously stated and also that I would not be allowed to bring the key into work since I work for a defense contractor.
Durability is more than physical toughness. (Score:3, Interesting)
Last time I zapped a usb drive, I drove home and burned a CD from the backup I'd made. That might be problematic in this case.
Smart Key (Score:2, Interesting)
I love it.
Re:Hot Wiring: No Match for a Thief (Score:5, Interesting)
If they REALLY wanted to do it they could still "hotwire" the newer cars by bringing a seperate matching key/column computer and splicing it into the car but why bother with this hassle when you can just tow?
Re:great, another point of failure (Score:1, Interesting)
They showed two watches, an expensive competitor, and a Sekonda, on the ground, and a large steamroller heading towards them both. The voice over was talking about the fact that "the watch on the right" matches {big list of features of} "the watch on the left". "So what's the real difference?"
The roller goes over, and you're supposed to expect the "watch on the right" to have survived or something indicating its unparalled strength. Nah. Both are smashed to bits. Voice over: "The watch on the left costs ten times as much as the watch on the right"
Re:Better than most. (Score:2, Interesting)
That's why I drive a ten-year-old car with almost 200K miles on it. I frequently leave the windows open on a hot day, if I don't have anything valuable in the car.
Anybody desperate enough to steal it needs it more than I do. Its not even fast enough to attract joyriders.
But, it does it get me around just fine. And, I bought it outright for about 3 monthly new car payments.
Re:great, another point of failure (Score:1, Interesting)
At work a few weeks ago we had an old hard drive with data we needed to get rid of. So old that the connectors to it weren't even in production anymore and there's no modern equipment it could hook up to... One of those old 5.25 inch hard drives. The thing was a freakin tank! We ran it over with my Tahoe in some pretty destructive positions, threw it against concrete, smashed it with sledgehammers, the damn thing wouldn't break. We finally broke it open after about 15 minutes of sledgehammering/throwing against the pavement. It'd be nice if new hard drives were this tough.
Re:Better than most. (Score:4, Interesting)
So, you can add a key to the car, but you need at least one key to get the thing in the programming mode. They don't store that code anywhere, so if you lose all four keys it came with, you have to buy a new ECU. Really, really expensive. Also hard to steal.
Re:Security? (Score:3, Interesting)
What is likely to have been engineered, rather, is that a short secret (~128 bits) has been stored on the key and on the car, both with physical security (as in a smartcard). Then, the car can authenticate the key using a simple challenge / response protocol based on secret key cryptography.
The short secret itself is probably generated from a master secret, a key derivation algorithm and the car's serial number.
Wrong. (Score:3, Interesting)
The solution he proposes is that "Alice makes some computation based on the random numbers (both the ones she generated and the one she received from the host) and her private key, and sends the result to the host. The host does some computation on the various numbers received from Alice and her public key to verify that she knows her private key".
There you have it, my brilliant idea foiled by chosen plaintext attacks.
Re:Security? (Score:3, Interesting)
The protocol is not that much of an issue (as long as it is chosen with care). The other practical considerations are much more important. Even RSA processors are not that expensive anymore, but I agree that it would be overkill for this kind of "problem".
So now if YOu want to make a copy of your key (Score:3, Interesting)
Re:Hot Wiring: No Match for a Thief (Score:3, Interesting)
This device is used in service centers and by car hijackers