tptacek
5 hours ago
This won't have nearly the same impact, but when you're considering how vulnerabilities like this might influence your future purchasing decisions, remember that Kia's decision to omit interlocks from their US vehicles (but not Canadian ones!) led to a nationwide epidemic of Kia thefts so large it fed a crime wave, something a number of US cities are suing Kia over. If you've read about carjacking waves in places like Milwaukee and Chicago: that was largely driven by a decision Kia made, which resulted in the nationwide deployment of a giant fleet of "burner" cars that could be stolen with nothing but a bent USB cable.
wallaBBB
3 hours ago
Regarding the Kia Boyz - immobilizers have been mandatory in most of Europe since late 90s, in Canada since 2007. Basically there is something to put on (lack of) regulations as well as on HKMC.
Sohcahtoa82
2 hours ago
In the USA, we believe we don't need regulations, the Free Market(tm) will punish corporations that don't behave in a way that benefits their customers!
Insane to me that so many people believe this...
throw10920
25 minutes ago
Citation needed for the claim any significant fraction of the US population believe that regulations are completely unnecessary.
This runs directly contrary to my lived experience here, so unless you can provide evidence it sure seems like you're just stereotyping an entire nation to engage in ideological warfare.
dsr_
16 minutes ago
It doesn't need to be the population believing that regulations are completely unnecessary.
It just needs to be a sufficient number of politicians understanding that their donors and prospective donors find specific regulation of their industry overbearing.
op00to
33 minutes ago
I’ll certainly never buy another Korean car.
thfuran
25 minutes ago
And never an American one after the Pinto, and never a German one after the VW testing scam, and never a Japanese one after the recent safety scandal? I guess you can still get a Jaguar, so your mechanic won't complain.
vasco
2 hours ago
From my understanding immobilizer bypass tools are cheap and plenty.
acdha
2 hours ago
Even if that’s true, they are clearly nowhere near as “cheap and plenty” as watching a Tik Tok video. The spike in crime was far greater than normal random variation.
wallaBBB
26 minutes ago
Not really. At least not for those immobilizers that don't use "proprietary" ciphers. Automotive loves security through obscurity until it bites them in the ass. Today most manufacturers have moved to AES128, which is not cheap to brute force, especially if there is a rolling code (should be the case for many)
But you are right that there are many (older models) that use ciphers with know quick exploits: TI's DTS40/DTS80 (40/80bit, proprietary cipher, in many cases terrible entropy), models from Toyota, HKMC, Tesla. About 6s to crack in many cases.
NXP's HTAG2 - most commonly used one in the '00s - 48bit proprietary cipher, a lot less exploited in the wild than the TI's disastrous two variants.
mozman
16 minutes ago
you can just reprogram a new seed via canbus, don’t need to brute force it
mass_and_energy
2 hours ago
We Canucks needs all the features we can get to stop cars from being stolen, without exaggeration a car is stolen in Canada every 5 minutes on average.
SpaghettiCthulu
an hour ago
Too bad the only thing our current government can think to do is ban the FlipperZero.
Eumenes
3 hours ago
> something a number of US cities are suing Kia over
I can think of nothing more American than suing car manufactures because they're too easy to steal. The US is truly screwed.
tptacek
2 hours ago
They're being sued because they deliberately made the cars easier to steal in the US than they are elsewhere.
adolph
5 hours ago
> If you've read about carjacking waves in places like Milwaukee and Chicago: that was largely driven by a decision Kia made, which resulted in the nationwide deployment of a giant fleet of "burner" cars that could be stolen with nothing but a bent USB cable.
"A nationwide epidemic of Kia thefts" seems to be a natural consequence of decreased security. However, that carjacking in Milwaukee and Chicago specifically would follow from a nationwide omission of interlocks is not obvious as the vehicles are easily stolen without the need for personal confrontation. What is the connection of Kia interlocks to carjacking in Milwaukee and Chicago?
Terr_
4 hours ago
> However, that carjacking in Milwaukee and Chicago specifically would follow from a nationwide omission of interlocks is not obvious as the vehicles are easily stolen without the need for personal confrontation.
I think parent-poster means that the easily-stolen cars are being used as tools of carjacking, rather than the targets of it. In particular, carjacking that occurs by somehow provoking a victim to stop on the highway shoulder, a location where attackers can't exactly arrive by foot or bus or bike. That way they don't involve a vehicle that might be observed and traced back to them.
An alternate explanation is that they meant to write something like "theft" and accidentally put down "carjacking" instead.
levocardia
4 hours ago
This is correct, the usual procedure is: steal kia or hyundai with your friends using the no-interlock exploit --> find other cars to carjack (at gunpoint), or individuals to rob --> ditch stolen cars when no longer needed. Exploit no-pursuit policies as needed.
tptacek
4 hours ago
I've posted this point a couple times on HN and I guess I will keep posting until people stop expressing surprise that trivially stealable cars are a precursor to carjackings. I'm not dunking, there's no good reason for people to intuit that! But it's a really important thing to understand.
potato3732842
2 hours ago
I'd really like to see a citation for carjackings going up more than any other crime that a stolen car enables.
Cars are hard to fence and if you have a stolen car there's other crimes you can commit that have similar upsides and lower sentences/risks. For example ATMs never run over your buddies or shoot back at you.
adolph
3 hours ago
Thanks and thanks to the upthread explanations.
Part of what makes it unintuitive is the specificity:
* Why Milwaukee and Chicago instead of everywhere?
* Why carjacking and not a general increase in crimes that could be facilitated by an unassociated car (bank robbery, toll violations, etc)?
tptacek
2 hours ago
The phenomenon started in Milwaukee (the "Kia Boys" challenge), and I happen to live in Chicagoland, which experienced a huge wave of carjackings immediately afterwards. I have one of them recorded on my Nest camera in the alley behind my house. Nothing in particular about those two cities otherwise.
As the sibling points out: it's a broader issue than just carjackings --- but the carjackings themselves were novel, scared the shit out of people in a way that stochastic-seeming strong arm robberies don't. The headline here is: it was a gravely negligent thing for Kia to have done; I hope they lose their shirts.
kgermino
3 hours ago
FWIW the associated crime wave was much broader than carjacking (and I’m actually not aware of a particular increase in carjackings specifically due to the Kia issues but I don’t know) but the Kia issues seem to have started in Milwaukee.
For whatever reason, it became A Thing here more than a year before it went national. Car thefts in Milwaukee more than doubled (entirely due to a stupidly large increase in Kia/Hyundai thefts) and we got a reputation for Kia thefts before it became a national issue
anarticle
32 minutes ago
"Places like" include Philadelphia. It's not a closed set, just some examples. I have friends that have had their KIA stolen this way, and others that have outright sold their car to get a different brand due to how prevalent it is here.
jeffbee
2 hours ago
I question whether Milwaukee and Chicago are outstanding examples. I looked at a few reputable sources and those cities nor their states seem to be extremes in terms of car theft rates. Most of these law enforcement agencies are not specifically breaking our carjacking.
Random presentation of car theft stats comparing Chicago to a handful of others. We hear a lot about Chicago because many have a vested interest in deflecting discussions about crime. When was the last time you heard about the insane motor vehicle theft rate of Dallas? https://public.tableau.com/shared/W2KZH4JC7?:display_count=y...
Tool_of_Society
2 hours ago
Hell Mississippi as a state might soon pass Chicago in murder rate per capita. Chicago last year had a murder rate of 22.85 per 100,000 while Mississippi had a murder rate of 20.7 per 100,000. Louisiana had 19.8 and Alabama had 18.6..
tptacek
an hour ago
Chicago isn't even in the top 10 per capita. It's just a very big city that everybody forgets is a very big city.
reaperducer
2 hours ago
Why Milwaukee and Chicago instead of everywhere?
It wasn't just in those cities, it was nationwide. The poster was using those cities as examples because they are familiar to him.
wasteduniverse
5 hours ago
Don't anthropomorphize the lawnmower and blame Kia for this, blame the NHTSA for making it legal to skimp out on immobilizers in the first place. Regulations matter!
tptacek
4 hours ago
Since Kia/Hyundai is the only automotive group to have this problem, I'm going to go ahead continuing to blame them.
piva00
3 hours ago
I agree and still it's also the lack of regulation that enabled it to happen, and 2nd order effects of it is the increase in carjackings.
It's a pretty good argument for the regulation, since everyone else is already doing it just make it the standard.
pengaru
3 hours ago
> Volkswagen has entered the chat
cryptonector
3 hours ago
Lmao, good reference to u/bcantrill.
rideontime
3 hours ago
?