View previous topic :: View next topic |
Author |
Message |
nej Frequent Visitor
Joined: Jun 16, 2004 Posts: 454 Location: London, Ingerlund
|
Posted: Fri Jun 16, 2006 4:14 pm Post subject: |
|
|
The problem with implemnting GSM into a SatNav is that it would require a SIM card and therefore some kind of subscription to the mobile network.
Implementing something over radio is not great, as you know some 16-yr old kid will manage to decode the signal and walk around zapping people's Satnav's off the face of the planet for fun....
A simple PIN number that can't be reset, short of returning the unit to the manufacturer (or approved repairer) with proof of purchase (this could be done online as a registration, perhaps) seems the easiest, but probably still has flaws. |
|
Back to top |
|
|
Ash10 Pocket GPS Verifier
Joined: Feb 19, 2005 Posts: 478
|
Posted: Mon Jun 19, 2006 2:10 pm Post subject: |
|
|
NickG wrote: | I disagree entirely. These devices are not 100% software that can be simply cracked. They are hardware devices - and the hardware is impossible to modify without destroying the unit. |
Absolute crap.
Any protection system - be it software, hardware, or a combination thereof can be circumvented. |
|
Back to top |
|
|
NickG Frequent Visitor
Joined: Nov 09, 2003 Posts: 357 Location: UK
|
Posted: Mon Jun 19, 2006 2:45 pm Post subject: |
|
|
Ash10 wrote: | NickG wrote: | I disagree entirely. These devices are not 100% software that can be simply cracked. They are hardware devices - and the hardware is impossible to modify without destroying the unit. |
Absolute crap.
Any protection system - be it software, hardware, or a combination thereof can be circumvented. |
Explain how you can modify the INSIDE of a chip in order to bypass a hard wired security mechanism? Or even how you could modify the software stored on ROM in the device? Anything you do to try to bypass it would totally destroy the device. There is nothing you can do to bypass a hardware security mechanism. Perhaps you could disable a tracker built into a GPS for example, but there's no way that it could still be used as a GPS afterwards.
To me it sounds like you know nothing at all about electronic or software engineering. What's your degree in? |
|
Back to top |
|
|
Ash10 Pocket GPS Verifier
Joined: Feb 19, 2005 Posts: 478
|
Posted: Mon Jun 19, 2006 3:18 pm Post subject: |
|
|
NickG wrote: | Explain how you can modify the INSIDE of a chip in order to bypass a hard wired security mechanism? |
Why would you need to modify the inner workings of a chip? The weakest point-of-attack is usually the interface/bus between the various system devices.
Quote: | Or even how you could modify the software stored on ROM in the device? |
Desolder it and RoadRunner it up to a programmer. Bit of a sod with uBGAs (though not impossible), but most consumer stuff uses TSOP for cost.
Quote: | Anything you do to try to bypass it would totally destroy the device. There is nothing you can do to bypass a hardware security mechanism. |
In a fully-integrated SoC environment, that may well be the case.
In the real world however, not so.
Quote: | To me it sounds like you know nothing at all about electronic or software engineering. What's your degree in? |
There's no need to get personal - so please forgive me if I don't take your bait.
Meanwhile, back in Threadville:
The simplest and best solution is to always remove the unit when you leave the vehicle. A bit of a PITA, but nothing compared to having to replace side windows etc. |
|
Back to top |
|
|
NickG Frequent Visitor
Joined: Nov 09, 2003 Posts: 357 Location: UK
|
Posted: Mon Jun 19, 2006 3:52 pm Post subject: |
|
|
Ash10 wrote: | Why would you need to modify the inner workings of a chip? The weakest point-of-attack is usually the interface/bus between the various system devices. |
Because unless the security system is a joke, it will have been implemented such that this is necessary - that being the entire point of implementing it in hardware.
Ash10 wrote: | Quote: | Anything you do to try to bypass it would totally destroy the device. There is nothing you can do to bypass a hardware security mechanism. |
In a fully-integrated SoC environment, that may well be the case.
In the real world however, not so.
|
I'm not talking about the current real world devices! This thread is about what SHOULD be done in the future to prevent thefts of sat-nav devices. In the real world, you could just patch the firmware as most devices are just off the shelf parts with firmware (TomTom included). My only objection was that you used the word "any".
If ANY security system could be easily bypassed, do you not think we'd all have gold cards for Sky Digital we bought off eBay for a fiver?
Anyway - the manufacturer only needs to make it hard enough or time consuming enough such that nobody BOTHERS trying to steal them. It doesn't need to be bulletproof. If it took several hours and resolding chips and faffing around with hardware debuggers to hack a £300 sat-nav system nobody would bother. Problem solved.
Ash10 wrote: | There's no need to get personal - so please forgive me if I don't take your bait. |
You say "absolute crap" to a statement I said which is correct and you expect me to NOT get personal?! If people swear at me I am bound to take it as a personal insult - that's pretty normal.
All I was trying to say is, it is POSSIBLE to implement such a system which is secure and can't be bypassed. I wasn't even trying to claim that this would be possible to implement on an existing device. For instance all TomToms are basically just standard PDAs running linux and could be easily patched to bypass security without even opening the device. |
|
Back to top |
|
|
Ash10 Pocket GPS Verifier
Joined: Feb 19, 2005 Posts: 478
|
Posted: Mon Jun 19, 2006 4:30 pm Post subject: |
|
|
I think one thing that we can agree on, is that any security system is only as strong as it's weakest link ;)
As you point out, TomTom units are essentially PDAs - and anything based on any kind of open architecture is going to be inherently insecure (in this context). Conversely, proprietary units like Garmin's are more secure - or more accurately, have the potential to be more secure.
If Garmin (and similiar) units asked for a simple PIN number before booting the main (flash upgradeable) code, then theft of those units would pretty much stop overnight.
What's really interesting is how none of the manufacturers seem to be addressing this issue... |
|
Back to top |
|
|
NickG Frequent Visitor
Joined: Nov 09, 2003 Posts: 357 Location: UK
|
Posted: Mon Jun 19, 2006 4:41 pm Post subject: |
|
|
Ash10 wrote: | If Garmin (and similiar) units asked for a simple PIN number before booting the main (flash upgradeable) code, then theft of those units would pretty much stop overnight.
What's really interesting is how none of the manufacturers seem to be addressing this issue... |
That's the precise point I was making, so I'm not sure why your "absolute crap" comment was really necessary.
I don't see why there couldn't be a portion of the software on ROM which vetted the firmware upgrades, such that only TomTom signed firmware could be flashed. Then just build the protection into the firmware and it would be next to impossible to bypass without altering the contents of the ROM. I think things like PIC chips allow you to make parts of the Flash memory read only (after all, they're serially programmed so the chip itself is in charge of what gets flashed to what area of memory).
The new TomToms ask for a PIN if you set one, but I'm not sure if you can flash the firmware or do a factory reset (if they have this) to bypass the PIN.
I guess what PDAs and sat nav systems need is some area to store the protection code that is not flashable. Perhaps it's hard (or expensive) for them to implement strong security if they don't have this. So really, it's the processor or Flash memory manufacturers that need to implement security - but they'd need to be driven by the demands of people like TomTom. |
|
Back to top |
|
|
oldfogy Frequent Visitor
Joined: May 08, 2006 Posts: 252 Location: West Midlands. UK
|
Posted: Mon Jun 19, 2006 4:52 pm Post subject: |
|
|
Ash10 wrote: | What's really interesting is how none of the manufacturers seem to be addressing this issue... |
Maybe they have their heads in the clouds and think that one stolen unit means another sale (replacement).
We all know that nothing is foolproof, you only have to look at "TV Cable box's, Sky Box's, Mobile phones, Play Station's" the list IS endless.
Maybe, if any one of the manufacturer's built-in anti-theft deterrents, I would imagine their sales would go sky high compared to other manufactures, just for this feature alone.
Lets face it, it's not always practicable to remove the mount every time we park-up, so no matter what we do, i.e. leave the glove box open or put a note on the mount saying "removed from vehicle", a thief will still try, thinking we left it under the seat. _________________ (If it ain't broke, I can soon fix it) |
|
Back to top |
|
|
oldfogy Frequent Visitor
Joined: May 08, 2006 Posts: 252 Location: West Midlands. UK
|
Posted: Mon Jun 19, 2006 4:57 pm Post subject: |
|
|
[quote="NickG"] Ash10 wrote: | The new TomToms ask for a PIN if you set one, but I'm not sure if you can flash the firmware or do a factory reset (if they have this) to bypass the PIN. |
My TT One is only one month old, it does not ask for a pin and never has.
Maybe this pin feature is only on some of the "dearer" models? _________________ (If it ain't broke, I can soon fix it) |
|
Back to top |
|
|
Ash10 Pocket GPS Verifier
Joined: Feb 19, 2005 Posts: 478
|
Posted: Mon Jun 19, 2006 5:10 pm Post subject: |
|
|
NickG wrote: | Ash10 wrote: | If Garmin (and similiar) units asked for a simple PIN number before booting the main (flash upgradeable) code, then theft of those units would pretty much stop overnight.
What's really interesting is how none of the manufacturers seem to be addressing this issue... |
That's the precise point I was making, so I'm not sure why your "absolute crap" comment was really necessary. |
Maybe I'm a little too curt sometimes Or maybe you're just too sensitive :P
Quote: | I don't see why there couldn't be a portion of the software on ROM which vetted the firmware upgrades, such that only TomTom signed firmware could be flashed. Then just build the protection into the firmware and it would be next to impossible to bypass without altering the contents of the ROM. |
It's certainly possible to mask ROM boot code into most modern DSPs - that would work until someone works out how the firmware signing checksum is calculated, and adds it to their hacked version.
Quote: | I think things like PIC chips allow you to make parts of the Flash memory read only (after all, they're serially programmed so the chip itself is in charge of what gets flashed to what area of memory). |
In a way, this is what I meant by my earlier comment - people put way too much faith (and often naivety) into technology.
Yes, you can blow the read-fuse on PICs, and yes, you can often still read the image out afterwards.
Quote: | The new TomToms ask for a PIN if you set one, but I'm not sure if you can flash the firmware or do a factory reset (if they have this) to bypass the PIN.
I guess what PDAs and sat nav systems need is some area to store the protection code that is not flashable. Perhaps it's hard (or expensive) for them to implement strong security if they don't have this. So really, it's the processor or Flash memory manufacturers that need to implement security - but they'd need to be driven by the demands of people like TomTom. |
My guess is that the manufacturers aren't that bothered - after all, they get to sell a replacement unit.
Given that whoever buys the stolen unit probably would never have bought one legitimately, that's something of a result for the manufacturer/retailer. |
|
Back to top |
|
|
NickG Frequent Visitor
Joined: Nov 09, 2003 Posts: 357 Location: UK
|
Posted: Mon Jun 19, 2006 5:10 pm Post subject: |
|
|
NickG wrote: | Ash10 wrote: | The new TomToms ask for a PIN if you set one, but I'm not sure if you can flash the firmware or do a factory reset (if they have this) to bypass the PIN. |
My TT One is only one month old, it does not ask for a pin and never has.
Maybe this pin feature is only on some of the "dearer" models? |
By new TomToms, I mean the new design of TomToms. The TomTom One has been out for a year or more and has the old version 5 firmware and older maps. However they will shortly release the version 6 firmware for the One which will add this functionality to it. |
|
Back to top |
|
|
NickG Frequent Visitor
Joined: Nov 09, 2003 Posts: 357 Location: UK
|
Posted: Mon Jun 19, 2006 5:25 pm Post subject: |
|
|
Ash10 wrote: | It's certainly possible to mask ROM boot code into most modern DSPs - that would work until someone works out how the firmware signing checksum is calculated, and adds it to their hacked version. |
There are plenty of signing and encryption systems which could be used to for firmware which are uncrackable and have never been cracked despite massive bountys put up by the designers of the systems (eg RSA). Any that have been "cracked" have simply been brute force cracked (ie it took several CPU years of time to do). Many of these algorithms are royalty free.
Brute force cracking long keys would take a ridicously long time to crack (we're talking thousands of CPU years) and therefore not worth trying on a cheap sat-nav system.
I just feel like they could do a lot more. But as you say, they have no incentive to do so. Perhaps there should be a tax on stolen goods payable by the mfg. Ie if your sat-nav system is nicked, the manufacturer has to pay a fine That would get them working on the problem and you can bet that all mobiles, cars and sat-nav devices would become pretty secure within a year |
|
Back to top |
|
|
oldfogy Frequent Visitor
Joined: May 08, 2006 Posts: 252 Location: West Midlands. UK
|
Posted: Mon Jun 19, 2006 5:33 pm Post subject: |
|
|
Quote: | By new TomToms, I mean the new design of TomToms. The TomTom One has been out for a year or more and has the old version 5 firmware and older maps. However they will shortly release the version 6 firmware for the One which will add this functionality to it. |
Thanks for the update.
I suppose thats technology again for you, "out of date the day after purchase" _________________ (If it ain't broke, I can soon fix it) |
|
Back to top |
|
|
tonys66 Lifetime Member
Joined: May 25, 2006 Posts: 510 Location: norfolk
|
Posted: Mon Jun 19, 2006 6:19 pm Post subject: |
|
|
Ash10 wrote:
The new TomToms ask for a PIN if you set one, but I'm not sure if you can flash the firmware or do a factory reset (if they have this) to bypass the PIN.
I have a TT910 i set a pin to see ?
If i reset using the pin hole (soft boot i think it's called) it will still ask for pin before starting.
The only way you can change pin is if its up and running.
The only way to do a full factory reset is if it's up and running.
Asked TT and was told i must send TT to them if i can't rember pass and when they reset they will ask questions to verify ownership ???? |
|
Back to top |
|
|
oldfogy Frequent Visitor
Joined: May 08, 2006 Posts: 252 Location: West Midlands. UK
|
Posted: Mon Jun 19, 2006 6:32 pm Post subject: |
|
|
Quote: | The new TomToms ask for a PIN |
I think that is a fantastic idea.
And yet, not once with all the recent adds on the TV do they even mention this security aspect.
Now, obviously the owners know.
So.
Come on TomTom get your fingers out and inform the crooks. _________________ (If it ain't broke, I can soon fix it) |
|
Back to top |
|
|
|
Posted: Today Post subject: Pocket GPS Advertising |
|
|
We see you’re using an ad-blocker. We’re fine with that and won’t stop you visiting the site.
Have you considered making a donation towards website running costs?. Or you could disable your ad-blocker for this site. We think you’ll find our adverts are not overbearing!
|
|
Back to top |
|
|
|