False Alarm: The Truth About Automotive Security
A couple of months ago, Autoblog revealed that you could open a locked Mazda3 by smacking the door panel. Shortly afterwards, they posted a video demonstrating how to unlock a car using a tennis ball. Car owners and manufacturers greeted the revelation with indignant outrage. How dare these “anyone with a keyboard” communicators tell the whole wide world how to commit an illegal act? Clearly, the automotive community hasn’t grasped the lessons learned by the computer security industry.
In the billion dollar world of computer software, whether or not to disclose a potential security hazard is a genuine dilemma. On one hand, software developers don’t want nefarious forces to know that their product is vulnerable to attack. The law (i.e. the DMCA) is on their side, and they’re not afraid to use it. On the other hand, users have a compelling desire to know if they’ve bought a product that may endanger their intellectual property.
Thankfully, the users’ needs usually prevail. In this day and age, keeping a computer security story under wraps is more difficult than hiding a new Subaru Impreza from the press’ prying eyes. Inevitably, word gets out, warnings are sent, breaches repaired.
Unfortunately, the same pattern does NOT apply to vehicular vulnerability. Security issues are suppressed, the press isn’t bothered and automakers keep their distance from both problem and patch.
And so Mazda3 owners who learned about the door trick via the web were understandably irked. While it’s easy to focus on the anger they felt towards the messenger, the deeper and more important antagonism fell upon Mazda’s head. Why did the Ford subsidiary design such an easily defeated locking mechanism? When did they know it was game, set and match criminal, and why didn’t they do anything about it? What ARE they doing about it?
As is the way of such things, Mazda3 owners will eventually get over this entire incident. They’ll quickly learn to manage the “additional” (if only perceived) risk by changing their behavior (e.g. altering their parking geography) or adding defensive technology (e.g. upgrading their security system). Either that or they’ll do nothing and continue to take their chances, feeling slightly less secure. Until they don’t.
From a corporate PR POV, Mazda played it exactly wrong. The automaker failed to capitalize on their customers’ brand loyalty by quickly acknowledging the problem. To their credit, when they did put their hands up, Mazda also admitted that other of their vehicles may be susceptible to the same technique. But they refused to name names, ostensibly “protecting” the very consumers their slipshod door design had left vulnerable.
Vehicles from various manufacturers are prone to the same door lock weakness. But that doesn’t excuse Mazda’s piss-poor crisis management. Mazda violated the three rules of news containment: speed, honesty and transparency. They should have immediately admitted the door lock problem and honestly addressed its ramifications. Which are, in fact, none.
The majority of automotive alarm systems are nothing more than what security guru Bruce Schneier calls “security theater.” All those plips and beeps and flashing headlights may make owners feel better about leaving their car behind, but they do little to decrease the actuall odds that the vehicle will be violated. Immobilizers? Random key codes? High tech gadgetry be damned. Anyone with the motive, means and opportunity can pwn your car just as quickly and easily as a hacker can pwn your Windows server.
Car security companies like Crutchfield promise “When the bad guys see you have a security system, they'll most likely move on to an easier target.” But there’s precious little statistical science behind the claim. Common sense suggests there are far more important variables in play: the aforementioned spoils on display, whether or not your car is being stolen to order (for a chop shop or export), the likelihood of a rapid counter response, etc.
Whether a thief has to rap your door with his fist or hurl a brick through your window simply isn’t a mission critical issue– for them. Truth be told, most owners would prefer the former.
Car manufacturers know that the modern car alarm is little more than a psychological security blanket. But they’re happy to perpetuate the illusion of impregnability, rather than add genuine security (which would require some serious usability and affordability trade-offs). The now ubiquitous car alarm is an important sales-oriented gimme: a cheap way to convince the buyer that the manufacturer cares about protecting the customer’s property rights. And it makes the car seem more valuable.
When Autoblog pulled back the veil, telling the world that thieves had discovered a new way to break into Mazda3 owners’ cherished whip, the likelihood that a crime would be committed didn’t alter. The information simply reminded Mazda3 owners that if they leave a handbag or briefcase in their backseat overnight, they’ll probably be filing an insurance claim in the morning.
I'm a computer security geek raised in Nebraska and recently transplanted to Atlanta. I like me some cars, got into car geekery a few years ago and haven't looked back since. I also volunteer at a local ferret shelter and participate in various charity and fund-raising events related to that.
More by Megan Benoit
Latest Car Reviews
Read moreLatest Product Reviews
Read moreRecent Comments
- Bd2 Anal has been posting as my username again. My imports are : Hyundai Galloper, the original asian offroad SUV copied by the Isuzu Trooper, Izuzu Montero and Toyota Land Cruiser.
- Jeff Heard about this on You Tube. Not a fan of Stellantis but then there are those here who like them which is their prerogative.
- Oberkanone Retro is great when done right. Love it. If only 06 GTO would have looked like a 69 I'd own one. 2002 Thunderbird. Hate it. New Beetle I dislike. Current Bronco is fantastic. Challenger is very good.
- Jeff Don't mind retro as long as they don't bring back leisure suits, unbuttoned shirts exposing hairy chests with gold chains, men's platform shoes, wide lapels, wide ties, big shirt collars, mood rings, shag carpet, disco, and appliances in burnt orange, harvest gold, and avocado green. Those items I never want to see again. I wouldn't mind more analog gauges and knobs and buttons. Add more cars and less suvs.
- Mic I have a '23 Limited Forester and I've learned that driving a CVT is different from an automatic slush box. I have no problems passing anyone on the highway as long as I gradually put the pedal to the metal over the course of about a second. I think it takes the computer a second to adjust the pulley ratios or something. If you just stomp on it I think it gets confused for more than a second lol. So, once you get the hang of it, it really doesn't lack torque at all. Look at CRs 45-65 acceleration times (which is a better metric than 0-60 times) and the Forester is quicker than a lot of other compact SUVs.
Comments
Join the conversation
Not that it really changes the point of this article, but everybody here knows that the tennis ball unlocking your doors thing was a joke, right? To put it more simply.... it doesn't work folks. However, it's pretty easy to make a video that makes it look like it does. You just have to make sure that the guy with the key fob isn't in the picture.....
Why is everybody surprised about the Mazda3 door lock? The first generation Mazda RX7 could be opened by a flat blade screwdriver inserted under the door handle. Easier than the key even.