I can think of other, lower tech, DoS attacks against cars -- which are also not much exploited.

Someone once DoS'd my car, by slashing two tires. On a downtown public street.

That sucks to have happened to you, but that sentence made me lol.

People always say this about physical tech, but the difference is ease and scalability. Slashing all the car tires in a block is harder and more traceable than sending out a small RF signal.

Remediating slashed tires is a lot more difficult than waiting for your attacker to get bored and move on.

Which would be of no use at all to car thieves.

True, but it might be handy for kidnappers.

We're veering into movie-plot territory here.

(not original responder)

That's true. On the subject of movies, though, a plot point based on an actual vulnerability would be way better than typical Hollywood hacking.

Carjackers, and parking lot muggers.

Wouldn’t you need to have a device actively running within a few feet of the vehicle to run such an attack? Couldn’t the car start blaring an alarm or something in that case?

We’re not talking about a website here.

> Wouldn’t you need to have a device actively running within a few feet of the vehicle to run such an attack?

Nope. Just a high-gain antenna.

> Couldn’t the car start blaring an alarm or something in that case?

It could. But that might not help.

For example: you're driving your Mazerati down the road when it suddenly stops and the alarm goes off. The next day you get a letter saying, "If you don't want yesterday's little incident to become a regular event, send BTC500 to the following address...."

If the car responds to RFID keys at all when driving, that is a flaw.

If I get out of my car with the engine still running it starts beeping. I don't know if it will actually turn the engine off, but it obviously knows that the key has departed the vehicle.

Or it detected your bum leaving its seat.

My car also beeps when it detects that the key has left the car. The engine keeps running, but you obviously cannot turn it on again once you turn it off.

I had it happen without me leaving the seat (e.g. my wife has the keys in her bag/pocket, I had been driving, and she gets off the car to unarm the home alarm). The car is turned on by pressing a button, not by turning the key.

That seems like a reasonable setup. I'm having difficulty imagining how that could be hacked into the blackmail situation described above, since the sure way to avoid the beep is to keep the fob in the car.

No, because if I toss the key into the seat it stops beeping even if I'm not there.

..plus a high-gain antenna, and suddenly you have an attack that sets off every car alarm in the city at once.

...and that achieves?