528
Revealed: car industry was warned keyless vehicles vulnerable to theft a decade ago
(www.theguardian.com)
This is a most excellent place for technology news and articles.
Could anyone with more knowledge confirm, but couldn't they just do what some car companies are doing and have a system by which you can just disable keyless entry when it's parked up at night?
If I'm at home and my car is parked up where the key could potentially be repeated then I just disable it by locking the car using the key and tapping on the door handle, which disables just tapping the door handle to unlock it again, and only the unlock button on the key works. As far as I understand it resolves this issue, unless I'm missing something?
That won't work for human reasons: few people will remember to lock the car that way at night-
That's a very simple process, I'm sure people would be more than happy to do that on available vehicles.
Have you met any non-technical people?
In my mom's basement? No.
In theory (barring the bit where you could literally break into Hyundai cars of the last few years, plug a USB stick into them and drive away), it is technically easier to steal some older vehicles without keyless entry (any car that has a key but doesn't require that key to communicate with a security module). A criminal can (and some do) drill out the ignition lock cylinder, insert a blank one and then drive away with any thin bladed metal shank (flathead screw driver) as if nothing happened. Buy a new keying kit, and they take only a couple of minutes to install assuming they even care to do so (chop shop might care, joy rider won't, someone interested in rummaging through the vehicle and dumping it won't etc).
The keyless entry systems implemented on new cars work by having what's essentially like an RFID in the key that communicates with a security module or multiple modules in the car, and this transmission is pretty much always active and only checked by range. If the car is close enough to where you hang your keys by the door the car may pick up this signal, and in the case of vehicles with keyless entry where you just need to touch the door handle with the key nearby that would give the thieves entry to the vehicle.
They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key. Then using a GPS blocking tool they can prevent the car from pinging their location. At that point the only thing stopping them from taking the vehicle is their ability to take it out of park or start it. The tech to start it is fairly cheap. Taking it out of park is pretty simple for most cars if you already have access to the inside (ICE vehicles especially because there is usually a transmission selector switch attached to a cable that directly connects to the shifter (automatic or manual).
I could roll a car down the street if it was level or a light grade by myself and I'm not a big person. If you drive a truck or an SUV and that selector switch is on the bottom or side of the transmission that's even easier and simpler to access (and doesn't even require a thief to have access to the inside of vehicle to put it in neutral). If the horn is accessible through a wheel well? A thief can just disconnect it and the alarm won't even sound. If they already have access to the inside of the vehicle a thief can just pull the horn fuse.
Automotive companies rely on the premise that there aren't enough dishonest people in the world with the technical know how to circumvent their security so cost to benefit analysis says don't worry about making it more secure until they're forced to. Either by public demand, or by government oversight and regulation.
Although if the signal is vulnerable to a replay attack just like that, it was a woefully poor design to begin with.
It's why a lot of garage door systems don't use a fixed code, but something more like 2FA codes, where it changes each time it's used.
You'll get no disagreement from me. I feel the same way about RFID ID tags. I remember seeing a CSI episode once where girls were getting RFID chips implanted in their wrists or something and using that to pay door fees and tabs at bars. I would never. I can and have cloned an RFID badge (to avoid paying $80 to my apartment complex for a badge that was inaccessible because it fell into a crevice of a locker at a gym), and I gotta tell ya, it doesn't take enough time for me to be comfortable using it as a security feature for most anything.
This seems a lot more complicated and much worse than just using actually cryptographically secure keys to verify that it's the real key.
Or just not storing your key where it can be repeated 🤪 this attack is 100% mitigated by some distance or just fuckin' aluminum foil.
You would need to put your keys in a faraday cage.
Distance doesn't matter, as they can just use a bigger antenna or better amplifier. You find footage of people using large loops of wire to capture the signal from the keys
Sure, you could and probably should do that. But is that something the consumer should have to do?
At what point is a design flaw/defect the consumer's responsibility?
We just shut off our Toyota fobs every time we park, it's a few extra button presses on the fob but gives some piece of mind. Why they can't just put a simple power toggle on the fob that everyone could easily use when done is beyond me. Most people, Toyota employees included, didn't even know the fobs could be powered down with a button combo.