camperjust visiting this planet Premium Member join:2010-03-21 Bethel, CT
4 recommendations |
camper
Premium Member
2015-Apr-17 1:06 pm
Thieves using a $17 power amplifier to break into cars w/remote keyless sys  Thieves using a $17 power amplifier to break into cars with remote keyless systems » www.networkworld.com/art ··· ems.html
If you have a wireless key fob for a car with a remote keyless system, then you might want to start keeping your keys in a freezer or other Faraday Cage to protect it from high-tech thieves, who can use a $17 power amplifier to break into your vehicle. ...
|
|
therube join:2004-11-11 Randallstown, MD 2 edits |
PDF: » www.isoc.org/isoc/confer ··· /2_1.pdfquote: *2 Instead of providing names of car models and manufacturers that we tested, wedescribetheoperationofthePKESsystemthatthetestedmodels use. We leave it to the readers to verify with the manufacturers if the described or similar PKES system is used in specific car models.
And having just (recently) become aware of this feature, I said to myself, "hey, that's something that would be of benefit to me!". So the Mazda, Merz, Hyundai, VW, Datsun (I find it difficult to say Nissan), Subaru ... that I've been looking at ... Wonderful. (And thanks .) quote: When the attacker drives away with the car, the relay will no longer be active. The car may detect the missing key; however, for safety reasons, the car will not stop, but continue running. Similarly, the car might detect a missing key for several other reasons including if the key battery is depleted. Some car models will not notify the user if the key is not found when the car is on course, while some will emit a warning beep. None of the evaluated cars stopped the engine if the key was not detected after the engine had been started.
quote: Unless the car keeps a log of recent entries and records exchanged signals (e.g., for later analysis), it will be difficult for the owner to know if his car was entered and driven. Similarly, it will be difficult for the owner to prove that he is not the one that actually opened and used the car. This is because there will be no physical traces of car en- try. This can have further legal implications for car owners in case that their cars or property from their cars are stolen due to this PKES vulnerability.
Countermeasures ... Faraday cage ... (Why do they write these papers, but then don't date them?) |
|
hayc59Your a Daisy Premium Member join:2001-02-26
3 recommendations |
to camper
So much for the show 'Bait' car!! what ingenuous children we have! Its truly sad that they cant put it to better usage |
|
John Galt6Forward, March Premium Member join:2004-09-30 Happy Camp
2 recommendations |
to camper
|
|
|
jap Premium Member join:2003-08-10 038xx |
jap to camper
Premium Member
2015-Apr-17 6:25 pm
to camper
These fobs ... after I lose the original can I get a replacement at the local hardware store for $1.25? Whole thing seems a gimmicky, hassle-prone solution to a non-problem. Similar to the $250.00 replacement, can't buy it in my county, wait 4 days, 3-ounce RFID keys that came out over a decade ago. I simply have no issue with my simple, cheap, lightweight, battery free, waterproof, crush-proof, metal key. This story is making the U.S. MsM rounds due to a NYTimes article. Also got an Ars mention. » www.nytimes.com/2015/04/ ··· es.html?» arstechnica.com/cars/201 ··· urglary/ |
|
dave Premium Member join:2000-05-04 not in ohio 1 edit
2 recommendations |
to camper
said by an article on the subject : Mr. Danev said that when the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter.
Does anyone know how to translate that into meaningful words? Is the power amp configured as an RF repeater, or what? I think the basics of the situation is that the car transmits something to the key fob, and the key fob responds to the car. Right? So we need the car-to-key transmission to be boosted in power for the key to hear it, and the key-to-car transmission to be picked up by a sensitive receiver and then retransmitted. Or am I totally off-base here? EDIT: I just noticed the link posted by John Galt6 . I guess I should go and read it. EDIT some more: I was more-or-less right in outline; the repeater may only need to operate in the car-to-key direction (low frequency, short range) since the key-to-car transmission typically operates at UHF and has much longer range. The article talks about a frequency-changing relay system with an antenna at each end, and possibly some amplification in the middle. I suppose, though, with enough power amplification you can get reasonable results just by boosting the car-to-key signal; the original details suggest this by focusing on the "$17 power amplifier". |
|
jap Premium Member join:2003-08-10 038xx |
jap
Premium Member
2015-Apr-18 12:27 am
said by dave:Does anyone know how to translate that into meaningful words? A physical pull on a car door latch invokes the car to query for a fob. Fob has own power supply with which it replies. Car's init signal is designed to be near field only, fob not so much so amp-repeater has only to be involved with car-to-fob, fob responds directly to car authorizing entry + disable alarm. I don't recall freq hopping language but then it was a few days ago I read the piece. And this ale is tasty. |
|
|
to camper
All this would be useless if the driver had to press a button on the keyfob to open/start the vehicle. But OH EM GEE the INCONVENIENCE! |
|
Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI TP-Link Archer C7 Linksys WRT54GS Linksys WRT54G v4
|
to dave
said by dave:EDIT: I just noticed the link posted by John Galt6 . I guess I should go and read it. Thanks to both you guys - the right link for sure! We get a double-whammy: Bad tech reporting and the bad concept of near-field being secure when radio is involved. Both are getting out of hand. I wonder if there's a spike in RF amp sales? |
|
TheMG Premium Member join:2007-09-04 Canada MikroTik RB450G Cisco DPC3008 Cisco SPA112
2 recommendations |
TheMG to jap
Premium Member
2015-Apr-18 2:54 am
to jap
This vulnerability has actually been exploited a couple months ago on the street where my parents live, only the thieves didn't use it to steal the vehicles, just to open them up and steal the contents. People woke up one morning to find that any valuables they had left in their vehicles, parked in their own driveways, were gone, with absolutely no signs of forced entry. The thieves even locked the vehicles after they were done stealing the valuables. The only vehicles broken into were the ones with this new keyless system. said by jap:Whole thing seems a gimmicky, hassle-prone solution to a non-problem. Yep. I don't understand the point of these things either. How hard is it to take a traditional key out of one's pocket and stick it in the ignition, like the good old days? How lazy can people be? Apparently, very. Convenience for the car owner also turns into convenience for thieves. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
2 recommendations |
to camper
This was in the news in Australia, they had local cases of theft using this keyless entry amplifier.
They need to re-think it.
For example: if the key only activated (broadcasting) when it was in motion. So you'd put it on a desk and it would stop transmitting. That along with some frequency hopping and you wouldn't be able to hack it short of invoking an earthquake under the house. |
|
dave Premium Member join:2000-05-04 not in ohio |
dave to TheMG
Premium Member
2015-Apr-18 10:16 am
to TheMG
said by TheMG:I don't understand the point of these things either. Oh, it's kind of appealing. I once had a rental car with this feature. It's like you don't have to lock the car at all nor mess with an ignition key. I don't call it "lazy" - I call it "ease of use". It's up there with every other ease of use feature, from electric starter motors to electric windows via self-parking windshield wipers and automatic gearboxes. No doubt all those were described as features for the lazy by someone. (I agree in the case of automatic gearboxes). Mind you, as a new user I found it gave me anxiety. Did the car really lock itself? A couple of times I put the key on the ground and then walked back to the car without the key, to check. (Rental car: so I wasn't reading manuals to see if there was any way to turn on notification of locking) Too bad it has such a gaping hole in the implementation. |
|
onebadmofogat gnitsoP Premium Member join:2002-03-30 Pennsylvania |
to camper
This seems that it will only work with fobs that allow a door to open when close to it. Otherwise you need to press the button on the fob to send the signal to open it. ...yes? |
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2015-Apr-18 10:25 am
Right. Specifically, for cases where the car initiates the exchange of communication and no-one needs to touch the key.
(i.e., it depends on the car being equipped for this mode of operation, as well as the fob) |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
to onebadmofo
most keyless proximity systems auto-unlock the car as you approach. Then you get in and press a button to start the engine. There are lots of explanations and manual pages for various failure modes and what to do with error messages like key out of range, and how to make sure the car is locked or unlocked etc. |
|
5 recommendations |
to camper
....good read overall... yet again reinforces the two lessons I pick up in this forum : a) security (testing) is usually the LAST thing in the design specs b) if it is made by human hands, it can be broken by human hands. Regards |
|
linicxCaveat Emptor Premium Member join:2002-12-03 United State |
to camper
I live in a Faraday Cage! That thing would never work with my 15-year old Jeep. Yes it has remote, keyless entry, but you cannot drive it off without key as when you put your foot on the break the first time, to shift or stop, the car dies. It will not re-start without a key. . |
|
onebadmofogat gnitsoP Premium Member join:2002-03-30 Pennsylvania |
to justin
said by justin:most keyless proximity systems auto-unlock the car as you approach. Then you get in and press a button to start the engine. Yeah that's how my 08 Altima was. Pretty convenient feature. I now have a benz but mine isn't equipped with that. I can GET that feature but it's not a deal breaker. Maybe in my next lease. |
|
|
to camper
Um... do you really need to put the keys in the freezer? Wouldn't the frig be good enough? Or, does the larger RF leak around some frig doors make them less effective? |
|
camperjust visiting this planet Premium Member join:2010-03-21 Bethel, CT |
camper
Premium Member
2015-Apr-18 4:11 pm
  If it were me, I'd probably get one of those little metal toy "safes", put it on a shelf and use it as the key holder in the house.
No sense opening the fridge or freezer every time you need to put your keys away or get them. The kids open them enough as it is.... |
|
John Galt6Forward, March Premium Member join:2004-09-30 Happy Camp |
to camper
Any metal container is sufficient... |
|
camperjust visiting this planet Premium Member join:2010-03-21 Bethel, CT |
camper
Premium Member
2015-Apr-18 5:28 pm
  Yup, for example, an old pot from the kitchen with a lid would work fine. But the toy safe would look cool. |
|
|
Boooooost to therube
Anon
2015-Apr-18 8:04 pm
to therube
The car may detect the missing key; however, for safety reasons, the car will not stop, but continue running. Yeah, that's a great feature. I know someone who parked his car at the airport. Three days later, they called him to tell him his car was still running. |
|
Astyanax Premium Member join:2002-11-14 Melbourne, FL ·AT&T FTTP
|
to camper
I thought that the car had to be in contact with the fob for a certain amount of time to keep running or the car would stop? I read the article about the girl on the bike who stole the reporter's car. I would think after a certain distance the car got from the fob the car would stop running. |
|
camperjust visiting this planet Premium Member join:2010-03-21 Bethel, CT |
camper
Premium Member
2015-Apr-19 12:11 pm
said by Astyanax: thought that the car had to be in contact with the fob for a certain amount of time to keep running or the car would stop? I read the article about the girl on the bike who stole the reporter's car....   I'm not sure which article you are referring to, but the article cited in my message you replied to was about the girl on a bike breaking into a car, not stealing it. |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB |
to camper
A bit similaraity, that I open my wifes car just with my phone & her cell phones near her key port ...... cause she forgot her key on her driver site & the car automatic lock her after 90 second {{{ SMILE }}} |
|
TheMG Premium Member join:2007-09-04 Canada MikroTik RB450G Cisco DPC3008 Cisco SPA112
2 edits
2 recommendations |
to Astyanax
said by Astyanax:I would think after a certain distance the car got from the fob the car would stop running. They do not. Once the engine is started, it will keep running even if the fob is taken away from the car. While this is bad from a security standpoint, it is an important safety feature. Many accidents have happened from engines suddenly quitting while a vehicle is being driven. Therefore, if the engine were to suddenly shut off due to a key fob malfunction while driving, this could in some cases cause an accident to happen due to loss of power brakes and power steering, or being stuck in the middle of heavy highway traffic when the engine stops. This is why manufacturers have designed it so the engine keeps running even when the fob is away from the car. The only way I can think of to really make this system secure, is to not have it at all and go back to traditional mechanical key ignition. Transponder keys were a step forward in terms of vehicle security but the keyless promximity systems are a HUGE step backwards. I really don't think there is an easy way to prevent the "power amplifier" hack, that doesn't involve manual intervention (ie: a disable switch on the fob or having to press a button on the fob to activate/deactivate it). One method that might work would be a system that measures the latency in communication between the car and fob in order to determine the true distance between the fob and the car. However, I don't think that would be easy nor cheap to implement as the distances are very short relative to the speed of radio waves in air. |
|
therube join:2004-11-11 Randallstown, MD |
to TheMG
quote: How hard is it to take a traditional key out of one's pocket and stick it in the ignition, like the good old days? How lazy can people be? Apparently, very.
Until recently (couple weeks ago) I never knew such a feature existed. I'd noticed "something" on various cars, but no one mentioned anything about it. Then a Nissan salesman was like, "hey, you can lock or unlock the car, by ...". And I'm like, oh, so that's what that's for. Then a number of days later, I pull up to work, I fumble around with my key & I've got a bunch of papers I'm gathering up. Get out of my car, turn towards it, kind of hunch over, & press the button on the key to lock the doors. At that point, it was like, "Oh, wow! I don't have to do that any longer - if I had... That would be a great convenience for me!". |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN
2 recommendations |
to camper
Another fine example that ease of use is the enemy of security.
Chalk this down as one of those ideas that sounded good at the time.
Unfortunately, as is too often the case, they didn't ask, "What would someone with bad intentions do?" |
|
F100 join:2013-01-15 Durham, NC Alcatel-Lucent G-010G-A (Software) pfSense Pace 5268AC
|
to camper
On my 66 F100 I have kill switch like Biff Tannen's 1946 Ford Super De Luxe Convertible in Back to the Future. It's tied into the MSD ignition system I put on it. Sometimes I forget I enable it and I'm like, "man, why won't my truck start?" And then I remember and can only laugh.
If you have one of these newer cars, you need to install something like this I guess.
We have a 2012 Honda Odyssey and thankfully it still has a key, the kind with the unlock fob built into it. It's huge but it's still a key and you need it to start the car. The newer models went with this wireless fob junk. More stuff I read like this just makes me want to buy only older cars that have been fixed up. You can put all the modern stuff on them now and they still work better than new cars, if done right. And they appreciate rather than depreciate. |
|