keep your keyless fob in a metal box my friends car was broken into

clubb699 · 6 Dec 2017 at 20:41

Hi all, just a word of warning my mates car was broke into by thiefs , they used a key fob relay and stood outside his house and beamed the signal to unlock his car.

They turned the alarm off and opened the doors of his company car and stole stuff from inside the car, not sure why they did not take the car but luckly they did not.

Keep safe dudes

Hyburnate · 6 Dec 2017 at 20:44

clubb699 said:
Hi all, just a word of warning my mates car was broke into by thiefs , they used a key fob relay and stood outside his house and beamed the signal to unlock his car.

They turned the alarm off and opened the doors of his company car and stole stuff from inside the car, not sure why they did not take the car but luckly they did not.

Keep safe dudes

Because they haven't got the chain to get rid of it yet and were testing the concept, now they know it works they'll be stealing cars to order.

clubb699 · 6 Dec 2017 at 20:47

Hyburnate said:
Because they haven't got the chain to get rid of it yet and were testing the concept, now they know it works they'll be stealing cars to order.

Yeah very true

Pawnless Endgame · 6 Dec 2017 at 21:26

Surely it's back to the drawing board if cars as being opened this easily?! O.o

Perhaps set up 2FA when you buy your car as a suggestion for security? Treat it as if it's PayPal which uses the fingerprint or iris scanner on your phone, then NFCs it to the car.

Greebo · 6 Dec 2017 at 21:57

You can buy bags to keep you car keys in. It’s becomng to current big thing for steal8ng cars from peoples drives as most people keep their car keys near the door.

https://www.express.co.uk/life-styl...ss-entry-hack-Mercedes-Solihull-Birmingham-UK

Technology eh?

Faraday bags are selling by the boat load atm

https://www.amazon.co.uk/Keyless-Entry-Signal-Blocker-Faraday/dp/B071ZGGRD1

Regy53 · 6 Dec 2017 at 22:10

just buy a old ammo box on ebay

dowie · 6 Dec 2017 at 22:16

it does seem pretty ridiculous how crap some manufacturers are at security... this whole keyless entry thing... oh just broadcast a signal that when re-broadcast works as though the key is actually there...

whereas a phone costing far less than a car can be unlocked by fingerprint or even just scanning your face... it think it is about time they started thinking about some form of two step verification for cars

Caged · 6 Dec 2017 at 22:41

It's like figuring out key replay and impersonation isn't already a solved problem. There's no reason why keyless entry can't create a secure channel between the key and the car, and the key fob doesn't wake up unless it's being moved.

Angilion · 7 Dec 2017 at 00:32

Privacy and security aren't considered important enough to be worth spending money to develop and implement and overcome customer annoyance at reduced convenience.

Nazbit · 7 Dec 2017 at 00:50

Fitting Immobilisers to cars was a big step forward, but unfortunately, it just sent car thieves in to houses to retrieve the keys.

The worry thing with putting any sort of two factor verification in place, especially biometrics, is that the scumbags will just step up the level of violence involved again, putting people at even greater risk.

Edit: what we need is remote control car bombs. They can take your car, under duress if need be, but as soon as they drive off you detonate the bomb.

dowie · 7 Dec 2017 at 01:18

it would be nice also if you could immobilise your car remotely via your phone say, and or be able to get alerts/push notifications if it starts up while not in proximity to your phone

Angilion · 7 Dec 2017 at 01:21

Nazbit said:
Fitting Immobilisers to cars was a big step forward, but unfortunately, it just sent car thieves in to houses to retrieve the keys.

The worry thing with putting any sort of two factor verification in place, especially biometrics, is that the scumbags will just step up the level of violence involved again, putting people at even greater risk.

Edit: what we need is remote control car bombs. They can take your car, under duress if need be, but as soon as they drive off you detonate the bomb.

I think that approach might have a few drawbacks - it would wreck the car and potentially harm anyone who happened to be nearby, plus it would trigger terrorist alerts all the time and that would harm more people. Interior car guns to shoot everyone inside a lot? Many of the same problems. Poison gas? The thieves could open a window.

We need to get Q on the case!

geuben · 7 Dec 2017 at 01:22

Why don't key fobs use security technology we already have, like SSL certs that stop man in the middle attacks just like this. The fob and the car need to do a security handshake first and exchange public keys. The fobs would be programmed to only accept keys signed with a particular cert (i.e the manufacturers)

Amp34 · 7 Dec 2017 at 01:57

Or just put a pin code on the door

Werewolf · 7 Dec 2017 at 02:25

Regy53 said:
just buy a old ammo box on ebay

Surely a proper old fashioned biscuit tin would do?

Sankari · 7 Dec 2017 at 02:54

This is one reason why I didn't bother to replace my remote fob when it died. I just kept the transponder key, which only works within direct proximity to the ignition.

dowie · 7 Dec 2017 at 03:19

Caged said:
There's no reason why keyless entry can't create a secure channel between the key and the car, and the key fob doesn't wake up unless it's being moved.

geuben said:
Why don't key fobs use security technology we already have, like SSL certs that stop man in the middle attacks just like this. The fob and the car need to do a security handshake first and exchange public keys. The fobs would be programmed to only accept keys signed with a particular cert (i.e the manufacturers)

I don't see how that would prevent this, it isn't a man in the middle attack - the purpose here isn't to stand in the way of each endpoint for the purpose of intercepting anything but simply to relay on the signals... TLS and SSL would therefore not make any difference here AFAIK, the certificates can just be passed on as normal... if I unplug a length of 10ft cat5 cable from a network and replace it with a length of 100ft cat5 cable so the device that usually connects via that cable can connect from further away then the presence of SSL etc.. isn't going to make any difference just because the cable has been replaced... the signal just gets transported along the longer cable as usual.. ditto to having some device as in this car key fob example rebroadcast the exact same signal over a longer distance

the second point by caged re: the key fob not waking up until it is moved is a good point though

unwashed potato! · 7 Dec 2017 at 03:43

I don't get why a key fob signal is being sent at all. My van keys for instance right now surely aren't sending any signals, and dontbhave the ability or need to receive one so how does this work?only when I click unlock/lock button on the font will the device send any sort of signal

dowie · 7 Dec 2017 at 03:47

Fairly sure the answer is no said:
I don't get why a key fob signal is being sent at all. My van keys for instance right now surely aren't sending any signals, and dontbhave the ability or need to receive one so how does this work?only when I click unlock/lock button on the font will the device send any sort of signal

because they're key fobs designed so you don't need to do that, you just put them in your pocket and when you're close to the car the door unlocks itself and you can just press the start button to start the engine... ergo all the thieves need to do is essentially amplify that signal to open the car doors

Azza · 7 Dec 2017 at 05:59

Take the battery out of the key?