keep your keyless fob in a metal box my friends car was broken into

Soldato
Joined
29 Dec 2014
Posts
5,759
Location
Midlands
Or just put a pin code on the door :p

I actually hired a couple of big fords in LA a month or so back, (Expedition, and F150) and both of them did actually have a small num pad on the door, that you can use for keyless entry;

Kaflt8H.jpg

I'd never seen it before, but it seemed like a pretty good idea - convenient, and certainly more secure than having a fob that's endlessly broadcasting an signal that says "open door plz"
 

Deleted member 651465

D

Deleted member 651465

Set the keys to begin broadcast if triggered by a built in accelerometer.

If the key hasn’t moved in 2 minutes, stop broadcasting.

I’m surprised the car industry is so outdated when it comes to security tbh.
 
Caporegime
Joined
18 Oct 2002
Posts
26,053
I don't see how that would prevent this, it isn't a man in the middle attack - the purpose here isn't to stand in the way of each endpoint for the purpose of intercepting anything but simply to relay on the signals... TLS and SSL would therefore not make any difference here AFAIK, the certificates can just be passed on as normal... if I unplug a length of 10ft cat5 cable from a network and replace it with a length of 100ft cat5 cable so the device that usually connects via that cable can connect from further away then the presence of SSL etc.. isn't going to make any difference just because the cable has been replaced... the signal just gets transported along the longer cable as usual.. ditto to having some device as in this car key fob example rebroadcast the exact same signal over a longer distance

Well if you were monitoring the network you'd see the link drop and come back up and could investigate further. I don't think it's impossible to detect whether a signal is being relayed in this way - for example the relay radios are going to have different characteristics than the key fob in terms of how close in tolerance they are to the specified frequency, how accurately they can hit different points on the constellation, the clock signal etc. By beefing up the technology in the car it should be possible to be able to fingerprint the transmitting device in a way that simply relaying the data contained within the carrier won't be able to replicate.
 
Soldato
Joined
8 Jun 2013
Posts
4,363
Fitting Immobilisers to cars was a big step forward, but unfortunately, it just sent car thieves in to houses to retrieve the keys.

The worry thing with putting any sort of two factor verification in place, especially biometrics, is that the scumbags will just step up the level of violence involved again, putting people at even greater risk.

Edit: what we need is remote control car bombs. They can take your car, under duress if need be, but as soon as they drive off you detonate the bomb.
no bomb required, just a spike in the driver's seat that you trigger to fire upwards if it senses weight on the cushion.
 
Soldato
Joined
12 Sep 2012
Posts
11,696
Location
Surrey
What is wrong with just having a button that sends the signal, rather than have a fob that sends the signal all the time?

I currently drive an estate and a hatchback. The battery has gone in the hatchback that uses a key and button and i have not got round to sorting it out, so i just use my key and the estate has like a wireless card fob which i hate because sometimes i have gotten out of the car in a noisy places and walk away to let it self lock forgetting to switch the very quiet idle engine off.

I am never so lazy or in such a rush that i feel that the key is a hindrance on my life.
 
Soldato
Joined
9 Apr 2007
Posts
13,456
Loads of things they could do easily to make this harder.
The key and cat could have a list of multiple codes they use, each code lasts about 10 minutes, the car and key then cycle through them.
If you had say 100 codes, that would require the thief to sit outside your house for a long time to get them all.
The car would then turn off if it doesn't receive the correct codes. So the thief would get 10 minutes down the road and it would turn off.

Manufacturers should build the sequence code into cars as well, the one where you input a sequence of buttons, like temp up, fan speed down, preset 1, and so on.
A two button sequence would probably deter most and not really add to owners inconvenience too much.
 
Soldato
Joined
14 Jul 2003
Posts
14,476
Back in 2013 I was on a hacking course where the instructor demonstrated hacking a well known brand of car (his own car btw) in the parking lot from inside the building (granted we're only talking 5M or so). He was able to turn the engine off remotely.

This sort of thing has been going on for years, car manufacturers are very slow to catch up and the fact these cars are essentially just PCs on wheels is terrifying, any we want driverless cars??
 
Caporegime
Joined
25 Nov 2004
Posts
25,812
Location
On the road....
Vehicle security in general is rather lame, when I worked at Stobart I would often walk into the tractor unit park (anything upto 100 trucks sat there) and pressing the remote unlock keyfob would unlock more than one truck!

This used to happen with both Scania and Volvo units,I guess most car owners don’t encounter situations where they are using their remote key in front of many identical cars of similar ages but it amazed me when it happened and kept happening at different depots...
 
Soldato
Joined
9 Jul 2003
Posts
9,595
They need to think of some radical new technology, like oh I dunno how about the fob only sending a signal when a button is pressed :o

I don't get keyless entry or even keyless starting, the former makes the paranoid worry if the damn thing is locked and with the latter you usually end up sticking the key somewhere anyway else you forget to pick the things up when you get out.

Plus the batteries must run out quicker if they are always transmitting.
 
Soldato
Joined
25 Nov 2007
Posts
5,581
Location
London
I think that approach might have a few drawbacks - it would wreck the car and potentially harm anyone who happened to be nearby, plus it would trigger terrorist alerts all the time and that would harm more people. Interior car guns to shoot everyone inside a lot? Many of the same problems. Poison gas? The thieves could open a window.

We need to get Q on the case!

https://www.youtube.com/watch?v=m0PuqSMB8uU
 
Soldato
Joined
18 Oct 2002
Posts
10,675
Location
Castle Anthrax
I don't get keyless entry or even keyless starting,
Well you got that part right anyway.

the former makes the paranoid worry if the damn thing is locked
Why? I get out, I press the button on the door handle. The mirrors fold in and it's locked. It's no different to pressing the lock button on the fob. It won't unlock until I try and open the door.

and with the latter you usually end up sticking the key somewhere anyway else you forget to pick the things up when you get out.
Why would I be putting the key anywhere? It's never left my pocket (or in the wifes case, the depths of her handbag). If I did manage to leave the keys in the car it wouldn't let me lock it anyway.
 
Soldato
Joined
11 Nov 2004
Posts
8,182
Location
Couvains, France
it does seem pretty ridiculous how crap some manufacturers are at security... this whole keyless entry thing... oh just broadcast a signal that when re-broadcast works as though the key is actually there...

whereas a phone costing far less than a car can be unlocked by fingerprint or even just scanning your face... it think it is about time they started thinking about some form of two step verification for cars

Yeah an SMS code you have to enter on a keypad to start it :D
 
Caporegime
Joined
29 Jan 2008
Posts
58,899
Well if you were monitoring the network you'd see the link drop and come back up and could investigate further. I don't think it's impossible to detect whether a signal is being relayed in this way - for example the relay radios are going to have different characteristics than the key fob in terms of how close in tolerance they are to the specified frequency, how accurately they can hit different points on the constellation, the clock signal etc. By beefing up the technology in the car it should be possible to be able to fingerprint the transmitting device in a way that simply relaying the data contained within the carrier won't be able to replicate.

The cable was just an analogy(if you like assume it is an unconnected cable on a hotdeask for people to plug their work laptops into), obviously the signal is going to drop anyway in the case of the car keyfob. The signal from the keyfob itself is going to vary in strength depending how far away the person is standing - timing is the key here but it requires some changes to the system they use IIRC.

AFAIK one issue there is there is a variance of the order of milliseconds for the initial response from these key fobs (presumably they go into sleep mode etc..) but the addition of a relay device extending the signal over a short distance of say 20m or so might only add on say 100 nanoseconds-ish. There were some Swiss researchers who looked into it a few years ago and there was a timing suggestion made by them which was the addition of some distance bounding protocol... so in addition to the usual handshake etc.. then, with the key fob awake you measure the round trip time, albeit the processing delay for this part at this point ought to be known, have a much, much lower variance and the distance can therefore be calculated (or rather any round trip time greater than some preset level be rejected).
 
Last edited:
Back
Top Bottom