Then anytime you misplace your keys, you can look at a map on your phone and it will show you where to go.
The map thing when you're nearby and it goes into the sonar-like mode is super cool. Especially combined with the ping noise.
I travel a lot for work and always take a pic of my parking space number. A few weeks back I forgot to, realized I forgot before I got in the security line and was like.. nah, I won't forget on a short trip.
When I got back later that week I walked the entire floor of the garage, about 25 minutes.
I also have a problem with thinking of wise places to leave something and then it is gone forever unless I dig through 75% of everything I own. After I find it I am reminded of what my thought process was.
You won't be able to do this for instance with VAG cars that have KESSY. First of all the immobilizer is paired to the key, secondly the only way to pair a new key to it is via the manufacturer or a licensed dealership because you need a blob from their central server. But the consequence is that people feel like they are being fleeced when they need another key, because it can cost you hundreds of dollars to pair one.
In general these types of attacks are much harder in Europe where immobilizers have a legal minimum standard that manufacturers have to meet. On the other hand in the US immobilizer are entirely optional, which has famously led to KIA and Hyundai cars shipping without them and the Kia Boys TikTok phenomenon.
Because the ARE being fleeced. It's an artificial dependency on the vendor on the one hand versus a blatantly insecure approach on the other.
Secure pairing that can be done by the end user isn't rocket science.
I don't think anyone will be surprised if the security is swiss cheese once you pop the hood open or bust a headlight out. Keep in mind that a brick to the window and tearing up the center console will get you physical access to the head unit on most vehicles.
1. Initiate pairing via the entertainment system interface.
2. Use rolling codes. Don't allow rewinding the codes.
3. Add a tiny tiny bit of non-volatile memory in the keys so that batteries can be changed without breaking the key. This is only necessary if the car can't be entered using the physical key, otherwise the user can just open the car with the physical key, turn on the ignition and re-pair the key.
I could make a secure system to do this and I'm no crypto genius. (Note this would still be vulnerable to rolljam but that's not a very practical attack, and defeating that is a bit difficult.)
To support car hire/share places if they want to prevent users pairing new keys you could allow setting a password on the pairing interface.
> KeeLoq is a proprietary hardware-dedicated block cipher that uses a non-linear feedback shift register (NLFSR).
Pretty much any proprietary encryption algorithm is going to qualify as "rolling your own".
"Not the most modern" is a gross understatement.
I can forgive the original authors since it dates to the 1980s and AES wasn't standardized until 2001. (Only just barely though given that DES dates to 1977.) I can't forgive vehicle manufacturers that are _still_ using it (or things significantly like it) 25 years later.
I hope that products manufactured post 2005 use strong publicly available cryptography. After 2010 I fully expect it. After 2015 I view any failure in that regard as gross negligence that ought to be legally actionable.
> it's just fundamentally possible to pair a key with physical access which is easy to get.
I don't follow?
It came out of a university and was acquired.
> I hope that products manufactured post 2005 use strong publicly available cryptography.
A lot of the challenges are related to key pairing and relaying of wireless information in combating with jamming. It’s a tricky thing to secure given the circumstances.
> I don't follow?
Cars stand around 99% of the time and easy to get into. pairing protocols assume that physical access is restricted / not possible. That’s why it’s so much harder to secure car key pairing. What would make it more secure is delegating the security to a remote service which is secured. Eg: what Tesla does with their keys.
> It’s a tricky thing to secure given the circumstances.
You are hand waving and you are wrong. If you are going to make claims then be specific and make solid points. The various algorithmic solutions are simple and common knowledge these days. I went into more detail in adjacent comments.
By your own logic the physical entry key isn't secure either. After all the car is just sitting around - anyone could jimmy the lock. Similarly all it takes is a decent photograph or two with a telephoto lens to reproduce your typical physical key that will get you in the door.
But all of that is entirely off topic. The broken and outdated wireless algorithm has nothing to do with the criteria used by the vehicle to decide whether or not someone is authorized to enroll or revoke a key. Tie that to possession of the physical key and problem solved. If you can't drive off with the vehicle then you can't pair a new fob either.
Honestly I'm not really sure what you are trying to get to. If you think this is a solved problem, it's really not. [1]
> The broken and outdated wireless algorithm has nothing to do with the criteria used by the vehicle to decide whether or not someone is authorized to enroll or revoke a key. Tie that to possession of the physical key and problem solved.
It has something to do with it in the sense that key pairing that just requires physical presence through the key is susceptible to rolljam type attacks. Likewise the NFC attacks against Tesla also involved enrolling a new key on the car via a relay attack to a present NFC key. You're saying this is so easily solvable, yet time and time again it's shown that this is just a really hard problem to solve.
What's the earliest reference to this attack you can actually provide?
RollJam is known since 2014 [1]. It was popularized later through a custom device [2].
[1]: https://spencerwhyte.blogspot.com/2014/03/delay-attack-jam-i...
[2]: https://www.wired.com/2015/08/hackers-tiny-device-unlocks-ca...
Good idea, don't know how effective it is in reality.
I cannot think of a better word to describe the process. The ritual may involve some chanting. Thank you for that :D
Currently sitting in a control room at a greenfield manufacturing facility trying to describe why even VLANning the control network would be a good idea to some controls engineers who want a plant-wide subnet for all PLCs that will be remotely supported by 6 different vendors. The struggle is real
Saves money on password management.
They were asked what their exposure would be if someone walked into a datacenter and used their phone to disable all the airconditioning systems.
On the other hand, it's been a great excuse for a hobby project with 12V relays and learning how to write code for an ESP32. :P
I still haven't yet figured out which CAN-bus to tap and which undocumented byte-messages to interpret... but entering the Konami Code on the steering wheel to unlock the ignition is quite plausible. Or an NFC/RFID tag over a hidden reader, or an active bluetooth connection to my phone, etc.
Whatever the case, quite enough to stop the average thief that would target a cheaper vehicle like my own. You could also skip the ESP32, and have a purely analog switch tucked away.
The left, right, left, right part I can see, but surely up, up, down, down, would be difficult on most steering wheels :)
Things like key fobs are most likely very incremental changes on "this is the way we've always done it". These organizations are behemoths and steer with all of the inertia of a containership.
This is why YubiKeys will only ever work for people technical enough to understand them. Normies will loose it at the first chance, and then be locked out of everything. At that point, YubiKeys will be banned by Congress from all of the people writing in demanding something be done about their own inabilities to not be an ID10T
The only reason they use KeeLoq (with whopping 32 bits of security!) instead of something normal, like I dunno, AES-128 or something, is because they are trying to save $0.50 in parts on the item they sell for $100. Oh, and because they don't like any change and don't have organizational ability to use anything recent, like other poster says.
Ha! DVDs at least had 48 bits. /s
Ironically proper security in this case would likely improve the user experience as well. The car provides a 64 bit (or larger) secret value and you manually program a standardized fob with it. No need for custom parts that are only available from the dealer.
Even if it's a problem with off-the-shelf stuff, I imagine a car-manufacturer could easily get something all nice and tiny and special-purpose.
Airtags transmit much more frequently than car remotes, use similar batteries, and yet do proper security.
I've become a big believer in leveraging some security features of the physical world, as it seems it's been long enough that everyone's forgetting Therac-25-style problems. (Or, perhaps more accurately, nobody cares because they aren't liable.)
Modern keyfobs actually detect motion and if they are motionless for a while, they stop transmitting the signal to both save battery and prevent such attacks.
For old keyfobs, you can get a battery sleeve with integrated motion sensor which does the same (cuts power when fob is not in motion for a while).
Alternatively, some cars let you disable the feature and just use the keyfob as you would use an older one - then you habe to push the button anytime you want to unlock the car.
If you're doing the "fingerprints implemented as a webcam" or software based facial recognition from a shitty webcam, you're risking quick and easy bypasses. Still good enough for a computer you leave at home (as long as you don't need to protect yourself against shady law enforcement) but definitely not that secure.
From what I've been able to gather online, nobody but Apple and phone manufactures seem to care much about actually doing biometrics securely, including the biometrics hardware companies. It's such a shame because it's definitely possible to do better.
The principle issue is that requiring two way communication greatly increases hardware cost and lowers range/reliability. You also would prefer to minimize or eliminate any volitile storage on the devices.
Also you very much want to absolutely minimize the data sent, both for battery life and range/reliability reasons.
And whatever volatile storage the devices have you need to have some way of handling it being reset when its lost due to a dead battery or replaced device.
So standard replay resistant protocols like "door sends a random challenge, fob signs/decrypts/encrypts it and sends the result" are excluded due to the two-way requirement.
The next obvious set is along the lines of "device sends an encrypted counter, door enforces that the counter only goes up" requires nonvol storage in both devices, and then gets tripped up when the fobs counter goes back down due to being reset. (also harder to implement multiple fobs, as they each need unique state).
Mercedes used steel keys to avoid this.
Two way communication and a few KiB of nonvolatile storage on the fob shouldn't be a deal breaker when an ESP32 dev board runs under $10 (an ESP32 being massive overkill for the described use case).
The device sending an encrypted counter is also trivially easy. There's no reason a modern vehicle can't store hundreds (or thousands, or tens of thousands ...) of { u64 fob_id, u64 fob_key, u64 fob_counter } triplets. Push it up to 128 bits if you're paranoid, it won't have a meaningful impact on resource usage.
Case in point regarding the car storing state, the (broken) rolling window algorithm they use requires that the car track the window and accept presses that are out of sync by a decently wide margin. That's likely more complicated and resource intensive than simply enforcing that the nonce only ever goes up.
The rational conclusion is that the manufacturers are either incompetent or malicious. I firmly conclude the latter given that the fobs they offer that are actually secure introduce vendor lock in and a charge to replace a key.
The rx enforces the sequence goes up.
You press button to open. Attacker lets the first sequence go through and the door opens, while the button is still down the attacker jams your second transmission while capturing it themselves.
Now they have a code they can use to open again when you're not around, assuming you don't use it again in the meantime.
If you wonder how vulnerable systems keep getting deployed without it being malicious, you don't need to look any further than the nearest hotshot that thinks everything is "not that difficult" and that everyone else is incompetent.
Security of any kind is just hard. The defender must defend against any possibility while the attacker needs just one vulnerability. How much cost and range and battery life are worth losing when the attacker can just punch through a window with their fist?
As to the attack you reference. It's active and touchy to pull off. It doesn't particularly concern me but of course would be better if it weren't possible. To that end I'm not clear why there's a double transmission with two distinct and independently usable codes? What am I missing?
I thought the attacker jammed, recorded two user attempts (ie two distinct button clicks, neither being permitted through initially), then rebroadcast the first attempt while retaining the second for later.
> The rx enforces the sequence goes up.
Except that there's apparently a rolling window to support recovering from desync. Which to me sounds more complicated and error prone than a simple nonce that can only ever go up.
Really though the manufacturers ought to (IMO) accept the extra dollar or five on the BoM that it would take to get proper two way communication.
No, it's not.
> The next obvious set is along the lines of "device sends an encrypted counter, door enforces that the counter only goes up"
That's already how rolling codes work. Running a strong crypto algorithm (even Ascon/Speck would be fine here) requires negligible power.
The issue is that this system is still susceptible to jam+replay attack. An attacker can jam the transmitter signal, while recording it at the same time. The user assumes that the button press just didn't register and tries again. The attacker also jams this and records the code. But then the attacker replays the _previous_ code that they stored, keeping the latest code for their future use.
This can _also_ be fixed with a simple capacitor-powered timer circuitry, charged during the keypress. The device can stay completely inert at all other times.
The real question is "why are most people and companies incapable of using cryptography properly?"; and the answer is that doing cryptography right is hard, especially if your use case isn't a common one.
Also, glad I have one before they would ban it. It’s a neat tool that I have everything I want there, instead of having 4 fobs, one garage remote, plenty of IR remotes, it’s AIO. Plus I don’t have to pay fees to replace my lost fobs
AirTags and Tile Pro work fine wherever there are other people. They're not going to work in the Atacama.
They worked fine every time I used them. I recently sent a laptop to France and included one of each. Sometimes the Tile pinged and sometimes the AirTag pinged, but they worked really well across continents.
I also have about 4 of each in a vehicle left unattended for a while in a parking garage that doesn't have a great deal of people around it. And all of them ping at least once a day. The Tile Pros have ~100m LoS range which are quite a bit more than previous ones from years ago.
The other was the time I left my car keys on top of my car. Someone took the keys and put them in a random nearby business’s lost and found. The tile never pinged over the course of days and I had to find it the old fashioned way.
These things never worked for me, but it’s good to know that mail delivery people use these apps/devices that will let you track your packages in realtime.
Lesson: Don't lose shit.
If I capture a lock signal, presumably I can instead prevent it from locking. The only real world malicious action I can see is being viable is to block the car lock, meaning the car is still in an unlocked state, open the boot (which I’m guessing can be done from the car dash anyway) then locking it afterwards?
Someone looking to break into your car will probably use a brick, not a flipper zero.
https://i.blackhat.com/USA-22/Thursday/US-22-Csikor-RollBack...
Suggests that it can be used to start a car. Whether it was a fob start or push start isnt specified.
... It's literally in the title on the first slide.
It is only an attack on keyless entry. Keyless start systems all use a different short-range radio system.
An attack on keyless entry might let someone trigger a remote starter if supported, but this doesn't enable anyone to drive the vehicle, because you will need to authenticate with the keyless start system after entering the vehicle before you can put it in drive (and to keep the engine running for longer than the predetermined timeout).
If it an electrical contact in the door handle, it would be very difficult for anyone to monitor or inject other signals.
If the signals were audible sound, you'd know when someone was jamming it.
In practice, my number one use of a fob from a remote distance is locking, rather than unlocking, and those two operations don't have the equivalent security risk.
Wouldn't the risk be the same if the same rolling code keys was used for both locking and unlocking?
I would be surprised if automotive manufacturers used separate rolling code keys for locking and unlocking.
Yes, what I meant is that such symmetry is not strictly required, and breaking the symmetry opens up ways to enhance security (of unlocking when you arrive) while keeping most of the convenience (of locking while leaving.)
For example, imagine "Lock" is a typical broadcast from anywhere within X meters, but "Unlock" requires touching the fob to an infrared port, and they use independent codes.
This would be very popular in East Asia. They love everything that beeps. Rice cookers play a melody, pedestrian crossings play a melody, garbage trucks play a melody. Japan is the country of beeps.
Yep, that's the simplest fix. Key is required in the door to open/unlock.
You'd think too that a firmware update to the car could enable that behavior. I mean most cars still have a physical lock on at least the driver's side door as a "back door" to getting into the car if the fob is non-operational.
This is exactly the benefit of the free software, and why having your own ability to fix, recompile and reinstall the software, is essential, even on things such as cars where you may think it's not needed or is too complex to handle.
You could even take it a step further for extra safety: the door handle could have a slot that requires a specifically shaped piece of metal to be inserted. Only a piece of metal with the correct shape would allow the lock to be opened.
This has been attempted but unfortunately this algorithm is vulnerable to the #ScrewdriverHammer attack.
The real cost will be in the software validation and road safety hardening, but there's no reason why the ROM size should be limited to kilobytes.
You can implement full passkey cryptography on a basic esp32 (https://github.com/polhenarejos/pico-fido). Cut out the cruft and you can definitely get a similarly secure algorithm on an actual car key or key receiver.
And honestly, with cars now unlocking over Bluetooth and WiFi, standardising that process to something like FIDO wouldn't even be that awful of an idea. It certainly beats the "we can do cryptography at home" many car manufacturers seem to be going for.
Take the car while they are in the store.
The old approach of keyfob to unlock the car and a real key for the ignition is safer.
Having multiple levels of security is good.
However, having worked in the car security industry many years ago, I discovered that car manufacturers actually like it when their customer's cars are stolen - Insurance payouts often result in another sale.
However, that wouldn't help with the "desyncing" or unlocking aspects of this attack.
Not every problem needs a tech solution.
Of course, they wrapped it in some nerdy terminology, which IMO obscures the intent of their suggestion.
It was a circular key below the steering wheel.
Generally, long range key fob button functions and the short range start release functions are separated, both intentionally for security reasons and due to the different problem space occupied by each.
It’s also worth noting that European makes in general tend to have much better cryptographic key security. My understanding is that this is due to a combination of regulation, a relationship between insurance and automakers which requires some security standard, and a high rate of theft leading to an adversarial environment.
I don't see anything in there about them being mandatory across the EU. I know some member states passed laws mandating them before that document was published. Perhaps I got the wrong document.
It’s also worth noting that European makes in general tend to have much
better cryptographic key security.
https://www.usenix.org/system/files/conference/usenixsecurit...
I don’t think this is true, for instance how does the key fob trigger a start sequence for vehicles equipped with remote start? They must be connected to the same CANBUS, so the key fob can interface with the start systems. This is also how a lot of vehicles are stollen, because of abuse/misuse of CANBUS (i.e. headlights being addressable in CANBUS)
> This is also how a lot of vehicles are stollen, because of abuse/misuse of CANBUS
On vehicles with poor cryptography architecture (Honda!), yes. On most other vehicles, no, because the immobilizer messages are cryptographically authenticated, usually by using an AES MAC where the key must encrypt random bytes transmitted by the immobilizer master using a shared AES key, and all participating immobilizer modules use a similar system to verify that every module shares the same secret material. Now of course if this secret material can be extracted the system breaks (see XHorse, Abrites, etc.) but this usually requires invasive and time consuming attacks far beyond the headlight thing (for example, removing and physically opening a control unit to use an exploit to dump its key material).
I’m sure there is brand damage from people hearing that a particular car is frequently stolen, because having your car stolen as a pain. I am skeptical the analysis reaches deeper than this first level tho.
So a bad person can just open your door and attack you because you can’t lock your door when your key is inside?
My Camry has incar fob detection and I can definitely lock the car while the fob is inside.
If you're also inside, you just press the lock button in the car and it'll lock just fine.
Adding in a stick of metal that can be trivially bypassed does nothing to make the car more secure.
Everyone can use a flipper zero to unlock a car. Not everyone can hotwire a car. Keyless ignition means criminals have a vastly larger recruitment pool of people they can offer money to do something stupid (like stealing a car for them).
You live in a tech bubble if you really think this is the case. Attacking a lock cylinder is a lot lower-skill of an attack than a cryptographic attack. Recent car theft epidemics have shown this, e.g. #kiaboys
Everyone can operate a flipper zero with a custom firmware which provides a three step process:
* Select car make. * Press button A to unlock doors. * Press button B to start car.
> Attacking a lock cylinder is a lot lower-skill
All "recent" cars (as in everything from about 2000 and up) have an immobiliser. It's even mandatory in some countries since about 2000 [1]. Meaning the key "talks" to the car when you turn it in the lock cylinder. Locking picking the lock or hot-wiring the car isn't going to start the car. And that's not even taking into account the car alarm will go off if you just lock pick a lock on it.
Meanwhile, I think a pretty high percentage of households have a screwdriver.
> All "recent" cars (as in everything from about 2000 and up) have an immobiliser
You mean some kind of wireless communication protocol that can be hacked with some kind of handheld SDR device? Why is a keyless entry trivially bypassed but an immobilizer transponder, gee, that's just impossible to hack.
Everyone can operate a flipper zero with a cusom firmware which could bypass a transponder. So then all you need is the flipper zero and a screwdriver. Wow such better security for the hassle of having to actually stick the key in the hole every time.
I'll still take the keyless option. If someone really wants in my car, they're getting in. If they really want to steal it, they'll steal it. Requiring the thief to have an RF hacking tool and a screwdriver just isn't that much higher security in the end IMO.
If you get rid of the transponder, it has weak security. If you get rid of the cut key, you have pretty much the same security.
It’s especially nice when the key is my phone. I never have to worry about keys. I just get in my car and drive, and when I arrive I get out. I keep a key card in my wallet as a backup in case my phone explodes.
Isn't it the same for old style key, but with even more actions? Like to navigate a keyhole, turn the key...
>The old approach of keyfob to unlock the car and a real key for the ignition is safer.
"Safe" feels like wrong word to use here. Safety is not same as security.
One could also argue that criminals being able to steal parked cars is safer over all for society as they then don't feel the need to car jack you while you are actually in the vehicle.
If you actually want to keep your car secure (meaning criminals wont break into it or steal it in this context) just drive old beater and do not leave anything valuable in the car or trunk. I am driving a car that is nearly as old as I am and its fighting a losing battle against rust and I have nothing more valuable than trash inside the car.
Here in the UK vehicle theft reached an all time low in 2014. It’s doubled since then. If there was an increase in car jacking it must have been minescule by comparison. It’s not really a crime that happens here.
I had an old beater van that got stolen. It turned out that model was known to be easy to steal. I suspect most car theft is done because it’s easy and fairly low risk. Walk up to a car in the night, fiddle around for a few minutes and drive off.
I still drive a car with a key. It’s completely fine. Who actually asked for keyless entry?
Probably the vast majority of consumers?
There is no reason why keyless entry cannot be more secure than a physical key, other than incompetence.
The cars stolen in New Zealand are usually, as you say, cars that are known to be easy to enter and drive away. Even then, they break a window. But I have also heard of break-ins at night targeting certain high-end cars and going as far as gaining entry to a garage.
My next door neighbour had someone enter their home while they slept, take the key and drive off in their car, because it was "stolen to order" most likely.
I couldn't give a shit if someone breaks in to my garage, or frankly if the car is stolen, but I don't want them coming into my house where my family is asleep for the keys.
What happens if the keys weren't downstairs by the front door, because I left them on the bedside table or something?
I shudder at the thought.
Isn't the problem that it's designed to work from a distance, and that by boosting the signal the criminals can just increase the distance so that the key inside your house reaches the car? It seems inherently less secure than the old system where the physical key has to be practically touching the ignition to disable the immobiliser.
With Tesla you can disable keyless entry and use key card if you are so paranoid. But stealing connected car doesn't make much sense to me.
How so? Even if you know the location you need someone with jurisdiction to go get it. You disable vehicle, then it gets destroyed.
EVs are entirely different designs than an ICE vehicle, and Tesla in particular is moving beyond the flawed CANBUS to something more robust and secure.
This obviously isn’t 100 percent full proof but likely works well enough for preventing many common mitm scenarios such as stealing from a car park or drive way most of the time etc.
Almost everyone?
It's one of the best feature I have in a car, the most convenient one.
Also: Hyundai/Kia cars have physical keys and are known to be trivially hot-wired. Given the "kia boyz" I'd have a hard time moving to physical keys again. Again, sorry!
Is mentioned vulnerability affecting older/cheaper cars? I don't need to press any buttons on my key fob to enter the car and turn on the engine.
Me. I have problems with short-term memory and I kept forgetting my keys in the ignition.
This isn’t due to laziness or lack of trying. It’s a hardware problem that makes developing or following habits in certain situations nearly impossible. It’s like asking a blind man to organize things by color.
Now that I don’t have to take my keys out of my pocket, I’ve never left them in my car.
I didn't ask for keyless entry, but I LOVE KEYLESS ENTRY!
Stealing a car is not the same as stealing a candy. In Europe all parts are marked so it takes significant effort to sell or modify such cars. It's not like people steal them and then sell it at yard sales.
As for the "beaters": shortly after Russian invasion on Ukraine plenty of cars were stolen in Poland. Not the expensive kind but usually 10-30 years old cars with big and reliable engines (V6, V8). I know 6 people that had Jeeps Grand Cherokee stolen (different generations).
My uncle wanted to renovate Isuzu Rodeo with completely rusty frame but V6 engine of a value of like 300€ and it was stolen too.
And it happened ~1 month after it started.
It is, and worse. There have been numerous cases of scumbag teenager stealing cars and then crashing them into people, mostly by accident but often enough on purpose. They also use the cars for gangbanging shit since they know the car can't be traced back to them.
A lot of this stuff wouldn't be happening if cars weren't so easy to steal. There is a casual accessibility to stealing certain cars which makes it an easier crime to commit than carjacking (parked cars aren't witnesses, parked cars won't fight back or pull a gun of their own, parked cars won't try to run you over, etc.) Once the car is stolen, other impromptu violence seems and becomes easier.
This is the same in the US, at least for the expensive parts. They won’t part it out or even sell it in your country, it gets shipped out to another country where your laws don’t apply.
https://www.krqe.com/news/crime/teen-given-max-sentence-afte...
One could also argue that most people didn't bother because violent crimes are much more severely punished, now that the bar is so low people steal much more. And the stats would back it up
https://images.vivintcdn.com/global/Blog%202022/01-Number-of...
ok, if you mean a key that has a chip embedded, where the key cuts are just window dressing and the real magic is still in cryptographic proof of "something you have". i am not aware of any such key ever being produced, but i certainly do not have comprehensive knowledge. GM had something close to that.
Maybe never introduced into the US market? Would find that hard to believe.
i specifically meant a kind that uses private key crypto. we absolutely could have that today but we've moved on to fobs.
please correct me if I'm wrong ... i haven't studied it that extensively.
The "fobs" in modern push-to-start cars actually have two separate radios in them. The one that this article is about is the long-range keyless entry radio, which primarily opens the doors. These all have separate short-range wireless radios that work inside of the car to authenticate the key before you can press the push-to-start button. That is unaffected by this hack.
Hyundai and Kia have joined the chat
It has something called a 'manufacturer key', which needs to be available to any device that allows field pairing of remotes. If that manufacturer key is known, it only takes two samples from an authenticator to determine the sequence key.
Absent the manufacturer key, jamming+replay attacks work, but brute forcing a sequence key is generally prohibitively costly.
However, since any receiver that supports field programming needs the magic "manufacturer key", one could purchase such a unit, and may be able to extract said key.
As long as you have two-way wireless communication (which any keyless entry/start system does), then you can simply do a Diffie-Hellman key exchange during the pairing process.
Diffie-Hellman is designed for exactly this usecase, allowing two parties to derive a shared secret key over a public channel without exposing it.
If someone does successfully MITM while walking by the key is going to stop working as soon as they are out of range, and you will notice.
I'm just wanting a system that could be implemented with the hardware that's already there. I guess you could use the RFID chip that most keyless start cars already have as a secondary channel. Still Not 100% secure, but the MITM device would need to be physically in your car to intercept the pairing request, and at that point you have bigger problems.
While I worry that it's not really secure enough, the OP was suggesting that physical contact is a way to "prove" that you are indeed eligible to pair, by excluding everyone who lacks physical contact.
You need to press buttons inside the car, buttons on the currently paired key (to prove possession of that) and buttons on the key you want to pair with.
So a passer by would have to press a button on their fob at just the right moment. Then when you go to test your new key fob, it wouldn't work, so you would pair again until it was your key that was paired.
Whatever the case, making it easier to pair, shouldn't be the primary focus, no need to help a thief doing it quickly. It would just be nice to have a way to do it, that didn't ultimately require the manufacturer to get involved; but that does remove a big hurdle for thieves, too.
There is CANBUS to the headlights, but that is not a OBD2 port. And more securely designed cars can put that in a less secure zone, so it can only send and receive commands for exterior things like lights, and not be able to have commands for keys injected, because that bus will not accept those commands.
that sounds pretty clear to me that the connection isn't the human holding both buttons here.
Part of the utility of the baked-in manufacturer key is that it is unable to be extracted by thieves.
Having to break into the vehicle already raises the bar significantly and makes the security equivalent to a physical lock.
You're assuming the goal is to discretely enter the vehicle and leave no trace. If we consider the Kia challenge [https://en.wikipedia.org/wiki/Kia_Challenge] then the goal is to take possession of the vehicle in an immediate and opportunistic fashion. If the possession fails and the key FOB now stops working, whatever, not the thiefs care. If the possession works, now there's a sweet car to abuse. Or, in the case of a crime syndicate, a sweet car to take to the chop shop.
This type of attack is not to mention a simple relay attack. If radio waves of a home (say near the front door, where the keys are stored) are relayed to another location (the car, 30 feet away), then the exact crypto and protocol is irrelevant, the car "sees" the real life actual FOB as nearby. That's another attack used in the wild.
So it just needs to block rewrites, and the risk of any security barrier breach is negligible since it's done in factory.
Or if I lose my car key
A one-time out of band authentication (usually some form of trusted physical interaction) is key if you don’t want to trust intermediaries.
It'd instantly mean there is 0% chance of someone figuring the key based on day-to-day operation.
KeeLoq is also used for garage door openers.
Some KeeLoq receivers have a "learning mode" where it adds the next KeeLoq transmitter it hears provided it uses the same manufacturer key.
Learn mode is activated either with a button often on the PCB or with a "master" transmitter.
Not if seed with appropriate length is used. Though I don't know how common that is, back in 2008 authors noted that "We would like to mention that none of the real-world KeeLoq systems we analyzed used any seed" (https://www.iacr.org/archive/crypto2008/51570204/51570204.pd..., section 4.3)
Feels like getting rid of the light switches in your house in favor of "smart home" stuff.
Every time I start thinking about these little modern inconveniences, I re-arrive at the idea that this is yet another example of the difference between a product and a tool.
A product ideally works the same for everyone, with as little friction to the immediate function as possible. All other functions are hidden or deleted. Trying to use a product as a tool is slow and frustrating, because the experience never gets better than the first time you use it.
A tool on the other hand needs learning. Sometimes that learning curve is shallow and long, like a hammer, or steep and long like CAD.
Smart home stuff can be pretty great if you treat it like a tool, and only use it where it is the right tool for the job (so, not light switches).
Anyway, I prefer tools.
I also have a smart home ;)
Also, smart people wire their smart home so that the light switches still work. If a smart home controller or some other part of the system fails, people still want to be able to control the lights manually.
Keyless start is a different thing, and uses a different wireless system.
For this project let's say
If I don't press the buttons on my keyfob am I safe from this?
The only keyfob functionality I normally use is that when it is outside the car but within about a meter of the door handle the door can be locked or unlocked by pressing a button on the door handle.
I don't know the details of the attack in the article, but my speculation would be that it would be vulnerable.
And there were a few years this seemed onerous, but most of the time, there were popular attack in use by car thieves that were prevented (or at least made much longer and more complicated) by this.
I have a "smart" BMW car key and it inhales the battery. I don't think it can go more than a couple of weeks without having to be charged.
I don't really like the idea of short term key batteries, but it sounds like bmw can improve the current system a lot.
Why is there so much politicatization and bait click of dark web stuff, it's still internet.
It's literally being sold on dark web. People call everything "dark web" but this time it's correct.
It's odd to throw in the dark web, thousand dollar firmware bit when third-party firmwares are developed in the open and have long ago already implemented KeeLoq, but I guess they aim for sensationalism and shock value.
The prior RollJam that I thought this was dates back to Samy's 2015 findings. It turns out 2015's RollJam (unlike RollBack) requires active interference and seems to necessitate the attacker being in the vicinity of both the remote and the receiver.
Of course Storm argues that Tornado Cash is decentralized, but you can't just start a mafia branch, hand out free shares at the mall, and then claim that you actually didn't commit any crimes because you have 10,000 other voting shareholders.
One of my older (collectible) car has various anti-theft helpers, including trackers. I also remove its steering wheel (easy, no airbag). Then I disconnect the battery. But then my favorite on that car is a kill-switch I had installed on the fuel pump: it's hidden and you flip the switch, car stops instantly. That one if thieves want to steal it they either have to come with a steering wheel, find the trackers, find the switch, hook up the battery or come with a tow truck (they'd still need to get rid of the trackers though).
But yup I'd like to know if there's a simple fuse-switch DIY that's non destructive: basically something I can remove and put back the regular fuse and the car dealership would be none the wiser that I used one.
Anyone know of such a thing?
Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi and Subaru
I’m curious why these and not some other major manufacturers like:
* Chevrolet
* Toyota
* Honda
* Nissan
* GMC
palata•6mo ago
I always wonder about this: what is the consequence of that? Can the user reset it, or does it have to be done by a retailer or something?
brk•6mo ago
siffin•6mo ago