What if I'm not able to add them as an authenticated user or authentic myself to let them drive, e.g. I'm injured or very drunk?
By making adding an authenticated driver not a rigamarole, but easy and intuitive.
> What if I'm not able to add them as an authenticated user or authentic myself to let them drive, e.g. I'm injured or very drunk?
They call you an ambulance.
We'll have to agree to disagree. I don't believe that this will be possible in many situations. What if I'm not near my car? What if my phone is dead? What if my car's battery is dead and it needs jumped?
I'm also just cynical that the automakers or app developers are able to not enshittify the process.
What if when I set my wife up I added her as a user but not admin and now she can't share with someone without having to involve me, which may not be physically possible in all circumstances.
> They call you an ambulance.
You don't call an ambulance to take a drunk person home. Calling a taxi when there is someone able to drive is a waste of money and a huge inconvenience the next day to retrieve the car.
You also can't call an ambulance in the wilderness.
I also meant injured in a more broad sense. What if I just have a bad headache or migraine? I don't want to be fumbling with my phone or car electronics trying to navigate adding someone.
They call 911, and they read the license plate number and the authorities send an override signal that turns on the car and only allows it to be driven to the nearest hospital that appears on the screen on the console. If they go off course, they have 30 seconds to get back on course before it coasts into a 5mph limp mode (to find a safe place to pull over) for 1 minute before it completely stops and shutsdown and locks them inside for the police to come get them.
Eh, the car will probably be self-driving at that point, so probably only the first half.
The only scenarios where one is so injured and/or drunk as to not be able to complete the non-rigamarolish process of sharing a HomeKit home key either by doing it themselves or walking someone through the process are ones where the key holder is so incapacitated that they would be unable to share a physical key.
All of that is someone irrelevant because Express Mode is enabled by default, so if you are unconscious all a person has to do is pull your phone out of your pocket and use it to unlock and start your car the exact same way physical keys work in that situation. It even works if the phone's battery is dead.
https://support.apple.com/en-us/118271
Also, every implementation of CarKit Car Keys I have seen is the same as HomeKit home keys: there is a backup. Either a physical key, PIN, fob, or card.
I have not used homekit, but from some searches it only seems to be a non-rigamarole process to add someone as a homekit user if the other person has an apple device? Also, is the Internet required to enroll someone?
> ones where the key holder is so incapacitated that they would be unable to share a physical key.
I don't need to be conscious or my phone have battery (or reception) to have someone take a key from my pocket.
> Also, every implementation of CarKit Car Keys I have seen is the same as HomeKit home keys: there is a backup. Either a physical key, PIN, fob, or card.
I was responding to gp who wanted none of this as it all defeats the security they desired. A 1-factor physical authentication token as a backup would be suitable for nearly all edge cases I can think of. As long as the person carries it, but then we are at worst where we are today, at best I could potentially authenticate or add someone from afar.
I'm not saying that smart locks aren't useful, just that they can't only be "smart", which I assume you would agree with since you brought up things currently having backup methods?
https://www.bmw.com/en/innovation/bmw-digital-key-plus-ultra...
Did the professor get tired of uploading the material for students to review post lecture?
The key fob attack is superior since no one looks twice if you walk up to a car, it unlocks from a hand held device and then you get in and drive off.
And in either case you still need to deal with the immobilizer, and turn the core of the ignition lock. Unless your radio device is that comprehensive :)
So that attack when done on its own is mainly left to stealing cars off drives at night rather than say from a supermarkets car park during the day.
<EDIT> Seems HN has different experiences with their cars then my own, So I'll concede the idea that the alarm doesn't trip when using the key. It seems the cars I've had in the past are the exception to the rule. </EDIT>
The thing is, in the real world, no one really looks twice when someone gets into a car unless they are using obvious brute force to get into the car.
(One day, when I can be arsed, I'll rekey the car and reprogram it with fresh transponders, but today is not that day!)
But "reprogramming" a key (more like adding a key) on that model of ford just involves doing a dance with the fob key then inserting the key with the new transponder. So we plan to get all keys working on the car at some point. I was just going to order a new chip but my bother was complaining about the key barrel being a bit loose on him so just doing to replace everything at some point. Its just more about not being lazy about it :-P
Thing is, its what we call "the work horse" car of the family, it gets used about once a week to do tasks no one wants to do in their own cars (or when I need to do something in a car), so its not really a high priority thing to fix, but if we are going fix it might as well do it "right")
I assume that this was also true for other brands.
A few hundred dollars more on Amazon will net you a magic keyring that can open a surprising number of vehicles, buildings, control systems, and vending machines.
If you're into that sort of thing check out Deviant Ollam's physical pentesting videos on Youtube.
Are you talking about the "1284x FEO-K1 16120 222343 CH751 CH501 C346A C390A E114 " set?
Which means you are safer with just keys rather than keys plus another way to open the doors.
> This was partially solved by adding another device that cuts off the engine, the immobilizer
If they key does not need to be physically inserted to start the engine (which is true in many cars) then that is liable to attack using the remotes too, right?
It's extremely effective as a shield for the 125kHz LF wake-up signal, and I've been unable to elicit a response when they're in there, even with a relay setup that reliably wakes them up from several feet away otherwise.
- I ain’t cut out to be Jessie James -You don’t go writing hot checks down in Mississippi - Dutch oven has a non fart meaning
The bags work while I'm in the car.
My current microwave will complain if the door hasn't been opened recently, but my old one would just turn on if I fucked up the time entry and tried to set a timer while I already had a timer going...
My previous cars had keys that I could manually switch off and on, which is also not a full solution because it only works for people who take the effort to always do that, but at least it gives people to opportunity to complete prevent relay attacks.
All in all I'm not a big fan of key-less entry. Having to press a button on a key to gain entry can maybe be a bit of an annoyance, but in my opinion it's not a big deal compared to the advantage of completely preventing relay attacks.
>>the advantage of completely preventing relay attacks.
From my understanding ToF sensors are good enough now to completely prevent relay attacks, the added time for the relay just adds too much of a delay and it gets rejected. I believe the newest range rovers use that, they went from being extremely susceptible to relay attacks to relay attacks against them being impossible.
the real test is to find out if this effectively eliminated all fob hacks for volvo since they may not be faster than the tiger, they just need to be faster than everyone else...
IGLA system to block the CAN bus, LIN bus, and ODBII port. It also protects against key fob cloning/relay attacks.
+
A hidden physical kill switch that cuts off the fuel pump relay (the company 41.22 makes a drop in that doesn't require wire splicing).
+
A hidden GPS tracker with an onboard backup battery in the event the car battery is disconnected.
None of this stops someone with a flatbed from simply towing your vehicle away, but at least the GPS tracker will give you a window to locate them.
Multi-Band Jammers are $1000, burglary rings are using those to block all Wi-Fi, cell, GPS signals - check out this arrest report from last week in Pennsylvania [2]. If I was a high-end car thief, like in Gone in 60 Seconds, that's what I would use.
[1] https://www.theregister.com/2013/08/12/feds_arrest_rogue_tru...
[2] https://dauphin.crimewatchpa.com/lowerpaxtonpd/3730/cases/or...
I don't get the appeal of keyless ignition.
I personally put a very high value on having a minimal keychain and wallet since I rarely carry a bag with me. The goal is to someday live in a state with Apple Wallet drivers’ license support, in a house with NFC smart locks, driving a car with Apple Car Key, at which point I could finally completely jettison my keys and my MagSafe wallet. I don’t want to carry physical keys when I’m already constantly carrying a device with a Secure Enclave and biometrics.
My PaaK car has a backup passphrase to start it. I can be used in a pinch if my phone isn't working. I can't say the same if I lose my car key.
If I go on a long trip I'm likely to bring multiple car keys and multiple payment methods. This is still true if I'm doing PaaK.
Cars that need a physical cut key to go into a cylinder don't usually have backup passphrases.
But I would use it, even on a trip to get groceries. I'd use it as the source of the media I listen to in the car, so my audiobook starts playing wirelessly when I get in. My phone has the shopping list on it shared between my wife and I, so we always have it if either one of us decide to make a quick stop.
For my personal cars I either use phone as a key or I'll keep the key fob in my bag. So I just walk up to the car, the car either auto unlocks or I press the button on the door, I get in, I press the button, and I go. When I'm done I just grab my bag and walk away and the car will auto-lock or I just press the door button. So smooth, I never need to really handle the key at all. It just stays in its specific pocket in my bag or it's just my phone in my pocket.
With a cut key, I walk up to the car. I need to fish around in my bag to grab the key. I then need to stick the key in the door and turn it, using care to not scratch the paint. I get in the car, need to insert the key, turn it and hold it long enough for it to start. When I'm done driving, I take the key out, grab my bag, and get out of the car. I then need to once again insert my key into the door once again being careful to not scratch anything, turn it to lock. Then I need to put the key away again.
And then phone as a key is incredibly nice, definitely my preferred way. I can easily leave the house for most errands with nothing but my phone on me. It's my car key, my payment method, my transit pass, my paperback novel, my portable music player, my camera, my maps, my communicator, all in one tiny package. Incredibly freeing compared to having to carry a bunch of junk in my pockets just to get groceries or whatever.
> And then phone as a key is incredibly nice, definitely my preferred way.
Your phone becomes a point of failure for one more thing.
> Incredibly freeing compared to having to carry a bunch of junk in my pockets just to get groceries or whatever.
All I put in my pocket to buy groceries are keys and a wallet.
So one critical point of failure instead of multiple critical points of failure. If you lose your car keys on your trip, your trip is still a failure and you're stranded. If you lose your wallet on your trip it's still a failure, and now you have to go cancel a handful of cards and you're out the cash in the wallet and what not and need to get a new ID. If you lose your phone it's still a bad day, a potentially expensive and useful device went missing.
If I lose my phone it's the same bad day as if you lose yours, a potentially expensive device went missing. I can use my backup passphrase on the car to get home. I still have my regular wallet at home to fall back on, and all my payment info was encrypted and can be remotely wiped with a few clicks. I didn't lose any government documents.
And in the end, it's not like I'm breaking my phone every day or something. Phones are pretty resilient these days especially when thinking about short trips around town. I've had one phone break from physical damage in the past decade. Seems like an overblown concern to me. As for "what if your phone dies?", the car is a 74kWh battery. If my phone dies while I'm next to 74kWh of electricity I'm an idiot and failed to have extremely basic plans.
> All I put in my pocket to buy groceries are keys and a wallet.
So 3x more junk than me for otherwise no reason.
I have my phone so i can phone for help. I have my wallet so I can pay for things.
> If I lose my phone it's the same bad day as if you lose yours, a potentially expensive device went missing
Nope, because its like everything that could happen to me happening at once.
You have a lot less backup.
No, because I can still drive home even if I lose my phone.
If you lose your wallet, you're not buying the groceries. If you lose your keys, those groceries aren't getting home anytime soon.
And even then, this is still a massively rare occurrence. How often do you smash your phone on the ground, daily? Weekly? Monthly? I'll gladly trade a slightly less convenient day once a decade+ for having to deal with all this business of having to carry extra junk every damn day of my life.
I'll be honest, this reads like a drastic overcomplication of a very simple transaction. Why can't you just put them in your pocket? Are you walking around like a frontier town sheriff with cylinder lock keys on an antique keyring?
Modern car keys, even cut ones, are often giant behemoths of keys. They need transponders for the immobilizer. They choose to integrate the remote into it, and either way I'd probably still have the remote on the same keychain. They're annoying and uncomfortable to have in my pocket. If I have a choice to not have to have an expensive big giant chunk of plastic in my pocket every moment I'm out of my house or choose to have that giant expensive chunk of plastic in my pocket every moment, which do you think I'd rather choose?
And then if I have to actually take it out of my pocket and stick it into things? Even more annoying when there's the option of just not having to do that. Why would I prefer to have to take this annoying chunk of plastic out of my pocket every time I want to get into and start my car?
Imagine if every time you wanted to open your fridge you had to fish out a key from your pocket, put it in a cylinder, and turn it. Imagine if every time you wanted to flush out your toilet you had to do a couple of extra steps just because. To turn on the sink, you have to do this extra little pattern before you just lift the handle! Sounds great, why not add a bunch of extra little steps to everything in your life when you don't have to.
Its like I'm talking to the people in the cave. You don't even see how nice it is to just not have to carry the car key because its been just so ingrained into your life, that you accept it as something normal and expected. Who wouldn't want to carry around a $200 chunk of plastic half the size of a baseball in their pocket everywhere they go that does nothing but unlock and start their car?!
Its freeing to not have to carry a ton of junk with you everywhere you go.
Walk up, put your hand in the handle, and it unlocks. Get in, press the button, and it starts. This is a fabulous "happy path" that is seamless.
Nothing happens without an actual action, but the actions are natural and organic to the task. The sensor is inside the door handle, combined with the key fob, and it just opens when you slide your hand into. It's a, truly, marvelous experience.
My keys stay in my pocket. Since I open the door for my wife anyway, it just works. (She can open the door, I just have to be close.)
Similarly, when we open the rear lift gate, it just opens. This also unlocks the rest of the vehicle (in contrast to if I push the gate open button on the fob, only the rear gate is open, not the rest -- which I find odd).
When leaving, I press a lock button on the handle to lock the car.
It's a great compromise, and works really well.
[1] Doesn't have some features which you need to use to actually attack HiTag2: https://github.com/msoos/grainofsalt
[2] Used for various pre-processing that is useful (but not neccessary) to break Megamos, but _far_ from the actual attack: https://github.com/meelgroup/bosphorus/
Re power: Key fobs already do some form of crypto and broadcast. Adding reception capabilities ought not to be that power hungry.
As for replay attacks, that's where the button press comes in (like on a hardware security token) -- the key only responds to challenges within a second or so of a button press and the car sets a similar timeout for validity.
Cars are not very secure by nature: they have easy to break glass windows, and are made of relatively lightweight materials. The key system just needs to match that level of security, and AFAIK, attacks on the keyfob are uncommon compared to other, less subtle techniques.
The more complex and sensitive "PKES" system, according to the article already has a challenge-response system, but it doesn't help with relay attacks.
the problem is they "improved" the usability
it was safe when you had to push a button, but now roles are flipped so the car is the initiator, and doing it constantly
the protocol is now subject to a whole entire extra class of attacks it was never designed to deal with
My solution? Require the manufacturers of vulnerable models to pay the insurance on behalf of the driver/owner as long as the vulnerabilities go unfixed.
Pretty much all industry journalism where the journalists depend on being in the good graces of the manufacturers to get the access they need to make their content is like this.
When I bought my most recent car I had a spreadsheet which projected fuel (whether that's gas, electricity, or gas+electricity) and maintenance costs (there was some ball-parking here) for a dozen different models based on our driving habits. Once the list was narrowed down a bit I did some online quotes at my insurance company to add that in.
There were no financial surprises when I bought the car.
Yeah so already different from like 90% of car buyers out there.
But no one has one anymore. I tried to learn in the 90s for about an hour, and never managed to get the car moving forward rather than bouncing. At this point, I don't have much desire to try again, but I wouldn't know how to try if I wanted to.
edit: if you buy em old I mean
me I want an Exige
In fact, all of my door openers and car remotes have some form of code-hopping and it's certainly not because they were specifically chosen for that aspect.
Sure, there are attacks for code-hopping systems as well, but it's a completely different league.
When you click on the open button on the fob, you send
SHA256(key)
Car responds with a random challenge
RND
Fob sends
SHA256(key XOR RND)
Car does the same calculation and compares.
My car has UWB, there's a LED on the fob that blinks when it is in range and if it's stationary for a short time, it inactivates as well. Some experimentation suggests you need to be within about 5m of the car to open the doors.
The localisation seems to be very accurate, even if you can open the car from a distance it won't start unless the fob is physically within it. If I sit in the driver seat the fob has to be less than 10mm away from the outside of driver's window, otherwise it refuses to start.
trishmapow2•5h ago