Police Issue Warning After Radio Spoofers Used to Steal Range Rover in Epson
11 replies, posted
Police are advising “keyless car” owners to to keep their keys away from windows and doors after scanner technology was used to steal a vehicle this week.
Inspector Joe Easterbrook, borough commander for Epsom and Ewell, said drivers should keep their car keys “inside a metallic tin”.
The wireless signal from some keyless fobs can be turned off; consult the manual or contact the manufacturer to find out if this is possible.
Well isn't this some shit.
Thinking about it, I'm not sure how car manufacturers could fix this without just dropping the concept entirely.
This is how I think the attack works:
The attacker stands near the victim's house with hardware set to scan the manufacturer set frequency to intercept the constant signal from the fob. Due to FCC (or the closest equivalent in most other countries) regulations, fob signals can only occupy a certain bandwidth, so it's not a hard signal hard to find.
The signal, ideally too far from the car to trigger the system on its own, is then intercepted and repeated in close range to the vehicle. The signal is 1:1 to what the car expects because it is the signal, just boosted to enter range.
The car then detects the signal as it expects and unlocks and/or starts for the attacker to just jump in and take.
No level of increased encryption can really defeat just boosting the legitimate signal into range.
I suspect the signal is already too complex or tedious to crack manually without relying on a boosted signal.
If my suspicion's correct and this is how they're doing it, then it comes down to it being an inherent flaw in the concept as a whole.
There's also a chance that they're scanning RFID chips in the fobs and spoofing them. Probably easier to tackle, but still a nightmare.
Pretty much, this.Will vary slightly on how they do it from theif to thief, but pretty much they use a relay to extend the range of the signal, tricking your car thinking you're right next to it with the key.
How hard is it to get a dealership to disable keyless entry?
Now, I wonder how long a "Keyless Entry" car will allow you to keep the ignition going if it loses signal?
This'd have the detrimental effect of escalating fob failures to car stoppage... But you're already entrusting the fob to get into the vehicle anyway, so not that big of a deal. I assume most of the tricky part has been done already on the crypto front, so that it isn't possible to replicate the signal, only to re-transmit it.
Then the thief would need a transceiver at both ends and a way to get the signal between the two of them (be it by amplifying it, or by encoding, broadcasting and decoding -- though for the latter I remember some article talking about how some of these systems use extremely precise timing to make any kind of processing of the signal impossible).
What if both - car and key had some sort of timer that kept generating new decryption key every few seconds?
That way even if attacker intercepts signal and later uses it - car will not unlock as it will fail verification/decryption.
Kinda like how 2FA works.
I know this could lead to sync issues if timer somehow alters on both but I am sure there are ways to make it work?
idk just an idea, I have no idea this shit works in reality.
Can't they just change these keys so they do not send out a constant signal? Just add a physical button you have to press to send the signal.
I might be missing the joke here but that's just a remote key. The point of keyless entry is that you just walk up to it, get in and push start.
I really don't see the point and it's not something I'd ever pay more for.
That seems like a lot of effort to go through compared to the tried and true "smash that shit open and touch some wires together" method of illicit ignition that's already been a thing for about a century. It's definitely something that can be exploited if someone's willing to sneak around your house with a bunch of radar equipment while you and your keys are at home, but I imagine enough criminals would rather stick to easier/simpler scores that it'd still be an effective deterrent
That method is pretty outdated for vehicle theft on most modern vehicles, keys often have chips in em nowadays that, without the presence of it in the ignition, it won't start even if you hotwire something.
Makes keys a pain to replace, however.
I'd guess it's the same case here. No fob in range, no start.
I'm fairly certain most manufacturers will let you disable it yourself using the car's computer
it can be fixed by making it 2 way. once detected, if a start is requested, the car can ping the device and check if its actually.. it.
you time how long it takes to receive the response and based on that you are able to assume how far away it is. devices that relay will add a noticable amount of overhead; its also used (ineffectively, but w/e) as a method of securing HDMI by blocking if there's too much time in between some of the signals
Sorry, you need to Log In to post a reply to this thread.