Car Keyless Fob Robbery

[C7Steve]

Crooks look like that they are using a device which picks up the keyless fob transmitting signal and then boosting or relaying it to the cars ECU.

http://www.dailymail.co.uk/news/article ... 0-BMW.html

Kathy noticed the other day that her car was parked unlocked in the drive because where her keys were sitting in the house (supposedly in a safe place), that the car had unlocked itself, or had not even been locked and was able to be started and driven away.

From the 'Owners Manual' : "Keyless entry allows the vehicle to be opened if a Smart Key is within 1.0m (3ft) of the door handle or the tailgate external switch."

Her 'Smart Key' was in a location much further that the above figures.

Concerning


Steve.

[campbell]

I like proper old skool keys.

But then they just burgle the house and threaten you to get them

[C7Steve]

I like proper old skool keys.

But then they just burgle the house and threaten you to get them

Campbell,

A spate of car theft in Aberdeen had the thieves walking in to the house through the unlocked front door and picking up any car keys, then just driving the vehicles away. Most people drop their keys on the first available flat surface upon entering their home.


Steve.

[BiggestNizzy]

Don't they use rolling codes or something a bit more high tech. I remember this being a thing in tge 80's with people grabbing alarm codes and using them to steal cars. I also remember tge cyclops alarm that had a touch bit on the windscreen specifically to stop this.

[Jamie Satriani]

And still the simplest way to thwart anyone taking your car no matter what way they get in to it, is to fit a hidden kill switch, wired to the fuel pump or distributor or a main relay, when a car thief finds the motor is just turning over and over and wont fire they don't go popping the bonnet to see what might be wrong, they leg it!.

A well hidden kill switch saved me from having 2 Hondas taken at different times over the years, I fit one to every car no matter what anti theft system is fitted, it makes your car virtually theft proof, provided its well hidden and you don't forget to use it!!!!.

[scott_e]

I was at a IoT security conference a couple of weeks back. The head of cryptography showed us a video of him hacking his Audi with an Arduino/ OBD interface and starting the ignition. Explained Audi / VM were the worst effected, massive lack of ECU security. Also explained vehicle thefts were mostly key-less vehicles apparently although I forget his exact sentence sorry. Touched on Stuxnet and examples of power hacks on airports that still use hardware from the 60s to fail over from mains to battery. Radar that accepts UDP payloads with no security was another and hacking petrol pump prices in Asia. Amazing really.

[fd]

I've been doing some work for a large automotive manufacturer recently (side line to my main military work for some entertainment), I can assure you that while VAG are publically exposed, they are far from alone in having serious security and software quality issues in their ECUs. VAG are actually held in some regard for the quality of their electronics by other manufacturers (believe it or not). I am involved because of detailed experience of military level cryptography and safety critical software quality (both of which increasingly apply to the automotive industry).

There are well documented exploits which would make me very nervous of having a valuable car on the drive with a keyless entry system (specifically) protecting it. The crypto is very weak and very easy to compromise, and the means to do so are clearly in the wild and of negligible cost. The technical skills are not rocket science either so long as you have a basic understanding of RF comms and cryptography, which plenty people do.

I'd agree that a non standard and difficult to find kill switch is probably by far the best solution.

It's clear, to me, that the vehicle manufacturers are way behind the curve in terms of quality and security and it's going to get worse before it gets better as their cycle time to make changes is very long. The technical skill set of the criminals and availability of clever hardware and software (generally of almost no significant cost) leaves the vehicle manufacturers in a very difficult position.