Experts ​alerted motor trade to security risks of ‘smart key’ systems which have now fuelled highest level of car thefts for a decade.

    • UPGRAYEDD@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      9 months ago

      I mean sure… but using a key to enter isnt really any safer? Like lock picks and jimmys and air bags have been defeating physical locks for even longer? Hell, a brick through a window gets you in faster than anything.

      • unreasonabro@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        8
        ·
        edit-2
        9 months ago

        Riiight. Go ahead and apply that logic the next time you want to get in your house. Or brick your way into your car since it’s easier. Hopefully nobody spots you and calls the cops! You’re definitely not being a dickhead just by making that argument either, don’t let anybody tell you that. Those words needed to be said, it was important! And anyway the rest of us are so stupid we probably think we actually need keys.

        • Drewelite@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I mean… to break into a keyless car you need special radio interception and replay equipment, the know how to implement them, to keep up on the latest security measures from car manufacturers, and car thief communities developing security counter measures.

          Or get a coat hanger, watch a YouTube video, and get into any car you want.

          • Cypher@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            9 months ago

            Or get a coat hanger, watch a YouTube video, and get into any car you want.

            Still not much more effort than a flipper zero but it is more expensive than a coat hanger.

  • msage@programming.dev
    link
    fedilink
    English
    arrow-up
    6
    ·
    9 months ago

    Convenience is usually at odds with security.

    That said, keyless access is amazing. Not having to dig out the car key is just so comfortable.

      • captainlezbian@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        I wish one of them went from my home to my place of employment or my places of entertainment, much less at a time that’s reasonable

        • CancerMancer@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          9 months ago

          The bus trip home from the nearest transit route can take up to half an hour for me due to how often it comes and its path. The drive from the transit stop is 3 minutes.

          Not that it matters, I still wouldn’t be able to get to the nearest grocery store on the bus, inexplicably none of them go there. These systems need work.

      • hydrospanner@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        4
        ·
        9 months ago

        Too many weirdos peeing in your favorite car, harassing other passengers, stinking, and listening to their music full blast on their portable speakers for it to be my favorite car.

    • MystikIncarnate@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      9 months ago

      Nothing wireless is secure, especially when dealing with end user electronics.

      The only possible exception is WiFi and commercial wifi services like 4G/5G… In the case of WiFi, it really depends on the configuration. A local ISP was, by default, programming their combination router modems for WEP security for years after it was known to be insecure, and for years after tools to obtain the security key for WEP were commonly available. However, WPA2 and now WPA3 is used by corporations to secure their wireless traffic, and those technologies have been made available to the public on almost all consumer WiFi products made in the last few years, though, some may need to be updated to show the option for it. As far as I know, as of now, WPA3 has no known vulnerabilities that will allow a hacker to penetrate into the subject network. The weakest part of the system is people using poor passwords for their wifi, which can be easily guessed, which is not a fault of the technology itself.

      IMO, the best, most shining example of well implemented security is PKI, which is used in HTTPS/TLS. A high security asymmetric key is used to generate a short-term use symmetrical key to secure the communication. It becomes basically pointless to try to break the encryption at that point.

      But this isn’t the issue in the OP. The problem is: where does everyone keep their keys? If you said “at the front door” you’d be right. In most cases, keys are at, or very near the front door. Where are most people’s driveways? At the front of their house, next to the front door. There’s usually enough distance to keep the fob from being detected by the car and unlocking it for anyone who walks up, but with a small amount of tech, attackers can pull the signal through your front door and relay it to the car. The process is actually kind of trivial. This is known very aptly as a relay attack. One attacker with a high gain antenna loop, places that loop on or near your front door, while their partner has another device which is relaying the signals from the high gain antenna to the car. This makes the car think the key fob is nearby, and it unlocks the doors, and the vehicle can be started.

      Once started, the vehicle will not automatically power off if the fob goes out of range, since that would create an unpredictable safety hazard. At this point the attackers only job is to get the vehicle somewhere that they can work on it for an unlimited amount of time, and program new fobs for it (which can be done with diagnostic tools).

      The best way to prevent this is simply not to keep your keys in range of your front door, nullifying the attack. Otherwise, buy an RF blocking key box to put them in at the front door. Something that automatically closes would be beneficial here; something with a Faraday style mesh, or lead (embedded in the walls of the box) would be best IMO. Keep any spare keys in a similar lock box elsewhere in the home.

      My family has our keys, at least 10 feet away from the door for storage, in our kitchen. It’s a short walk from the door down a tiled hallway, which makes for easy cleanup if someone walks over to get their keys from that location with muddy/wet boots or something.

      Relay attacks are very common and easy to execute with a high degree of success. To their credit, manufacturers have done their diligence in implementing anti-replay attacks (where an attacker well record the signal to unlock/start a vehicle, then replay it later for access), but the relay issue is harder to account for. From the perspective of the car, or simply looks like you started the car, dropped your fob on the ground and drove away. This is a legitimate scenario, and one that is entirely plausible for an end user to create unintentionally.

      • AA5B@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 months ago

        I just looked it up specifically for Tesla ….

        • there are descriptions of a successful relay attack in 2022

        HOWEVER

        • the relay had to be within 2” of the key card or phone
        • I expect Tesla responded, although I didn’t look that up
        • while I originally could just walk up to my Tesla to use it, now I need to unlock my phone, at least implying that either Tesla or Apple prevented relay attacks by blocking the key when you’re not using it

        The real question, is how easy is the car to “hot wire”. Older cars could be hot wired by breaking off the ignition lock, but now cars with keys have an immobilizer to prevent that (except of course Kia/Hyundai). So, can the lack of a key fob be easily worked around to start a car, like a Kia, or is it more complex like a key with an immobilizer chip, and an immobilizer circuit in the engine control?

        • MystikIncarnate@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          I think the next step is likely biometrics. Using a fingerprint or something to disengage the immobilizer. Having something like a programming key for the vehicle so users can enroll new fingerprints into the ignition.

          I don’t know, it might be a bit more inconvenient than other options. IMO, they can keep the fob for door unlocking but have another factor for the immobilizer. Both the fob and fingerprint need to be present to engage the starter.

          I’m sure it’s something that the automotive companies are thinking about.

      • UPGRAYEDD@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        5
        ·
        9 months ago

        A rock through the window is more effective and faster than reading this wall of text.

        • AA5B@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          That’s great for stealing the laptop you left in your back seat, but doesn’t let you steal the car, unless it’s pre-2022 Kia/Hyundai

    • uis@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      I hear americans love big cars. Here is big car for them to buy:

      • vaultdweller013@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        Dude youre being a condescending ass, plenty of us wish we had the ability to use public transit but it is either wholly insufficient or non existant in many places.

        Just using myself as an example, say I want to go to taco bell I have 2 options drive for 15 minutes at most or walk for over 2 hours because my city is built on a fucking slope. Also the city has no infra city public transit cause we’re too small, also most of the city is actually pretty walkable if you live towards the center of the East West axis which I do not.

        • ferralcat@monyet.cc
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          9 months ago

          I find it hard to believe cities are too small for public transit and too big to walk at the same time. I find it easier to believe people are just too lazy for a 30 min walk.

          • vaultdweller013@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            It wouldnt be too big for wlakability if it wasnt on aa fucking slope, 30 minute walk downhill will translate into an hour minimum walk up hill.

        • n3m37h@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          9 months ago

          Have ya tried a bike/ebike? Till I was 26 all I ever used was a bike. Can easily do 20km/hr and bypass traffic. Used to work 12 hr shifts and bike to and from work (12km) and where I am there are hills in both directions

          Shit I got an e bike now that does 50kph/32mph and I can get to work (8km) in less than 15 min

          • vaultdweller013@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            I used to bike all around town in highschool and middleschool, but the problem is that they only shave off so much time relatively speaking. Also once again I must note I live in the worst part of town for walking or biking anywhere, bout 30 minutes to walk anywhere bout an hour and a half minimum to walk back home.

            • n3m37h@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 months ago

              30 min walk is maybe a 10 min bike ride, 1.5 hr walk maybe 30 min.

              I’ve had a few bikes stolen from me, never stopped me from biking. And it’s a shit ton better than walking

      • stackPeek@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        fuckcars folks trying not to be the most annoying person in the room for one second challenge (instant fail)

        Look, I love good public transportation infrastructure as much as you. I always try to tell other people and especially the government how much my city urgently needs to upgrade its trains, BRTs, sidewalks, etc (thankfully though there’s now multiple efforts on building MRT & LRT).

        But, that doesn’t mean cars are the worst invention in the history of man–you folks always say that and it’s infuriating to me, it’s such a narrow-minded way of seeing the world.

        Take Japan for example, the train infrastructure is pretty much the best. I know that cuz I’ve been there, trust me, I can talk about this for hours. So good that, while we lived there, we didn’t feel the need to buy a car. Their bus is pretty good too. Sidewalks, bike lanes, accessibility, etc have been taken into account when they were building their city.

        But when you live in rural parts of Japan, it’s inevitable–you need cars. There isn’t just enough demand for public transportation. Sometimes there’s a train going through but the frequency is low, and most of the time it’s only single-track. Or sometimes there are buses going through, but infrequently.

        And it’s fine. The city is small, and there aren’t enough car users to make bad traffic congestion.

        Different story for big city though. I always thought that living in a big city is a form of compromise: you have a limited space of land to use, but you need to use that land for millions of people. If the city only relies on cars, it’s going to be so inefficient. Too much traffic congestion, bad pollution. That’s why good cities build mass transportation, or in your case, buses.

        And the best cities build extremely good mass transportation so good that people doesn’t feel the need of buying cars. Of course cars still exist, like the city I lived back in when I was in Japan. Or rural parts of Japan. Or perhaps people that commute between them. But there are options: cars, bikes, buses, trains, etc.

        Here’s my point: the availability of options are the best. It’s okay if you want to ride cars, bike, bus, or trains.

        Cause you’ll need cars at some point in your life. And it’s alright.

  • li10@feddit.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    It’s so difficult to use a regular key though.

    I’ve had to cancel journeys before because I get in the car and I just cannot work out how to turn it on 😞

  • joel_feila@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    are they talking about smart phone app to unlock cars or the keyless entry that has been around since the 90s?

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Both, honestly. But the real problem in this case is the keys that can open and start a car with their mere presence. A relay attack makes bypassing them trivial, and when a large number of people leave their keys at the front door, it’s not difficult to give it a shot.

  • wise_pancake@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 months ago

    These keyless ignition cars should never have been legal and the manufacturers should be on the hook for recalling and fixing them.

    I’ve been saying that since they were first released.

    That flipper zero (not disguising a car theft tool as a game device btw) can be used to attack said cars is irrelevant, because you could trivially order the parts to make your own.

    I hate that the insurance lobby is winning out on security by obscurity via lobbying governments and putting out scary statements, instead of hiking the rates for Kia’s and other trivial to steal cars. The insurers are having their cake and eating it too by wanting to charge money but lacking the wherewithal to actually charge rates commensurate with risk.

    • shea@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      It’s not just a car theft tool, its not really even intended for that. It’s just a neat little multi tool and it isn’t even close to the first or only device capable of repeating recorded codes. A hammer can be used to break into a car really easily and nobody’s ever called those “car theft tools disguised as hand-tools”

      • wise_pancake@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        9 months ago

        Yes sorry if that was miscommunicated. It’s a neat multi tool, that has a fun design. It’s not a tool for stealing cars, but can be used for that kind of thing.

        Really its a wonder we didn’t have really simple radio tools for theft before.

  • GONADS125@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    I have a key fob faraday cage/pouch keychain to prevent people from being able to dupe my key fob’s signal.

  • Tautvydaxx@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 months ago

    If you have an older renault with a keyless card, press the lock button two times and it will disable the keylless system until you start the car. It hink this should be the standart.

    The newer hyundai and kia dont have a good immo, they can be started by breaking the ignition lock and turning the start key, also if you can catch the unloxking signal you can reuse it. Normaly you wouldnt be able to start a car without an immo chip, that is tied to the car. Normaly you woulnd be able to unlock the car because the remote and the car keeps changing the unlock code, but to make these cars cheeper for America market they removed these futures.

    • sebinspace@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      To be fair, I think we ignore the security of physical locks. Atleast one must get physical access to the lock in order to pick it.

      Or even password books. Atleast someone has to get physical access to said book, which requires knowing it exists in the first place.

      Does that make them better? No, not imo, but it is an aspect of these things that often gets overlooked

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      Already has a few dozen times. All the more reason to self-host. Corporations can’t be trusted to secure your data.

  • Aatube@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    Seems to be specifically about these you unlock from your phone and then press a button to start

    A device disguised as a games console - known as an “emulator” - is being exploited by thieves to steal vehicles within 20 seconds by mimicking the electronic key.

    Don’t they use rolling codes? So I suppose this emulator is some malware you install on your phone

  • devilish666@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    9 months ago

    Well that’s why i don’t like keyless vehicles, it’s easy to stole it with some wireless signal emulator
    In the end the principle is same like wireless garage door opener, some thieves can hijack it very easily like no effort

      • sramder@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        Isn’t that what the Flipper Zero is for ;-) Kia notwithstanding it’s not that easy. But the relay attacks have been around since at least 2018 and I suspect years longer.

        • givesomefucks@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          9 months ago

          For garage doors… Yeah, it’s been a thing

          Because you can sit something there, monitor the rolling codes, then inject so it has a real one.

          For a car, you have to follow them around while they lock/unlock repeatedly. And that’s only if people are using the button and not proximity. If they’re just using proximity, you’re going to have to be standing right next to them.

      • atrielienz@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        I have a question. What do you think a rolling code style security system does if the thief is amplifying your key fobs signal by standing in your driveway at 3 am and then transmitting it to your door lock? Because we’re talking about keyless entry where you don’t have to push any buttons on the key fob it just has to be within three feet of the vehicle. They are literally using your key to unlock your door. The key is always transmitting. The vehicle is always receiving. At the point where they have access to the interior of the vehicle they can just pull the fuses for the horn and lights and then pop the transmission shifter cable off the transmission control lever and manually put the car in neutral. This attack takes maybe ten minutes. At that point they can literally just roll the car onto a flatbed and drive away. The flipper zero costs $169 USD. But you can make one from parts for much less. A GPS blocking tool costs around $15. A signal repeater isn’t expensive either. Keyless entry on the whole is broken.

        You may stop joyriders and petty thieves. But you won’t stop anyone looking to steal a car who has the know how and who is looking to sell your car for parts. The fact is, a lot of premium cars are vulnerable to attacks like this.

        And before you even start about what I know about it, literally I’m an avionics tech. Rolling codes and frequency hopping is how we keep unfriendly forces from listening in on comms. Electronic attack and defence is literally what I did in the Navy for twelve years.

        Rolling codes are a good security feature. But they do nothing to stop the attack that other articles on this subject better explain.

        https://www.cbsnews.com/news/cars-hacked-stolen-keyless-vehicle-thefts/

        https://arstechnica.com/information-technology/2023/04/crooks-are-stealing-cars-using-previously-unknown-keyless-can-injection-attacks/

        https://www.locksmiths.co.uk/faq/keyless-car-theft/

          • atrielienz@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            What has that got to do with the price of rice in China? Please explain why what I said has anything at all to do with garage door openers? Because what I said specifically never mentioned garage doors at all.

              • atrielienz@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                9 months ago

                "Well that’s why i don’t like keyless vehicles, it’s easy to stole it with some wireless signal emulator In the end the principle is same like wireless garage door opener, some thieves can hijack it very easily like no effort."

                “Do you not know what rolling codes are?”

                I responded to the second quoted comment asking (because the article is about car theft) how rolling keys prevent relay (repeater) attacks on keyless entry vehicles. There are several people in this thread who are comparing car keys to garage door openers, however, that’s not what my conversation with the person above was about.

        • givesomefucks@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          9 months ago

          Did you read OPs article or the ones you linked?

          I went to the ARS one and it’s talking about CAN hacking which requires a physical connection…

          It’s a great article, but if it has anything to do with this conversation and if anything backs me up. It’s about all the work thieves are going thru because rolling keys beats emulators.

          C’mon man, even if you know what you’re talking about about (doesn’t seem to be the case) you still gotta read your own articles.

    • GreatAlbatross@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      These are different attack vectors.
      The classic one was listening to a key, then impersonating it later.
      Rolling keys fixed that.

      For keyless, the usual attack is working as a relay.
      Victim is 30m from their car, too far for keyless.
      Attacker stands between the car and the victim with a transceiver that links the car and the key together, despite the distance, and opens it.

          • atrielienz@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            9 months ago

            Those videos aren’t for cars with keyless entry. Those cars have a bladed key for placing in an ignition lock cylinder to start the vehicle (or in the case of the mini, which is a car I actually own, into the little slot for the round key fob).The flipper zero recording a code isn’t what I am talking about when I talk about repeater attacks. What I’m talking about is using a receiver to receive and amplify the code so that they can use keyless entry (where you simply touch the vehicles door handle with your hand with the key within three feet of the car) and only requires you to have the key on you. Did you read the other comment I linked? This isn’t about having a key with buttons that are required to be pressed to enter the car. This is literally about passive keyless entry. Please go read the articles I linked.

            I mentioned nothing about signal cloning and you clearly didn’t read.

            https://www.techtarget.com/whatis/definition/passive-keyless-entry-PKE

            • mx_smith@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              9 months ago

              Oh my bad, I was inferring that from the original article. Those articles you posted are good and talk about the CAN attack, but the original article talks about the rolling codes using a flipper zero like device.

              • atrielienz@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                8 months ago

                My bad, I didn’t intend to come off badly, I just literally had a similar conversation when someone who didn’t read what I wrote, completely ignored whole sections of the article, and I may have come off a bit terse as a result. But you are correct about the flipper zero specifically.