
Car key 'relay' attack caught on CCTV - tankenmate
http://www.bbc.co.uk/news/av/uk-42132804/relay-crime-theft-caught-on-camera
======
gambiting
That's why at night I keep my keys in a metalic pouch that blocks all signals.
I've tried and the car doesn't recognize the key even if I hold the pouch
right next to the sensor, so it must be doing a good job. I'd highly recommend
doing that if you have a keyless entry system installed in your car.

Edit: This specific one if anyone is interested in protecting themselves:
[https://www.amazon.co.uk/gp/product/B01HETGX00/ref=oh_aui_se...](https://www.amazon.co.uk/gp/product/B01HETGX00/ref=oh_aui_search_detailpage?ie=UTF8&psc=1)

------
abcd_f
Which manufacturers are affected?

\--

Edit - this seems to be exploiting the "convenience unlocking" feature,
whereby you can unlock the car by having the key in a pocket and standing next
to the door. Similarly the car will also allow starting the engine if the key
is detected inside of the car, so this too can be done via a relay. But you'll
need to have the key continuously present to drive, so I guess the whole
scheme would involve a flatbed/tow truck around the corner.

\--

Edit - I guess one can stretch the relay tether by planting the key-side relay
on site, next to the garage door, and have it talk to the car-side counterpart
via cell connection.

Also as far as countermeasures go - one would probably be to have the key shut
down completely it detects no motion for N minutes. Or just have a physical
Off switch on it.

~~~
tjoff
Not sure if there exists any decent counter-measures.

~~~
janco
Latency measurement from car side?

~~~
bartkappenburg
Wouldn't help: the latency to the relay box is at least as good as having the
physical key nearby.

~~~
icebraining
That can't be true, because the request/reply still has to travel all the way
to the key and back.

------
wiz21c
Interestingly, for many people here, the solution to the problem is even more
technology.

Is there a study demonstrating that more advanced keys actually reduce
stealing ?

------
jgrahamc
Add an accelerometer to the key and only transmit when moving.

~~~
function_seven
I had a '94 Corvette that did this. Probably to save on battery life. There
was a tiny ball that moved around in the key fob. The fob wouldn't transmit
the "hey, I'm here" signal unless it was moving.

Not sure what the tech was. Not an accelerometer per se, but still motion
detection that worked pretty well.

~~~
abraae
Perhaps a strain gauge
([https://en.wikipedia.org/wiki/Strain_gauge](https://en.wikipedia.org/wiki/Strain_gauge)),
a primitive sort of accelerometer that has been around for donkey's years.

~~~
consp
If it is a ball it probably is a ground plate on the bottom and top with sense
connector plates on the edge of the box where the ball is in. The ball moves
around and if it gets a connection (ground to sense) a counter gets increased
and a time gets reset and since you are moving the thing usually moves around
and make some connection when braking/accelerating/steering. You need bumpy
roads though on longer trips on the highway. Dirt cheap, but unreliable.
Straingauges (in my experience) generally need to be tuned for every gauge
which makes them somewhat more expensive.

~~~
function_seven
Oh, I think I misread my parent's comment. On my fob, it was purely to unlock
the doors when you approached the car. It didn't involve itself with the
ignition or running of the car. That was still an old-school key (but with the
tiny improvement of a known resistor ohm-age in the key itself†)

† [http://ricksfreeautorepairadvice.com/gm-anti-theft-
systems-o...](http://ricksfreeautorepairadvice.com/gm-anti-theft-systems-
overview/)

------
jo-m
There is a startup from ETH Zurich [1] which develops technology to make relay
attacks impossible. In short, they are developing a method to make the key
proove its within a certain distance of the car. Some of the tech behind it:
[https://arxiv.org/abs/1404.4435](https://arxiv.org/abs/1404.4435)

[1] [http://www.3db-technologies.com/de/Anwendungen.3.html](http://www.3db-
technologies.com/de/Anwendungen.3.html)

------
ewjordan
Question: who buys these stolen cars, and would having a tracker on one solve
the problem?

From experience I know that when it comes to computers, at least in San
Francisco, even if you know the exact address where 20+ stolen computers are
at, the police will not engage. Are most police similarly hesitant to track
down stolen cars, or is that just a weird SFPD quirk about ignoring theft?

~~~
gambiting
In the UK if you have a tracker fitted the police will absolutely go and check
it out immediately after reporting, they are pretty efficient at it. What the
thieves started doing though is they take the car to a car park several miles
out and let it sit there for a week, without spoiling the thief's position -
if the car is still there after a week it's good to take. A lot of tracker-
fitted cars are recovered this way, they are usually found just sitting in
parking lots, not in some dodgy garages.

~~~
jore
What are these trackers? Can you give an example? Are they GPS transmitters?

~~~
gambiting
Yes, so they are basically GPS receivers with a GSM module, constantly
broadcasting the location to a central server. They usually have their own
battery backup in case the main battery is removed, and have a VHS broadcaster
so the vehicle can be found even underground or in a container. For example:

[https://www.trackerfit.co.uk/tracker-
locate.html](https://www.trackerfit.co.uk/tracker-locate.html)

I have a service called "MercedesME" in my car and that provides real-time
location of the vehicle at all times by using the built-in GSM modem in the
car - but stupidly, in the UK it's not classified as a "tracker" for insurance
purposes so having it does not get you an insurance discount.

------
lexxed
What if i put my car keys in the microwave ?

~~~
GoToRO
Too extreme. If I understand correctly how it works any metalic enclosure will
work. Tinfoil!

~~~
paulhilbert
Both of these seem way more complicated than using the buttons to open doors
(i.e. disabling the easy unlock feature) - but I probably just missed the
sarcasm again ;)

------
antouank
Just yesterday a friend was showing me the video where his white Mercedes was
stolen in London in the exact same way! I guess someone made good sales on
those relay boxes...

------
chatmasta
> West Midlands Police crime reduction team, said: "To protect against this
> type of theft, owners can use an additional tested and Thatcham-approved
> steering lock to cover the entire steering wheel

We've come full circle. Tech has advanced so much that you need a physical
lock to backup your technical lock.

Reminds me of the rubber hose method. Trouble decrypting his 2048 bits of
encryption? Just whack him with a rubber hose til he gives you the password.
[xkcd ref]

~~~
ninju
[https://xkcd.com/538/](https://xkcd.com/538/)

(it's a wrench rather than a rubber hose)

