
The Guy Selling Wireless Tech to Steal Luxury Cars - enigmabridge
https://www.vice.com/en_us/article/7kz48x/guy-selling-relay-attack-keyless-repeaters-to-steal-cars
======
jolmg
> "Honestly I can tell you that I have not stolen a car with technology," Evan
> told Motherboard. "It's very easy to do but the way I see it: why would I
> get my hands dirty when I can make money just selling the tools to other
> people."

I know there's a fine line here and it probably varies by jurisdiction, but
aren't there laws that depend on your intention? As in, if they guy would sell
this with intentions of good use or even with no intentions at all, even if
they knew there existed bad uses, it would be legal, but if they sell it with
the intention that it would be given a bad use it would be illegal.

I mean, here they're saying that their intention is for buyers to use them to
steal cars.

I'm ok with their ability to sell it. I'm not sure how I feel with the way
they're openly admitting that they expect to make their money from people
stealing cars.

------
MrBuddyCasino
Good smart lightbulbs (was it Ikea?) nowadays have time-of-flight protection
against remote attackers with high-gain antennas. You need to physically be
within xx centimeters of the device, or else the signals take too long and are
discarded. I can't believe car manufacturers haven't thought of that.

~~~
BrandoElFollito
A good article from 2016 on the topic of such attacks:
[https://ethz.ch/content/dam/ethz/special-
interest/infk/inst-...](https://ethz.ch/content/dam/ethz/special-
interest/infk/inst-infsec/system-security-group-
dam/research/publications/pub2016/are_we_really_close.pdf)

~~~
MrBuddyCasino
Nice, very on topic! Seems the problem was solved in the "Time-of-flight
(Short symbol IR-UWB)" protocol to defend against exactly the attacks that
these devices use. Now the car manufacturers just have to use it.

------
ben7799
The relay attack is pretty wild but it also sounds like all these years later
all these cars are mostly using an ancient cipher.

The Cipher was broken so badly that as far back as 2005 it was published how
to break it, and it has still never been changed.

If you have regular access to the car (parking garage) you can just break the
cipher if you see it on more than one day... no need to relay at all, and no
protections against the relay attack would stop it from working.

It's a 40-bit cipher but because of a weakness you can calculate down to 2^16
possible keys and then come back on another day and break it very quickly at
which point you've essentially got your own key to the car.

------
w14
Car manufacturers seem have have had a pretty relaxed attitude to security for
ever:

[https://www.youtube.com/watch?v=0v1PRHTpK2c](https://www.youtube.com/watch?v=0v1PRHTpK2c)

------
city41
We stored our keys in Faraday cage pouches[0] to (hopefully) prevent this
attack. Of course when you're out and about, bringing a Faraday pouch with you
is a bit cumbersome.

[0]
[https://www.amazon.com/gp/product/B01HETGX00](https://www.amazon.com/gp/product/B01HETGX00)

------
frockington1
If he's selling the high end model for $12,000 how many cars would you need to
steal? I can't imagine the value of stolen car is much considering most have
gps tracking and serialized parts

~~~
avgDev
I used to know a guy that stole many cars. We are not buddies any more for
obvious reasons.

They would purchase "rollers" or "theft recovery" cars with clean titles.
Roller = a car frame wit VIN and title, possibly blown engine, stripped
interior if car was used to race etc. Theft Recovery = stripped car, no
interior, engine etc.

Clean titles made it easy as no inspection was required.

He would steal the same car, transfer parts, discard the frame. You could
easily make 15k+ on one car.

Others ship cars to other countries. Same goes for motorcycles.

~~~
throwlaplace
I find that very hard to believe given how much work is involved in that

~~~
avgDev
I don't know anyone making 14k cash in three weeks. Definitely worth it for
someone uneducated that can earn max 50k.

~~~
throwlaplace
A mechanic capable of swapping the entire power train in a car by themselves
in 3 weeks can make way more than 50k/year.

------
teilo
Luxury? Keyless entry and ignition is quickly becoming standard. My 2014 Mazda
6, and my 2018 VW Passat are not luxury cars.

