
How some thieves broke into my car and why you're vulnerable too - Articulate
http://www.articulateventures.com/articulate-blog/category/how-some-thieves-broke-into-my-car-and-why-youre-vulnerable-too
======
ergoproxy
My car was parked at the grocery store during an electrical storm. Lighting
hit nearby and my "keyless entry system" unlocked the doors. After that my key
fob no longer opened the doors. In the next few weeks I noticed more odd
behavior: My dad's key fob opened my doors, my sister's key fob opened my
doors, and a couple of random stranger's key fobs opened my doors. I've had
the dealership reset my security system three times now at $40 a pop, and it
still don't work right. Great technology! I long for the days before keyless
entry technology, when you had to use a key to open the doors.

------
na85
Explain it?

Predictably, the car companies are stuck in the past. Much like GSM for your
cell phone, keyless entry remotes are not secure and relied on security
through obscurity.

The thieves simply have a small computer with an antenna that basically brute
forces your keyless entry system.

It's like having 1000000 physical car keys in front of you and pushing the
unlock button, key by key, until the door opens

~~~
gms7777
So I don't know much about either these keyless ignition systems or security
and encryption, but is it really that simple? According to my not-super-
legitimate internet source ([http://auto.howstuffworks.com/remote-
entry2.htm](http://auto.howstuffworks.com/remote-entry2.htm)), typical remote
entry keys work with at least 40 bit codes, and different car manufactures use
different systems/#s of bits. In additon, since the codes are encrypted with
different random #s every time, you can't just enumerate every possible
combination.

The concept of brute forcing, and doing it successfully for many different
cars in a short period of time, just doesn't pass the smell test for me.

~~~
gnaffle
Not sure if it was the case here, but apparently some cars can unlock
automatically if the key is nearby.

To hack this, you only need a sensitive receiver that can retransmit the
signal from the key, and you need two people, on in proximity to the key, and
another nearby the car when it unlocks.

~~~
emidln
That's not really the case. Some of them unlock via low frequency RF, but to
my knowledge they still use encryption that uses their button click count as
one of the variables plus a shared secret.

~~~
gnaffle
Yes, but the point of this scheme is that the car "believes" the key is in
close range. If that is enough to get it to open the car, the thieves don't
have to break any encryption, they just need to relay the RF signal. The
faulty assumption on the part of the car manufacturers is that "RF signal
present" equals "keyfob nearby".

~~~
emidln
No system I've been exposed to was defeated by a simple replay attack. You
needed the shared secret and the click count (plus proprietary algorithm),
which would be incorporated into the OTA message. Most LF systems are pretty
low-bandwidth as well, and lock out quite quickly.

~~~
gnaffle
To clarify, I'm not talking about a replay attack. It's a _relay_ attack where
they use the RF signal transmitted by the actualy car/key, just over a bigger
distance than you would normally expect.

------
Broken_Hippo
I am very far from alarmed. Though I can think of all of the 'scary' doom
scenarios that go along with this, I figured out a long time ago that even my
normal barely-running vehicles could be broken into or worse. Any doom beyond
that has chances that are more rare than hurting myself while getting into the
same car. So I'm not going to worry about it.

I'll continue to take reasonable precautions (don't keep valuables in the
vehicle, have insurance, look into the car at night since I rarely lock it,
etc). And yes, I rarely lock the car. I figure that a broken window (what I
figure is the most common entry) will hurt me more financially and cause more
inconvenience than anything in the car.

Technically speaking, if people can get my credit card numbers, it is
unsurprising that the door lock technology can be manipulated. Locks never
keep the determined out, it merely forces them to work more creatively.

------
beachstartup
the idea that any car even _could be_ safe from thieves is laughable. all the
crypto in the world isn't going to stop someone from smashing your window with
a crowbar. hell, in SF it's safer to leave your windows open and doors
unlocked with nothing inside.

don't leave valuables in your car, and buy insurance against theft.

~~~
gnaffle
The point of the car alarms and crypto is to notify you if your car is broken
into, that will act as a deterrent.

That aside, many car thieves will even steel airbags (very expensive), and you
can't exactly go around dismantling and removing them every time you leave the
car.

------
krapp
I'm gonna be that guy...

... maybe being able to unlock a car remotely is a bad idea.

