In addition, you can make it so that the car doesn't unlock due to proximity with the fob, but rather, it only unlocks if you push the unlock button on the fob.
I imagine an smartphone with touch sensor + car remote app would be even safer than what we have now.
If that functionality was encapsulated on a smart phone, that would be fine too.
I'm not sure why we are going backwards in the security department here. Seems like a lot to give up just to not have to stick the key in or press the unlock button.
Consumer products nearly always go features that have whizz-bang "it's so convenient" demo value, until a problem like this becomes prevalent enough to end up on everyone's nightly news.
He then added "It's good that I always lock the door in the garage too".
I do have auto-closers on the garage doors, however, because my kids do have a habit of leaving them open otherwise. Of course, they also keep leaving the man-doors unlocked all day as well.
For many people, there's no need to unlock the front door because it's never locked. Having to lock your door just means you're living in a terrible neighborhood.
This doesn't make much sense from first principles. I assume everyone agrees that theft is equally unwelcome regardless of whether the door was locked. But the additional damages from breaking into a locked home are pretty minor compared to the damages of the theft. Why would there be a large difference in punishment?
Interesting. Is that an American thing? I do recall that most of my American friends don't lock their doors, whereas I can only think of a handful of people not locking their doors in Europe - and those live in remote outposts, where people are scarce and deer are unlikely to use the door handle.
Because of that, we had an additional safety feature, you couldn’t open the door from outside!
The old ignition hole was the perfect solution. You had a dedicated spot for your keys, you always knew where they are, were unlikely to forget them in the car, and it also happened to start your engine. Perfect
Unfortunately, that would be vulnerable to theives unlocking your car and taking everything in it. For me, the biggest convenience of fobs is the ability to start the car and have AC on so that the car isn't burning/freezing when I get to it
Maybe it has something to do with the additional battery consumption that doing this incurs, probably something like double/triple consumption, with the hashing.
They are laying on a desk or in a drawer and are not being touched/moved for extended periods.
Maybe a simple mems step counter could help activate them for a short period of n seconds/minutes.
The clock has to be pretty fast, but you can get a secure time of flight measurement, so you can absolutely know the distance of the radio signal path.
I did research in this area a few years ago. Here's a research paper  from 1993 that goes into more detail about this type of "distance bounding" solution (i.e. authenticating received signal only if 1) it is received within a few nanoseconds AND 2) the decrypted received signal contains the previously sent random number) in order to defend against "relay attacks". The paper discloses many variations to this general solution as well.
 Brands and Chaum, "Distance-Bounding Protocols"
edit - thanks for the link, having a read through.
It still leaves a small window of opportunity for abuse, but seems like a decent middle ground.
My personal solution is to not drive often, and when I do it's a 1996 Subaru. ;)
But, he may be saying he's vulnerable for long periods because the idle timer won't kick in for him.
I'd much rather have a solution that precludes relaying; maybe something that involves a precise turnaround time in the radio signal between the car and key, and so the key physically can't work beyond some relatively short range.
We should just go back to traditional keys if this is the case.
I want key holes in all doors. I want to insert a key to start the car.
I'm not sure if it's been from rust, lack of use + time, or ice, but unused or backup keyholes on vehicles seem to fail far more often than those used for normal entry.
"I'm lucky" is not quite the same as "that's a nonexistent problem".
Source: worked for a valet
As well as taking away much of the convenience advantage that passive fobs have over active-only fobs (most fobs already can be actively used, as well as passively.)
I think the over-the-air updates is one of the big advantages that Tesla has right now. They can respond quickly to critical vulnerabilities like that.
I wonder how fast other car manufacturers are going to catch up? Volvo recently announced that they are working on an Android based system, but it's not going to be rolled out before 2020.
Or maybe where the Tesla auto drives itself to the nearest repo-man?
Yes, reverting from passive-supported to active-only remote entry/start would eliminate the attack by eliminating the feature on which it is based. OTOH, the handsfree nature of passive remote entry is a major selling point.
There is a general trend that car electronics is increasingly acquiring behavioral features that annoy me, that cannot be disabled. This is all across the board; if you don't like it, you have fewer and fewer options: pretty soon, you will have to drive a used old beater if you don't like what new cars are doing.
If they are, just do a stakeout and then replay it later in the day to gain access.
Fly the drone into gated estates, or better yet a country club drive-up near the valet and record many high-value signals.
Their kid normally wakes up in the middle of the night, except this time, he freaked right out like he was scared. They were wondering what was going on with him, when one of the parents heard the M5 turn on (it's pretty distinct). "That's my car!" His wife said, "Naw, you're crazy, no way."
Sure enough, enough, key fob attack and theft. Caught on their video cameras. Filed the police report, claimed insurance, cried internally about the loss of a gorgeous vehicle. In all seriousness though, it's just a car, so no big deal, but nothing will fix the violation you feel, and the fact that you were being targeted.
If I were the insurance companies, I'd be putting pressure on the car companies, but hey, maybe it's just the cost of doing business for them. Better to pay out for a vehicle theft, vs. actual injuries from a collision. That's probably why there's little incentive to fix it, especially if fixing it makes your product less convenient.
And also give car owners an incentive to keep their keys safer, given how many vehicles out there are vulnerable to this. Just fixing this for new cars is only half the solution.
I remember back in the 80s my parents got a discount on their insurance for installing a third brake light in the back window of their old Camaro. If my insurance gave me a discount, I'd get a faraday cage for my keys. I'm considering doing it anyway, even though my house is pretty far from my driveway, and we have cameras.
I've searched for nice-looking faraday cages but haven't found anything good. I think there's a market for fashionable key/phone faraday cages, between this car theft issue and the push to digital detox.
EDIT: curious why this is downvoted? I'm not saying that this shouldn't be fixed by car manufacturers going forward, but we need to do something about the millions of cars on the road already. Is there another solution that would make more sense? Or is there something I'm missing here?
The companies could even give away nice-looking faraday boxes that cost them next to nothing to make, and which would probably have decent adoption among people who have requested them. That would cut the hard costs to be very low, and give them a branding/perception benefit.
Imagine seeing "Mercury Insurance is giving away a Fob Box to any customer who wants one." It wouldn't make me switch to Mercury, but it would make me think more highly of them. And if I were just out of college and choosing my first insurance company, I'd undoubtedly choose them.
Given the spate of thefts and the likelihood that it continues, a promo like this could resonate for a long time and get mentioned in lots of news stories.
Why is it always up to us to deal with the consequences of all this poorly thought out new crap?
It sort of reminds me of the way they want us to believe that "identity theft" should be our problem to clean up, when its really caused by banks poor security practices.
Of course this only foils overnight theft. I imagine it would be trivial for someone to follow me from a car park to a public location and sit next to me to get the key signal from my pocket.
Then just a metallized flap for extra protection.
Leakage is fine. As long as it’s in the right direction.
If anyone knows how much leakage there would be for fobs/phones, and whether it makes a difference for this application (where the sniffer/attacker would be 10+ feet away), I'd love to know it!
I just completely wrapped my remote with one layer of aluminum foil and that was enough. A small gap on side was enough for the car to detect it.
Once they got very far away from the house, the car should shut off. Or so I would think.
Mine will beep for a bit if I leave the car with the key. But the vehicle also works when the fob's battery is depleted (it has an RFID tag and an embedded physical key for the door). Having the car randomly shut off based on something so potentially flakey seems like a worse idea.
In the event that the actual owner of the car left their fob at their previous stop and discovers this fact 40 miles down the highway later, if the car were to stop, the driver is now stranded with a car that won't start. As it is now, as long as there is enough gas in the tank, the owner can just drive back and get it.
This is why every car company has examined it and chosen to not do it.
This feature actually saved huge inconvenience for us once. While visiting the other coast for wife's mom in the hospital, we used one of her parent's cars to drive to the airport with her brother to drive it back. We get out at the airport, get luggage, hugs, bye, head into terminal -- with the key still in her purse. Car running, doesn't notify him until too late to chase. If it stopped after 2min, he'd be stuck somewhere outside an airport 100mi away from anyone he knew. Instead, he just drove it home, got & used the other key for a few days, and we mailed back the first key when we arrived.
Things that seem reasonable at first....
It means the key has to he inserted somewhere. That makes it both safe and predictable.
(& yes, I still start my car with a key that is inserted, and mine also has a clutch & manual H-pattern 5-speed)
The way it works is reasonable. Maybe tighten up the proximity. But honestly, I miss my classic keys.
What do you mean? It's not as if anyone will be driving less... the insurance company will pay for a new car, the family will buy a new car (presumably they need it), and still be just as statistically likely to collide with the new car.
Oh please, this is Ontario. The auto insurance companies main innovations have been:
1) getting caps on benefits
2) creating new driving violations to jack up your premiums (eg: non-criminally blowing over 0.05, but less than 0.08)
Neither resulted in lower premiums for anyone else.
I've declined this but expect that insurers will push for it to become mandatory. They would love to be able to charge unsafe drivers more money, and in the abstract I don't have a problem with that, but the tracking is creepy.
This is why I am not going to get one, nor a “smart” water or electricity meter: give more data to corporations, and you can be sure that they will use it against you.
Whats the yield on the secondary markets for these hot vehicles since the VIN is compromised, a new license plate is needed and a thorough scrubbing has to happen
Some luxury sellers are actively making it difficult to buy for export to arbitrage this.
An added bonus, it also makes the keys much more comfortable to have in a pocket, holds them in a fairly flat orientation - and stops them from scratching a phone!
The smallest ones I could find would actually hold two fobs, but when filled were large and uncomfortable enough in my pocket that I preferred to just keep the fobs naked.
I still haven't found a good solution that actually works for keeping passive fobs secure while they are actually in my pocket.
Being a step away from the problem probably helps keep that OEM manufacturer from strapping in and solving it. They don't feel any pain from it.
Edit: there's a discussion down the page somewhere. The issue seems to be that (for power reasons) they use low-freq radio, on which it's hard to get timing accurate enough for 10m distance changes.
And the challenge-response pair must be different for every transaction, otherwise the thief can easily grab a SDR with tx capabilities, get to the car and ask for a transmission, record the spectrum, then go near the car owner door, transmit the car challenge and record the key fob response, go back to the car, wait for another challenge transmission and time the response accordingly. Not even need for a second thief.
To think of it another way: before keyless entry was a thing - how many people were thinking 'damn I wish I didn't have to get these annoying keys out of my pocket?'
To think of it yet another way: How many people buy the upgraded trim on their car mainly for the keyless entry?
(Not having a go - genuinely curious)
I used to have a car without this feature and it was sort of annoying for 5 seconds each time I have to unlock the car. I do get annoyed when I get a rental without this feature too.
Additionally, this also helps when I am carrying bags or other large items with two hands. I can simply make a kicking motion at the bottom bumper of my car and the trunk will open automatically instead of me having to put the bags down and fish for my keys.
I agree that it is minor and not a real deal-breaker, but it is a nice to have.
More efficient for the car to estimate the distance and power of the transmitter.
These thefts have been going on for years and they will not stop until key-less go is dropped or changed such that the key requires interaction (like every higher security transponder has for, like, always).
It also depends on the reliability. You could also say that you can't just shut the engine off if the electrical contact in the keyhole is wonky.
Tesla is using an NXP Athena OS based smartcard that uses the Java Card 2.2 platform for it's NFC Key on the Model 3.
Why is it transmitting without the user pressing a button? Is that a feature? As you walk up to the car it automatically starts like magic? I'm not familiar with these newer cars.
In typical designs, the car continually transmits a low-frequency (e.g., 135 kHz) radio signal to wake up any wireless keys within range. When a key receives this signal, it replies with a VHF (e.g., 315 MHz) signal, and the car unlocks or starts when a door is opened or the start button is pressed.
The reply signal, at least, is uniquely coded to the car. The attack is to extend the range of the LF wake-up signal, causing a key stored away from the car to transmit a valid reply.
In some models, besides the transponder described above, the key also has a passive RFID tag, which works with a reader in the car to allow starting even if the battery in the key is dead.
(The article is wrong about the broadcasts, by the way; if the key transmitted continually, its battery wouldn’t last long.)
It is pretty much standard across all cars now days, except maybe the very bottom of the line models.
Could you just record the relay signal and play it back whenever, essentially replicating the key?
The really nice feature is when you walk away (a few seconds after you're out of range), the doors automatically lock. However, the downside of this feature is my wife's car does not have it -- and so at least half of the time when I am driving it I forget and leave it unlocked in parking lots.
My brother in law did this on a ski trip with a borrowed Range Rover. It was only at the end of the week he realised he'd left his keys in a jacket pocket in the car the entire time and it had been sitting unlocked in the car park half a mile down the road from the apartment. Thankfully it was fine but stealing it would've been a case of getting in, pressing the start button and driving away.
This is the problem with a lot of the newer tech in cars like backup alarms. You become used to various features in your own car and when you rent a car you need to consciously remember that the vehicle doesn't have $FEATURE. Effectively, cars are becoming a lot less standardized. A car I rented a few weeks ago beeped at me a couple times and it took a while before I realized it was the lane departure warning triggering on a couple turns.
A reasonable person would probably have turned around and exchanged the car with the rental company at this point.
I am not a reasonable person.
Instead, I headed directly to a truck stop and purchased a heavy-duty power inverter, dropped the back seat, and crammed my portable PA speaker into the trunk, connected to the car's trunk-mounted battery through the inverter and to my iPhone through a shielded audio cable run from the trunk to the front seat.
The result sounded far better than it should have, and what it lacked in convenience (I had to pop the trunk to power it down) and channel separation (one speaker = mono), it more than made up for in dB SPL.
(for the record, I've also repaired eBay purchases that arrived in worse-than-advertised condition rather than returning them, for no other reason than that learning how to fix things is more fun than going through the hassle of returning them)
It's not transmitting anything, it works pretty much the same way NFC works. Both the key and the car have their own public/private key pairs(which were obviously set by the manufacturer) and when you touch the handle the car transmits an unlock request to the key, encrypted with the car key's public key(this is going to get confusing lol) - when the key receives the message, it decrypts it using its own private key, if it's correct then it replies with an "ok" message encrypted with the car's public key. When the car receives that it decrypts it using its own private encryption key and opens the doors. Simple, and in theory unbreakable. The issue is that the car doesn't measure how far away from vehicle the key is - it only relies on the fact that the transmitters used by the car and the key are super-low range(like, within 50cm). Which is obviously defeated by using signal boosters.
Newer vehicles are already mitigating this attack, eg by measuring signal timings. Signal relay introduces a delay which can be identified and rejected.
- Low appeal to thieves interested in stealing the vehicle itself, due to the hardware (locks and whatever else) being exceptionally difficult to deal with
- Some sort of secure/hidden compartment for concealing valuables (I know, I know, don't keep anything valuable in your car, but let's say it will still be more secure than keeping it outside of the car)
- Following up to that, an especially secure trunk (if such a thing exists)
- A wagon or smaller, so no minivans/crossovers or anything bigger
- Under $25k used for something recent, maintainable (was looking at Audis but I don't want to risk maintenance issues), and with low mileage, which puts Teslas out of the picture (sadly)