>The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographical signing won't help.
AFAIK the attack you describe only applies to keyless entry systems (ie. you can open and start a car without having to pull your key out), which is related but not the same as an immobilizer. Transponder keys without keyless entry systems still exist on today's models, and is the default on most cars unless you opt for an upgrade.
>However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute.
That helps against someone cloning your key while you're at your desk, but it seems way easier to clone the key while the driver is walking away from the car? That way you know which car to steal and don't have to follow the victim into the building, which might be secured (eg. office building with badge system). Measuring RTT time and/or trilateration (multiple antennas inside car) should be much more reliable.
The modern versions of these keys cannot be cloned, they are challenge response. So you need to relay the challenge from the key, and then relay the response from the key back to the car.
This is often used by thiefs who bring the relay close to the front door, hoping for the keys to be in a bowl or a hook near the door. Then they can open and start the car using the relay. The car then won't turn off when it loses connection to the key (because that is dangerous) which allows stealing of the car.
There are cases where this was done over much larger distance, but those attacks are more easily defeated by having tighter tollerances on the latency of the reply. The latency tollerance does not do much for the 'keys near the front-door' attack, which is what the 'stationary keys do not reply' solution is aimed at.
> The modern versions of these keys cannot be cloned
The persistent rumor, of course, is that this has been cracked for specific models from specific manufacturers, with the help of someone at the dealership, maybe someone who owes large amounts of drug or gambling money to local criminal syndicate types. "All" you'd need to do then is use a valid challenge response pairs off as a cryptographic oracle to brute force the challenge-response algorithm and recover the seed value computation algorithm for the key and the car. Then "all" you need to do is record a challenge-response pair from the real key talking to the vehicle, and maybe the VIN, in order to duplicate the key, in order to steal the vehicle.
If this has been been done, the algorithm and seed-value recovery technique have not been publicly shared over the Internet, so it's only a rumor that it's been done, but given how high-tech thieves are these days, I don't consider it outside the realm of possibility.
What isn't outside the realm of possibility is the Rolling-PWN attack, which can be done with a $32 device and has been demonstrated against 10 years of Honda vehicles, up to 2022.
I've always wondered why the car doesn't warn the driver that there's 100 yards left before it will cut the engine (or limit it to idle), keep the power steering, turn on the hazards, and warn the driver that the vehicle won't continue to function because the key is not in range. Doesn't seem dangerous at all...
That's still dangerous, and it doesn't matter how far out you warn the driver. The moment the car cuts to idle, the driver will lose some control. Imagine this happens while you're in less-than-ideal road conditions and you need to be able to accelerate. And there are a lot of reasons that the key might lose connection to the car other than the 'not present inside the car' case, like for example, the keyfobs battery running out, or the driver dropping their keys into some kind of shielded bag (my car for example has problems sensing the key when it's in an insulated shopping bag that I have).
I think at most you could do something like have the car go into 'limp home' mode if it senses the key was never present in the car for some amount of time after the car is started.
I dropped my wife off downtown in her car and she had the key in her purse. The car did make a weird beeping noise as I drove away, but I had no idea what it meant and I was pulling onto the highway which would have been a bad time for the car to stop driving on me.
Picking a laser cut key isn't trivial. Even picking a standard house lock isn't trivial, especially not in the dark.
They don't clone the key, they use an antenna to amplify the signal from your key fob and then drive off. In principle you can do this by following someone, but much safer to do this at 2am at night. Similar to a one time password, the signal is only valid for a short period of time.
The fact that the LPL does it, with or without a special tool, doesn't really say much about how easy it is. He is an _extremely_ skilled lockpicker, and the vast majority of thieves, even those with some lockpicking skills/experience, are not going to be able to do what he does, as fast as he does it.
I have no idea how hard it is to do with that tool. I myself have as close to zero lockpicking skills as it's possible to have while still having picked a lock (I messed with a friends clear practice lock one time). But just seeing the LPL do it gives almost no indication of how hard it is to replicate what he is doing.
Darkness doesn't have anything to do with anything. Once you get the tensioner and pick into the keyway you aren't using your eyes anymore, at that point it's all feel.
If you are that good a lock pick, you are better off as a locksmith. In real life the people send out to steal the car aren't the most talented and brightest, otherwise they would be running the operation safely from an office somewhere.
I spent maybe 2 hours with my first set of picks to unlock my first shitty masterlock padlock. An hour later I was through my front door deadbolt. It's not a hard skill to learn, especially when it comes to typical american door locks (pin tumbler). But this is all non-destructive. I used to keep a set of picks in my desk specifically to open up people personal rolling underdesk drawers/file cabinets, when they lost or forgot their keys.
My understanding that your average ignition is a little more complicated (or at least different .. wafer locks) circa 70s-90s and then they started adding radios and other things into the mix. I dunno, I've never tried to pick one of these.
Destructively bypassing your average old-school ignition is still something you can do blindly with a bent flathead screwdriver and some elbow grease in about 15 seconds flat. As is destructively bypassing any given door lock.. well not bypassing the lockper se, but instead the bolt/doorframe generally.
can be picked
>The problem is relay theft, where thief's relay the signal of your fob key inside the house to the car via a simple antenna and amplifier system. Cryptographical signing won't help.
AFAIK the attack you describe only applies to keyless entry systems (ie. you can open and start a car without having to pull your key out), which is related but not the same as an immobilizer. Transponder keys without keyless entry systems still exist on today's models, and is the default on most cars unless you opt for an upgrade.
>However, this can be fixed by adding a motion sensor that makes key fobs go into a sleep mode when they have been inactive for a minute.
That helps against someone cloning your key while you're at your desk, but it seems way easier to clone the key while the driver is walking away from the car? That way you know which car to steal and don't have to follow the victim into the building, which might be secured (eg. office building with badge system). Measuring RTT time and/or trilateration (multiple antennas inside car) should be much more reliable.