They struck gold in the most horrible way possible: People dependent on their cars + their car keeps getting stolen = infinite money printing machine
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
It’s so difficult to use a regular key though.
I’ve had to cancel journeys before because I get in the car and I just cannot work out how to turn it on 😞
I finally did but...gawd turning a key is so much work!
We need a turnkey solution for this, stat!
You have to use your hands? That's like a baby's toy!
Convenience is usually at odds with security.
That said, keyless access is amazing. Not having to dig out the car key is just so comfortable.
My favorite keyless car:
I wish one of them went from my home to my place of employment or my places of entertainment, much less at a time that’s reasonable
The bus trip home from the nearest transit route can take up to half an hour for me due to how often it comes and its path. The drive from the transit stop is 3 minutes.
Not that it matters, I still wouldn't be able to get to the nearest grocery store on the bus, inexplicably none of them go there. These systems need work.
I have a key fob faraday cage/pouch keychain to prevent people from being able to dupe my key fob's signal.
Seems like keyfobs need an on/off switch for signal broadcasting.
Honestly this is a great idea. You could likely even make one yourself with a couple wires, a switch and a piece of tape.
Aren't all cars within the past decades using rolling keys?
This article does not do a good job of explaining what the attack vectors are.
Among other things, this is why I wanted a house with a garage. I just keep my car in the garage.
I'm very much in the minority in my neighborhood though. Everyone seems to use their garage for other things then park in the driveway or on the street. It annoys me to no end.
These are different attack vectors.
The classic one was listening to a key, then impersonating it later.
Rolling keys fixed that.
For keyless, the usual attack is working as a relay.
Victim is 30m from their car, too far for keyless.
Attacker stands between the car and the victim with a transceiver that links the car and the key together, despite the distance, and opens it.
are they talking about smart phone app to unlock cars or the keyless entry that has been around since the 90s?
Both, honestly. But the real problem in this case is the keys that can open and start a car with their mere presence. A relay attack makes bypassing them trivial, and when a large number of people leave their keys at the front door, it’s not difficult to give it a shot.
It didn't need to be warned anyway. it knew. they always only ever lie.
I mean sure.. but using a key to enter isnt really any safer? Like lock picks and jimmys and air bags have been defeating physical locks for even longer? Hell, a brick through a window gets you in faster than anything.
"THAT WASN'T MY QUESTION!!! WILL THEY MAKE ITS MONEY???"
These keyless ignition cars should never have been legal and the manufacturers should be on the hook for recalling and fixing them.
I’ve been saying that since they were first released.
That flipper zero (not disguising a car theft tool as a game device btw) can be used to attack said cars is irrelevant, because you could trivially order the parts to make your own.
I hate that the insurance lobby is winning out on security by obscurity via lobbying governments and putting out scary statements, instead of hiking the rates for Kia’s and other trivial to steal cars. The insurers are having their cake and eating it too by wanting to charge money but lacking the wherewithal to actually charge rates commensurate with risk.
It's not just a car theft tool, its not really even intended for that. It's just a neat little multi tool and it isn't even close to the first or only device capable of repeating recorded codes. A hammer can be used to break into a car really easily and nobody's ever called those "car theft tools disguised as hand-tools"
Literally nothing is secure.
Nothing wireless is secure, especially when dealing with end user electronics.
The only possible exception is WiFi and commercial wifi services like 4G/5G... In the case of WiFi, it really depends on the configuration. A local ISP was, by default, programming their combination router modems for WEP security for years after it was known to be insecure, and for years after tools to obtain the security key for WEP were commonly available. However, WPA2 and now WPA3 is used by corporations to secure their wireless traffic, and those technologies have been made available to the public on almost all consumer WiFi products made in the last few years, though, some may need to be updated to show the option for it. As far as I know, as of now, WPA3 has no known vulnerabilities that will allow a hacker to penetrate into the subject network. The weakest part of the system is people using poor passwords for their wifi, which can be easily guessed, which is not a fault of the technology itself.
IMO, the best, most shining example of well implemented security is PKI, which is used in HTTPS/TLS. A high security asymmetric key is used to generate a short-term use symmetrical key to secure the communication. It becomes basically pointless to try to break the encryption at that point.
But this isn't the issue in the OP. The problem is: where does everyone keep their keys? If you said "at the front door" you'd be right. In most cases, keys are at, or very near the front door. Where are most people's driveways? At the front of their house, next to the front door. There's usually enough distance to keep the fob from being detected by the car and unlocking it for anyone who walks up, but with a small amount of tech, attackers can pull the signal through your front door and relay it to the car. The process is actually kind of trivial. This is known very aptly as a relay attack. One attacker with a high gain antenna loop, places that loop on or near your front door, while their partner has another device which is relaying the signals from the high gain antenna to the car. This makes the car think the key fob is nearby, and it unlocks the doors, and the vehicle can be started.
Once started, the vehicle will not automatically power off if the fob goes out of range, since that would create an unpredictable safety hazard. At this point the attackers only job is to get the vehicle somewhere that they can work on it for an unlimited amount of time, and program new fobs for it (which can be done with diagnostic tools).
The best way to prevent this is simply not to keep your keys in range of your front door, nullifying the attack. Otherwise, buy an RF blocking key box to put them in at the front door. Something that automatically closes would be beneficial here; something with a Faraday style mesh, or lead (embedded in the walls of the box) would be best IMO. Keep any spare keys in a similar lock box elsewhere in the home.
My family has our keys, at least 10 feet away from the door for storage, in our kitchen. It's a short walk from the door down a tiled hallway, which makes for easy cleanup if someone walks over to get their keys from that location with muddy/wet boots or something.
Relay attacks are very common and easy to execute with a high degree of success. To their credit, manufacturers have done their diligence in implementing anti-replay attacks (where an attacker well record the signal to unlock/start a vehicle, then replay it later for access), but the relay issue is harder to account for. From the perspective of the car, or simply looks like you started the car, dropped your fob on the ground and drove away. This is a legitimate scenario, and one that is entirely plausible for an end user to create unintentionally.
If you have an older renault with a keyless card, press the lock button two times and it will disable the keylless system until you start the car. It hink this should be the standart.
The newer hyundai and kia dont have a good immo, they can be started by breaking the ignition lock and turning the start key, also if you can catch the unloxking signal you can reuse it. Normaly you wouldnt be able to start a car without an immo chip, that is tied to the car. Normaly you woulnd be able to unlock the car because the remote and the car keeps changing the unlock code, but to make these cars cheeper for America market they removed these futures.
Okay but did the stockholders profit? Yes? Goddamn right they did.
Seems to be specifically about these you unlock from your phone and then press a button to start
A device disguised as a games console - known as an “emulator” - is being exploited by thieves to steal vehicles within 20 seconds by mimicking the electronic key.
Don't they use rolling codes? So I suppose this emulator is some malware you install on your phone
This is the best summary I could come up with:
A device disguised as a games console - known as an “emulator” - is being exploited by thieves to steal vehicles within 20 seconds by mimicking the electronic key.
“Smart” equipment is on sale online for up to £5,000, allowing thieves to hack into a vehicle’s computer system and programme a new key.
Jaguar Land Rover announced a £10m investment last November to upgrade security for commonly stolen models for cars built between 2018 and 2022.
The Observer investigation reveals other vehicles with similar security loopholes, with Hyundai confirming this weekend it is working “as a priority” to prevent an attack on its cars by criminals “using devices to illegally override smart key locking systems”.
An article by Stephen Mason, a barrister specialising in electronic evidence and communication interception, in Computer Law and Security Review in April 2012 warned keyless systems could be “successfully undermined” and unless manufacturers improve the design cars would be stolen without forced entry.
Mike Hawes, SMMT Chief Executive, said: “Car makers continuously introduce new technology to stay one step ahead of criminals.
The original article contains 622 words, the summary contains 177 words. Saved 72%. I'm a bot and I'm open source!
Y'all ready for the same article to come out about various smart home devices?