I finally did but…gawd turning a key is so much work!

You have to use your hands? That’s like a baby’s toy!

My favorite keyless car:

Seems like keyfobs need an on/off switch for signal broadcasting.

This article does not do a good job of explaining what the attack vectors are.

These are different attack vectors.
The classic one was listening to a key, then impersonating it later.
Rolling keys fixed that.

For keyless, the usual attack is working as a relay.
Victim is 30m from their car, too far for keyless.
Attacker stands between the car and the victim with a transceiver that links the car and the key together, despite the distance, and opens it.

Yes.

Even worse is that their recall only disables starting if you lock it with the fob. You can program a cheap fob if you can turn the ignition switch. It would take an extra 30 seconds or so if you knew what to do.

I mean sure… but using a key to enter isnt really any safer? Like lock picks and jimmys and air bags have been defeating physical locks for even longer? Hell, a brick through a window gets you in faster than anything.

It’s not just a car theft tool, its not really even intended for that. It’s just a neat little multi tool and it isn’t even close to the first or only device capable of repeating recorded codes. A hammer can be used to break into a car really easily and nobody’s ever called those “car theft tools disguised as hand-tools”

Where I live, insurance companies have been charging higher rates on most Kia models specifically because of how targeted they’ve become by thieves.

Nothing wireless is secure, especially when dealing with end user electronics.

The only possible exception is WiFi and commercial wifi services like 4G/5G… In the case of WiFi, it really depends on the configuration. A local ISP was, by default, programming their combination router modems for WEP security for years after it was known to be insecure, and for years after tools to obtain the security key for WEP were commonly available. However, WPA2 and now WPA3 is used by corporations to secure their wireless traffic, and those technologies have been made available to the public on almost all consumer WiFi products made in the last few years, though, some may need to be updated to show the option for it. As far as I know, as of now, WPA3 has no known vulnerabilities that will allow a hacker to penetrate into the subject network. The weakest part of the system is people using poor passwords for their wifi, which can be easily guessed, which is not a fault of the technology itself.

IMO, the best, most shining example of well implemented security is PKI, which is used in HTTPS/TLS. A high security asymmetric key is used to generate a short-term use symmetrical key to secure the communication. It becomes basically pointless to try to break the encryption at that point.

But this isn’t the issue in the OP. The problem is: where does everyone keep their keys? If you said “at the front door” you’d be right. In most cases, keys are at, or very near the front door. Where are most people’s driveways? At the front of their house, next to the front door. There’s usually enough distance to keep the fob from being detected by the car and unlocking it for anyone who walks up, but with a small amount of tech, attackers can pull the signal through your front door and relay it to the car. The process is actually kind of trivial. This is known very aptly as a relay attack. One attacker with a high gain antenna loop, places that loop on or near your front door, while their partner has another device which is relaying the signals from the high gain antenna to the car. This makes the car think the key fob is nearby, and it unlocks the doors, and the vehicle can be started.

Once started, the vehicle will not automatically power off if the fob goes out of range, since that would create an unpredictable safety hazard. At this point the attackers only job is to get the vehicle somewhere that they can work on it for an unlimited amount of time, and program new fobs for it (which can be done with diagnostic tools).

The best way to prevent this is simply not to keep your keys in range of your front door, nullifying the attack. Otherwise, buy an RF blocking key box to put them in at the front door. Something that automatically closes would be beneficial here; something with a Faraday style mesh, or lead (embedded in the walls of the box) would be best IMO. Keep any spare keys in a similar lock box elsewhere in the home.

My family has our keys, at least 10 feet away from the door for storage, in our kitchen. It’s a short walk from the door down a tiled hallway, which makes for easy cleanup if someone walks over to get their keys from that location with muddy/wet boots or something.

Relay attacks are very common and easy to execute with a high degree of success. To their credit, manufacturers have done their diligence in implementing anti-replay attacks (where an attacker well record the signal to unlock/start a vehicle, then replay it later for access), but the relay issue is harder to account for. From the perspective of the car, or simply looks like you started the car, dropped your fob on the ground and drove away. This is a legitimate scenario, and one that is entirely plausible for an end user to create unintentionally.

Could be the Flipper Zero that Canada just banned, due to it’s use in car thefts.

https://medium.com/enrique-dans/canadas-flipper-zero-ban-once-again-politicians-show-they-know-nothing-about-technology-37f76fb37a3b

Don’t they use rolling codes? So I suppose this emulator is some malware you install on your phone

I would hope that they would use rolling codes, but I would also not be all that surprised if they did not. Car manufacturers have cheaped out for less.

The emulator part seems like it’s confusing a few different things together. Although I’m a little suspect of that, since someone holding up a games console to a car or house is suspicious anyway.

It could also be described as an emulator (emulating the key), and the crossover with game emulators might be causing some confusion?

A dedicated device might make sense there, if it has better antennas, or better capabilities than would be available with a basic phone, in addition to being less technical than having to install an app and fiddle about with all of that.

Don’t know about the article, but most have been doing relay attacks by just forwarding the rolling code sent by the key to unlock and then start the car. It works because keyless entry requires a transaction starting from the car, so you can effectively just stand between the car and wherever the keys are and do easy relay attacks.

Then they usually drive it to a nearby safe location first so they can just reprogram the keys.

I do feel like this could at least be cheaply mitigated by having an immobilizer for the gas pedal that stops throttle input if the key isn’t detected after a cooldown after moving a few feet, which would prevent thieves from being able to move the car very far after starting.

Already has a few dozen times. All the more reason to self-host. Corporations can’t be trusted to secure your data.

To be fair, I think we ignore the security of physical locks. Atleast one must get physical access to the lock in order to pick it.

Or even password books. Atleast someone has to get physical access to said book, which requires knowing it exists in the first place.

Does that make them better? No, not imo, but it is an aspect of these things that often gets overlooked