|
Perhaps you (or that jackass who took your promotion and keeps rubbing his ill-gotten money in your face) own a fancy new vehicle with keyless proximity entry and ignition. If not perhaps you've seen it advertized during the 23 minutes of commercials that accompany every half hour of television: walk up to your car with the fob in your pocket, reach for the handle and it unlocks! Press the button marked "start" and the car fires up and you're off. Magic! Well it would be a great idea but we all know the track record of every single automaker when it comes to up-to-date electronics and not cutting corners wherever possible. Turns out those proximity keys are hilariously vulnerable to a relay attack. See.. the cars only unlock if the key is close, and they determine if the key is close by using really low signal levels to communicate with the key fob. So all an attacker has to do is boost that signal enough so that the fob and car can hear each other and the car will unlock just as though the fob were in the attacker's hand. Note that the attacker doesn't need to break the rolling code used in the fob (which itself is not exactly secure and vulnerable to a combination of jamming and replaying intercepted codes) but jut has to stand there with a little battery powered signal booster that will amplify and repeat the outgoing signal from the car and the incoming signal from the fob. These boosters are already out in the wild too, and cheap: quote:In recent months, there has been a slew of mysterious car break-ins in my Los Feliz neighborhood in Los Angeles. What’s odd is that there have been no signs of forced entry. There are no pools of broken glass on the pavement and no scratches on the doors from jimmied locks. It has also been happening in my neighborhood in Austin TX, as well as some of the wealthier suburbs out to the west of the city. New-ish cars with proximity keys, rifled through overnight, with no alarms triggered. Security camera footage appears to show someone walking up to the car, the car unlocking, and then them stealing whatever they find. I guess these things have gotten cheap enough and the cars common enough that there is profit to be made with using them even for petty theft. Considering that automakers are likely to push proximity keys hard after the GM ignition switch clusterfuck... this could be bad.
|
#
?
Apr 17, 2015 03:45
|
|
|
|
| # ? Apr 24, 2024 09:11 |
|
|
Thanks for posting, this is interesting. Cars parked outside a restaurant or strip mall would be extremely vulnerable.
|
|
#
?
Apr 17, 2015 03:50
|
|
|
It's interesting that it's taken so long for this to become an issue. I think the first time I was ever in a car with a proximity key was 10 years ago. So that's a decade worth of targets to pile up before this exploit went mainstream.
|
|
#
?
Apr 17, 2015 03:53
|
|
|
I started a subaru BRZ in the showroom because the key was in the building. Sales guy didn't find it funny.
|
|
#
?
Apr 17, 2015 04:06
|
|
|
Hmm... this might explain how my car got broken into without any signs of forced entry with both keys being inside the house. They didn't do anything other than riffle through the glove box and center console, but still had me confused as to how it happened.
|
|
#
?
Apr 17, 2015 04:08
|
|
|
Put keychain in metal box. Problem solved until they figure out how to break the rolling code stuff. 
|
|
#
?
Apr 17, 2015 04:09
|
|
|
McMadCow posted:It's interesting that it's taken so long for this to become an issue. I think the first time I was ever in a car with a proximity key was 10 years ago. So that's a decade worth of targets to pile up before this exploit went mainstream. I think it is mostly that the circuitry needed to do it has gotten much, much cheaper. Bonus if you find some backwater factory to assemble a few thousand.
|
|
#
?
Apr 17, 2015 04:17
|
|
|
Oh yes, SDRs are marvellously cheap, now anyone can do this without having to understand radios, only computers. Of course if you wrote software for it too, than literally anyone could do it. I read this much earlier today and I've been thinking about it all day. I'll see if I can rig up a rudimentary model. If not, I'll go troll the darknets for you guys and see if anyone is selling them. I looked on ebay but didn't find anything. If ready to go versions of this are being sold, they're being sold under some euphemism. SperginMcBadposter: why use a metal box? I read about this idea something like 5 or 6 years ago, its fascinating to see it in the wild.
|
|
#
?
Apr 17, 2015 07:17
|
|
|
This is really interesting, because a buddy of mine just leased a new Mustang with proximity keys. One of the things we tested was how the owner's manual said the car would not start without the key inside. So he stood right next to the car while his wife tried to start it, and no go. I'm not sure how it detects inside or out, if it's just a low range signal that can be boosted or not, but it is clearly a different signal than the unlock signal. I will tell him about this tomorrow though, even though he and his wife are paranoid and this will really piss them off. I'll suggest the metal lockbox for the Mustang keys.
|
|
#
?
Apr 17, 2015 07:41
|
|
|
Top Gear already showed that you can do this without even using an amplifier https://www.youtube.com/watch?v=-aU09WT5rXg&t=186s
|
|
#
?
Apr 17, 2015 12:43
|
|
|
Always seemed like a truly godawful idea to me just waiting for a exploit. Very interesting and remarkably simple exploit too.
|
|
#
?
Apr 17, 2015 13:07
|
|
|
Seems like rather than depending on low signal propagation they ought to just use some sophisticated timing to analyze the delay and calculate distance from that. Speed of light and all that.
|
|
#
?
Apr 17, 2015 13:41
|
|
|
revmoo posted:Seems like rather than depending on low signal propagation they ought to just use some sophisticated timing to analyze the delay and calculate distance from that. Speed of light and all that. But the circuitry and tolerances required in the fob to do that with reasonable battery life would reduce the profit in the $400 that they charge to replace them from mustache twirling levels to merely an exorbitant markup.
|
|
#
?
Apr 17, 2015 15:50
|
|
|
spog posted:Top Gear already showed that you can do this without even using an amplifier This was the exact same thing I thought of when I saw these articles start popping up on the news. That was one of the best episodes ever.
|
|
#
?
Apr 17, 2015 17:16
|
|
|
|
| # ? Apr 24, 2024 09:11 |
|
|
I never liked the idea of a proximity ignition anyways, because I always knew this was going to be more like a multicast broadcast system than any sort of actual targeted key system. But even then, I really don't want my cars ignition signature blasting out for anyone to sniff.
|
|
#
?
Apr 17, 2015 17:39
|
|
