Keyless Remote Entry For Cars May Have Been Cracked

WheezyJoe writes "The Today Show had a piece this morning showing video of thieves apparently using a small device to open and enter cars equipped with keyless entry. Electronic key fobs, which are supposed to be secure, are replacing keys in more and more new cars, but the evidence suggests that a device has been developed which effortlessly bypasses this security (at least on certain makes and models). 'Adding to the mystery, police say the device works on some cars but not others. Other surveillance videos show thieves trying to open a Ford SUV and a Cadillac, with no luck. But an Acura SUV and sedan pop right open. And they always seem to strike on the passenger side. Investigators don't know why.' Police and security experts say they are 'stumped.'"

Stumped my ass

Haven't we seen proof of concept hacks of these kinds for a while?

Also, "adding to the mystery", also my ass. Different keyfobs work with different algorithms and protocols. Someone's hacked a particular subset of them.

Just a thought.

[Capt.DrumkenBum]

they always seem to strike on the passenger side

Maybe because people commonly stuff things like their GPS into the glove box, which is located on the passenger side?
My car is so old it doesn't even have door locks, so not really a problem for me.

Re:Just a thought.

[dkleinsc]

Also, the passenger side is right next to the sidewalk if the car is parallel-parked. That makes it a lot easier than trying to break into a car while traffic is barely missing your tush.

Keypad

[bhcompy]

My 1986 Nissan Maxima had a keypad. I keyed in a code(of my choosing, plugged in at the dealership) and it unlocked my driver door, all my doors, my trunk, etc. I loved it because I could stash my keys in the trunk when I was doing something where I didn't want to keep my keys with me(like going to the gym) and just punch my key in when I wanted access. Sadly, this never caught on. I like it much better than fobs(other than remote start in cold weather).

Re:Thumb

[workactnumberfive]

The incident with the guy with the backpack is even more telling. He was walking along trying doors till he found one unlocked. Notice we took a step back when the door opened.

He is walking by cars, hitting the button on his device. If you watch it again, you'll see that as he walks by, the lights in the car go on before he touches it...just like they do when you hit your unlock button on the keyfob. When that happens, he then backs up to enter the vehicle, as it is now unlocked.

Re:just now?

[thunderclap]

This wasn't an amateur attack. This is security by obscurity. SMH. So they had it set to a high level of encryption like maybe 256. Computers are powerful enough now that it can be done with a short amount of time and patience. Thats what cops don't grasp. It was never hard to break in for someone skilled. It was time consuming. Yes it took someone who could roll crypto with program writing. How do you think, Iphones were jailbroken? Android rooted? DeCSS, and Blueray broken? Same way.
Honestly. they wanted to steal without getting caught. Now They simply unlock the door and look around.
The caveats are always the same. Never store valuables in your vehicle. Never assume its safe. Always be vigilant.

Re:just now?

[JonBoy47]

It was actually nice when automakers rolled out RFID car keys about a decade ago, bringing two-factor authentication to the car's ignition. You needed a key with the right RFID, AND the correct mechanical cut to start the car. Two completely different systems had to be defeated to start the car, and it was difficult to do so without arousing suspicion. Now automakers are taking a step back in security, Not only is keyless ignition only single-factor authentication (relying on RFID exclusively), which makes it susceptible to remote attack, but it is also used to autonomously operate the door locks. A thief can steal a compromised car without any suspicious activity.

Re:just now?

[WaffleMonster]

See Rolling Code for why you are under the wrong impression. There might be a recent vulnerability, but for the vast extent of their history these kinds of systems have been safe against amateur tactics like simple radio tricks, and if there is a "Backdoor" code it has been a pretty well guarded secret.

Simple radio tricks can still work quite easily with rolling codes. Consider the following scenario:

1. Jamming signal/recorder applied to victim arrival area.

2. Victim arrives using key fob to open doors. Jaming signal prevents automatic door open or close from registering. Victim opens and closes doors manually before walking off to their destination.

3. Attacker subtracts recorded fob signal from jamming signal and recovers unused open command.

4. Attacker replays unused command while vicitim is away.

Re:Seems an unnecessary feature

[sexconker]

I very much doubt most carjackers will kill you. Stealing a car might get you on the cops list, but not terribly high. Murder will get you all the way to the top in an instant. Not to mention a bit more of a prison sentence.

Murder gets you to about 20th:

1: Kill a cop.
2: Kill a cop's family member or dog.
3: Expose corruption within the police force.
4: Be accused of having child porn.
5: Protest government officials or actions in a public space.
6: Exercise your rights when arrested, pulled over, stopped for a random search, etc.
7: Sell drugs.
8: Fail to file your tax return or make an error when filing.
9: Be black outside a low-income area.
10: Download a movie.
11: Buy an iPhone prototype someone left behind in a bar.
12: Have child porn.
13: Be male and get into an argument with a female.
14: Have drugs in your possession.
15: Organized gambling.
16: Make or sell moonshine.
17: Create or distribute child porn.
18: Steal from the government or a corporation.
19: Steal from rich people.
20: Murder.