Slashdot Mirror

← Back to Stories (view on slashdot.org)

Car Thieves and Insurers Vote On Keyless Car Security

Posted by Soulskill on from the experts-agree dept.

RockDoctor writes: The BBC reports that Britain's car thieves, rapidly followed by Britain's car insurance companies, have been expressing their opinions on the security of keyless car entry and/or control systems. The thieves are happy to steal them (often using equipment intended for dealer maintenance of the vehicles) and in consequence the insurance companies are refusing to insure such vehicles (or to accept new policies on such vehicles) unless they are parked overnight in underground (or otherwise secured) car parks. I guess I won't be considering buying one of those for another generation. If ever.

44 of 221 comments (clear)

  1. I wish I'd thought of that by j2.718ff · · Score: 5, Interesting

    I've never been a fan of the keyless car design. But if I wanted a new car, I had little choice. And I knew I'd have no chance convincing car manufacturers to make a keyed version. All this time, I should have been making a fuss to the insurance industry instead.

    Thank you insurance industry for making a sensible decision. Unfortunately, that may suck for anyone who owns such vehicles.

    1. Re:I wish I'd thought of that by beelsebob · · Score: 4, Insightful

      What I can't figure out is how incompetent the car industry's software engineers must be. The implication of this is that it's possible to clone a key based only on the signal it gives off. The implication of that is that they're sending out a static password.

      I mean, why are these keys not just broadcasting an "I'm here" signal (possibly with a unique id), and then doing some challenge/response authentication ala SRP that can't have the key reverse engineered from the transmissions to actually perform the unlock.

      How did the car companies think they could get away with such crappy security?

    2. Re: I wish I'd thought of that by Moof123 · · Score: 2

      All your keys are belong to us.

      Fixed that for you.

    3. Re:I wish I'd thought of that by mythosaz · · Score: 5, Insightful

      The problem is lost keys. There has to be a mechanism for an automotive dealer or manufacturer to replace lost keys, and it has to function without the original key. It's the 2010's version of old master keys for tumbler locks.

      Even the summary says thieves are using those reprogramming/recovery tools intended for dealers.

    4. Re:I wish I'd thought of that by WarJolt · · Score: 2

      The only problem with keyless cars systems is that the car companies forgot to secure them. That can be fixed.

      I'll flip it around on you. Here's my problem with traditional keys; They can be lost, they can be stolen, they can be copied and there isn't a way of logging access or revoking access. Many older vehicles can even be started(and stolen) with a minimal amount of knowledge and tools.

      All your cars are connected to the internet or soon will be. If you work for Google you just swipe your badge and take a company car. If you lose your badge they can deactivate it remotely. Being able to revoke access to a car is incredibly powerful. We have 2 factor authentication for your google account. Why not your car?

    5. Re:I wish I'd thought of that by PhrostyMcByte · · Score: 2

      The implication of this is that it's possible to clone a key based only on the signal it gives off. The implication of that is that they're sending out a static password.

      Not only is it possible, but it's in common practice. Aftermarket remote starters need to clone your keys. You can get a remote starter for basically any car. It's not like you need a dealer for it either, because car electronics places that install these things will be the ones cloning the keys.

    6. Re:I wish I'd thought of that by weilawei · · Score: 5, Interesting

      And master-keying a pin tumbler comes with the caveat that you multiply the number of keys which can open a given door. If you use multi-level master keying, you wind up with potentially dozens of key bittings that you didn't intend to allow but will also open such a lock.

      Theoretically, we should be able to avoid that problem with a challenge/authentication protocol. Of course, I'm still skeptical of it being implemented well any time in the near future. For now, I'll stick with my crusty old sidebar wafer locks.

      Oh yeah, any halfway competent locksmith (not these fly-by-night people) can open most of your physical locks without any real effort. The only reason they're drilling is to save a few minutes. And if we're talking about a car, it's usually faster to use some other sort of opening tool. Heck, my old Subaru, you could bend the window out with your bare hands and shove your whole arm in to unlock the door.

      Locks keep honest people honest. They barely slow down a professional.

    7. Re:I wish I'd thought of that by drinkypoo · · Score: 5, Interesting

      Even the summary says thieves are using those reprogramming/recovery tools intended for dealers.

      Mostly they aren't. They're using other tools which connect to the same interface. It's trivial (in theory anyway) to put your ELM327 into sniffer mode, and with it hidden inside of the car someplace connected to the diagnostic bus, the dealership will never know that you're logging. I can literally buy an off the shelf device for a hundred bucks that will read the immobilizer code out of my Audi, and it's not an Audi-approved tool. Or I can get the code with freeware and a ten dollar cable.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:I wish I'd thought of that by weilawei · · Score: 2

      But again, it goes back to how do we make sure that a dealer backdoor isn't stolen from a dealer and then used to steal cars?

      Heh. Heh. Heh.

      Your keys are marked with a short numerical code on them. This is often also printed in various places on the car itself. You can go purchase the books (these days, software) which lists out the codes according to year, make, model, and code and what bitting goes with each one. You don't need to be a dealer or a certified anything to purchase them, at least where I'm from.

      You thought this stuff was actually hard to get? My ribs hurt.. I'm going to go fall over now. It's textbook insecurity through obscurity.

    9. Re:I wish I'd thought of that by AK+Marc · · Score: 3, Interesting

      I had a popular car (name withheld to provide obscurity). I only had copies of the keys (the keys are old, and the technical "originals" were long lost). They weren't working as well as they should. I called the dealer, no way to get a key made from the original template. So I took a picture of the key, and sent it to a place that re-cuts keys based on the key, but using the standard tumbler-stops to get the new-key fit. Worked much better.

      Eventually my glove-box lock failed. Since it was a convertible, that was important (I left it unlocked always, so nobody would cut the top to get in, the glove box was always locked, and the faceplate for the radio was always removed). So I ordered a new lock. They took my VIN, and when the lock came in, it came with two brand-new keys, and the lock was already keyed to go with my old keys. So, just read the VIN off your neighbor's car, and order a replacement glove box lock mechanism, and you'll get two keys to his car. At least, that worked for me. Verified the locks were never re-keyed as well.

      --
      Learn to love Alaska
    10. Re:I wish I'd thought of that by AK+Marc · · Score: 2

      Many older vehicles can even be started(and stolen) with a minimal amount of knowledge and tools.

      GM was the last hold-out for two keys. One for the outside and one for the inside. The idea was that someone that managed to match one of the outside keys wouldn't be able to match the inside keys. And you didn't need a "valet key" because the ignition key was the same thing, though a valet couldn't then lock it in their lot, but one would assume they were safe.

      Well, back in the early '90s, Texas A&M used lots of GM, and lots of students drove GM as well. So, a group tried all their door keys in the university cars. There was a list of keys to car pairings. Copies were made of the "golden" door keys. Then they gathered the large pool of student keys, and used the golden key for the car to open the doors, and tried all the ignition keys. More copies were made, and the result was that there was a group of students with keys to about half the university's cars, based on GM's shitty security, and using nothing more "high tech" than getting a key copied at Wal-Mart or such.

      That knowledge was mainly used for amusment, not harm. Find 10 of the cars (all look identical). Then swap them. The employees would go out, find a university car parked where they left a university car, and find it didn't work with their keys. Much time lost, before they'd figure out they had the wrong car, then came the start of the search for their car. http://www.nytimes.com/1992/12...

      --
      Learn to love Alaska
    11. Re:I wish I'd thought of that by PPH · · Score: 5, Interesting

      So, just read the VIN off your neighbor's car,

      Keep your VIN number covered up.

      I have a neatly printed and laminated card that says "Bait Car #6" over mine.

      --
      Have gnu, will travel.
    12. Re:I wish I'd thought of that by weilawei · · Score: 4, Interesting

      And that's a disc lock (not to be confused with a "disk"/wafer lock). Those aren't terribly common, although the price has come down significantly in the past couple years. I've got a couple on hand and the tools to pick them (yes, IAAL--I Am A Locksmith). And yes, they can also be picked, although it's a real bear, because they don't give you any feedback on whether or not you've spun the disc to the right position (they're built very similarly to a sidebar wafer lock in the sense that they use a sidebar to avoid giving you feedback). One of my bicycle locks is also a disc lock, works fabulously for gritty/dirty conditions that would murder a pin tumbler. They also have another vulnerability to speed things up, but this isn't a locksmithing forum and I'm too lazy to do your googling for you.

      If I had a customer ask me to get in, I'd probably suggest drilling it. The price has come down enough to replace them.

    13. Re:I wish I'd thought of that by weilawei · · Score: 4, Interesting

      Okay, I typed out a whole post, but this is laughable.

      Most locksmiths (I Am A Locksmith) and thieves have the same goal, but for different reasons: get in, and get in quickly. (For the professional locksmith, time is money, and I can make more calls if I bust your lock open versus spending a few more minutes to pick it; for the thief, the longer you stand around, the more likely you are to be caught).

      They'll just break out the drill if you make it too hard to pick quickly. Or the screwdriver. It's amazing what a long-handled flat-bladed screwdriver will do to your average pin/wafer tumbler lock...

      The only way tools/knowledge get expensive is if you're into safecracking (oohhh.. so pretty...>/drool>). The idea that you can make a physical lock (crypto offers some quite nice advantages here) that the average locksmith is going to spend time picking but a thief won't is absurd.

      I'll just tell the customer to replace it, unless they have some weird sentimental attachment and feel like paying me to stand there and pick it (I'm totally cool with that too). A disc (not to be confused with a disk tumbler) is a good option in the "hard-to-pick" category (though not unpickable by any stretch, and the Abloy Protecs have a serious flaw... you can google for it). They also take about 10 seconds to drill with the proper milling cutter. If that.

      The closest thing to an unpickable lock is the one on some fortress phones which uses a ratcheting lever lock (so once you raise a lever, it will never come down any lower than that). It also doesn't give you any feedback, so if you screw up, it's back to the drill with you!

    14. Re:I wish I'd thought of that by mysidia · · Score: 2

      Keep your VIN number covered up.

      Obstructing VIN = Violation of the law, possible Ticket.

      Sufficient probable cause for police to force entry into the vehicle to investigate.

      Suspicion of car theft, may result in you being detained.

      "Any person who, individually or in association with one or more others, knowingly removes, changes, alters, or conceals any motor number, serial, or other identification number, decal or device affixed to a motor vehicle, trailer, semitrailer or motor vehicle part as required by federal law without the consent of the Department, shall be guilty of a Class 6 felony."

    15. Re:I wish I'd thought of that by weilawei · · Score: 3, Insightful

      Basing your protocol's PRNG (I'm assuming that sort of design here, although it's by no means the only way to skin that cat) on a serial number is Bad Idea (#1). If you need to hide the algorithm, you've already lost. That's Bad Idea #2.

      Something more along the lines of using public-key crypto for your CHAP is more sensible. The car spits out a one-time value and asks the key to encrypt it. Then, the car decrypts the result to verify it. (DISCLAIMER: I am NOT a cryptographer, just a hobbyist in this regard. There's about a million and one ways to screw this up, most of them non-obvious. Taking my advice for anything besides experimentation is downright stupid. Don't roll your own. Hire a professional to do the work.)

    16. Re:I wish I'd thought of that by green1 · · Score: 2

      In other parts of the world they're covered by default. In Japan for example there's never s vi visible from the outside. (I have a Japanese domestic market vehicle, the VIN is on a plate under the hood.

    17. Re:I wish I'd thought of that by weilawei · · Score: 4, Interesting

      Forget it. They'll just smash the window and replace it, or haul it onto a flatbed and work on it at their leisure.

      Lever tumblers aren't going to be my first choice for something like a car. Large mechanism for one that's difficult to pick, and not as robust as a disc lock. Drill points are available from the manufacturers. Not hard to get. Hard plate and ball bearings and chips are wonderful, but...again, better for safes. Also, auto lockies are going to hate you. Relockers? Same deal. That sort of thinking works better for safes, where you have an object which is purposely large, heavy, and bolted down to concrete. Modern cars already have immobilizers.

      Electronic locks hold an immense amount of promise for the future of auto locks. They're not nearly so prone to dust, dirt, space, or cost. A proper implementation will take work, but I don't see it as being infeasible. Crypto done right is harder to get past than a physical lock, which will of course just shift the means of entry to something more appealing. Modern car thieves will use a laptop more than a lockpick. That's just how the arms race goes.

    18. Re:I wish I'd thought of that by AaronW · · Score: 2

      With my 2006 Prius I was told that if I lost both keys that the only way to recover was to replace the computer. If I had at least one key fob I could add more key fobs but it required having at least one fob.

      My current car does not have a physical lock, making it all the more difficult to break in to. It can't be programmed over ODB either.

      --
      This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
    19. Re:I wish I'd thought of that by drkim · · Score: 4, Insightful

      Locks keep honest people honest. They barely slow down a professional.

      Damn straight.

      Another thing people don't take into consideration is that about 40% of vehicle thefts are tow-aways.

      That way they can work on the locks and security in the safety of their chop shops.

    20. Re:I wish I'd thought of that by AmiMoJo · · Score: 2

      I'm an engineer that has worked with these systems a little. In the end we decided not to use one, but I researched them in some detail anyway.

      They usually use a rolling code, similar to 2 factor authentication systems used by Google and banks. The code is based on a PRNG, and the car and the key have the same seed. A new random code is generated every 30 seconds, and the car will accept recent or near future codes as well just in case the clock in the keyfob drifts significantly.

      When you change the battery a capacitor keeps the keyfob's real-time clock running. Same when you disconnect the car battery.

      The other option is to do a challenge-response using a secret key. The key can't be read out by any means, but it can be reprogrammed to a new one. That's what the deal/thief does, they write a new key into the car and their new keyfob. Similar for the rolling code version they just write a new PRNG seed into both.

      Reprogramming requires physical access to the car, to get at the ODB-II debug port. The thieves use a jammer to prevent the owner locking their car, and rely on them not noticing that the lights didn't flash and the locks didn't go clunk. The car is then unlocked and they can access the ODB-II port. Alternatively, some models of BMW have an alarm that detects intruders using a PIR sensor, but you can force the window down and reach into the ODB-II port without triggering it. I guess they need to position the sensor so that people walking past the windows don't trigger it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    21. Re:I wish I'd thought of that by wvmarle · · Score: 2

      In case of the challenge/response, the car knows what response to expect on the challenge it sent out. So the car and the key basically do the same calculation.

      The lost key situation is very simple: reprogram not only the key, but also the car. The car can be reprogrammed after gaining entry with a physical key - this may be a traditional key, or a smart key, or whatever. Just a second key, that the owner receives with his car and which can only be used for gaining access for reprogramming purposes.

      Now what if you lose that reprogramming key as well? Then the car owner will have to pay for a new window in his car, as the dealer will have to use brute force to access the reprogramming hub.

      Now theft becomes a bit of an issue (thief steals reprogramming equipment, gains access to the car, reprograms it to match the thief's key), however this again can be mitigated by having the car lock up for some time (a few hours should be enough to deter thieves) upon reprogramming without reprogramming key.

      The only issue may be that all the existing keys to the car (many people will have more than one key) have to be replaced.

  2. Re:10 years ago and earlier.... by Anonymous Coward · · Score: 3, Insightful

    Because 10 years ago that's as good as it got. We moved on. Now the insurance companies are saying "This is fucking stupid. Fix it or we won't pay for your idiotic keyless thingamabob. Cmon guys, we fixed keys years ago. If you can't do better, don't bother"

  3. This most important thing in the article by gewalker · · Score: 5, Funny

    "By far the most common way of a car being stolen is still from thieves breaking into homes and stealing keys," he said.

    Don't leave your keys in the obvious places, including the spare keys.

    For bonus points: Have some keys labeled "neighbor's house" that are useless.

    1. Re:This most important thing in the article by RockDoctor · · Score: 2

      taking out any family members that she comes across.

      This is Britain, not America. Burglary with violence is an extremely rare occurrence. Probably less than a one-in-a-million event per household.

      Hell - our police forces have to work hard to find enough officers to volunteer for firearms training.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  4. slim jim = stolen CDs. Hot wiring much harder by raymorris · · Score: 3, Informative

    Opening a car door is easy enough. That way the thief can steal your CDs. Hot wiring a modern car to steal the entire automobile is quite a bit more difficult. I've opened a lot of car doors. I've never started the ignition without a key on anything newer than 1980s, when you could just pull the lock cylinder with a sufficiently strong tool, then turn the switch with a screwdriver.

  5. Modified car? by jd659 · · Score: 5, Interesting

    I have a car that uses a wireless key. After browsing the web trying to find more about the security, I found that you could buy a programmer that connects to the car's data port and programs a new key. What was surprising to me was how relatively easy it is to buy such a device and how quick the programming process was (about 30 seconds). A thief would have to get an entry into the car first (breaking a window, perhaps), but once that is done, it's relatively easy to just drive off with a newly programmed key. What I did was to disable to data port, not permanently, but more of a need to use basis. Since it works on obfuscation, this is not a type of security to be mass produced. Not knowing how exactly the port is disabled, it will take a long time to make it work, so I don't expect a thief to start taking the car apart. Wonder if you can claim for the insurance that the port is disabled. There are many other ways to steal a car, I just want to prevent the easy ones known today.

    --
    There's no such thing as "illegal download"
  6. Fool me once... by Anonymous Coward · · Score: 2, Insightful

    The thieves are happy to steal them (often using equipment intended for dealer maintenance of the vehicles) and in consequence the insurance companies are refusing to insure such vehicles

    This is ironic. When electronic systems were first rolled out, the car manufacturers did a fantastic job of convincing insurance companies they were far superior to mechanical lock systems. So good, that in some cases insurance companies initially labeled any theft of such a car as being likely to have been done in conspiracy with consent of the owner, since it was obvious no common thief could have cracked such awe-inspiring technological marvels of security.

    Of course, this point of view was unfortunate for those first-generation owners who, who were labeled as suspected frauds. But initially very convenient for the insurance company, who could find an excuse to not pay out (at least until the police began to figure out just how easy it was to fool that "fool-proof" security).
     

    1. Re:Fool me once... by tompaulco · · Score: 2

      No big trick. They did the same thing when they introduced aribags. These lifesavers were going to decrease insurance premiums dramatically. Unfortunately, they have increased premiums dramatically because when they go off, you have to pay thousands to get them repacked, and plus you are probably badly injured instead of dead, possibly injured by the airbag itself, and your medical bills are higher than they would have been if you didn't have an airbag.

      --
      If you are not allowed to question your government then the government has answered your question.
    2. Re:Fool me once... by Cramer · · Score: 2

      Not "repacked", but "re-placed". And it happens so rarely because no one will assume the liability of anything ever going wrong with the replacement. Should you have a crash and the airbag doesn't deploy, guess who's going to be sued? (answer: who ever replaced that airbag.)

  7. Re:Key or keyless, all the same by Immerman · · Score: 5, Interesting

    >According to BMW their so-called "security" is so secured that there are BILLIONS of combination in their "secure key" system

    Well there's the problem right there - obviously they didn't take computer security seriously or they'd realize that billions of combinations hardly gives a brute-force hacking simpleton time tor their coffee to cool - I don't think anyone has considered 32 bit encryption keys secure since... ever, really. And that's assuming there's no vulnerabilities in the system. Meanwhile in order for the mechanic to be able to replace a lost key you need to install a gaping back door in every car you make, rendering your security system irrelevant except to the most casual of thieves.

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.
  8. Re:Other risks by tompaulco · · Score: 2

    My mother had a car stolen out of her garage while she was on vacation. The police actually found it, amazingly, in a park and ride well known to be a dropping off point for cars bound for Mexico. They actually took prints, which almost made me fall over in surprise. They got a match to a guy who was a known car thief. They did not arrest the guy and would not press charges even though my Mom wanted them to. Not only would they not do their job, but they wouldn't even tell my Mom who the perpetrator was so she could do their job for them.
    Why waste time dusting for prints when you are not going to follow up?

    --
    If you are not allowed to question your government then the government has answered your question.
  9. Re:Fucked Up by tompaulco · · Score: 2

    Yes, you have to have comprehensive in order to cover theft. Of course, if you have a loan, the bank will insist on you having theft insurance, but for some reason they are not willing to pay for this coverage of which they are a beneficiary.

    --
    If you are not allowed to question your government then the government has answered your question.
  10. Re:Key or keyless, all the same by fahrbot-bot · · Score: 4, Funny

    ;According to BMW their so-called "security" is so secured that there are BILLIONS of combination in their "secure key" system

    Well there's the problem right there - obviously they didn't take computer security seriously or they'd realize that billions of combinations hardly gives a brute-force hacking simpleton time tor their coffee to cool

    It only works if you say "BILLIONS of combinations" in Car Sagan's voice.

    --
    It must have been something you assimilated. . . .
  11. Re:Key or keyless, all the same by hawguy · · Score: 5, Interesting

    >According to BMW their so-called "security" is so secured that there are BILLIONS of combination in their "secure key" system

    Well there's the problem right there - obviously they didn't take computer security seriously or they'd realize that billions of combinations hardly gives a brute-force hacking simpleton time tor their coffee to cool - I don't think anyone has considered 32 bit encryption keys secure since... ever, really.

    Given that physical keys can have only "thousands" of combinations and provide reasonable security (car thiefs will break the window rather than try to pick the lock), you don't need a bit 128 digital key to make a secure car door lock, you just need to rate-limit brute force attacks. no thief can spend the time testing thousands of physical keys in the lock door lock, and if the system stops listening for 5 minutes every N number of incorrect keys, then even a 32 bit digital key can be immune to a brute force attack (though the protocol has to protect against snooping)

    And that's assuming there's no vulnerabilities in the system. Meanwhile in order for the mechanic to be able to replace a lost key you need to install a gaping back door in every car you make, rendering your security system irrelevant except to the most casual of thieves.

    It needn't be a big gaping back door -- if every new car-key generation request has to be signed by the secure private key only known by the manufacturer, then stolen car-key programming equipment has a very short lifetime - it's only good until the equipment is reported stolen, and only validated service stations can get their car-key requests signed and it's trivial to track stolen cars back to the machine that generated the key.

  12. Re:Key or keyless, all the same by Technician · · Score: 4, Interesting

    Most of those billions of codes are easly circumvented by a replay attack. The cure is to lock and unlock your car with a physical key to prevent reading of the code. The other step is to add a switch to simply turn off the RF trancievers in the car when parking it in an unsecure location. A replay attack will fail when the RF is OFF.

    --
    The truth shall set you free!
  13. Re:Key or keyless, all the same by sjames · · Score: 4, Interesting

    Rate limiting would help a LOT, but may not be enough if the bad guys rig up a strong transmitter. If you are in a crowded parking lot, you probably don't much care which BMW you steal, the first one to unlock will be good enough.

    It's not like BMWs are bargain basement cars, surely they could have spent a bit on an actually secure keyless entry system.

  14. Re:Key or keyless, all the same by drkim · · Score: 4, Interesting

    ...The cure is to lock and unlock your car with a physical key to prevent reading of the code. The other step is to add a switch to simply turn off the RF trancievers in the car when parking...

    Great point.

    Once hackers started popping passenger doors remotely, I found out you could disable remote door unlock just by pulling the fuse on the receiver.

    Now you need a physical smart key turn to open the door and disable the alarm.

    Just picking the lock won't work either, because it's the smart key that disables the alarm.

  15. Re: Key or keyless, all the same by afidel · · Score: 4, Funny

    Rate limiting would make ddosing a country club parking lot lots of fun.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  16. Best deterrence: Scratched car by advid.net · · Score: 2

    Our car is badly scratched. It's second hand and one of us made additional scratch to it (non intentional).

    I don't think anyone would be interested in robing such a car and we feel quite relaxed regarding theft risk (and when going through tight places).

  17. Re:Key or keyless, all the same by nabsltd · · Score: 2

    It's not like BMWs are bargain basement cars, surely they could have spent a bit on an actually secure keyless entry system.

    The problem is that the only right way to do it is a public key-based challenge/response system. This prevents replays from snooping, keeps the keys secure (they never leave the car or key fob), and essentially prevents brute force.

    The issue is that this requires the key fob to have both a transmitter and a receiver, plus more computing power, making it larger, and would likely run the battery down pretty fast (even if the receiver is only powered for a few seconds after a button is pressed). Nobody wants to replace their key fob battery every few months.

  18. Re:Key or keyless, all the same by AmiMoJo · · Score: 4, Interesting

    The radios they use in these systems are ISM band, often 433MHz (Europe), 432MHz (Japan) or 915MHz (US). The bit rate is fairly low, often 9600 or maybe 30kb tops. Thus you can really only try maybe a couple of hundred keys per second, at the absolute limit.

    Fortunately there is no need to brute force. Just set up a jammer, wait for someone to fail to notice that their car didn't lock as they were walking away, and attach your hardware to the car's debug port.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  19. Re:Key or keyless, all the same by j2.718ff · · Score: 2

    Rate limiting would help a LOT, but may not be enough if the bad guys rig up a strong transmitter.

    Exactly. Even if the guy had to park right next to the car he wants to steal, the fact that he doesn't have to touch the target car means it doesn't look like anything nefarious is happening. So he can walk away, do his grocery shopping, while his tools do their thing, and if all goes well, he'll drive home in a much nicer car.

  20. Re:Key or keyless, all the same by deadweight · · Score: 2

    When I had my BMW the most common ways for them to be stolen was either a mole in the dealership making extra keys or the thieves break into your house and steal the key sitting there on a hook in the kitchen.