Slashdot Mirror
Radio Attack Lets Hackers Steal 24 Different Car Models (wired.com)
An anonymous reader writes from a Wired article: A group of German vehicle security researchers has released new findings about the extent of a wireless key hack, and their work ought to convince hundreds of thousands of drivers to keep their car keys next to their Pudding Pops. The Munich-based automobile club ADAC recently made public a study it had performed on dozens of cars to test a radio 'amplification attack' that silently extends the range of unwitting drivers' wireless key fobs to open cars and even start their ignitions (in German). The ADAC researchers say that 24 different vehicles from 19 different manufacturers were all vulnerable, allowing them to not only reliably unlock the target vehicles but also immediately drive them away. "This clear vulnerability in [wireless] keys facilitates the work of thieves immensely," reads the post. "The radio connection between keys and car can easily be extended over several hundred meters, regardless of whether the original key is, for example, at home or in the pocket of the owner." [...] Here's the full list of vulnerable vehicles from their findings, which focused on European models: the Audi A3, A4 and A6, BMW's 730d, Citroen's DS4 CrossBack, Ford's Galaxy and Eco-Sport, Honda's HR-V, Hyundai's Santa Fe CRDi, KIA's Optima, Lexus's RX 450h, Mazda's CX-5, MINI's Clubman, Mitsubishi's Outlander, Nissan's Qashqai and Leaf, Opel's Ampera, Range Rover's Evoque, Renault's Traffic, Ssangyong's Tivoli XDi, Subaru's Levorg, Toyota's RAV4, and Volkswagen's Golf GTD and Touran 5T.
Mercedes-Benz,
The best or nothing.
Usong models and sex to sell things is appalling! Now these victims are getting stolen, too! It is not safe to be a model in today's society. Think of the children!
Thieves can still steal your car without a key. News at 11.
I had this in a rental car recently, and once I figured out there was not place to put the key (never seen it before, never even occurred to me) I did wonder just how secure it was.
So, what, it just continuously broadcasts "you can start now", with no intermediate encryption or anything? There's clearly no user interaction required to start the car (I never did get used to having the "key" in my pocket to start the car), no button to push or anything.
TFA says "every second semester electronic student should be able to build such devices without any further technical instruction." That positively screams of something which was built to be cool, but with no real thought about security.
I wonder if this is something which even changes on each invocation, or if you could simply record and play back the signal ... in which case this is a pretty pathetic system.
And, once again, the security of such things is purely an afterthought when it's pointed out how trivial it is to bypass. And, once again, I say companies need to have legal liability for shit like this.
Lost at C:>. Found at C.
Seriously? Not interfacing the keys with the car physically was just a bad idea.
The more I see how we are using technology, the more I become a Luddite.
My Jeep isn't on the list!
At least my last hack was patchable.
"their work ought to convince hundreds of thousands of drivers to keep their car keys next to their Pudding Pops"
Huh? Pudding pops? What does that even mean? I thought the new Slashdot management was going to get rid of these horrible summaries that don't make any sense. Since the word is capitalized, I assume this means Jell-O Pudding Pops? The frozen snack from the 80s? They stopped making these a long, long time ago. So you should keep your key fob in the freezer? How does that help?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Could the researchers explain why this attack SHOULD NOT be possible?
Is there technology available that can be used to verifiability check how far is the device that emits the signal?
Our lives aren't significantly enhanced by wireless keys. Are they?
To be honest this wasn't entirely a surprise, wireless I have to admit is very convenient thou and well as they say there's a fine balance between convenience and security. On the other hand a lot of modern cars feature systems such as OnStar which means your vehicle can be tracked or disabled by the manufacturer so they're not exactly the most ideal cars to try to steal.
And no, these keys are encrypted but the problem is they're using a "range-extender" to make make it seem like your key is right next to the car when in reality it is a fair distance away.
Solution:
(Assuming the key/car are using private/public key pairs)
You'd have to put a reasonably accurate clock in the key, and then have it encrypt and send timestamps to the vehicle using a sequence of rapidly fired request messages followed by response messages.
The car could then decrypt the messages and compare the timestamps from the sequence of messages measuring the distance between the key and the car. The clock in the key would have to have similar accuracy to a laser ranger finder.
The actual protocol would be a bit more complicated in the details, but the basics outlined above are what is needed.
Someone you trust is one of us.
If you haven't owned a car with keyless drive like this, you can't imagine how convenient it is to just walk up to locked car, open the door and drive away without digging out a ring of keys.
I can go days without ever taking my keys out of my coat pocket.
This is why I stick with wired keys only.
If I am reading it correctly this only extend the radio frequency but the user still have to press the button on their remote.
Now if you are talking about breaking the window and press the start button in the car then I can see that could be a problem. I would hope the car maker use triangulation to detect if the remote is within the car
From long distances, not really. It would be best if they only worked within a few feet of the car, that would balance security and convenience.
They could add a secure lock mode, where if you affirmatively press the lock button on the keyfob, the car will require an affirmative unlock press on the keyfob and not unlock based on the "presence" of the keyfob.
I also wonder why they couldn't have some means of shutting off the radio in the keyfob so it didn't produce a signal that could be relayed to the car. Maybe a motion sensor in the keyfob that when it wasn't moved for a period of time would shut off its radio completely until enough movement woke it up.
Years ago you could open your neighbour garage door with a radio transceiver and a tape recorder. Today you can't because all of them use ROLLING CODES.
Does this mean car FOBs don't use rolling codes?!?!
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
The doors never ever had locks (and even if they had, you can fold the tent without tools or access from the inside). It starts with a button on the dashboard.
And then, you need to know how to drive it, be strong enough to actually do that, and a good reason to steal a pile of soviet-era rust. It is a very good city car.
Equally why do people care. You would be mad to drive around without full comprehensive insurance these days and if you have full comprehensive insurance with new for new, cost or even market value***, do you really care if your car is stolen? It'll be an inconvenience for a few days, sure, but you even get a car as part of your insurance these days...
*** Maybe you should not have paid $60k for that car if it's market value was going to drop to $25k 2 years later. That new leather smell... ;)
and if it happens to your rental discover will not cover you. That will be 22K
They may or may not of used a hack to take the car but as a renter you will be on the hook if they fail to update there car software.
http://elliott.org/should-i-ta...
what about the speed pass. Free gas is nice! To bad the lotto desk does not take it.
Yes, correct. The simple fix here is to notice the delay in response from the vehicle's hail to the keyfob, and the keyfob's response. The amplification attack introduces a detectable latency in the keyfob's response due to the time required to process and relay the communication.
I am embarrassed for the vehicle manufacturer's that do not introduce a simple time-out for a keyfob response, and perhaps even introduce a check-engine-like vehicle app indicator for the driver to see that such an attack has been detected (plus where and when) and thwarted.
To the original0 And executes a
Do car makers really have good incentives to fix their security?
Not really, since they can sell a new car paid by the insurance company when someones car gets stolen. The only downside is negative reporting - but that can be fixed by massive ad-campaigns; just look at VAG, they are running ads like crazy in Europe right now, but they have dropped their tag-line "vorsprung durch technik" (lead by technology). I guess they don't want to use the new and improved tag-line "vorsprung durch betrug" (lead by cheating).
The whole wireless key fob thing is a pure convenience thing that when it fails becomes extremely inconvenient because convenience is security's biggest enemy. I can't understand that people would accept that their car have no physical security to speak of since it is quite a huge investment for many people.
The only mitigation I can think of if you still want the convenience of a wholly wireless key fob is that they introduce a check for max latency for the key-challenge response which is like 27 picoseconds(?) for a 4 meter radius not including the electronics internal response time. This means of course that the timing of the key exchange must be wholly deterministic.
--- Reality doesn't care about your opinions, it happens anyway and if you are in the way you'll get squished.
. . . my car starts in German.
Do you call the person who uses a slim-jim (not the meat sticks), lock picks or a slide hammer to steal your car a lock smith? No we call them car thieves. Simple, plain ol' un-glamorous car thieves. It IS useful to know the car makers are so stupid as to make car entry systems as simple as this, BUT, this is NOT hacking. It is practice for breaking and entering.
At least so far, no Tesla. This id interesting Considering that in 1.5 years they are expected to make a huge impact.
I prefer the "u" in honour as it seems to be missing these days.
Honestly, all these designs utterly suck and only exist for stupid reasons. yes it's Sooooooo hard to put a key in the ignition, I am guessing these same people complain that their 15" laptop is ungodly heavy and crushes them under the weight of having to carry it.
This could be solved by two factor authentication. Not only would the key fob transmit a radio signal, but you would also need a metallic dongle with uniquely coded grooves that when inserted into a specialized slot would engage a mechanical door release mechanism.
Many of these manufacturers plan on creating autonomous vehicles as well. Yet they DGAF about security, sometimes on this embarrassing of a level. I'm eager to see how that plays out, except perhaps for the inevitable deaths.
That is EXACTLY what the thieves are saying. You can't imagine how convenient it is to not have to smash windows, use slim jims, figure out some hack around the computer security, etc. It is SO much more convenient to just walk up to the car with this pringles can looking thing and just open the door and drive away. Technology is the best!
Longer if somebody steals your car.
That'll teach you to buy a car that doesn't use a plain-old physical key you insert into a lock.
While I'm on the subject, any car that has any sort of wireless systems built into it needs to have a hardwired switch you use to turn OFF the transceivers completely, so the car is isolated and can't be hacked into wirelessly.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Only has physical locks. #Baseline.
Automatics get better fuel economy than manuals in all new cars now.
Sounds good. The only problem: it's not true. Granted, the efficiency of non-manual transmissions (traditional automatics, CVTs, automated manual transmission , etc.) has improved greatly, and in some cases it's better than manual transmissions, but from what I've seen from shopping for small cars, manual transmissions are still a bit more fuel efficient on average.
I won't post a ton of links, but your statement only requires a single counterexample to disprove, so here's one: the Hyundai Accent.
LOL, hmmm ... I wonder if the rental Jetta I just had opened the doors as well with that thing.
I'll feel like a right fool if I could have just walked up to it and opened the door instead of pulling out the fob to open the doors and then putting it back in my pocket before I got in.
Because that struck me as kind of a waste of time.
I was so baffled when I first couldn't figure out where to put the key to start the car it never even occurred to me it opened the doors as well. I spent over 5 minutes trying to figure out where to put the key (yes, I'm special like that).
Which is the problem with rental cars, by the time you figure out some of the seemingly simple things it's time to return the car. I once had to pull out the manual to figure out how to put in the gas nozzle in some Fiat thingy I'd rented, and even with the manual I found myself thinking "why the hell is this step necessary?"
Lost at C:>. Found at C.
Our lives aren't significantly enhanced by wireless keys. Are they?
Oh yes they are. Have you not heard of the Heisenberg Shopping Principle? The one that states the key to your car is always in the pocket of the hand most heavily loaded with shopping bags?
Actually funny side story I lost my keys once. I was about to go back up to my apartment and check there but then I thought I'll see what happens if I push the start button, and sure enough the keys were under my car seat.
Wouldn't it be even more convenient if the doors had no locks at all? No need to worry about keys at all. The point of security and keys is to trade convenience for security... more the security, higher the inconvenience.
BTW, if you're at a gas station and outside the car but close enough for the car to detect the key, wouldn't this be enough for a thief to enter the car and drive away?
That is in 1960s/1970s can easily use a slim-jim or a coat hanger (bent with small hook), stick inside door at window line, push down and up until the hook grabs the mechanism and the door lock button pops up. I remember when a friend left keys in car, called a locksmith and arrived on scene, 5 seconds later unlocked the car with a slim-jim. His reaction, "well why in the hell even lock the car in the first place!!!" Then can easily hot wire the car by reaching under and digging up the wires. For column keys, stick a heavy-duty tool and simply force it to start position.
Then later cars not so easy to steal. Protective mechanisms around door locks, column locks with more theft prevention measures, and car alarms. A side problem is increase in car jackings as need to force owner after they started the car. There is also "smash and grab" car burglaries that increased a lot in recent years as they are fast and police no longer respond (not that they can do much after the fact).
Sounds like back to the future where cars are now easily steal-able. Now what was that trick Bif used to make it so he is the only one that can start his car?
mfwright@batnet.com
So, to defeat this attack, keep the key in a Faraday cage.
Maybe inside my foil-lined wallet next to my NFC cards, then.
(grin) :-D
All security is inconvenient. If it's convenient it's not secure. It's really convenient to leave your front door open so that you can just walk in, it's not very secure.
Security is a trade off, you balance your convenience with your security at whatever point you feel comfortable. Does the convenience of using just a fingerprint to access your phone justify the level of security it offers? If so then use it. If not, don't. You don't get to complain that your convenient security didn't turn out to be very secure.
"Grab them by the pussy" -- President of the United States of America
Most cars with these systems have positional keys. They can open the doors while you're standing nearby, but they can't start the car unless the key is inside.
Wired.com will not permit access unless your web browser will run every script that every malware distributor who buy ads on every one of the ad server companies they use. Oh HELL no! I do not block ads. I do run NoScript, though. I would enable wired.com, but I'm not going to blanket allow all the malware-distributing ad servers.
Lexus of some sort, it was a car, not an RX wagon.
Parked at McDonald's in Miami, a white van pulls up, not a minute later a guy from the van pops the door with his hand and just drives away. Security camera recorded it.
Car was found later, no signs of forced entry.
The "Civilized World" jumped the shark ca. 1973.
Wouldn't it be even more convenient if the doors had no locks at all? No need to worry about keys at all. The point of security and keys is to trade convenience for security... more the security, higher the inconvenience.
BTW, if you're at a gas station and outside the car but close enough for the car to detect the key, wouldn't this be enough for a thief to enter the car and drive away?
Every car I've had with this functionality can tell if the fob is inside the car or not. So no, you can't just hop in the car with the fob in the user's pocket outside the car and drive away.
And why should they? They only cover for collision according to the story..
I'm the same. My keys are kept on a spring coil of wire, commonly referred to as a key ring.
Also, my vehicle is old enough (one of the last of the line, actually) to have just a regular key with nothing electronic about it. A duplicate key costs about $1.75. It's underpowered and plain looking enough ('stripped' is what car fanatics call it) that nobody is likely to steal it.
> WTF, are people incabable of pushing a button on their fob any more?
I would have said the same thing until I tried it. My latest car came with a proximity key. I've come to appreciate it, especially when my hands or full or it's raining.
I need to have my car "key" (fob) on a keychain with two access cards, each credit card sized, so digging the whole thing out of my pocket is a bit of a hassle (the cards turn sideways and hang on the pocket). It's not something I would pay $300-$400 to add aftermarket, but it's a convenience. Avoiding digging out the wad of a keychain and trying to find the right button in the dark also helps when I'm trying to be smooth on date night. :)
No, Couldn't tell you exactly how they triangulate it, but the cars with fobs are fairly intelligent about whether or not the key is actually IN the car vs. just outside the car.
Honesty may be the best policy, but by process of elimination, dishonesty is the second best policy.
I've been an auto tech for six years and have had this happen exactly on a couple occasions - "It must be in here, the car turns on." Saved me looking all over the shop, but didn't keep me from having to pull the center console to get it out of the emergency brake.
Honesty may be the best policy, but by process of elimination, dishonesty is the second best policy.
Yet another car hacking story. It is all done in a controlled setting by 'researchers'. I have yet to hear of a real world car theft using these stupid hacks.
The Club, and other physical devices, have always been and will always be a good belt and suspenders.
Very simple lads....wrap your key in a bit of tinfoil.Blocks the signal!!