Thieves Are Boosting the Signal From Key Fobs Inside Homes To Steal Vehicles

An anonymous reader quotes a report from CBC.ca: According to Markham automotive security specialist Jeff Bates, owner of Lockdown Security, wireless key fobs have a role to play in many recent car thefts, with thieves intercepting and rerouting their signals -- even from inside homes -- to open and steal cars. According to Bates, many of these thieves are using a method called "relay theft." Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start. The thief will bring a device close to the home's door, close to where most keys are sitting, to boost the fob's signal. They leave another device near the vehicle, which receives the signal and opens the car. Many people don't realize it, Bates said, but the thieves don't need the fob in the car to drive it away. Bates says, if you have a key fob that can wirelessly unlock/start your car, you should not keep it by the front door.

"If you do live in a house, try to leave your keys either upstairs or ... as far away from the vehicle as possible," he said. "The other thing that you can do is there are products out there that you can put your key fob into," such as a faraday cage -- a box used to block radio signals -- a key pouch, which works similarly, or even a steel box.

Jokes on you

[ERJ]

I drive a crappy old car that cannot be started with a key fob signal. You can't steal my car!

Oh....

Re:Jokes on you

[Dirk+Becher]

Mandatory auto update! He can now!

Re:Jokes on you

[mschuyler]

So just steal it the old-fashioned way. Car theft has been a thing way longer than your old crappy car.

Re: Jokes on you

Iâ(TM)ll bet

Re: Jokes on you

He must be monitoring Facebook

Re:Jokes on you

[bobbied]

I drive a crappy old car that cannot be started with a key fob signal. You can't steal my car!

That's nothing, mine has a manual transmission..... NOBODY will be able to steal my car, maybe the stuff in it, but NOT the car, at least without a tow truck..

Re: Jokes on you

Ah, a manual. I believe you've got the Millennial Inhibitor Device.

Re: Jokes on you

[bob4u2c]

It was a upgrade option I believe.

Re:Jokes on you

It started w/horses, and you know what the law said about horse thieves!
Technology is making it easy for criminal because the technology companies
out there don't case about the consumer of their product (this is largely a
Republican's way of thinking).

CAP === 'sixfold'

Re:Jokes on you

[dryeo]

Same here, and even though it has got an aftermarket remote start, the procedure to get the truck set up is detailed enough that I've never bothered. As well there's the steering lock and the club thing on the steering wheel.
I also have a hard time believing that my ancient fob is always broadcasting, rather then when pushing the unlock button.

Re:Jokes on you

This is for the newer 'keep the fob in your pocket' systems where you never insert anything into the car or push any buttons on the fob to get in and start it.

- WolfWings, too lazy to login to /. in way too long.

Re:Jokes on you

LOL, by your reasoning venezuela would be a consumer paradise. You don't learn do you?

Re:Jokes on you

[CohibaVancouver]

So just steal it the old-fashioned way. Car theft has been a thing way longer than your old crappy car.

I know, right? I watch TV. It's clear all you have to do is twist two wires together, then brush a third wire against that pair and the car will start. Seconds later you can drive away.

Re:Jokes on you

[Iwastheone]

Just get one of these,,, https://www.youtube.com/watch?...

Re:Jokes on you

[viperidaenz]

Yes, like my 2005 Accord. But who'd want to steal a 13 year old honda?

Re:Jokes on you

[14erCleaner]

I can top that...my manual-transmission cars have been broken into twice, but the thieves couldn't find anything worth stealing! (It was a pain having to repair the broken windows, though...)

Re: Jokes on you

Millenial here, I've been driving a manual since college.

Re:Jokes on you

[ShanghaiBill]

I also have a hard time believing that my ancient fob is always broadcasting, rather then when pushing the unlock button.

My spouse has a Tesla, and there is no button on the fob. As she walks toward her car, it automatically unlocks when she is about 5 meters away. She doesn't even have to take the fob out of her purse.

I had assumed it was an RFID transponder, and the interrogation signal originated from the car, which has plenty of power. But maybe not.

Re: Jokes on you

...you joke but there are in depth videos all over YouTube...

Re:Jokes on you

[PPH]

manual transmission

Mine has a knob on the dashboard labeled 'Choke'. I dare a millennial to figure that out.

Re: Jokes on you

GenX here, it's called a stick or driving clutch. Many modern cars with automatic transmissions have manual shift options, usually using paddles on the wheel.

Re:Jokes on you

It would be funny as hell, but my old (98 Civic) with manual transmission was stoled from my driveway last evening. The neighbor's security camera caught the thief in the act, it took less than a minute to break open the door, start the engine and drive away. Why would a professional car thief bother with my oldie beats me.

Bottomline is, MT is not a realistic deterrent.

Re:Jokes on you

[dryeo]

Someone stole my last truck, a '91 F150 that looked as ugly as hell. It didn't show up again, so it wasn't just a joyride either.

Re:Jokes on you

[dryeo]

Yes, after reading more comments, I realized things have changed in the way fobs work.

Re:Jokes on you

[PPH]

Not quite. You forgot a step

Re:Jokes on you

[mysidia]

And.... its gone!

Actually; I think one of those trying to drive into my neighborhood would very quickly be noticed, since such a large vehicle would fill up both lanes: even LTL delivery trucks can't get in because they're too wide for the road and too tall to clear the power lines.

Re:Jokes on you

I don't understand why they haven't fixed this problem. Maybe 20 years ago I remember using my Palm III to capture and successfully use the keyfob signal from a friend's Corvette.

Re: Jokes on you

RX-7 ?

Re:Jokes on you

[mentil]

It's a Ford, remember. It stalled in the White Castle drivethrough so they ditched it.

Re:Jokes on you

Worst 'Gone in 60 Seconds' ever...

Re:Jokes on you

[Ambvai]

I had my car broken into in Las Vegas, through the rear windshield.

They ignored the three growlers of beer in the rear footwells and accompanying two-thirds pizza, the rather sizeable stack of cash buried at the bottom of the center console, and the tablet in the glove compartment.

What did they steal? A 30-year-old wool coat. In the middle of summer. (I had the sneaking suspicion it wasn't a smash and grab though, seeing as like 15 cars had their windows busted, nothing of note stolen, and a mobile glass replacement company was onsite the next morning.)

Re: Jokes on you

[Cederic]

Maybe in your country but here it's called a manual gearbox.

How you operate it - gear stick, paddles, both - is entirely fucking irrelevant.

Most paddle operated gearboxes are semi-automatic though, no clutch. That's not always the case though.

Re:Jokes on you

[Cederic]

To be fair, if its operating from 5m away then nefarious types can just generate the car's interrogation signal from outside your house and there's a chance the key will be close enough to respond.

Much as the article suggests, just the comms channels inverted.

Re:Jokes on you

Those "Club" locks are absolute garbage, design wise, physically and in a complete lack of pick resistance. The Lock Picking Lawyer did a series of videos on various models and how to defeat them quickly.

https://www.youtube.com/watch?v=NuytBrQXiw8
https://www.youtube.com/watch?v=1p24r67WB_8
https://www.youtube.com/watch?v=goJ9nsrt6Sw
https://www.youtube.com/watch?v=7TiL7OwmBGQ
https://www.youtube.com/watch?v=gctHsKUu1NY
https://www.youtube.com/watch?v=Z0EDxxSLgGA

Re: Jokes on you

Lawn tractor rednecks...

Re:Jokes on you

I pulled the knob, all that happened was I got off.

relevant star wars meme

https://imgur.com/gallery/uzbmi

Re:Jokes on you

[AmiMoJo]

The car emits periodic radio signals that the keyfob can detect with an always-on ultra low power detection circuit. It's similar to RFID but a bit more sensitive, in that it's basically passive until excited by the radio signal from the car at which point the battery in the fob is used to power an amplifier and demodulate the actual signal.

Re:Jokes on you

What is so hard about a manual transmission? I always got those, as they waste less power than an automatic. That situation may have changed sometime the last 10 years, but too little too late. I now have an electric car with a fixed-gear transmission. Steal it, and you won't get far :-)

Re:Jokes on you

[havana9]

Actually it could be tricky even for a Gen X or a baby boomer. You can flood the engine. And sometimes you have to find it. like in the Fiat 126 and figure how to engage the starter.
On the other hand a thief will start the car using a piece of brass sheet and a flat screwdriver.

Re:Jokes on you

[froggyjojodaddy]

Bah, that's nothing. I got a manual car where 1st gear doesn't work. And if you put it in first gear, it's a PITA trying to get it out. You have to disable the linkage and then not do that again

Even if a thief broke into my car, managed to hot wire it and got it started, what's the first thing they're gonna do? That's right, put it in first gear (I back into my parking spot) and then BAM!! they're done!

Re: Jokes on you

Manual is like "someone may have shredded your gearbox before you buy a used car", right? In an automatic car, this is less of a risk when buying used...

Re:Jokes on you

And my manual transmission car has a KEY to start it and to unlock the doors.

Re:Jokes on you

[dryeo]

Well that's why I expected it to turn up again, dead on the road somewhere.

Re: Jokes on you

[PPH]

FJ-40

Re: Jokes on you

Doesn't work if you have a passive transponder key. You need both the key in the ignition, turned, and the signal.

The signal would not be receivable from outside the home due to the limited range of a passive transponder.

Re: Jokes on you

In fact that's basically true for cars with manual transmissions and no steering locks. Yes, even today they make cars like that. Installed enough remote starts to know this...

Re: Jokes on you

LOL. A lot of used slush boxes are on sale simply because the transmission is slipping and it's not bad enough to notice in a test drive if you throw in some oil thickener.

At least with a manual if you run it through the gears and it feels right you know the transmission will be in okay shape (assuming nobody welded parts back together, but that's less rare than throwing in some fuck a transmission).

Re: Jokes on you

Mine had throttle and mixture...

Re:Jokes on you

[David_Hart]

Actually it could be tricky even for a Gen X or a baby boomer. You can flood the engine. And sometimes you have to find it.
like in the Fiat 126 and figure how to engage the starter.

On the other hand a thief will start the car using a piece of brass sheet and a flat screwdriver.

Unless they have experience with boats... plenty of boats still have chokes....

Re:Jokes on you

They steal them for the parts. Older cars are worth more in parts than the car as a whole.

Re: Jokes on you

[Impy+the+Impiuos+Imp]

Those let you decide when to shift, but the shift is automatic style with no (human-activated) clutch.

Re:Jokes on you

[Impy+the+Impiuos+Imp]

It's been stalled in the White Castle drive-thru for a few weeks now, but White Castle is so slow the people behind it haven't noticed anything wrong yet.

Re:Jokes on you

Your car is almost ideal for car thieves.

2005 Honda Accord. So, probably still reliable after 13 years. Most popular or 2nd most popular car that year. 13 year old cars, even Accords, need parts. Car thieves want the parts, not the car. Thieves get about 3 times as much money for a parted out car over a complete car.

Re:Jokes on you

[Impy+the+Impiuos+Imp]

I've got a car in my driveway that if a thief managed to get it started I'd run out and scream how did you manage to get it started!

(That's a Norm Perfect joke.)

Re: Jokes on you

[CohibaVancouver]

Which modern cars don't have steering locks?

(Modern = made in the last 25 years.)

I appreciate that cars with pushbutton-start don't have steering locks on the column, but you can't start those by touching some wires together under the dash.

Re:Jokes on you

[dasunt]

(I had the sneaking suspicion it wasn't a smash and grab though, seeing as like 15 cars had their windows busted, nothing of note stolen, and a mobile glass replacement company was onsite the next morning.

Odds one person would not call a mobile glass company that shows up the next day: 1/n.

Odds that out of fifteen people, at least one would not call a mobile glass company that shows up the next day: (1/n)^15.

Quick test that shows that if even 96% of the people don't contact a glass company that shows up the next day, there's a better than even chance that the glass company will still be there the next day.

Re:Jokes on you

[DarthVain]

At least by nobody young. Extra points for having a twitchy clutch you refuse to fix that makes it even harder...

That said the car in which the article is about was found a few days later abandoned in a parking lot. So it isn't like this is being used to "steal" the car, more like borrowing the car for whatever other nefarious deeds they might have been up to then ditching it.

Re:Jokes on you

[viperidaenz]

People steal expensive cars because they're expensive.
People steal fast cars because they're fun to drive.
People steal easy to steal cars because they need a car to commit a crime.

Someone probably stole your truck to rob someone's house. They then ditch it and set it on fire.

Re:Jokes on you

[bobbied]

Ah, memories of my 65 VW Beetle's clutch.. It was badly in need of replacement and didn't quite fully disengage by the time I got rid of it.. Had to be fast and never leave it in neutral very long.

Come to think of it, the same car had a starter issue at one point. Had to "push" start the thing for a couple of months until I could save up enough cash to fix it. I can remember pushing it across the parking lot, jumping in, dropping it into third and popping the clutch... Steal that you youngsters!

But hey, I learned to drive in a 1955 Chevy pickup tossing hay out for the cattle in the field some 40 years ago. Taught me how to drive a manual transmission, rear wheel drive, on everything from pavement, snow, sheets of ice, grass and mud. You people who don't know why hitting the brakes doesn't fix anything on wet ice scare me now, or the idiots who cannot get a 4WD though places I've put that pickup with nothing but chains and a few bails of hay in the bed. Personally, I stay home these days, not because I cannot get around, but because some idiot will hit the brakes, turn the wheel and wonder why they still hit me.

Re:Jokes on you

[DarthVain]

Ha Ha! Similarly I had a 1985 Nissan Sentra Wagon in high school with a manual. Starter went on it... I remember for at least a couple of months before I got around to getting it fixed, I would either A) always park facing down a hill, or B) ensure I had a couple of guys with me to push, and jump started it everywhere which was surprisingly easy on that car.

Re: Jokes on you

LUL. Another repubtard who doesn't get it.

Re: Jokes on you

Or dirt bikes.

Re:Jokes on you

[Ambvai]

I would expect a typical thief would grab beer, cash, or technology, and not a hot jacket in the middle of summer (even if Las Vegas nights can be fairly cool), especially if there were multiple break-ins. I mean, if it was some homeless guy that was cold, just pick any car that seems to have a lot of luggage and break into that one vehicle alone. If they were people looking for something of value, they could've taken what was actually worth money. Punks screwing around for fun? Would they turn down a few gallons of beer?

Instead, nothing of consequence was missing from my car, nor that of the other people I was chatting with in the lot who were also broken into. The only other money involved would've been for the casino, and I was staying there anyways so no point in keeping me at the property longer that way, or the glass repair.

Sure, it's probably just paranoia... but I'm still wary.

Re:Jokes on you

[John.Banister]

Maybe the value of the car was to use it for getting to the location for committing an additional crime, and a stolen car was best for that.

Re: Jokes on you

That was the assumption made. That's why they're using a signal booster.

Re:Jokes on you

[dryeo]

But then it would have turned up, burned. More likely chopped for parts.

Re:Jokes on you

[viperidaenz]

Or they removed the chassis and engine numbers before burning it.
If I was disposing of a get-away car I'd do that. Makes it harder for anyone to figure out where and when it was stolen. It just ends up being another write-off going to the crusher.

I suppose you could send it to a chop shop, but that's not going to get rid of any evidence if the shop gets busted while the car is still there.

Re: Jokes on you

My car has the ultimate anti-theft device: a manual transmission.

Re: Jokes on you

[justthinkit]

Some winters back I was shoveling snow around our house (corner lot) and a car comes along. Our intersection's snow had turned to ice. Somehow the guy gets stuck in the intersection. His solution (like his cause) was to gun it.

He polished the ice for several minutes.

People came over to help push.

Finally I went over, got in, put the manual in 2nd, let out the clutch slowly and the car was free in 5 seconds. Only words exchanged were "Let me give it a try".

What is the next thing we forget how to do?

Found the (retarded) design problem

"Key fobs are constantly broadcasting a signal that communicates with a specific vehicle" - Don't do that. Duh.

My tinfoil hat to the rescue ...

[140Mandak262Jamuna]

I keep my keys in my tin foil hat, Now who's laughing?

Seriously, get one of those wire baskets sold as desk organizers, hang it next to your key rack. Drop your key fob in that basket, and you are safe.

Re: My tinfoil hat to the rescue ...

That wire rack won't do a damn thing.

Re:My tinfoil hat to the rescue ...

[Thelasko]

I keep my keys in my tin foil hat, Now who's laughing?

Seriously, get one of those wire baskets sold as desk organizers, hang it next to your key rack. Drop your key fob in that basket, and you are safe.

They also sell wallets for this purpose. I don't know how this became an article. I thought everyone on Slashdot stored their keys in their tinfoil hats!

Wrong!

First, key fobs are NOT constantly broadcasting a signal. Their tiny coin cell battery would go dead really quickly. The CAR is constantly broadcasting a signal, which, when the fob is in range of, it answers with an unlock code. Next, sure, you can use a Faraday cage. You can put it in the refrigerator (which some people actually do!), etc. But you can simply park your car in your garage. Don't pile up crap in the garage and actually use it for the car. Boom, attack defeated.

Re:Wrong!

You must be part of the 1% club. The rest of us who only make six figures can't afford garages. Silicon Valley is just too god damm expensive.

Re:Wrong!

[WilliamGeorge]

Not all of us have garages - certainly not most folks in apartments, and even many homeowners (myself included). Plus, there are pretty cheap ways for thieves to hack electronic garage doors too:

https://www.youtube.com/watch?...

Re:Wrong!

[bobbied]

First, key fobs are NOT constantly broadcasting a signal.

Um, no, they are regularly transmitting a short low power ping, at least the ones I've seen.

Just dropping your FOB into a open metal box, assuming it's deep enough, will likely work just fine. But the exploit path will remain when you walk away from your car in a store parking lot..

Re:Wrong!

[nukenerd]

sure, you can use a Faraday cage. You can put it in the refrigerator (which some people actually do!), etc.

In other words the supposed convenience of having saved pushing a button on a fob on your key ring is more than completely negated by this sales gimmick. Could someone explain again why pushing a button is so hard?

Re:Wrong!

You clearly don't understand that pressing a button can be very, very difficult. After a bottle of wine and half a bottle of whisky, I struggle to even find my car key, let along hold it still enough to press any silly old button.

Last night, I was only able to get into the car because I'd left the doors unlocked, and when I woke up in the car, parked outside my house, I thanked my stars that I'd been at home in the first place. Not sure why I didn't just use the bedroom. Anyway, it would have been far worse, as you can imagine, if I'd had to contend with buttons and other such nonsense.

Re:Wrong!

[ArchieBunker]

Going to need a source on that one. Those coin cell batteries can broadcast pings for years? I'm calling bullshit.

Re:Wrong!

[fahrbot-bot]

Could someone explain again why pushing a button is so hard?

And, by extension, why using a regular key -- that has worked since the invention of the automobile -- is so hard?

Ya, ya. (1) I understand there were a few isolated issues in recent memory with keys because a manufacturer cheaped out on a spring in the ignition lock and (2) I get the convenience of key-less entry and ignition, but some solutions just create new problems. Both my 2001 Honda Civic and 2003 Honda CR-V have a key-fob to unlock the doors, but I *never* carry/use them (okay, maybe during a rainstorm) because they're too big to comfortably carry in my pocket. I just use the keys - and have never had a problem. I'm also not a fan of key-less ignition (and have read articles about people getting killed using them), though I concede that my next car will probably have it because manufacturers are going that way to (a) save on providing locks/keys and (b) raping consumers on the cost of key-less systems. I would pay extra to *not* have key-less ignition. Sometimes newer and/or fancier is not better. In a related story, I have a friend with a new(ish) Toyota Highlander which won't start if both his and his wife's key-fobs are (detected) in the car at the same time -- which seems like a design flaw.

Re: Wrong!

Hahahahahaha you are killing me

Re:Wrong!

[bobbied]

Going to need a source on that one. Those coin cell batteries can broadcast pings for years? I'm calling bullshit.

From the original article above ^^^^^ (Scroll up dude!) ^^^^^

"thieves are using a method called "relay theft." Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start. "

Re:Wrong!

[Cmdln+Daco]

I have a two car detached garage. But being a nerd, there is just too much other stuff more worthwhile to keep in a garage than my cars.

Re:Wrong!

[dryeo]

My ancient fob has a 12v battery that is about half the size of a triple A, length wise. I also don't know what the point of always broadcasting would be, have to press a button to unlock and enable the ignition and even with the key in the ignition, if i don't start it within 3 minutes or so, the ignition and starter (or maybe just the starter, have to try push starting it one day) are disabled forcing me to push the unlock button again.

Re:Wrong!

[godel_56]

Going to need a source on that one. Those coin cell batteries can broadcast pings for years? I'm calling bullshit.

From the original article above ^^^^^ (Scroll up dude!) ^^^^^

"thieves are using a method called "relay theft." Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start. "

It's other way around. The car is constantly sending an "unlock me" signal and the fob is always listening. When the fob gets close enough to hear the signal the pair negotiate an unlocking sequence. You would not want the fob to be always broadcasting because that would flatten the key fob's battery.

Re:Wrong!

[bobbied]

So you are saying the article is wrong?

I'm not going to call BS, but I am going to ask for a citation on that... :)

Re:Wrong!

[dryeo]

It's handy to just push a button to unlock both doors rather then walk around and unlock the passenger door after unlocking the drivers door. Likewise for locking them if the passenger forgot to push the button down before closing the door. Driving alone, it's not so important.
The truck also won't start without pushing that button to unlock the doors and screams if someone opens the door (reaching through an open window or such).

Re:Wrong!

What might be useful is a small GPS chip in the key fob. Key sends a signed, encrypted message with its GPS signal, the vehicle compares it to its GPS location (which doesn't require any connectivity except reading the satellite signal), and if the remote is past some distance away from the vehicle (which might be something user settable), don't unlock anything.

Re:Wrong!

[ctilsie242]

Maybe the remote needs an on/off switch. Flip the switch off, no attempts at communication would be made.

Re:Wrong!

Because articles are never wrong. Journalists are closet scientists and engineers.

Re:Wrong!

One: It is a great way for the manufacturer and dealership to screw everyone out of an extra $1000 every so often when the fob has a malfunction and needs replacing. It is the only reason I can think of for them being so "popular". I don't know a single person who actually likes them. Well, OK, maybe the same people who are into chrome wheels on sportbikes like them.

Two: I'm sure it costs less to manufacture since there are no physical locks - kinda like a Windmodem. Since the 2000's, keyed cars typically only have one keyhole. That is strictly a money savings thing as I find it very inconvenient not having a keyhole on the passenger side (I prefer to not even carry the remote access part and just use the key, but that is no longer really an option on modern keyed cars).

Can you even get into your car with a fob if the car battery is dead?

Re:Wrong!

[godel_56]

So you are saying the article is wrong?

I'm not going to call BS, but I am going to ask for a citation on that... :)

The citation is the original TFA link from cbc. Scroll down a bit and look at the diagram which shows how it works. But common sense will tell you that a tiny coin battery in a key fob can't be broadcasting on a regular basis without going flat, whereas the large battery in a car can.

Re: Wrong!

[orlanz]

Like keyless entry, it's just a simple convenience that is nice to have. I understand it's not for everyone, but I really like it.

It's nice to have all the foot lights come on as I approach the car with kids. It's nice to have the interior and my door handle lights come on. The trunk opens/closes with a foot sensor.

And since I haven't touched the fob in my pocket, I don't need to take it out to start the car (I do need to push a small button to open the door). It's also nice to leave the car locked but running w/o the fob. The car will shutdown if someone tries to unpark it.

I don't think the risk is increased by much, if really at all, by going keyless. Knock on wood and all. If someone wants your car there are plenty of ways to take with either which way.

Re:Wrong!

[fahrbot-bot]

It's handy to just push a button to unlock both doors rather then walk around and unlock the passenger door after unlocking the drivers door.

True enough, though both my Hondas have a power lock button on the driver's side to un/lock the other doors and locking the driver-side door with the key locks both doors. My wife's previous car was a 1991 Toyota Celica GT and the outside door locks had some nice intelligence. Unlocking the passenger door from the outside unlocked both doors and when unlocking the driver door, turning the key once unlocked just the driver door while turning it twice in rapid succession unlocked both doors. I actually wish my Hondas had that.

Re:Wrong!

[LostMyAccount]

You've obviously never had a car with a proximity key. It's extremely convenient. No more fishing for keys, taking off your gloves in the winter, screwing around with an ignition key. You just walk up, get in and push start. There are weeks that go by in the winter when I don't even take my keys out of my jacket pocket.

I know it seems only marginally more convenient than a button keyfob, but in use its fantastic, especially in the winter. It's probably arguably safer considering there's no signaling effect as to what car you're unlocking.

It'd be even better if the fobs were cheaper, like say $20-30 each. I'd buy a few more and just leave them in other coats, maybe my backpack.

I wish there were more buttons on the fob, though. I'd like one that would close all the windows and sunroof as well as an option for this to happen when I lock the car. I'd also like an auto lock feature that automatically locked all the doors (and windows/sunroof) when walking away from the car.

Re:Wrong!

[Immerman]

Agreed. I don't have a garage, but if I did I certainly wouldn't waste valuable weatherproof space by filling it with a car that's already designed to be weatherproof on its own.

I've always thought the entire concept of a garage represented an unhealthy relationship with a tool.

Re: Wrong!

Too complicated. Make the car measure the latency instead and you will have your distance.

Re:Wrong!

[viperidaenz]

Bluetooth low energy is designed to do just that. Last years on a coin cell transmitting as often as every few milliseconds. Most do a few times per second.

Re:Wrong!

Is there no lock/unlock doors button on the inside of your driver-side door?

Re:Wrong!

[quenda]

Next, sure, you can use a Faraday cage. You can put it in the refrigerator (which some people actually do!), etc.

That is the sort of thing that works in the movies, but I'm sure the real Ed Snowden knows better. Have you tried it?

Put your cellphone in the fridge or microwave, and call it. Are you surprised to heart the ring?

https://www.youtube.com/watch?...

Re:Wrong!

[ceoyoyo]

You don't have to completely block the signal, you just have to attenuate it enough. Those little fobs are super low power, and the signal already has to go through at least your front door.

Re:Wrong!

[dryeo]

Is there no lock/unlock doors button on the inside of your driver-side door?

No, manual locks and even manual windows.

Re:Wrong!

You no longer need to press buttons to unlock. Mine unlocks when i touch the door handle with the fob in my pocket.

Re:Wrong!

[dryeo]

Well my '98 F150 is manual, manual shift, manual windows and manual locks (last owner added the alarm, remote start and electronic locks). Last vehicle the power locks were broken, so manual, though if they worked, I could have just pushed a button after unlocking the drivers door to unlock the others. That vehicle, I had to replace the window regulator motor twice, spent too much time looking for the wiring break that broke the door locks and other various issues that made me want to avoid too much power this and that.

Re:Wrong!

[mysidia]

Never trust a journalist to get the technical details 100% correct. godel_56 is probably right, and the article is an approximation of the facts as the jouranlist understands or chooses to simplify the details for non-technical readers -- that the fob is always talking.

Re:Wrong!

[mysidia]

the exploit path will remain when you walk away from your car in a store parking lot..

Well, you could put the fob in a RFID-blocking wallet or use a RFID-blocking liner around the pocket and pull out the fob when ready to start the car.

I would opt-out of the wireless start tech altogether.
Personally waiting for a vehicle with a more advanced feature such as Two-Factor unlock by activating a face-recognition scanner to unlock the door then entering a secret personal code onto a keypad and doing a biometric hand scan to authorize starting the engine.

Re: Wrong!

6 figures on the east coast nets one a nice 3,000 sq ft $500,000 house with a two or three car garage. Silicon Valley is overrated.

Re: Wrong!

It's like when some article says GPS tracked someone's movements. Maybe they know that's not what GPS does and are using a shorthand... Or maybe they are clueless.

Re:Wrong!

[MrMr]

which seems like a design flaw
I'm not so sure. Perhaps just the third law of robotics. Could be that the car's AI has decided that the risk of them both in the car is too high for its own safety.

Re:Wrong!

[MrMr]

Yes, and perhaps even a lock and key to fix it in the off position.

Re: Wrong!

[nukenerd]

It's nice to have the interior and my door handle lights come on.

Eh? Even my very first car, an already ancient 1960's Vauxhall, had its interior light come on when I opened the door. Don't know what you mean by "door handle lights" - they glow in the dark?

It's also nice to leave the car locked but running w/o the fob.

You mean you are leaving it running without you in it? Why? Illegal in the UK anyway, and inadvisable anywhere (cases of software bugs changing transmission out of Park). Chist, in the UK it will soon become impossible to buy a car that does not have its engine automatically stop whenever the car stops moving, even in traffic, so obsessed the authorities have become with cutting emissions.

Re:Wrong!

[ctilsie242]

I wonder about having a mode setting on the vehicle. Set it, it only listens to the lock/unlock buttons. When locked manually, it ignores key proximity until the unlock button is pressed.

Re: Wrong!

[orlanz]

My vehicle's door handles have lights under them. As do the running boards. As does the rear of the car so I can un/load things. Specific ones lighting up as needed is nice (the zones are just driver, pass, all, and rear).

I leave the car on when it's less than a 5 min stop. Ie: dropping shipping packages off or leaving the family watching TV to get milk. It will take me 5 min or 20 with family.

Re: Wrong!

When you are local to a machine, you have root. All of your fancy authentication mechanisms are defeated by deciphering the CAN bus on a car where you do have the key. (So, basically for the price of a car rental, a pro thief can learn CAN.)

Re: Wrong!

What is a windmodem? Did you mean winmodem?

Re: Wrong!

Most of them are using the same oem chipset. The newer ones are defending against relay attacks by using time of flight to enforce a maximum distance from the car.

Re: Wrong!

That's what they're doing on newer models, they call it time of flight. Doesn't help the large numbers of older models.

Re:Wrong!

So, you've never had to repair a car at night to get to work in the morning or live in a place that gets far below freezing or over 90f? A garage lets you regulate the temperature of the vehicle better by keeping it away from extreme temps and provides a lit and dry workspace to maintain said vehicle. Can you use that space for other things? yes, but if those things are just storage for random crap then you have too much random crap.

Re:Wrong!

You must live in Florida or California. Some of us have to contend with inclement weather.

Re:Wrong!

[dwillden]

Stay away from Tesla's then. You just have the fob with you. You walk up to it and it unlocks (and the handles pop out, You get in, put it in gear and drive, the handles retract as you start moving. At destination when you stop the handles pop out., you get out and walk away. And the handles retract again locking the doors. All in the fob.

Re:Wrong!

[dwillden]

Ever had your hands full and had to juggle stuff while getting the key out and using it? Or been wearing thick gloves in cold weather and had to take the time to take off a glove just to get the key out of your pocket?

With modern cars you just walk up, get in, push a start button and go. Or with Tesla's you just put it in gear and go. No need to handle the key at all.

Re:Wrong!

[cellocgw]

Stay away from Tesla's then. You just have the fob with you. You walk up to it and it unlocks (and the handles pop out, You get in, put it in gear and drive, the handles retract as you start moving. At destination when you stop the handles pop out., you get out and walk away. And the handles retract again locking the doors. All in the fob.

Both the unlock and lock feature can be disabled in the car's operation menu, leaving only a physical button push on the keyfob to lock or unlock the car. RTFM, already!

Re:Wrong!

[Immerman]

Sure, and if I have to repair a car at night, I'll bring it into a garage/worksace to do so if I have the option. That's pretty rare though, and it's not going to live there the rest of the time, preventing me from using the workspace for other projects.

As for climate - yeah, there's a few places where it might be justified. But most of the world doesn't get into the mid-hundreds (F) or 40+ below on a regular basis, nor deal with baseball sized hail (no, I don't consider minor cosmetic dents to be damage).

Re:Wrong!

A garage is also good if you get home more quickly than you expected but haven't finished jerking off.

Re:Wrong!

[Immerman]

Nope. I've got rain, snow, searing sun, and occasional golf-ball sized hail. Cars can handle all of it.

Re:Wrong!

[clovis]

You must be part of the 1% club. The rest of us who only make six figures can't afford garages. Silicon Valley is just too god damm expensive.

Anyone can have a garage anywhere. You just need to know how to make one.
Here's some examples you may emulate.
https://cml.sad.ukrd.com/image...
https://www.yorkmix.com/wp-con...

Poorly thought out attempts at garage-making.
http://news.images.itv.com/ima...
https://www.jdn.co.il/wp-conte...

Re:Wrong!

Oh, yeah. You like it when I buff wax your finish don't you!

Re: Wrong!

So you spent all that money to gimp your car. Nice.

Re: Wrong!

[mysidia]

Not "gimping" ---- turning off a gimmick that's also a security risk.

Saw this video

[Kernel+Kurtz]

about a year ago. Does not take long.

https://www.bbc.com/news/av/uk...

Not This Again

[WankerWeasel]

This is the same story that made rounds on Facebook over a year ago, telling people to put their keys in their microwave when they're at home to prevent people stealing their car. https://www.foxnews.com/tech/w...

Some incorrect assertions

[TWX]

The mechanism in a fob that lets the vehicle start is not the same mechanism that operates the locks. Additionally there's different programming needed to add the convenience controls versus programming the fob to where the vehicle will start with it.

This "hack" was possibly demonstrated on an old Top Gear when one of the presenter's cars was moved into the street by another presenter while they were at a restaurant. Basically supposedly it was close enough that the the fob and car could communicate. Given that this was for entertainment it's difficult to say if it was real or not.

Either way though, I guess I'm still a fan of having a physical key that must be inserted into a slot, used in combination with an immobilization system that communicates with a chip that's embedded with the key.

Re:Some incorrect assertions

Does this https://www.bbc.com/news/av/uk... look like a fucking Top Gear or entertainment to you?

Re:Some incorrect assertions

[ChoGGi]

Why doesn't the car turn off when the key is no longer "close" to it?

Re:Some incorrect assertions

[kackle]

Dangerous, maybe? A dead fob battery could kill the engine while at 55 mph, for example.

Re:Some incorrect assertions

[mjwx]

Why doesn't the car turn off when the key is no longer "close" to it?

Safety.

Say your Key Fob breaks or stops responding on the motorway whilst you're doing 80. The last thing you want is for the car to decide to shut itself down whilst Andrew Audi is millimetres from your tailpipe at those speeds. When the car shuts down you lose power steering and braking.

The issue here is that many manufacturers are pushing button-less entry. This means that you don't need to press the unlock button to enter the car or disable it's immobiliser. You only need the transponder to be close to the car. The safety "feature" is that it only works over a few metres... Which as anyone who knows anything about information security will figure out in 10 seconds flat, is no security at all.

This is why I didn't opt for this option on my BMW.

Re:Some incorrect assertions

[ChoGGi]

The car could have a holder that ensures the fob doesn't run out of juice, or just not start if the fob isn't in a holder.

but that's probably too expensive...

Re:Some incorrect assertions

[Agent0013]

That would be called a metal key in the lock then. I never take my fob from my pocket. I unlock the car by touch, start the car by push-button, and lock it again by touching the handle. My hands can be full of coffee and a laptop bag etc, while the back of my hand is all it takes to lock the car. Now you want me to remove the key from my pocket to put it into a holder so the car does not crash while driving down the road. Stupid suggestion and I would rather just go back to a regular key than that. But the key fob is the best invention I didn't know I wanted until I had it. It really is way convenient and it isn't really apparent until you are using it and see how often it keeps your hands free.

Re:Some incorrect assertions

[ChoGGi]

Now you want me to remove the key from my pocket to put it into a holder so the car does not crash while driving down the road. Stupid suggestion and I would rather just go back to a regular key than that.

The idea is people can't steal your car without the fob in direct contact with the car, you don't need to make it shutdown (sorry crash...), just not have the car start unless it's plugged in.
I'm also not sure what locking the car has to do with anything? That'll work just as it did.

Re:Some incorrect assertions

[Agent0013]

I'm also not sure what locking the car has to do with anything? That'll work just as it did.

I never remove the key from my pocket. It cannot get lost or locked in the car and it leaves my hand free for other things. The moment I have to take it out of my pocket the device is ruined for it's purpose. And if I only need to remove it after I got into the car, that is even worse since pockets are hard to reach into once sitting down. Do you understand now, or did I use too many words again?

Re:Some incorrect assertions

[ChoGGi]

To each his own.

Re:Some incorrect assertions

[John.Banister]

I don't know if the reason is to permit convenience similar to my use, but I'd take advantage of this when driving my parents (in their car) to doctor visits a lot. They'd have the keys in their pocket/purse. I'd park the car after letting them out at the entrance.

needs motion sensor

[Bruce+Perens]

At the very least, the key fob should have a motion sensor, and should not be beaconing when it's not been moving for a few minutes. That would defeat this particular exploit.

Re:needs motion sensor

[Actually,+I+do+RTFA]

Nitpick: I assume you mean it should have an accelerometer or other IMU package. A "motion sensor", as a term, tends to refer to a device that senses motion in the room (like that used to turn outside lights on as you approach).

Seems like a much more expensive solution than a button or slider switch to activate. Or socket in the car with a physical connection required.

Re:needs motion sensor

[Bruce+Perens]

Yes. The whole point is not to have to push a button to open the car door. You have key key in your pocket, and touch the door handle and it unlocks by itself. This is how it works on my Prius and Jeep.

Re:needs motion sensor

Nope, "motion sensor" means "sensor that senses motion" - you're thinking "IR motion detector" which is to sense motion in the room. There are ultrasound versions also. OP was entirely correct to call it a motion sensor. It is.

An accelerometer detects acceleration. These motion sensors don't actually detect or calculate that. They just know the signal has changed position. It's entirely different, your pedantry nonwithstanding...

Re:needs motion sensor

[Actually,+I+do+RTFA]

Sure, hence the other idea of a slide switch to activate/deactivate fob. Deactivate when you get home/to work. Activate before you walk outside.

Personally, I would prefer a button, but there are pluses and minuses.

Re:needs motion sensor

[Luthair]

Imagine someone sitting in their car with their key in a bag (e.g. a purse), suddenly they need to shake their bag to move their car? I think fix is accurate timing of the response which would indicate distance. They might also be able to listen for a replay but not being an EE maybe a directional antenna would defeat that.

Re:needs motion sensor

[omnichad]

I keep my keys in my pocket - not on a table somewhere. If I'm awake, they've probably been moving in the last few minutes.

Re:needs motion sensor

Oldschool keyfob where you need to press a button to initiate transmission/reception that unlocks car doors prevents this. Paired with immobilizer that is part of physical key that you need to insert in the car to start the fucking engine.

Yeah, I know. Not very convenient. Then people should stop whining when their near field communication device ranges are extended by a active range extender antennas and amplifiers that can be put together with $50 budget.

Convenience gets you this: https://www.bbc.com/news/av/uk...

Re:needs motion sensor

[dknj]

i like your idea of a slide switch because it gives the operator choice. you live in the boonies, have a garage, drive a $2000 fordor generally dont care then you don't have to disable for convenience. live in a major metro city, or otherwise are constantly at risk of theft of your $50k car you park on the street.. by all means boo-boo activate that slide switch.

i'm not inconvenienced, you are still safe. win-win. until you forget to slide it and get annoyed that your car won't unlock or worse, gets stolen because you never turned it off.

personally the accelerometer idea is superior but probably will destroy that cell battery in a matter of months rather than years

Re:needs motion sensor

[nwf]

Too prone to error. A time of flight calculation would work. Of you are outside of, say, 10 feet, you can't unlock the car. Apple does this when unlocking a Mac with an Apple Watch. I'm sure it's not trivial, but it's certainly possible.

Re:needs motion sensor

[dgatwood]

Signals travel at around a foot per nanosecond. That means the time to respond to a request must have no more than a few nanoseconds of variation. That seems unlikely to be possible, much less practical.

The right fix is for keyless driving and no-press keyless entry to be an optional feature that the user can disable.

Re:needs motion sensor

Actually "motion sensor" is the correct term these days: https://www.digikey.com/products/en/sensors-transducers/motion-sensors-accelerometers/515

It's for the whole category on most chip purchasing sites now, and then there's sub-types for gyroscopes, accelerometers, optical, tilt switches, etc.

And when a basic low-power three-axis accelerometer is less than $0.50? No, it's actually cheaper than adding a button or switch to the keyfob, especially as you don't need to concern yourself with sealing or contact wear like you would if you added a button.

- WolfWings, too lazy to login to /. in way too bloody long.

Re: needs motion sensor

[orlanz]

I am not an expert, but do work on IOT circuits in my spare time.

I think an accelerometer consumes many times more power than a short range transceiver. The fob probably transmits for 1/10000 of a second every 1-3 seconds. An accelerometer probably draws more power idiling for movement over a 24hr period than the transmitter.

Then there is higher initialization consumption of an accelerometer. At the later stages of the battery, it probably will fail sooner, being unable to draw the necessary power.

It's a nice idea and probably a good trade of security vs battery life in a higher car theft risk area. But over all, I don't think the standard keyless and keyed cars are significantly safer to warrant it.

Re:needs motion sensor

[Bruce+Perens]

I think if it stopped beaconing after standing still for 5 minutes, it would satisfy most needs. There are a few corner cases where the car has to be able to order the fob to beacon anyway. For example, if the car says "I'm about to lock the door, let me know where you are so that I don't lock the keys inside", it has to beacon. Obviously if you go to sleep in your car and then push "start" and nothing happens, you will have to shake the fob. Sorry.

Re:needs motion sensor

[Actually,+I+do+RTFA]

Hmm... interesting. The first links I get on DDG for "motion sensor" are hardware stores selling outdoor light sensors. Wasn't aware of the usage change. Sorry Bruce!

I'd be more concerned about power consumption than construction cost. Replacement fobs cost a couple hundred bucks, so there should be sufficient profit. I'm not even sure if the hands-free fobs have batteries or are just passive RFID.

Lastly, I've been desperately looking for cheap accelerometer all in one board. I haven't seen a usable accelerometer for $0.50, and certainly not once you count all the other pcb parts needed to make it work. I'd love to find out I'm out of the loop. any good recommendations?

Re:needs motion sensor

[Applehu+Akbar]

The Toyota solution: key required for the actual ignition. Problem solved.

Re:needs motion sensor

[ceoyoyo]

Not a time of flight calculation. Light is too fast and the fob's response time is too variable. Delay detection would work though. You send out the signal and you know to fairly good precision (but much less than required for TOF) how long the key fob takes to respond. You would probably build the fob so it sets up its response, waits a particular amount of time, then fires it off.

Relays introduce an unavoidable delay. If you detect the delay, don't unlock the doors.

Re:needs motion sensor

[mentil]

A newer Prius doesn't start with a key. A fob is required instead.

Re: needs motion sensor

[AmiMoJo]

The fob doesn't transmit at all most of the time.

There are various kinds. Some use an ultra-low power RF detector to detect signals from the car (since the car battery is massive and rechargable), and then wake up when in range and start communicating. Others are entirely passive, they simply modulate a signal sent out by the car and reflect it back.

The current preferred method of avoiding these relay attacks is to look at the timing of the response. The relay adds a small amount of delay that can be detected.

Re: needs motion sensor

Newer models do time of flight calculations to set a maximum range regardless of signal strength. No need for a physical switch that most people wouldn't use.

Re:needs motion sensor

[im_thatoneguy]

Some do. It's a good simple solution.

People are petitioning Tesla to implement that in their smartphone app\key.

aluminum foil

also works. And I think they have it backwards. The car is constantly pinging and the fob is listening. If it hears a car then returns the challenge.

Why would it continuously emit ?

[aepervius]

It just need to emit when you push a button on the key fob. Or is this one of those "innovation" with scary quotes where you just have to be near your car ?

Re:Why would it continuously emit ?

[fluffernutter]

Because a lot of vehicles now react if you have the fob and you touch the door handle, or if you have the fob and you sweep your foot under the back bumper. The point is to eliminate the necessity to touch the fob. I know my wife's is buried in her purse all the time and she never takes it out.

Re:Why would it continuously emit ?

[Ingenium13]

It doesn't continuously emit. It's false information in the article. The fob listens constantly, and when it receives a valid query from the car, then it broadcasts a response. So when someone touches a door handle, for example, to unlock, the car broadcasts the challenge, and the fob then broadcasts the response. Same for pressing the start button.

The coin battery in the fob would die within days (if it even lasts that long) if it was constantly broadcasting.

Re:Why would it continuously emit ?

[bobbied]

It doesn't continuously emit. It's false information in the article. The fob listens constantly, and when it receives a valid query from the car, then it broadcasts a response. So when someone touches a door handle, for example, to unlock, the car broadcasts the challenge, and the fob then broadcasts the response. Same for pressing the start button.

The coin battery in the fob would die within days (if it even lasts that long) if it was constantly broadcasting.

Shesh, the article is right they are regularly transmitting, but you have to consider what it means. The FOB need only transmit a short low power RF pulse every 10 seconds, more or less. The FOB's I've seen come with absolutely huge batteries and YES they need to be replaced a lot more often than the button press kind. (and the dealer service department LOVES to do it for you.)

Re:Why would it continuously emit ?

[tlhIngan]

It just need to emit when you push a button on the key fob. Or is this one of those "innovation" with scary quotes where you just have to be near your car ?

It can't continuously emit. Key fobs are powered by tiny batteries, and transmitters are power hungry. IN order to keep the battery life to several years they can't continuously transmit.

What happens is the key fob detects a low-level RF field emitted by the car, and the car interrogates the key when the key detects this. This is used for those keyless entry systems. This is an alternative to pushing the button.

What I don't get is the whole "don't need the fob to start". Every car I've seen refuses to start the engine unless the key fob is INSIDE the car. And the key is interrogated periodically - if you remove the key from the car, the engine will stop within 5 minutes. The only way to run longer is if the key fob remains near the car on the outside (this is essential for those of us in cold climates where we start the car, set the blower to fast and hot and defrosters on,. then go and scrape the windows on the outside, so the key fob is outside but close to the car).

So they can steal the car, and run it for as long as they can maintain the keyfob signal.

Heck, when they battery on my keyfob ran low (why the car souldn't tell me to replace the battery escapes me) the car asked me to insert the fob into a special key holder in the glove box as an emergency measure.

Re:Why would it continuously emit ?

Listening all the time is MUCH WORSE consumption-wise than transmitting every x seconds and going to sleep.

Try with a nRF24 and see which consumes more power.

No...they do not

[DewDude]

"always broadcast a signal". They only do that when within the low-frequency radio signal generated by the car. They work much like RFID if you don't press a button on it. This is also really only usable on vehicles that don't use the standard "press a button to do something" fob. My 2011 Hyundai uses a standard fob like this; the 2018 Yukon XL I rented used the more modern type since it was a push-start.

Why don't they fix this?

[bobbied]

Come on you crazy car makers you can fix this exploit.... PLEASE start making the no button FOBs work on an interrogation basis... Make it necessary for the CAR to initiate the conversation and ONLY when the car needs to know when the FOB is in the local area. ALSO, make sure the FOB is at least close to the vehicle by looking at the delay between the ping and pong reply. You can keep the current button press FOB things, but for any "automated" unlocking do the right thing and MAKE SURE the FOB is actually near the vehicle (or INSIDE it when you start the motor). Come on, it's not that hard...

Re:Why don't they fix this?

[jaa101]

Obviously more stolen cars results in more car sales so, at the very least, manufacturers aren't as well motivated as they might be in this area. Probably the fix is for insurance companies to jack up the rates on cars with insecure fobs. You do compare the insurance rates when chosing between car models don't you?

Re:Why don't they fix this?

[RhettLivingston]

I agree. Seems like this is the perfect app for RFID. I believe there are some that could even rotate codes using just the energy broadcast to it.

Re:Why don't they fix this?

[bobbied]

I actually DO compare insurance rates... But I admit that I'm weird when it comes to buying cars.

For my last two vehicle purchases I made a "final offer" and told the salesman I only had about 30 min to close the deal. When they first refuse because the "manager" didn't like the deal, just turned to leave. They got two chances. In both cases, it took about 30 min. The problem is you have to know what the vehicle is worth to the dealer, a bit of research that takes is daunting, because it's NOT dealer invoice, not by a mile, AND you need to be willing to actually walk away if they don't take your deal. In both cases, the dealer made about $600 on the car, best I could tell.

Re:Why don't they fix this?

[dknj]

so your car should constantly ping? how does that solve the problem.

-dk

Re:Why don't they fix this?

[bobbied]

so your car should constantly ping? how does that solve the problem.

-dk

No, it only pings when somebody tries to access it. So it's quiet until somebody grabs the door handle to open the door, then it pings, or hits the "start" button, then it pings and verifies the FOB pongs and is actually INSIDE the car (easy to do with basic direction finding).

But think about what this means... That "ping" now needs to be sent to the FOB before it will pong.

This greatly increases the complexity of the exploit. Now you have to relay signals in both directions. You have to get the ping to the FOB, and return the pong from the FOB. That means that the thieves will need to be touching the car, broadcasting the ping, which they amplify to get it to the FOB and then trying to find the FOB's reply and amplify it for the car to receive. It's more than twice as difficult to do this.

Re:Why don't they fix this?

[vux984]

" It's more than twice as difficult to do this."

First. No. Having to do basically the same thing twice does NOT make it twice as difficult.

Is making two omelettes twice as difficult as making one? Twice as many eggs. Sure. Twice as time consuming maybe. But twice as difficult? No. If you can make one, then making a 2nd one does not really increase the difficulty of the task.

Second, boosting the signal from the car is easier. You know exactly where the car is, your within physical contact wit hti. You are trying to steal it after all. Finding and boosting the signal from the fob is harder, but if they've already got that part figured out boosting the signal from the car is only nominally more effort.

Re: Why don't they fix this?

And considering that this is how these keys really work (the car initiates) this is exactly how the thieves are doing.

Re:Why don't they fix this?

[mysidia]

Make it necessary for the CAR to initiate the conversation and ONLY when the car needs to know when the FOB is in the local area.

That may be very well what it does, but the thieves Relay the interrogation AND the responses to the interrogation..

ALSO, make sure the FOB is at least close to the vehicle by looking at the delay between the ping and pong reply.

The delay before the FOB responds is probably not predictable and measurable with sufficient precision.

Keep looking up ...

[cpurdy]

... because it is almost as likely that you will get hit by a meteor as have this happen to you.

Video of thieves using that method to steal a car

[ei4anb]

"Police in West Midlands, UK have released footage of criminals stealing a car by relaying a signal from the key inside the home, to the car in the driveway."

https://youtu.be/bR8RrmEizVg

Progress

[fluffernutter]

Isn't technology great?

Re:Progress

Relying on transmitted signal strength to determine distance between two objects (car and key fob) is broken by design. Radio signals can be received, amplified, retransmitted. It's not rocket science.

Re:Progress

Clearly it is rocket science to the people making cars. But if this becomes wide spread, car people would do something to remedy the situation. Same happened with the regular key. There was a time when cars could be hot wired easy and car makers changed the system to put a chip in the key so the car communicates with the key to ensure that the key is the right one. After that was implemented all the old cars were getting stolen because the new ones were hard to start without a key. Something like this will happen with RF keys. In the mean time lots of cars with keyless start will get stolen.

this is better

[RhettLivingston]

Given that there is no indication of an increase in theft and that thieves using methodologies like this are very likely professionals, the thieves have just found a less damaging way to steal your car. They can steal any car they decide they want - even if they have to haul it away on a car hauler. If it is stolen in this fashion and perchance recovered, you likely won't have to deal with as much of a repair job.

So go ahead and worry about making it more difficult with Faraday cages and other silliness. If your car shows up as one that they want for parts, you'll just get a busted window for your efforts assuming they recover it.

Huh?

[jabberw0k]

The key fob only transmits a signal when you push the button. And what does the key fob have to do with starting the car? That's done with a key. Of course you can hot-wire a car, that's been a thing since there were keys. Article is confused.

Re:Huh?

The key fob only transmits a signal when you push the button. And what does the key fob have to do with starting the car? That's done with a key. Of course you can hot-wire a car, that's been a thing since there were keys. Article is confused.

The newer cars transmit a signal when the key fob is within range. My moms car unlocks and locks itself depending on where the key fob is. Her car you still have to push a start button to start it. And if the key fob is not within range of the car security system will shut it down.

Re:Huh?

The key fob only transmits a signal when you push the button. And what does the key fob have to do with starting the car? That's done with a key. Of course you can hot-wire a car, that's been a thing since there were keys. Article is confused.

No you're just way out of date. Many cars now have push-button start where the fob never needs to leave your pocket. The puddle lights on my car come on when I get within a few feet of it with the fob in my pocket and the door unlocks if I put my hand on the door handle. However for most this is a very low-power short range signal, the signal from when you do press a button on the fob is much, much stronger.

Re:Huh?

You apparently haven't driven any cars made since like 2014.

Re:Huh?

[bob4u2c]

PKE (Passive/Proximity Keyless Entry). You only need to be close for the doors to unlock and the push to start button to function, hence the Passive/Proximity part.

Hot-wiring a modern car would be expensive, time consuming, and very invasive as you need to replace the computer with a hacked one as it is looking for a key code. Without the computer the car just won't run as starting, timing, and other adjustments needed for the engine to fire right are made via the computer. Try switching the computer out in a parking lot full of people and somebody will catch on. It might work if you had a convincing tow truck so you looked legit. But still there is a pretty big chance that the owner would walk up on you doing this.

Older cars yes; use a screw driver with a t-bar to break the cylinder lock and unlock the wheel. Then find the +12v battery wire, and the on/run wire (dash should light up when connected to the +12v wire). Twist these together, then touch the starter wire to it and your off. I have one of these older cars and yes I've started it this way a few times (the electric plates in the key lock were broken and being a staving college student I couldn't afford a replacement at the time).

This doesn't seem like it would normally work?

[King_TJ]

I've owned a number of vehicles with keyfobs, and in almost every case, they didn't transmit anything until you pressed a button on them to unlock or lock a door, a trunk, or perhaps sound the horn repeatedly as a "panic" function.

That was true even for cars like my Hyundai Genesis Coupe that had "push to start". The fob might have transmitted something to tell the car it was present, so push to start was ok to start the engine. But you couldn't unlock the doors just by walking up to it. Come to think of it, my Cadillac CTS Coupe used to be the same way. It had push to start, but the fob didn't unlock anything until a button was pressed to send that signal.

I actually used to have a Chrysler Crossfire SRT-6 convertible (2005 model) where the keyfob would even stop unlocking the doors if a button on it was pushed too many times while outside the range where the car could act on the command. It must have used some kind of 2 way handshake when you pressed the lock or unlock button. When it would stop working (which happened occasionally because I'd accidentally press buttons on it when it was in my jeans pocket with the rest of my keychain), I had to put the key in the ignition, turn it to the "on" position, and double press a button on it, and then turn the car back off. That would pair it back up.

Re:This doesn't seem like it would normally work?

Not all cars work like you describe. I have a Mazda that has a button on the handle on the door I can push if I'm within range to unlock the car. What an attacker would do for that is boost the signal of the car or whatever it is and press the unlock button. The same applies to push to start. The idea is that the key is supposed to be close, but attackers are simply exploiting that the key fobs are otherwise stupid and just boost the signal so that the key fob seems to be closer.

Re:This doesn't seem like it would normally work?

[demonlapin]

Lots of modern cars have fobs that don't have to be pulled out of a pocket or purse. I can walk up to my car, and as long as the fob is very close (in my case, about a foot), putting your hand inside the door handle will unlock the car. It definitely recognizes which side of the car it's on, and might even recognize which door (haven't tried). If you use this technique on the driver's door, it will only unlock that door. Any other door, it opens all four. Then it's a normal push-to-start fob. That's a 2009 Lexus, so the tech has been around a while.

Re:This doesn't seem like it would normally work?

Uhh, you are poor and drive shitty old cars. Modern cars (even a modern Hyundai LOL) don't need a button press.

Why is this news? It's been known for years

First reported at least 2 years ago.

The only news here is that it's still possible to do it. So ask your local auto manufacturer 'what the fuck'.

We are on the verge of a golden era for...

[Blaede]

...car theft. Once autonomous cars are perfected, thieves can remotely start the target car and have it drive itself into a Faraday caged trailer. The vehicle pulling the trailer will be autonomous too.

Put it in the garage

[Fly+Swatter]

I am sure your Amazon or Google based internet home security system will be able to protect it.

In fact...

[SuperKendall]

Turns out the thief is an autonomous AI as well, that figured out making money for new GPU's to increase processing power was a lot easier stealing cars!

Re:In fact...

[mentil]

Turns out Jensen Huang is an AI. Suddenly Nvidia's cryptomining and AI applications make sense! Turing architecture... subtle...

We come from garage land!

While you're at it if you have a room big enough to hold a car with a big enough door to drive through please put your car in there. I'm in the 'burbs but I'm constantly confused by people who stuff their garage with junk but leave their vehicle outside and unprotected.

Extra step too annoying

[SuperKendall]

Sure, hence the other idea of a slide switch to activate/deactivate fob.

That still means you have to dig it out, especially annoying in the winter. I like my keyless entry because as stated, I can just walk up to the door and press a button (on the door) and it unlocks without having to dig the key out of my pocket or jacket.

Now if you are really wanting this, this you could easily hack it up yourself - the wireless key fobs have batteries, so you could just rig some simple outside switch to disconnect the battery. I'll be the people able to make that happen and the people actually wanting this feature is a nearly complete overlap.

Re:Extra step too annoying

[Actually,+I+do+RTFA]

It's a slide switch. You're right you have to dig it out, but only to toggle it. So do it while inside your home/office/etc as part of putting on your coat to go outside. I understand that some people like the hands-free nature, but making it toggle-able avoids this problem with less engineering/cost from a sensor.

Also, I'm not sure if the fobs have batteries, or are powered with received EM from the car.

Re:Extra step too annoying

[epine]

That still means you have to dig it out, especially annoying in the winter. I like my keyless entry because as stated, I can just walk up to the door and press a button (on the door) and it unlocks without having to dig the key out of my pocket or jacket.

Then you deserve to have your radio signals amplified and replayed. Just because you find it annoying doesn't mean a terrible engineering solution somehow becomes a good idea.

I suppose you could two-factor with a fingerprint reader on your car door. Should work great until that surprise -50 degrees F event (climate isn't what it used to be). Then you be standing outside your car in some cold, remote place (remote from your fireplace), wishing your fob had a convenient and reliable button, rather than your car door having an erratic fingerprint reader, that reads blue fingers even less well than mostly sometimes.

6-speed

Millennial anti-theft device.

Would this work in shopping centers?

[bob4u2c]

Think about it. You have one person in the parking lot finding cars with push button start. Stand close to the car, then have another person in the store with a booster walking past people till the car unlocks. Take car, ???, profit!

Re: Would this work in shopping centers?

So far I have seen the opposite there. Aka they use jammers instead so that people leave their cars unlocked since few check that the locks where actually engaged.

Slashdot does a lot of boosting, too

Boosting stories and headlines directly from HackerNews, instead of having their own.

Re:Slashdot does a lot of boosting, too

Do you think Slashdot has a staff of journalists to write stories? Slashdot has aggregated news from sources for about 20 years now. You can use fancy words like curate or aggregate or "social news". But let's call a spade as spade, this site is built around re-posts.

Why not put buttons on the key fob?

[OrangeTide]

Perhaps design a key fob that doesn't constantly broadcast, it would be harder to intercept and perhaps save battery life. This revolutionary keyfob design could have a set of buttons to unlock your doors, start the car, maybe open the trunk, or set an alarm mode.

I should patent that idea before anyone else! Ladies and gentlemen, we may have solved this key fob hacking trick and added a whole suite of features in the process. Well done!

Re:Why not put buttons on the key fob?

I know your post is ironic, but my bike key works like that.
A button to unlock the bike, then I have to manually turn a knob on the bike into ignition mode in order to be able to start the bike. If the key is not in range when the bike is in ignition, the alarm goes off. I have not tried what happens if the bike is running and bring the key out of range, but I would assume that the alarm goes off as well, either that, or the bike's engine will shut off, which could be a bit dangerous, especially on a bike, but that would probably teach thieves to not mess with it :D

Always having the key in my pockets is a bit of extra security, since that guarantees that I won't forget to take the key when I leave the bike, which I think was one of the reasons electronic keys were created in the first place, then people realised that they were lazy. ;)

Re:Why not put buttons on the key fob?

I want a fob with an accelerometer in it. The be able to program it with different motions to open the door vs starting the engine vs open the trunk.
Make it long and thin with a wood veneer.
The fob chooses the driver.

Re:Why not put buttons on the key fob?

[flood78]

too simple!
and as you quoted... “Common sense is not so common.” — Voltaire

Re:Why not put buttons on the key fob?

[Agent0013]

This post just means the parent has not tried the new fobs that never have to leave your pocket. Hand full of bags and coffee cups, just walk up and open the door with your pinky finger. The fob in the pocket and touch of the door handle allows the car to unlock. Same with locking, but the back of your hand works well there. And starting means you don't need to try to fish a key out of your pocket while sitting in the seat either.

It really was an invention I didn't think sounded so awesome until a car I got had it. Then after using it i realized how helpful it is and now want it in every car.

Re:Why not put buttons on the key fob?

[OrangeTide]

My bike doesn't have a key. You open the petcock, set the choke, pull the decompression lever, turn it over 7 times, release the decompression lever, set the bike to "on", pull in the clutch lever, set the kick lever to top dead center, kick a 600 cc single hard like you mean it.

I'm more worried that someone might roll my bike aware than I am that they'll figure out how to start it. Even with my directions above it's hard to have a feel for starting it.

Re:Why not put buttons on the key fob?

[OrangeTide]

Ah, I use a shopping cart to carry things. Also I can carry four 12 packs of beer (2 per hand) and still have have 2 fingers free for operating door handles. (my doors don't self-open)

Science is hard

That makes sense and gives a reason for the second device mentioned. You would need a repeater at the car to boost signal to get fob to transmit code that they then intercept with 1st box. Otherwise the unit at the car makes no sense.

I'm sorry, SuperKendall

I'm the same AC who posted the parent comment. I've reconsidered my spam posts after seeing other people call for civility on this site. I'm sorry, SuperKendall, for harassing you with spam posts like this. I will immediately stop threatening you and your family, and I promise my threats of "consequences" are empty threats. I'll be leaving Slashdot now, and I won't return until I can make a useful and civil contribution to this site. I will never post spam again.

Re:I'm sorry, SuperKendall

[SuperKendall]

If you are the same person I accept your apology, I always figured the threats were not really serious (I've got a lot of death threats over the years for more trivial things). I appreciate your reevaluation, good luck.

Re: I'm sorry, SuperKendall

LOLx

You
Are
A
Fucking
Moran

Simple fucking solution

Sold as 'The Club'. Master Lock and other companies make similar club-style steering wheel locks. While not foolproof, they are a visual deterrent that, like a dog in your house to a burgler....makes them move on to easier goddam pickings. Purportedly.

I've been slapping a club on my own vehicle for years now. A 12 year old could hotwire my old vehicle lol. Why make it easy for them.

Close to the door?

[quonset]

bring a device close to the home's door, close to where most keys are sitting,

I must be one of the few people whose car key isn't located anywhere near the front door. It must be close to 30' where I put my key.

Also, as someone further up said, I drive a stick shift. Even though I have an electronic door lock, it only works when I press the button. So even if they could steal my signal, my anti-theft device will keep them at bay.

"If you do live in a house..."

[fustakrakich]

I live in a cardboard box, you insensitive clod!

But I wrapped it in aluminum foil so nobody can steal my Lexus.

why worry if insurance covers it

For customers that would get a model-year-new replacement from insurance (assuming the car wasn't tracked down and recovered), there doesn't seem to be much incentive to be worried about this. It might be an inconvenience to not have a vehicle for a time, but I'll gladly take the $20k payout bonus in exchange.

Beach

[aberglas]

But then you go to the beach, have a swim with the fob in your pocket, and you stay at the beach because the fob stopped working.

That is why I leave the electronics in the car and only carry the physical key (on a hybrid key/fob system).

Re:Beach

[dryeo]

Yes, that is the drawback. Since I acquired this vehicle, I live in fear of locking the fob in the truck or losing the fob, especially at first when i only had one fob. Now I can use the spare key (which I didn't have at first) if the fob is inside, the truck will scream until I quickly find the fob and hit the unlock button, then 2 other buttons to reset things.

Re:Beach

[Dog-Cow]

I have a Mitsubishi Attrage (company lease car), and it won't lock if the fob is inside the car.

Re:Beach

[dryeo]

One advantage of the modern fob.

Re: Beach

That's especially important for those rides through the ghetto.

Re: Beach

[BronsCon]

Ah, but it will lock with the fob inside if the car is running

hard time believing that my ancient fob is always

[charliemerritt03]

>> hard time believing that my ancient fob is always broadcasting

Yea.

I had an after market fob that activated the fuel pump and ignition on a jalopy just by being in the car, no button. A resonant technology like the anti theft thingies in stores or quick-pass - these CAN be pinged while in your coat pocket at home. The button type do nothing till you push the button, these signals can be harvested in busy parking lots, but then you need to find the car later in order to be able to steal it. Of course there are the guys with a dolly they can slide under your car then up on a platform truck in under 90 seconds.

Open letter to Slashdot

The parent comment is a direct threat against a particular user and his family. I don't agree with SuperKendall's politics at all, but I've always found him to debate me in a civil manner. Disagreement does not warrant harassment and threats.

These comments are posted repeatedly, sometimes multiple times within a single article. Judging by the volume and frequency of these comments, the user responsible for posting them is actively circumventing Slashdot's limits on anonymous posting.

I've reported many of these spam posts to Slashdot, and I'm sure many others have as well. I've also emailed the management here. I've been around on this site since the late 1990s and I've seen many trolls and crapflooders. I don't remember this amount of incivility and harassment, even when the overall volume of troll posts was higher.

Violent threats aren't protected speech. While this post doesn't threaten a specific act of violence, one could argue that is implied. While the user may well be incapable of actually carrying out that threat, it is still a threat. Slashdot is aware of these threats, but seems to look the other way, Despite reporting the parent comment, it hasn't even been moderated to -1. I sincerely wish Slashdot would crack down on the most vile of the spam, that often contains the worst incivility and bigotry. I've seen entire threads be deleted, so I know Slashdot is willing to delete posts that are deemed abusive or have been reported for DMCA violations. Unfortunately, that's also extremely inconsistent, as evidenced by the parent post and many others like it being allowed to stay despite being reported.

While I'm not a lawyer, I strongly suspect there is some legal liability for hosting illegal speech once the host is made aware of it. I've done just that by reporting these posts. I'm not SuperKendall, so I'm not in a position to bring legal action for these specific posts. However, it is entirely possible that someone else might be willing to do so, if these types of behavior are allowed to continue. I sincerely value free speech, and there are times that something needs to be said anonymously. For that matter, I'm posting this anonymously to avoid harassment from the user who posted the parent.

I sincerely hope that Slashdot will clean this up. This is driving away users who make productive contributions to this site. It contributes nothing to the discussion, and really isn't legally protected speech. There's a difference between censoring viewpoints and blocking spam and repeated harassment.

And so I ask: Does Slashdot condone harassment and threats? Or will they put an end to this behavior?

Re:Open letter to Slashdot

And so I ask: Does Slashdot condone harassment and threats? Or will they put an end to this behavior?

I was with you in full (except I was only an early '00s frequenter) until your false dichotomy fallacy. Hanlon's razor cuts deep.

Not news; and another reason to avoid these things

[Flexagon]

In addition to the post's reported issue (which is hardly news, BTW; it's been a thing for a good while), another reason I rejected this feature for our most recent car is that I often like to verify that the car's door is locked, and without that annoying beep if I (re)lock with the fob. With an auto-open feature (pun quite intended), a test of the door handle as I'm leaving the car always leaves it open. Maybe it automatically re-locks after some time, but even that might be longer than I want.

And if auto-open fobs weren't enough, another option was to be able to start the car remotely from a smartphone app. Warms it up and such. Just what I need, filling the garage with CO. I skipped that "feature" too.

Short range

[Immerman]

And how about the claim that it's a "short range attack"? They've got Bluetooth "sniper rifles" that can connect to a device a mile away, how much do you want to bet the same thing exists for keyless fobs? Sweep that through the parking lot and across the store/restaurant/whatever as you drive past, and let it give a chirp when it unlocks something - along with a readout of whatever model-identifying information can be recognized. You wouldn't want to waste your time stealing the cheap junk after all.

Put your keyfob into a steel box

[mnemotronic]

"The other thing that you can do is ... put your key fob into ... a faraday cage ...or even a steel box."

Like the car. Oh, wait.

Good grief

[sunking2]

The entire article is speculative.

The proximity ones don't constantly broadcast

[raymorris]

That statement is incorrect for the proximity fobs too. That would kill the battery in the fob. Anyone such a fob can easily test it.

Go stand next to your car. You probably won't hear it unlock.
Touch the door handle. You'll hear it unlock.

What's going on is:
The handle has a capacitive sensor to detect your hand.
When your hand is on the handle, the car sends an *inductive pulse.
The fob has a coil in it, which works like a transformer to catch the pulse from the car.
Note this pulse is more like a transformer than a radio.
When the fob is triggered by the inductive pulse, it sends a radio packet to the car.

Re:The proximity ones don't constantly broadcast

[mentil]

That sounds like NFC. In any case, the indoor lights on my car light up when I approach with my keys on me, before I touch the handle, so it's probably sending pulses regularly.

Re:The proximity ones don't constantly broadcast

[BronsCon]

Chrysler tech here and I can confirm this for at least most Chrysler and Fiat vehicles produced in the past 5 years. The number of keyfob batteries I replace because the vehicle will only start if the button is pressed WITH THE FOB is secondary confirmation; without the battery allowing the fob to send pulses, the system reverts to a technology very similar to NFC (if not simply NFC by a different name) using an antenna embedded in the start button.

Re:The proximity ones don't constantly broadcast

Chrysler tech here

I bet you're NEVER hurting for work.

Re:The proximity ones don't constantly broadcast

[BronsCon]

Well there's a reason I changed career paths at 36... That said, I have more issues with the Ford I drive daily than I see on the typical FCA vehicle.

A steel box

[PPH]

Altoids cans work.

Great expert

Guess their "expert" doesn't know about the plethora of Master Key Fobs available on Amazon and eBay for many brands of vehicles.

Yes, but won't happen

[SuperKendall]

Then you deserve to have your radio signals amplified and replayed.

Sure do! But it's super unlikely I figure. I'll gladly trade a lifetime of convenience for the slim chance it will be used to take the car some day - which insurance would just pay for another of anyway...

Also my car is garaged which adds an admittedly thin layer of extra security around it when not in use.

Honestly rather than a switch which would be annoying all the time, a simple RF blocking bag to drop the key into at home seems like a much more practical way to go if you have to leave your car on the street and want someplace near the door to leave the key.

I think all fobs have batteries but...

[SuperKendall]

Also, I'm not sure if the fobs have batteries, or are powered with received EM from the car.

My fob does have a battery, and most would for powering the broadcast signals that are used by the remote unlock buttons.

However after some thought, it seems like even with the battery disconnected the actual RFID chip would probably still broadcast, after all it is just a latent thing... so it's not that easy to rug up a switch. I guess a kind of switch could be as simple as a sliding RFID blocker over the body of the fob that you could fold away somehow.

How is this news?

It may be news to CBC, but Steve & Leo covered it on the Security Now! podcast back in 2015, IIRC.

Google says... "Security Now! #508 - 05-19-15 Exploiting Keyless Entry"

Protect your key fob?

[Weirsbaski]

"If you do live in a house, try to leave your keys either upstairs or ... as far away from the vehicle as possible," he said. "The other thing that you can do is there are products out there that you can put your key fob into," such as a faraday cage -- a box used to block radio signals -- a key pouch, which works similarly, or even a steel box.

They bring a steal box, you bring a steel box. That's the Chicago way!

Massive stupidity all around

Either way though, I guess I'm still a fan of having a physical key that must be inserted into a slot, used in combination with an immobilization system that communicates with a chip that's embedded with the key.

And the communication between chip and immobilization system goes through the key, not the air, TYVM.

It is completely obvious to me, has been since the beginning, that "security" mechanisms that use radio waves do little more than add holes to your "security" setup. So to me the question of why car makers insist on radio-fobs, insurers require them too "for security", but also banks say paying by RFID is totes fine, and many other things RFID/NFC, all boils down to this single retort: How come you fucks insist on being that stupid?

In the meantime, signal boosters mean that storing the fob "as far as you can from your car" isn't great advice, certainly not for the many people that live in mostly wooden houses. A metal box, say a key cabinet, is a much better idea. Just be sure to keep it closed.

Unintended consequences

[Ashe+Tyrael]

My wife's previous employers had a gloriously silly example of the earlier days of wireless proximity key fobs/cards. (this was in one of the Renault models.)

Essentially, the car was designed with a push-button starter, and unlike some of them, the key card only had to be near the car (they had a much more sensible version where there was a slot the card had to go into to make everything work) to start the engine.

You can already see where this is going. Sales rep has his key card in his coat pocket which hangs by his front door. Close enough for the car to register the card and be able to start, Goes out, starts engine, drives off. Leaves coat at home (along with card). The way those systems were designed, for safety purposes, once the engine was started you didn't need the card inserted/in proximity to keep it running. So he had no idea there was a problem. 200 miles later, he parks up, shuts the car off, and goes into work. 6 hours later he comes out, finds out he hasn't got his card.

Which is 200 miles away.

Nobody else had house keys to get in to get his key to bring it to him. You had to order the replacement cards from Renault in France so no spare. Unintended consequences indeed.

Re:Unintended consequences

This sort of thing happens with rental cars now. The attendant pulls up with your rental car, gets you all checked out, and sends you on your way without the keys (or with the wrong keys). Then you stop somewhere and can't get the car started again. Hard to believe that any company would forget to put in a "hey dummy, the keys aren't in the car" warning, but here we are.

Re:Unintended consequences

[John.Banister]

My parents' Avalon will beep at you if the keys leave with the vehicle on, and start making more beeps if they stay gone for a while. It doesn't tell you why it's complaining, though.

This method has been around since 2013...

While the OP report might be inaccurate, this video https://www.youtube.com/watch?v=8pffcngJJq0 released by West Midlands Police (UK) on Nov 26, 2017 shows both opening the car and starting its engine using the attack. It was a Mercedes car.

Where's APK when you need him?

Clearly we need a hosts file for our cars now...

FOB must be in car?

[Frederic54]

On my Sonata, I have a smart-key fob like that, it's in my pocket and if I'm less than a foot of the door, pressing the button on the handle unlocks the door. But to start the car, the fob must be in the car, else you have a warning in the dash saying this. And even if the thieves are using a booster and move it into the car to start it, after they drive ~100 yards, the engine will stop because it does not detect anymore the fob in the car. Right?

Re:FOB must be in car?

[MaxRockatansky]

Once the car is running you can take the fob out of the car will not stop. I think they do it for safety reasons, once the car is running you don't want it to stop just because it doesn't detect the key anymore. What if you were on the highway driving in traffic and the car for some reason doesn't detect the key in your pocket anymore, would you want it to turn the engine off? My wife has a Hyundai Santa Fe and on a few occasions I have driven her to a store and when she gets out, with the key fob in her purse, the car just beeps and flashes the "key not in vehicle" warning on the dash but the car keeps running. I'm able to drive around the parking lot looking for a parking space while she is in the store with the key. If I turn the car off it obviously won't start until she comes back with the key, but it keeps running otherwise.

Re:FOB must be in car?

[Frederic54]

Damn, to have an anti-theft like this would need a 3rd party immobilizer or something... maybe a kill switch hidden somewhere could be enough, or one activated with an RFID.

old fashioned coffee can

Put your keys into an old steel coffee can.
Another excuse to drink more coffee. :)

Old News

[ememisya]

This has been first reported nearly a decade ago, I'm not sure what's "news" about it today.

Signal blocking KeyFob case

[slash.jit]

Oh.. so now companies will start selling KeyFob case which can block the signals!

WE DIDNT ASK FOR KEYFOBS. LET US CHOOSE KEYS!

Why do companies always make decisions FOR you that are stupid. Newer software guis and designs are idiotic, newer products don't work as well or are complete crap and some wanker thinks "Hey lets get rid of everyones keys and make it all crypto radio based, I'm sure it can't be hacked!". I'll be trying to find what cars I can buy with a key that still remain (Even though they can still steal it, it's tougher in some respects). On top of that, if I have to be forced in to a car that has a keyfob (With Police remote shut off coming soon! By the way), I guess we'll have to put in a physical disconnect switch to disable the freaking start module. Tech companies are amazingly untrustworthy, if they're not stealing your data, spying on you or f'ing you in someway then it's not 'murica.

Re: Measure latency --- THIS!

[Kevoco]

That's the right approach. The vehicle alone can do this without any change to the keyfob. In particular, it would be an update to the BCM - Body Control Module - which interacts with key fobs.

This is old news from 2011 (or 2015)

[HnT]

This has been discovered and published by ETH Zürich as far back as 2011 and more on it in 2015. The car industry has basically been ignoring it and trying to sweep it under the rug. At most you will find a hint in the fine print that the keyless entry option has its downsides.
It is a relay attack which can work up to 400 meters (in 2015) and e.g. here is a detailed explanation (in German though) from 2015 https://www.heise.de/ct/ausgabe/2015-26-Autodiebe-tricksen-kontaktlose-Schliesssysteme-aus-3013915.html

Either you shield your keyfob at home or hope that manufacturers will offer a solution, which so far they havenâ(TM)t because a simple press of a button would not be âoeconvenientâ enough I guess. Or they check the response times to know how far the keyfob is actually from the car which even the relay couldnâ(TM)t fake because physics but that costs more money somehow, I guess???
  I am very surprised to see this on /. only now because plenty of fancy cars have been boosted like this over the years. (Even my boss had her brand new sports car stolen on the day she had been given the keys, so yea there must have been an âoeorderâ for it.)

OLD news???

[brunes69]

This has been very widely known and reported for years and years and years.

Hell I think Gone in 60 Seconds showed this back 15 years ago???

Thanks, Grandma

[Volatile_Memory]

I'm sure this is a real thing, but it reads like something published by Ann Landers and sent by grandmothers everywhere via email and FB to everyone they know.