• @[email protected]
    link
    fedilink
    English
    709 months ago

    It’s always been vulnerable, but dismissed because common criminals didn’t have access to required tools and the technical know-how to defeat common keyless entries. But things has changed and many entities start selling tools on the cheap to defeat keyless system such as flipper zero flashed with honda rf capture, etc.

    • @[email protected]
      link
      fedilink
      English
      429 months ago

      So, when are car corporations gonna be held liable for selling products that are designed to be left out in public but are super easy to break into with cheap as fuck hardware?

      • Altima NEO
        link
        fedilink
        English
        179 months ago

        When the insurance companies decide to not insure those models and people stop buying them because they can’t get them insured.

        • @[email protected]
          link
          fedilink
          English
          129 months ago

          That’s not being held liable. That’s just the market forcing them to change. Fixing the problem going forward doesn’t fix the IB problems.

          Besides, the market for cars is still terrible, and cars are a necessity these days. I’m not optimistic that consumers can pressure meaningful change with their wallets. (Who can afford not having a car for 6 months, waiting for the perfect car?)

          • @[email protected]
            link
            fedilink
            English
            19 months ago

            I wouldn’t say the market is that terrible for cars, if you insist on only buying domestic new cars yea, but the used and import markets are massive.

  • @[email protected]
    link
    fedilink
    English
    22
    edit-2
    9 months ago

    They’ve known far longer than that…

    When was the invention of the immobilizer again? Oh yeah: 1919 104 years ago. With keyless entry being 1981 43 years ago.

    Yet theres still cars on the road, built long after those creations, that you can start with a usb cable… (and that’s just for the physical shape, not any sort of data)

  • @[email protected]
    link
    fedilink
    English
    209 months ago

    In Canada, car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada

    Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day “accomplishments” they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf “children’s RC” car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.

    Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it’s not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is “convenient” to ignore the problem.

    The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.

    Car hacking was a becoming serious concern during the pandemic, but now it’s simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made “defective”.

    Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.

    Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers’ Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.

    “And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations,” he added.

    New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.

    Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:

    The devolution of port authorities in Canada has not been without debate over the past 70 years. This paper provides a brief introduction to the role of ports in Canada and then examines the history of port policy and devolution, concluding that past policies were considered to have failed due to their inability to respond to changing circumstances.

    (A partial repost of my same reply for a similar thread about the Canadian Government rushing to look like they are doing something, please check my post history for the other thread)

    • Pika
      link
      fedilink
      English
      39 months ago

      I’m glad you added the bottom of that because I 100% was going to ask you where you found that because that looked familiar lmao

  • @[email protected]
    link
    fedilink
    English
    189 months ago

    Where’s the evidence that this stuff is even happening at a high enough rate to even be noteworthy? It seems these articles come out every couple of years, always heavy on claims and light on facts, trying to drum up FUD based on almost nothing but chatter. Last time it was a single grainy night-time video of a couple cars in a driveway where you see the lights flash and theives open the car.

    The article claims insurance rates are skyrocketing due to car theft, yet their own article from January they cite states that insurance rates have skyrocketed due to record high inflation.

    The article claims police close these cases out in 24 hours which means they aren’t even investigating the crimes to find out what happened. They also quote the police who stated that ‘car crimes’ are down 39% since 2010. Police aren’t stating this is an issue.

    They quote a couple manufacturers who have higher rates of stolen vehicles and all they state is that they take security seriously and are working on improvements. There’s no admission or statement here that this is even occurring.

    Finally the only remaining evidence is a paper written 12 years ago theorizing that this could be an issue. Hardly proof that it’s currently occurring.

    To me, it just sounds like people who’ve watched too many movies like Gone in 60 Seconds and don’t understand technology very well who’re screaming that the sky is falling.

    • @[email protected]
      link
      fedilink
      English
      5
      edit-2
      9 months ago

      While my car wasn’t stolen, something very similar to this did happen to me. At the time, my wife and I kept our keys by the door. Our tenant did not, opting to keep the keys in her room. Sadly, my cameras didn’t catch the person, but you can see their silhouette approach the driveway, then the lights on my wife’s and my cars flash (exactly as you describe) before the person entered them and searched them. (This was during lockdown, so we weren’t travelling anywhere and so fortunately didn’t have anything of value in our car.) Our other friend’s car did not open.

      I’m not suggesting this is an epidemic or anything, merely that it’s possible.

      ETA: We only had one copy of our keys each and at no point did they go missing. The police did come to investigate (apparently it happened to at least several people on our street) but we never heard back. Presumably the person was not found.

      • icedterminal
        link
        fedilink
        English
        89 months ago

        It’s called a relay attack. Thieves just amplify the normally very weak signal and intercept communication. This allows them to unlock the door, and if push start, bypass the immobilizer to start the car. If a key is still required, this doesn’t work for starting the car.

        The general rule for key fobs is never keep them near the door where the car is parked. Place them on the opposite side of the house. If you want to, some suggestions around the web include making a homemade Faraday box to put your key fob in.

        • @[email protected]
          link
          fedilink
          English
          39 months ago

          Indeed - nowadays my keys are far from anywhere accessible from the outside. Thanks though!

      • @[email protected]
        link
        fedilink
        English
        29 months ago

        interesting. Usually they will try to start your car and take off using that signal boosting method.

        • @[email protected]
          link
          fedilink
          English
          49 months ago

          I think this individual was going for lower hanging fruit (and presumably hoping for lighter consequences if they got caught, though I’m not sure that’s what they would have gotten).

          In this case, after talking to neighbors, it seemed like they were just going down the street, briefly stopping at each driveway, breaking into whatever cars they could, quickly going through the glove compartment and center console, and stealing anything they perceived to be of value.

  • @[email protected]
    link
    fedilink
    English
    179 months ago

    Could anyone with more knowledge confirm, but couldn’t they just do what some car companies are doing and have a system by which you can just disable keyless entry when it’s parked up at night?

    If I’m at home and my car is parked up where the key could potentially be repeated then I just disable it by locking the car using the key and tapping on the door handle, which disables just tapping the door handle to unlock it again, and only the unlock button on the key works. As far as I understand it resolves this issue, unless I’m missing something?

    • bluGill
      link
      fedilink
      189 months ago

      That won’t work for human reasons: few people will remember to lock the car that way at night-

    • @[email protected]
      link
      fedilink
      English
      12
      edit-2
      9 months ago

      In theory (barring the bit where you could literally break into Hyundai cars of the last few years, plug a USB stick into them and drive away), it is technically easier to steal some older vehicles without keyless entry (any car that has a key but doesn’t require that key to communicate with a security module). A criminal can (and some do) drill out the ignition lock cylinder, insert a blank one and then drive away with any thin bladed metal shank (flathead screw driver) as if nothing happened. Buy a new keying kit, and they take only a couple of minutes to install assuming they even care to do so (chop shop might care, joy rider won’t, someone interested in rummaging through the vehicle and dumping it won’t etc).

      The keyless entry systems implemented on new cars work by having what’s essentially like an RFID in the key that communicates with a security module or multiple modules in the car, and this transmission is pretty much always active and only checked by range. If the car is close enough to where you hang your keys by the door the car may pick up this signal, and in the case of vehicles with keyless entry where you just need to touch the door handle with the key nearby that would give the thieves entry to the vehicle.

      They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key. Then using a GPS blocking tool they can prevent the car from pinging their location. At that point the only thing stopping them from taking the vehicle is their ability to take it out of park or start it. The tech to start it is fairly cheap. Taking it out of park is pretty simple for most cars if you already have access to the inside (ICE vehicles especially because there is usually a transmission selector switch attached to a cable that directly connects to the shifter (automatic or manual).

      I could roll a car down the street if it was level or a light grade by myself and I’m not a big person. If you drive a truck or an SUV and that selector switch is on the bottom or side of the transmission that’s even easier and simpler to access (and doesn’t even require a thief to have access to the inside of vehicle to put it in neutral). If the horn is accessible through a wheel well? A thief can just disconnect it and the alarm won’t even sound. If they already have access to the inside of the vehicle a thief can just pull the horn fuse.

      Automotive companies rely on the premise that there aren’t enough dishonest people in the world with the technical know how to circumvent their security so cost to benefit analysis says don’t worry about making it more secure until they’re forced to. Either by public demand, or by government oversight and regulation.

      • @[email protected]
        link
        fedilink
        English
        59 months ago

        They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key

        Although if the signal is vulnerable to a replay attack just like that, it was a woefully poor design to begin with.

        It’s why a lot of garage door systems don’t use a fixed code, but something more like 2FA codes, where it changes each time it’s used.

        • @[email protected]
          link
          fedilink
          English
          1
          edit-2
          9 months ago

          You’ll get no disagreement from me. I feel the same way about RFID ID tags. I remember seeing a CSI episode once where girls were getting RFID chips implanted in their wrists or something and using that to pay door fees and tabs at bars. I would never. I can and have cloned an RFID badge (to avoid paying $80 to my apartment complex for a badge that was inaccessible because it fell into a crevice of a locker at a gym), and I gotta tell ya, it doesn’t take enough time for me to be comfortable using it as a security feature for most anything.

    • @[email protected]
      link
      fedilink
      English
      119 months ago

      This seems a lot more complicated and much worse than just using actually cryptographically secure keys to verify that it’s the real key.

      • @[email protected]
        link
        fedilink
        English
        6
        edit-2
        9 months ago

        Or just not storing your key where it can be repeated 🤪 this attack is 100% mitigated by some distance or just fuckin’ aluminum foil.

        • @[email protected]
          link
          fedilink
          English
          89 months ago

          You would need to put your keys in a faraday cage.

          Distance doesn’t matter, as they can just use a bigger antenna or better amplifier. You find footage of people using large loops of wire to capture the signal from the keys

        • @[email protected]
          link
          fedilink
          English
          69 months ago

          Sure, you could and probably should do that. But is that something the consumer should have to do?

          At what point is a design flaw/defect the consumer’s responsibility?

    • @[email protected]
      link
      fedilink
      English
      59 months ago

      We just shut off our Toyota fobs every time we park, it’s a few extra button presses on the fob but gives some piece of mind. Why they can’t just put a simple power toggle on the fob that everyone could easily use when done is beyond me. Most people, Toyota employees included, didn’t even know the fobs could be powered down with a button combo.

  • AutoTL;DRB
    link
    fedilink
    English
    59 months ago

    This is the best summary I could come up with:


    A device disguised as a games console - known as an “emulator” - is being exploited by thieves to steal vehicles within 20 seconds by mimicking the electronic key.

    Police facing a spate of keyless car thefts in many neighbourhoods are closing some cases in less than 24 hours even when CCTV footage is available.

    Jaguar Land Rover announced a £10m investment last November to upgrade security for commonly stolen models for cars built between 2018 and 2022.

    The Observer investigation reveals other vehicles with similar security loopholes, with Hyundai confirming this weekend it working “as a priority” to prevent an attack on its cars by criminals “using devices to illegally override smart key locking systems”.

    An article by Stephen Mason, a barrister specialising in electronic evidence and communication interception, in Computer Law and Security Review in April 2012 warned keyless systems could be “successfully undermined” and unless manufacturers improve the design cars would be stolen without forced entry.

    Mike Hawes, SMMT Chief Executive, said: “Car makers continuously introduce new technology to stay one step ahead of criminals.


    The original article contains 623 words, the summary contains 178 words. Saved 71%. I’m a bot and I’m open source!

  • @[email protected]
    link
    fedilink
    English
    3
    edit-2
    9 months ago

    Literally any vehicle not made with more than 4 week old tech is subject to theft, the people who write articles and pass laws don’t understand anything but near as I can tell. I’ve worked on cars all my life, but I lost interest after my early 20s on keeping up. I can steal any vehicle built before 2000 in a few minutes, getting into seconds pre 94. The “kids today” who’ve worked on modern cars all their life can do this to anything new fast, it’s the old junk that might slow them down.

  • @[email protected]
    link
    fedilink
    English
    19 months ago

    5 years ago, a 70-year-old towtruck driver/mechanic told me how he learned of the tools criminals can use to steal keyless entry vehicles. Anyone worth half their salt in the industry knows it’s possible and how it’s done and has known for a while.