Stealing a car with proximity keys

Found this on Reddit, the video shows 2 guys stealing a car by supposedly amplifying the signal from the key inside the building. They have one device that they use to sniff out the signal from the key. They then retransmit the signal via the second device in the hands of the guy next to the car, taking advantage of the key proximity unlock feature of the vehicle. Then they just press the start button and drive away, taking advantage of the key proximity start feature of the of the vehicle.

What makes this funny, is that vehicles like this do not turn off when the key leave the proximity. So once the vehicle is started you can drive until you run out of gas or turn the vehicle off. My Dadā€™s Prius has the same feature and the night he bought it, I drove it away with the key in his pocket while he was still in the drive way. He wasnā€™t happy about this, but I didnā€™t think that it would be all that easy to take advantage of till I saw this video.

Iā€™m not sure how to combat this, as even 2 way communication could be spoofed using this technique. Maybe we will need to lose the proximity features of keys if this becomes a common exploit. I wouldnā€™t suggest turning off the car if the key loses connection, as the key could lose connection due to a dead battery and shut of your vehicle at any moment while you are driving causing a possibly very bad scenario.

Thought you all would get a kick out of this.

1 Like

There ya go.
Iā€™ve always thought these were a bad idea, personally.
What I really dislike is how easy it is to clone remote openers, like garage door remotes. Most non-bottom-of-the-barrel cars come with built-in remotes that clone your existing remote at the push of a button.Then it works just like your remote. Great convenience. Scary security.

Back when these first came out, you had to jiggle the fob to activate it. So it would work if you walked up to the car, for example, because the fob would be moving in your pocket. But if you stood there motionless, it wouldnā€™t work. Something like that could do the trick, maybeā€¦

2 Likes

Encryption on the 2-way comms would go a long way. Something markedly stronger than the old industry favorite MD5, which can seemingly be cracked realtime with a pocket calculator. Directional antenna on the fob might also help, but that introduces the first world problem of having to point said antenna in a given direction.

If you are just repeating the transmissions both ways, how would encryption help? the FOB and the Car would be talking to each other as though they were in close proximity.

Yep, a good example of a partial solution that doesnā€™t solve the full problem. I was also thinking you might be able to do a two factor option, say have the FOB require communication with the personal cellphone before it will unlock the car, but again that would probably introduce too many new issues to make it viable as well.

Iā€™m not sure how you get the 100% solution without issue. It seems we have given up too much security for the convenience of having a car unlocked and able to start by just coming close to it with a FOB.

Even though the signal on a garage door opener can be easily cloned, at least it requires a mechanical button press to be cloned. That allows some ability for consent and given proper technology could be made pretty secure. But, the constant broadcast feature of the FOB proximity model is just not that secure.

Makes you think a bit about DMS using completely unencrypted FOBs for access control? But to be honest, they are probably effective enough for our security, as it is more likely someone will just let a non-member in through the door rather than a scheme to clone member FOBs being a large issue. So probably good enough for us.

You wonā€™t.
Soon enough, weā€™ll all have public domain self-drive pods, so stealing cars will be a thing of the past anyway. Just whistle and Silver will appear, and take you where you want to go, while your nose is buried in the smartphonetabletappthingy we all love and crave so very, very much.

image

2 Likes

Most fobs Iā€™ve seen are 1-way affairs that are hilariously vulnerable to playback attacks. Those that do the proximity thing seem to be RFID or some passive method that doesnā€™t look to be overly sophisticated in its transmission / encryption scheme.

A challenge-response protocol with rolling encryption keys and a decent seed randomizer would help. Requiring appreciably closer proximity and utilizing antenna designs that only work in a given space would further help. But that makes you fish for the key like an uncouth barbarian as opposed to just walking up and starting the car like the cool kids so here we are.

1 Like

Imagine if the cars added the camera recognition option like on the new iphone. That might work. Plus, it would be hilarious to hear stories of people going on long trips and their car not recognizing them because they have gotten too fat while away. :smile:

1 Like

Plus your Mercedes, unlike your smart phone, will always need ā€˜valet modeā€™ā€¦

This is a prime case of if it (old fashioned key) ainā€™t broke, donā€™t fix it.

1 Like

Before I had a car that had a proximity key, I would have agreed with you. Itā€™s DAMN convenient to not have to get my keys out of my pocket or bag or whatever.

2 Likes

The real solution is just get a car no one would want to steal. Then you can have your convenience without risk.

image

Dad (who drove junkers most of my life) would often quip ā€œAnyone who steals this car deserves itā€.

6 Likes

This nonsense is also why I think anyone who signs up for tap pay systems are asking for it. I dread when my truck bites the bullet and I have to get a new one with the ā€œstandard featureā€ remote start options.

Common phrase among car thieves.

tenor

best factory theft deterrent still available (in alarmingly diminishing numbers) today:
image

8 Likes

No kidding. I wanted a stick shift but would have had to pay extra for it since my employee pricing only applied to stuff on the lot. Between that and ā€œno I donā€™t want leather interiorā€ and ā€œas few buttons as possible is my favorite featureā€ during the super special features sales pitch I think the guy might have had a small stroke.

1 Like

hereā€™s my answer to the whole problem:

keep that parked out front with the actual expensive car in the garage. Fā€™#@-ers wouldnā€™t even thing twice of hitting the other guy instead.

1 Like

:D:D

Do you have a ā€œMan -Bagā€?! ā€œCan be tuff and hold all your stuff too!ā€ (Paraphrased form Madagascar 2 Africa :wink: