• Buddahriffic@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    5 months ago

    I think that this kind of tech is just fundamentally insecure. I can’t think of a way to secure it, at least not against gaining entry to the vehicle. And making it secure against driving away (by requiring it to continue to respond to changing cryptographic pings as you drive) opens the door to people being able to use jammers to disable your vehicle remotely. Maybe if they have a special Faraday cage place that you put your fob into, but at that point why not just use a key? Or just require a button press like the key fobs have for decades.

    Oh and depending on the latency allowances for responding to pings, it might just be possible to leave a device in the vicinity of the key and relay it over the internet, so even that just increases the difficulty of defeating it a bit.

    Same thing also applies to wireless keycards for secure entry, though I think the range for those is generally lower, so it would be more difficult to pull off.

    • Cornelius_Wangenheim@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      5 months ago

      The only thing I can think of is having incredibly tight timing on a challenge/response. With ~10 nanosecond level precision, it’s not physically possible for em waves to travel more a few meters before the time is up.

      • pup_atlas@pawb.social
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        5 months ago

        Potentially better idea, add a gyroscope to the key fob, and stop broadcasting after the fob is perfectly still for some threshold. That way when you set it down inside it can’t be relayed, but if it’s in your pocket, it won’t remain perfectly still, and will start transmitting. Could also add an IR blaster to detect if you set it down in the car. Battery life would start to become a bigger issue, but I think solutions to these problems could be engineered.

        • Cornelius_Wangenheim@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Problem with that is that it really only covers the keys sitting on a nightstand situation. You could still get your car stolen while you’re shopping or in a restaurant.

          • pup_atlas@pawb.social
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            5 months ago

            Relaying a key signal 20 ft when you know the key is there isn’t too tricky, like when you’re home. But I would propose that trying to relay a signal across hundreds of feet, like a busy mall or store, when you’re not even sure the owner is there is quite another thing. You can also require that the IR blaster is in the car before starting. There’s also a technology Google has been using for a while now where the device (car) would emit a constant ultrasonic signal for the other device (key) to pick up on to determine if they are close to each other. Something that could be done through clothing, but not easily relayed.

        • Cornelius_Wangenheim@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          5 months ago

          Might as well have a push button instead. Having it work from your pocket without interaction is what makes a fob different and should be a design requirement.

        • Plopp@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          5 months ago

          How about making the signal so weak that you have to put the key inside a hole in the car for it to work?

    • Grippler@feddit.dk
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      5 months ago

      And making it secure against driving away

      They have “pin to drive” so you can’t drive even if you’ve gained access to the vehicle, without entering the pin-code first.

    • fluxx@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      How about just having a button on a fob/phone which initiates comms, like in the good old days. You can’t relay the signal if there isn’t one till you press the button. But that isn’t sexy and it’s too similar to traditional cars, so they won’t do it.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    12
    ·
    5 months ago

    This is the best summary I could come up with:


    For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles.

    But when one group of Chinese researchers actually checked whether it’s still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they’re as stealable as ever.

    In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment.

    Instead, a hacker’s device near the car has, in fact, relayed the signal from the owner’s real key, which might be dozens or hundreds of feet away.

    Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be carried out by the person behind you in line at a café where your car is parked outside.

    “That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.


    The original article contains 437 words, the summary contains 220 words. Saved 50%. I’m a bot and I’m open source!

    • VinS@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      13
      ·
      5 months ago

      “That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.

      That makes me laugh.

      Just to be able to push a button to start you car, you have to keep your keys in a faraday bag or in the Freezer. That’s just silly

        • VinS@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          9
          ·
          5 months ago

          I like my old keys of my 2010 car, turn to power the engine. I start to become an grumpy old fart waving his cane in his thirties. Technology seems to be 1 step forward two steps backwards sometimes. Don’t get me started on car screen buttons, tactile ones or some that have two functions like (fan speed + audio volume - rented a car that worked that way. My copilot didn’t want to touch on those buttons anymore)

          I really wonder what will be my options when this one will not work anymore.