[Simeythelimey]

I keep reading articles about certain cars being vulnerable to hacking the remote key signal. The brands referenced most often seems to be BMW, Audi and Mercedes.

I have gathered that some keys are encrypted making them more secure while others are more vulnerable.

Does anyone have any idea how vulnerable our cars are to this?

 

[migliori]

Very. The model is the following: build an RF booster (generally using a tool called a software defined radio) that identifies radio frequency energy in the appropriate bands for car key fobs. This is the tricky bit, but it appears to be doable. Then, use a small amplifier and transmitter to simply re-transmit what the key fob signal "louder" at the car. Open door, start car, drive off.


My question:


1. How are they doing the boosting exactly? Anyone have the technical details?
2. What do they do after? They get the car somewhere - then what?

 

[DareBear]

Very. The model is the following: build an RF booster (generally using a tool called a software defined radio) that identifies radio frequency energy in the appropriate bands for car key fobs. This is the tricky bit, but it appears to be doable. Then, use a small amplifier and transmitter to simply re-transmit what the key fob signal "louder" at the car. Open door, start car, drive off.


My question:


1. How are they doing the boosting exactly? Anyone have the technical details?
2. What do they do after? They get the car somewhere - then what?

I would hope it's more than just finding the frequency!

My idea (not necessarily how AR or other car brands do it) is that there is a special code in each key fob that is also sent wirelessly via the RF signal to the car, where it is matched with what secret code is in the car. If the two are the same, the car accepts the signal. For security, this secret code would have to be encrypted as it passes wirelessly to the car, which decodes it

 

[Simeythelimey]

Very. The model is the following: build an RF booster (generally using a tool called a software defined radio) that identifies radio frequency energy in the appropriate bands for car key fobs. This is the tricky bit, but it appears to be doable. Then, use a small amplifier and transmitter to simply re-transmit what the key fob signal "louder" at the car. Open door, start car, drive off.


My question:


1. How are they doing the boosting exactly? Anyone have the technical details?
2. What do they do after? They get the car somewhere - then what?

Thanks. So no rotating password handshake or equivalent? :frown2:

Great. I guess I will have to buy a club again. Very retro.

 

[wingler]

I recommend always wearing lead lined underwear (Alfa branded) on the outside of your pants while carrying the fob in your pocket. Ladies, you’re on your own!

 

[MacGeek]

Of course the fob has rolling code authentication. Which, however, is no help against RF relay attacks.

 

[Eagle7]

Of course the fob has rolling code authentication. Which, however, is no help against RF relay attacks.

When you say "relay", are you talking about two people working together? One near the person with the key fob who receives, boosts and transmits that signal to a second person, who is in the parking lot seeing which car the signal activates? I've seen police videos which show a guy wandering around a parking lot with a device in his hand, until a car responds. It didn't look like he was targeting a specific car, but rather fishing to see which one would unlock.

It might be a good idea for car manufacturers to add an on/off switch to their fobs so you can turn it off until you're near the car.

 

[migliori]

Exactly this! The key fob is a high-tech and very secure device. However, if you can fool the car into thinking it is close by, then it of course thinks it is "time to unlock".

Of course the fob has rolling code authentication. Which, however, is no help against RF relay attacks.

 

[Simeythelimey]

Exactly this! The key fob is a high-tech and very secure device. However, if you can fool the car into thinking it is close by, then it of course thinks it is "time to unlock".

Are we saying the vulnerability is only door unlocking? Or also the possibility of the car being started?

 

[Sensei]

This is serious has it even happened to anyone?

 

[JuliaQ4-Nut]

Nut Security:

#1 ----- My wife who is Japanese frequently stays in the car when parked at the store. She knows Fujitsu. Whoops, correction, I mean Jujutsu (柔術). At home it is always in the garage.

#2 ----- When she is not in the car and I'm near when they try to break in, I always have my special deterrent, S&W-442-5rnds-revolving+P. God of Italy help them if they attempt to molest my key fob and precious Giulia. >

 

[migliori]

I am referring to what MacGeek correctly called relay attacks. Think of it like your WiFi signal booster- if you have a strong booster, your laptop can connect outside just as though it were in the house. If you had something that measured signal power to determine proximity, based on a known transmitter, then it can't tell between a boosted far away or a nearby normal transmitter. Of course, amplifying the correct bandwidth and center frequency is important and I don't know the exact technical details.

It would help to keep your keys in a metal can- i.e. a Faraday cage. Same reason your cell phone doesn't work in an elevator- the electric fields love to travel in the metal, and get shunted to ground.

I still cannot figure out the point of it all. Do they chop the cars for parts knowing that they can't restart them? Ship them off and replace the key system? ???

 

[Eagle7]

I am referring to what MacGeek correctly called relay attacks. Think of it like your WiFi signal booster- if you have a strong booster, your laptop can connect outside just as though it were in the house. If you had something that measured signal power to determine proximity, based on a known transmitter, then it can't tell between a boosted far away or a nearby normal transmitter. Of course, amplifying the correct bandwidth and center frequency is important and I don't know the exact technical details.

It would help to keep your keys in a metal can- i.e. a Faraday cage. Same reason your cell phone doesn't work in an elevator- the electric fields love to travel in the metal, and get shunted to ground.

I still cannot figure out the point of it all. Do they chop the cars for parts knowing that they can't restart them? Ship them off and replace the key system? ???

The integration of computers into cars is so complex now, I can't see how they can do much of anything other than part the cars out. However, considering how expensive parts are for some models, the street value of the parts could possibly exceed the value of the car as a whole unit.

I'm still wondering though, wouldn't it work to turn off the key fob when you're not at the car? For example, they could set it so when you push the button to lock the car, it also turns off the fob. When you get near the car, press the unlock button which would also turn the fob back on. If it isn't on, it isn't broadcasting anything, so there's nothing to detect and relay.

 

[sflboxter]

Remember looking at TV shows and they would write a story line about one person's electric garage door opener crossed wires opened someone else's? What are the chances? Well last year I was working on a photo shoot in Miami. My assistant needed something from my car. I drive her but dropped her off at the location before I parked. Handing her keys to my Audi, said the location and off she went. She returned 15 minutes later saying OMG your keys opened another Audi. Same year, model, color parked one block away from mine. Thank god she wasn't caught going through someone else's car. We all have a false sense of security about our cars. Was hoping with so few Alfa Romero's on the road the fob coding would be better.

 

[Biscione]

The integration of computers into cars is so complex now, I can't see how they can do much of anything other than part the cars out. However, considering how expensive parts are for some models, the street value of the parts could possibly exceed the value of the car as a whole unit.

I'm still wondering though, wouldn't it work to turn off the key fob when you're not at the car? For example, they could set it so when you push the button to lock the car, it also turns off the fob. When you get near the car, press the unlock button which would also turn the fob back on. If it isn't on, it isn't broadcasting anything, so there's nothing to detect and relay.

That wouldn't work for people that just keep the key in their pocket and use the key-less entry feature. The fob needs to be on for the car to recognize it's nearby.

 

[AlfaCrisis]

This is serious has it even happened to anyone?

Yes. There are numerous locations that have had increasing numbers of car thefts by an “undetermined” technique over the last 3-5 years. The common factor was always key-less entry, somthe police knew they we using some device to spoof the car. Middle of last year police finally got video of a person strolling around to find a car that would respond to the signal his accomplice was relaying. This was a sign that the technology was moving downmarket. Previously the thefts had been of higher end vehicles, probably directed at specific vehicles whose owners locations and storage locations were known.

With a specific high end vehicle, you can either have the computer to reprogram it and sell it in South America or China, after forging a new VIN, or you have a buyer for parts. With the newer, downmarket approach, we’re back to chop shops. Good news, bad news...the Q.V. is generally “too cheap” to be worth reprogramming, and Giulia parts demand is still weak, however FCA’s inability to deliver some parts in a timely manner may make our Giulias more attractive as the number on the road climbs.

The days of cargo containers full of mid-upper market vehicles (QV’s) being shipped to Asia or South America generally ended with the improved electronic key-less entry if you didn’t have access to the key fob, or a cloned version. If they have a key fob, all bets are off.

 

[Eagle7]

That wouldn't work for people that just keep the key in their pocket and use the key-less entry feature. The fob needs to be on for the car to recognize it's nearby.

It would work if they simply pushed the unlock button to turn it on while the fob was in their pocket. Once they got near the car it would unlock like it does now. At least with this on/off feature it would dramatically lower the chances of thieves picking up the signal. Without it, we're literally walking around with our fob in our pockets, constantly broadcasting it's signal 30 feet around us.

I've seen reports where thieves are able to simply get near the garage door, and pickup the signal to relay it to the car either sitting in the driveway or on the street.

We've traded away security for convenience. People are doing the same thing with so-called 'smart' homes. There are wireless door locks and everything else in their homes. My rule-of-thumb is if it's wireless, it can be hacked. I hate thieves. A simple on/off option could go a long way to at least minimize the exposure to being robbed.

 

[jwq2]

you could just switch off the keyless entry option in the infotainment, and just use the buttons on the fob

 

[Eagle7]

That doesn't turn the fob off though, does it? It just turns off the car responding to keyless. The fob is still broadcasting which means someone can read it and still unlock the car because they have the frequency. The fob broadcasts, the car receives. At least that's how I understand it. Being able to turn the fob off would guarantee no broadcast until needed.

I don't live in an area where car theft is a big issue, but for those who do it would be a nice feature.

 

[snakes3x]

From what I understand, after getting the car unlocked, they plug into it and program themselves a new key. If a dealer has the equipment to do it, we can probably assume it's possible for thieves to get a hold of the same tools.