_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Flipper Zero dark web firmware bypasses rolling code security
piyuv wrote 1 hour 14 min ago:
Canât wait for ignorant politicians to ban flipper zero completely
instead of accepting the reality that car keyfobs are insecure
vbezhenar wrote 1 hour 4 min ago:
AFAIK Flipper Zero is open source, so anyone with tiny bit of
electronics experience can recreate it. There's no way to ban it from
criminals.
piyuv wrote 1 hour 0 min ago:
Exactly, but this reality doesnât stop politicians stop blame
flipper zero itself. See this link for Canadian governmentâs ban:
URI [1]: https://blog.flipper.net/response-to-canadian-government/
rootsudo wrote 2 hours 12 min ago:
Why is it "dark web" nothing is wrong about posting it online, using it
in general may be USC 18 1029/30 in USA but
Why is there so much politicatization and bait click of dark web stuff,
it's still internet.
karel-3d wrote 1 hour 25 min ago:
Because the original hacker is selling the firmware for 1000 USD on
dark web marketplaces.
It's literally being sold on dark web. People call everything "dark
web" but this time it's correct.
gear54rus wrote 41 min ago:
So what's the search term for it at least? This stupid gatekeeping
while racking views and hype from it is getting on my nerves.
boneitis wrote 25 min ago:
Assuming it doesn't do anything else magical, I don't see the
point in even bothering dignifying it with a web hit, let alone
finding out its name.
It's odd to throw in the dark web, thousand dollar firmware bit
when third-party firmwares are developed in the open and have
long ago already implemented KeeLoq, but I guess they aim for
sensationalism and shock value.
phaser wrote 1 hour 56 min ago:
Sound like itâs newspeak for repurposing the word âinternetâ to
a UK or China style of regulated censorship
Perz1val wrote 1 hour 56 min ago:
I'd guess that the original firmware author posted in on some hidden
onion forum (aka darkweb), because they are actually stealing from
cars.
rootsudo wrote 1 hour 34 min ago:
I doubt it, most flipper dev is done on the discord that offer
unspectrum/noncertified radio manipulation like iceman, etc.
finaard wrote 3 hours 50 min ago:
Unfortunately that video is lots of talking and little substance, so
it's hard to properly evaluate it. From the little info shown there it
just looks like a nice repackaging of the old rolling flaws ( [1] )
URI [1]: https://github.com/jamisonderek/flipper-zero-tutorials/tree/ma...
flowerthoughts wrote 4 hours 37 min ago:
Perhaps I should start using Bluetooth and the mobile app instead...
joelthelion wrote 5 hours 14 min ago:
Why don't cars use public key crypto? Is it too expensive to run on a
key?
Hamuko wrote 1 hour 17 min ago:
Probably power-wise, yeah. Most keys only have little coin batteries
and people want those to last for years.
I have a "smart" BMW car key and it inhales the battery. I don't
think it can go more than a couple of weeks without having to be
charged.
beagle3 wrote 5 hours 17 min ago:
For the past 20 or 30 years, my insurer made car theft insurance
conditional on having an immobilizer device installed that requires
code entry through a physical keyboard.
And there were a few years this seemed onerous, but most of the time,
there were popular attack in use by car thieves that were prevented (or
at least made much longer and more complicated) by this.
tzs wrote 8 hours 42 min ago:
> For this new attack to work, all that is needed is a single
button-press capture from the keyfob, without any jamming. Just from
that single capture, it is able to emulate all the keyfob's functions,
including lock, unlock, and unlock trunk.
If I don't press the buttons on my keyfob am I safe from this?
The only keyfob functionality I normally use is that when it is outside
the car but within about a meter of the door handle the door can be
locked or unlocked by pressing a button on the door handle.
panki27 wrote 4 hours 3 min ago:
If you keep your car key close enough to your front door, it's
possible to relay the signal that the key is constantly broadcasting
closer to the car, allowing an attacker to hit the button on the
handle and unlock it without posesssing the key.
waste_monk wrote 5 hours 55 min ago:
As I understand there's still challenge/response stuff going on when
you use a physical key or similar means to unlock the car or start
the ignition (as that is how the alarm system and immobiliser
distinguish a real key from someone picking the lock or hotwiring the
car).
I don't know the details of the attack in the article, but my
speculation would be that it would be vulnerable.
ethagnawl wrote 8 hours 21 min ago:
That's an interesting question. Unless that feature uses NFC or some
other protocol, I'd think you're still susceptible.
Gare wrote 5 hours 49 min ago:
AFAIK it should be a different system because the car asks the key
first (same system as Keyless GO).
2Gkashmiri wrote 8 hours 47 min ago:
Is there a cheap device you can make yourself or buy from India?
Flipper zero is not easy if not impossible to buy.
For this project let's say
gblargg wrote 8 hours 48 min ago:
So I guess it's back to locking the door manually before I close it,
and being absolutely sure I don't leave the keys in the car.
jrm4 wrote 9 hours 44 min ago:
Am I the only one that just hates push to start in every way? Sure, I
don't need to have the "insert key and crank" to be real, but physical
key seems so superior.
Feels like getting rid of the light switches in your house in favor of
"smart home" stuff.
imp0cat wrote 7 hours 10 min ago:
You're not the only one.
Also, smart people wire their smart home so that the light switches
still work. If a smart home controller or some other part of the
system fails, people still want to be able to control the lights
manually.
efsavage wrote 9 hours 5 min ago:
I'm on the other of the spectrum apparently, I'm annoyed that I even
have to carry a key/fob. I'd rather have a fingerprint sensor or
something, with the key as a backup (i.e. when I let some borrow it).
I also have a smart home ;)
cchance wrote 9 hours 12 min ago:
You mean the key and crank that could be started with a screwdriver
and some elbow grease?
burnt-resistor wrote 8 hours 29 min ago:
I guess you have a Kia. Most cars made in the past 20 years have
keys with immobilizer chips.
Lord_Zero wrote 9 hours 21 min ago:
I mean, keep using your key if you like it. I for one love never
having to touch my car keys. I touch my door handle the car unlocks,
I touch the start button the car starts.
cam_l wrote 9 hours 21 min ago:
I liked my old 'rolla that I could start with any key at all.. or
even a paddlepop stick.
Every time I start thinking about these little modern inconveniences,
I re-arrive at the idea that this is yet another example of the
difference between a product and a tool.
A product ideally works the same for everyone, with as little
friction to the immediate function as possible. All other functions
are hidden or deleted. Trying to use a product as a tool is slow and
frustrating, because the experience never gets better than the first
time you use it.
A tool on the other hand needs learning. Sometimes that learning
curve is shallow and long, like a hammer, or steep and long like CAD.
Smart home stuff can be pretty great if you treat it like a tool, and
only use it where it is the right tool for the job (so, not light
switches).
Anyway, I prefer tools.
arcanemachiner wrote 9 hours 31 min ago:
I also dislike it when people "fix" things that are not broken.
geekamongus wrote 10 hours 36 min ago:
This seems difficult when you can order a Ford fleet key off Amazon and
get access to most Ford trucks and vans for about $15.
kj4ips wrote 10 hours 55 min ago:
Tons of the rolling key systems on the market are based on KeyLoq, and
keyloq is a fairly well designed system with a big lynch pin.
It has something called a 'manufacturer key', which needs to be
available to any device that allows field pairing of remotes. If that
manufacturer key is known, it only takes two samples from an
authenticator to determine the sequence key.
Absent the manufacturer key, jamming+replay attacks work, but brute
forcing a sequence key is generally prohibitively costly.
However, since any receiver that supports field programming needs the
magic "manufacturer key", one could purchase such a unit, and may be
able to extract said key.
nroets wrote 3 hours 57 min ago:
Correct. While the original KeeLog cipher is most likely no longer
secure, Microchip moved on to AES.
KeeLoq is also used for garage door openers.
Some KeeLoq receivers have a "learning mode" where it adds the next
KeeLoq transmitter it hears provided it uses the same manufacturer
key.
Learn mode is activated either with a button often on the PCB or with
a "master" transmitter.
URI [1]: https://en.wikipedia.org/wiki/KeeLoq
userbinator wrote 7 hours 53 min ago:
They could've designed a system that doesn't require a fixed secret
master key, but instead generates a unique random key for each
receiver and requires a physical connection between the fob and the
receiver (located inside the locked part of the car) to pair them. Of
course such a generic system would be against manufacturer's
interests in controlling the repair and aftermarket industry.
phire wrote 6 hours 7 min ago:
You don't even need a physical connection.
As long as you have two-way wireless communication (which any
keyless entry/start system does), then you can simply do a
Diffie-Hellman key exchange during the pairing process.
Diffie-Hellman is designed for exactly this usecase, allowing two
parties to derive a shared secret key over a public channel without
exposing it.
conradev wrote 5 hours 17 min ago:
A PAKE scheme with a passcode communicated out of band during
pairing feels more appropriate to make sure no one is snooping.
A one-time out of band authentication (usually some form of
trusted physical interaction) is key if you donât want to trust
intermediaries.
tux1968 wrote 6 hours 0 min ago:
That allows the conversation to proceed in secret from listeners,
but it provides no authentication to ensure that only legitimate
parties are involved. The reason for physical contact is to
"prove" that you are legitimately in control of the vehicle, not
a random passerby.
numpad0 wrote 4 hours 47 min ago:
I think this is technically correct but a bit confusing, since
"pairing" processes usually require user actions at both ends.
A keyhole that reprograms to any key from the outside makes
little sense.
wat10000 wrote 5 hours 25 min ago:
It works well enough to just require some action to be taken on
both ends. Push a button on the opener (or an already-paired
remote), then pair the remote while the opener is in the
pairing state. Itâs possible for a passerby to intercept, but
theyâd have to have very good timing.
tux1968 wrote 5 hours 20 min ago:
Pressing a button on the opener is physical contact. That's
the entire idea that the OP was trying to relay, that you
need some physical way to prove that you're eligible to pair.
Not that the key itself had to be hard-wired for the process
to proceed.
exe34 wrote 4 hours 49 min ago:
> requires a physical connection between the fob and the
receiver (located inside the locked part of the car) to
that sounds pretty clear to me that the connection isn't
the human holding both buttons here.
phire wrote 5 hours 40 min ago:
I'm not sure you should be that concerned about
man-in-the-middle attacks.
If someone does successfully MITM while walking by the key is
going to stop working as soon as they are out of range, and you
will notice.
I'm just wanting a system that could be implemented with the
hardware that's already there. I guess you could use the RFID
chip that most keyless start cars already have as a secondary
channel. Still Not 100% secure, but the MITM device would need
to be physically in your car to intercept the pairing request,
and at that point you have bigger problems.
tux1968 wrote 5 hours 31 min ago:
Sorry, I didn't mean to make it sound like the problem was
MITM. The issue is initiating a pairing request, you can't
allow just any key to request it, that allows bad actors to
pair a key with your car.
While I worry that it's not really secure enough, the OP was
suggesting that physical contact is a way to "prove" that you
are indeed eligible to pair, by excluding everyone who lacks
physical contact.
exe34 wrote 4 hours 50 min ago:
you can press a button in the car, you don't need a cable.
phire wrote 4 hours 52 min ago:
Modern cars already have a complex sequence to enter
pairing mode.
You need to press buttons inside the car, buttons on the
currently paired key (to prove possession of that) and
buttons on the key you want to pair with.
So a passer by would have to press a button on their fob at
just the right moment. Then when you go to test your new
key fob, it wouldn't work, so you would pair again until it
was your key that was paired.
monster_truck wrote 34 min ago:
Which can be easily bypassed by accessing any obd2
connected port, which you can conveniently find in the
headlight housing of most automobiles.
tux1968 wrote 4 hours 43 min ago:
Yeah, it's the same for garage door openers today. I
took the OP simply to be saying that physical access of
some type needs to be available (ie. to stop anyone
initiating a pairing). Some cars require the key to be
physically inserted into the ignition switch, which
requires the key to be correctly cut to match the car,
before pairing; which is a nice extra hurdle to stop
thieves quickly pairing after they break into your car.
Whatever the case, making it easier to pair, shouldn't be
the primary focus, no need to help a thief doing it
quickly. It would just be nice to have a way to do it,
that didn't ultimately require the manufacturer to get
involved; but that does remove a big hurdle for thieves,
too.
RachelF wrote 11 hours 17 min ago:
This is why keyless "start button" functions on cars is a bad idea.
The old approach of keyfob to unlock the car and a real key for the
ignition is safer.
Having multiple levels of security is good.
However, having worked in the car security industry many years ago, I
discovered that car manufacturers actually like it when their
customer's cars are stolen - Insurance payouts often result in another
sale.
rpcope1 wrote 4 hours 8 min ago:
I've never seen anything but problems with keyless ignitions. It
really seems like a solution in search of a problem no one actually
had, and makes the car much more irritating. I guess it's in line
with the whole remove real controls and buttons crap because "muh
software", "muh reprogrammable interfaces" etc that certain nerds
think is a good idea for who knows what reason.
boobsbr wrote 4 hours 30 min ago:
> car manufacturers actually like it when their customer's cars are
stolen
Hyundai and Kia have joined the chat
Hamuko wrote 1 hour 24 min ago:
Except those guys had it go so far that trying to insure a cheap
Kia was extremely expensive, since insurers considered them a toxic
asset.
jiveturkey wrote 6 hours 25 min ago:
disagree, if you mean simple cut key. a screwdriver defeats it.
ok, if you mean a key that has a chip embedded, where the key cuts
are just window dressing and the real magic is still in cryptographic
proof of "something you have". i am not aware of any such key ever
being produced, but i certainly do not have comprehensive knowledge.
GM had something close to that.
gchadwick wrote 2 hours 44 min ago:
Immobilizers (which lock out the engine until there's been some
authorization from another device, i.e. from a chip in the key)
have been mandatory in cars in the UK at least (and I would presume
Europe on similar time scales) for almost 30 years (from 1998).
Seems they've been sold in cars for a few years longer than that
(from 1992). According to: [1] .
Maybe never introduced into the US market? Would find that hard to
believe.
URI [1]: https://www.carwow.co.uk/guides/glossary/what-is-a-car-imm...
leoedin wrote 5 hours 50 min ago:
Iâm pretty sure most cars in the later key era used some sort of
chip verification on ignition for the key. It wasnât just a
physical thing. Given it was 15 years ago, I donât know how
cryptographic the proof was - perhaps it was just reading a number
from the key. But the hyper short range nature of it made it quite
secure.
nextlevelwizard wrote 6 hours 55 min ago:
I know this might be splitting hairs, but...
>The old approach of keyfob to unlock the car and a real key for the
ignition is safer.
"Safe" feels like wrong word to use here. Safety is not same as
security.
One could also argue that criminals being able to steal parked cars
is safer over all for society as they then don't feel the need to car
jack you while you are actually in the vehicle.
If you actually want to keep your car secure (meaning criminals wont
break into it or steal it in this context) just drive old beater and
do not leave anything valuable in the car or trunk. I am driving a
car that is nearly as old as I am and its fighting a losing battle
against rust and I have nothing more valuable than trash inside the
car.
lm28469 wrote 21 min ago:
> One could also argue that
One could also argue that most people didn't bother because violent
crimes are much more severely punished, now that the bar is so low
people steal much more. And the stats would back it up
URI [1]: https://images.vivintcdn.com/global/Blog%202022/01-Number-...
lupusreal wrote 3 hours 26 min ago:
Strong disagree. Many car thefts are by POS teenagers who do it
because it's easy and they can get away with it. They then proceed
to drive those cars recklessly, endangering the lives of other
people, or worse, use the sense of anonymity and power provided by
the stolen car to commit violent crimes.
URI [1]: https://www.krqe.com/news/crime/teen-given-max-sentence-af...
xlii wrote 5 hours 56 min ago:
If someone wants to stole the car they will steal it.
Stealing a car is not the same as stealing a candy. In Europe all
parts are marked so it takes significant effort to sell or modify
such cars. It's not like people steal them and then sell it at yard
sales.
As for the "beaters": shortly after Russian invasion on Ukraine
plenty of cars were stolen in Poland. Not the expensive kind but
usually 10-30 years old cars with big and reliable engines (V6,
V8). I know 6 people that had Jeeps Grand Cherokee stolen
(different generations).
My uncle wanted to renovate Isuzu Rodeo with completely rusty frame
but V6 engine of a value of like 300⬠and it was stolen too.
And it happened ~1 month after it started.
lupusreal wrote 3 hours 24 min ago:
People stealing cars to sell or chop them up for profit is less
of a problem than people stealing cars so they can commit violent
crimes with them.
CyberDildonics wrote 13 min ago:
Based on what data?
a96 wrote 6 hours 12 min ago:
Old beaters are exactly the things that get stolen. Their security
can often be beaten with a butter knife or coat hanger. That's more
about minimizing the losses, for which it's a useful approach.
Running costs tend to be lower as there's little purchase price and
no incentive to do expensive repairs instead of dumping a broken
one for another running beater.
leoedin wrote 6 hours 16 min ago:
> One could also argue that criminals being able to steal parked
cars is safer over all for society as they then don't feel the need
to car jack you while you are actually in the vehicle.
Here in the UK vehicle theft reached an all time low in 2014.
Itâs doubled since then. If there was an increase in car jacking
it must have been minescule by comparison. Itâs not really a
crime that happens here.
I had an old beater van that got stolen. It turned out that model
was known to be easy to steal. I suspect most car theft is done
because itâs easy and fairly low risk. Walk up to a car in the
night, fiddle around for a few minutes and drive off.
I still drive a car with a key. Itâs completely fine. Who
actually asked for keyless entry?
ponector wrote 3 hours 48 min ago:
>> Who actually asked for keyless entry?
Almost everyone?
It's one of the best feature I have in a car, the most convenient
one.
calcifer wrote 1 hour 59 min ago:
It's a feature we like now that we have it, but not one we
asked for.
iwanttocomment wrote 39 min ago:
Hi! It me. I had a car with keyless entry years ago. It was
great. I got another car, more recently, that had a physical
key. I've hated having to use the physical key. I personally
am asking for keyless entry. Sorry!
Also: Hyundai/Kia cars have physical keys and are known to be
trivially hot-wired. Given the "kia boyz" I'd have a hard
time moving to physical keys again. Again, sorry!
teruakohatu wrote 6 hours 5 min ago:
> Who actually asked for keyless entry?
Probably the vast majority of consumers?
There is no reason why keyless entry cannot be more secure than a
physical key, other than incompetence.
The cars stolen in New Zealand are usually, as you say, cars that
are known to be easy to enter and drive away. Even then, they
break a window. But I have also heard of break-ins at night
targeting certain high-end cars and going as far as gaining entry
to a garage.
cjrp wrote 27 min ago:
> There is no reason why keyless entry cannot be more secure
than a physical key, other than incompetence.
Isn't the problem that it's designed to work from a distance,
and that by boosting the signal the criminals can just increase
the distance so that the key inside your house reaches the car?
It seems inherently less secure than the old system where the
physical key has to be practically touching the ignition to
disable the immobiliser.
alias_neo wrote 3 hours 53 min ago:
> I have also heard of break-ins at night targeting certain
high-end cars and going as far as gaining entry to a garage
My next door neighbour had someone enter their home while they
slept, take the key and drive off in their car, because it was
"stolen to order" most likely.
I couldn't give a shit if someone breaks in to my garage, or
frankly if the car is stolen, but I don't want them coming into
my house where my family is asleep for the keys.
What happens if the keys weren't downstairs by the front door,
because I left them on the bedside table or something?
I shudder at the thought.
542354234235 wrote 27 min ago:
I'm not sure what you are saying here. Are you saying cars
should be easier to steal so that no one ever breaks into
your house to access the keys to your car?
ethagnawl wrote 8 hours 24 min ago:
I'm currently driving a rental which has this feature and I can't
stand it. There is no added value and this feature exists solely to
appeal to people who think it's "cool". (They must exist, right?) I
guess you get used to it with time but I find myself constantly
having to throw the key back into the car so I can do things like
exit momentarily and keep the air conditioning going. I also don't
trust that the car won't then lock itself with the key and my child
inside, so I also have to remember to roll down the window.
ponector wrote 3 hours 42 min ago:
>> throw the key back into the car so I can do things
Isn't it the same for old style key, but with even more actions?
Like to navigate a keyhole, turn the key...
wat10000 wrote 5 hours 20 min ago:
Itâs convenient. If I want to keep the AC on when I exit, I push
the button for that before I get out.
Itâs especially nice when the key is my phone. I never have to
worry about keys. I just get in my car and drive, and when I arrive
I get out. I keep a key card in my wallet as a backup in case my
phone explodes.
vel0city wrote 7 hours 25 min ago:
There's a huge value feature, I can keep the "key" in my pocket or
bag or whatever and I don't have to fetch it out. Plus the "key"
can be a phone or other device.
Adding in a stick of metal that can be trivially bypassed does
nothing to make the car more secure.
rpcope1 wrote 3 hours 58 min ago:
Automotive ignitions barring a few stupid setups in the 90s like
the Jeep XJ (which was laughably easy to steal, but it was
Chrysler and AMC so you can just expect certain levels of
incompetence and shit design) have been much more than just a
simple cut key. Going back to even the 80s, GM had a mostly
excellent simple theft deterrent in the keys (a special resistor
whose value the ECM knew, called passkeys) that made it harder
than just brute forcing the ignition cylinder. It honestly made
stealing someone's thirdgen or corvette a lot harder. Keys with
things like fobs have evolved since and on a car with a real key
made since the vast majority of this sites userbase was probably
born is going to take some real specific smarts and work if you
need both a physical key and whatever additional security the
manufacturer has cooked into the fob. You really need an
immobilizer system that requires both a transponder and a correct
cut key for the security on the car to be decent.
jsiepkes wrote 6 hours 54 min ago:
> Adding in a stick of metal that can be trivially bypassed does
nothing to make the car more secure.
Everyone can use a flipper zero to unlock a car. Not everyone can
hotwire a car. Keyless ignition means criminals have a vastly
larger recruitment pool of people they can offer money to do
something stupid (like stealing a car for them).
vachina wrote 7 hours 48 min ago:
Unwarranted worries. I keep the fob in my pocket all the time, the
car will keep running without the fob. Also usually these systems
have incar fob detection. Mine will refuse to lock if it senses the
fob is inside the car.
SirMaster wrote 4 hours 30 min ago:
That doesnât make sense. You canât lock the car if your key
is inside?
So a bad person can just open your door and attack you because
you canât lock your door when your key is inside?
My Camry has incar fob detection and I can definitely lock the
car while the fob is inside.
alias_neo wrote 2 hours 46 min ago:
It won't let you press the button on the handle to lock it if
the key is inside and you're not, prevents you from locking the
keys in the car, mine does the same, the car will beep 3 times
if I try to lock it from outside while the key is inside.
If you're also inside, you just press the lock button in the
car and it'll lock just fine.
vachina wrote 4 hours 3 min ago:
I meant lock the car from the outside, using the door handle.
derektank wrote 9 hours 35 min ago:
Pretty short sighted, given how much we've seen insurance rates climb
for specific makes. People know you'll be paying through the nose for
certain Hyundais models. That kind of brand damage can't be cheap
vel0city wrote 7 hours 23 min ago:
Note those Hyundai's relied on old fashioned cut keys and not
electronic transponders, and the solution was electronic
transponders because the old style stuff was so trivially bypassed.
ge96 wrote 6 hours 43 min ago:
Yeah something about immobilizer on push starts being better than
the key since they can just jam a USB/screwdriver in there and
steal the car, Kia boys
appreciatorBus wrote 8 hours 56 min ago:
Sure, but in my experience, people never attribute high insurance
costs to the underlying risks being high, rather they blame that on
the insurance companies and then vote for people who promise to
âdo something about itâ.
Iâm sure there is brand damage from people hearing that a
particular car is frequently stolen, because having your car stolen
as a pain. I am skeptical the analysis reaches deeper than this
first level tho.
tomatocracy wrote 3 hours 45 min ago:
I don't think high insurance costs would result in brand damage
as such. But it absolutely would result in reduced sales and/or
reduced resale value, because sufficiently many people comparing
which car to buy will look at the insurance cost for each
particular car they are comparing as part of that decision.
bri3d wrote 9 hours 35 min ago:
As far as I know no vehicles use this kind of rolling code algorithm
for push button start, only key fob functions. Certainly not in
Europe (due to immobilizer regulations) but I donât believe
anywhere else either.
Generally, long range key fob button functions and the short range
start release functions are separated, both intentionally for
security reasons and due to the different problem space occupied by
each.
Itâs also worth noting that European makes in general tend to have
much better cryptographic key security. My understanding is that this
is due to a combination of regulation, a relationship between
insurance and automakers which requires some security standard, and a
high rate of theft leading to an adversarial environment.
someothherguyy wrote 9 hours 52 min ago:
As a DIY option, there are definitely ways you could add MFA-like
security with a simple switch/relay (attached to said authentication
factor) in most ignition systems.
However, that wouldn't help with the "desyncing" or unlocking aspects
of this attack.
acomjean wrote 8 hours 58 min ago:
I had a used VW gti (late last century) with an imobilizer. It let
the engine crank but wouldnât start. It also locked the hood
from opening, leading to some panic when first getting the car and
forgetting it had this feature.
It was a circular key below the steering wheel.
_kb wrote 9 hours 40 min ago:
A physical steering wheel lock works too.
Not every problem needs a tech solution.
bitexploder wrote 8 hours 4 min ago:
Removable steering wheel. Most thieves do not carry a steering
wheel with them.
_kb wrote 7 hours 35 min ago:
Rowan Atkinson approves.
URI [1]: https://youtube.com/watch?v=yns_DhYrOpY&t=19m30s
arcanemachiner wrote 9 hours 34 min ago:
They're basically describing a hidden kill switch/toggle, which
is just as much of a tech solution as the one you're describing.
Of course, they wrapped it in some nerdy terminology, which IMO
obscures the intent of their suggestion.
seany wrote 11 hours 23 min ago:
Why isn't a link to the repo/firmware the first link in the article?
a96 wrote 5 hours 59 min ago:
Most likely because it's made up.
radicaldreamer wrote 11 hours 25 min ago:
You can be sure that this attack has been well known to intelligence
agencies for a while.
arcanemachiner wrote 9 hours 28 min ago:
Who needs an attack when you've got backdoors and secret courts?
jondwillis wrote 6 hours 6 min ago:
¿Por que no los dos?
waltbosz wrote 12 hours 23 min ago:
Jokes on them, I lost my key fob years ago.
theoreticalmal wrote 12 hours 36 min ago:
If the attack causes the original key to no longer work, imo the major
threat vector is someone sitting in a parking lot, capturing key
presses, performing the attack, and forcing the user to tow+re-program
the key as a nuisance, rather than stealing the vehicle
mormegil wrote 5 hours 16 min ago:
On what car do you _need_ the remote to enter and drive the car
(having tow the only alternative to e.g. the remote battery dying)?
In all cars I have used, you could just use the physical key if the
remote failed.
randunel wrote 2 hours 2 min ago:
My wife certainly doesn't know how to unlock and start the car
without the "keyless" function. Every time the fob runs out of
battery, she needs step by step instructions otherwise she's stuck
there. She uses and sometimes programs SQL and API calls at work,
but knows next to nothing about cars.
goda90 wrote 6 hours 42 min ago:
Even more nefarious is preventing the victim from using their vehicle
as a refuge or escape from a dangerous situation such as an attempted
murder or kidnapping.
protocolture wrote 10 hours 52 min ago:
Capture the lock as they walk into a store.
Take the car while they are in the store.
boudin wrote 6 hours 2 min ago:
I'm not sure this attack allows starting the car itself.
summermusic wrote 12 hours 8 min ago:
In addition to being able to break in and steal anything thatâs
kept in the car
ponector wrote 18 min ago:
One don't need any keys or other equipment for that. Glass is
really fragile unless armored with foil.
antirez wrote 12 hours 54 min ago:
I guess this attack is against the keeloq protocol. There are no known
total breakage of this kind AFAIK, against the cryptography implemented
in the chip. This will be interesting to understand, I mean: what they
are exactly doing here.
doctorpangloss wrote 8 hours 7 min ago:
A protocol that makes sense would be: mTLS. But. Guess what these
fobs do not do? Something that makes sense.
hulitu wrote 6 hours 43 min ago:
And passkeys. Don't forget passkeys. Trivially to implement in some
kB of ROM. /s
jeroenhd wrote 5 hours 41 min ago:
You jest but there's no reason to stick with twenty year old
component restrictions in a car that costs forty grand.
The real cost will be in the software validation and road safety
hardening, but there's no reason why the ROM size should be
limited to kilobytes.
You can implement full passkey cryptography on a basic esp32 (
[1] ). Cut out the cruft and you can definitely get a similarly
secure algorithm on an actual car key or key receiver.
And honestly, with cars now unlocking over Bluetooth and WiFi,
standardising that process to something like FIDO wouldn't even
be that awful of an idea. It certainly beats the "we can do
cryptography at home" many car manufacturers seem to be going
for.
URI [1]: https://github.com/polhenarejos/pico-fido
vbezhenar wrote 1 hour 10 min ago:
ESP32 won't work 5 years from cell battery. My Dacia key does.
Embedded hardware is limited not just because someone wants to
save bytes, but because someone wants to save joules (and PCB
size).
Terr_ wrote 13 hours 4 min ago:
I sometimes imagine how much of this could be avoided if the
communication signals weren't (a) broadcast or (b) a imperceptible to
humans.
If it an electrical contact in the door handle, it would be very
difficult for anyone to monitor or inject other signals.
If the signals were audible sound, you'd know when someone was jamming
it.
In practice, my number one use of a fob from a remote distance is
locking, rather than unlocking, and those two operations don't have the
equivalent security risk.
meindnoch wrote 42 min ago:
>If the signals were audible sound, you'd know when someone was
jamming it.
This would be very popular in East Asia. They love everything that
beeps. Rice cookers play a melody, pedestrian crossings play a
melody, garbage trucks play a melody. Japan is the country of beeps.
misswaterfairy wrote 10 hours 45 min ago:
> In practice, my number one use of a fob from a remote distance is
locking, rather than unlocking, and those two operations don't have
the equivalent security risk.
Wouldn't the risk be the same if the same rolling code keys was used
for both locking and unlocking?
I would be surprised if automotive manufacturers used separate
rolling code keys for locking and unlocking.
Terr_ wrote 9 hours 24 min ago:
> Wouldn't the risk be the same if the same rolling code keys was
used for both locking and unlocking?
Yes, what I meant is that such symmetry is not strictly required,
and breaking the symmetry opens up ways to enhance security (of
unlocking when you arrive) while keeping most of the convenience
(of locking while leaving.)
For example, imagine "Lock" is a typical broadcast from anywhere
within X meters, but "Unlock" requires touching the fob to an
infrared port, and they use independent codes.
a96 wrote 6 hours 8 min ago:
Peugeot used to have infrared keys. Several people who thought
their central locking was glitchy have been surprised to learn
that pointing the key at the side window makes it work every
time.
hsbauauvhabzb wrote 13 hours 12 min ago:
What practical use does this have? From my reading if I capture an
unlock signal, the car will not unlock for the owner, so theyâll
press their remote a few times.
If I capture a lock signal, presumably I can instead prevent it from
locking. The only real world malicious action I can see is being viable
is to block the car lock, meaning the car is still in an unlocked
state, open the boot (which Iâm guessing can be done from the car
dash anyway) then locking it afterwards?
theChaparral wrote 12 hours 36 min ago:
This attack lets you use all the functions of the key fob, and not
just the action captured.
hsbauauvhabzb wrote 11 hours 31 min ago:
It makes no suggestion that itâs possible to start a
push-to-start car.
Someone looking to break into your car will probably use a brick,
not a flipper zero.
fc417fc802 wrote 10 hours 30 min ago:
Bricks attract lots of attention in busy parking lots. An unlock
chirp, removing some bags, and walking off will appear legitimate
to bystanders.
protocolture wrote 10 hours 53 min ago:
Its flipper zero performing this [1] Suggests that it can be used
to start a car. Whether it was a fob start or push start isnt
specified.
URI [1]: https://i.blackhat.com/USA-22/Thursday/US-22-Csikor-Roll...
usmannk wrote 8 hours 53 min ago:
which slide suggests this? i didnt find anything suggesting you
could start a car with rollback
xyst wrote 13 hours 13 min ago:
cool, I needed a new car, thanks
jeffbee wrote 12 hours 3 min ago:
Pretty sure you want an old car to avoid this one. A bicycle would
also avoid it.
self_awareness wrote 4 hours 29 min ago:
Walking also would avoid it. Bicycles produce brake dust!
withinboredom wrote 11 hours 44 min ago:
Unless you're my son who has to buy a new bicycle lock every month
because he loses his bike keys.
burnt-resistor wrote 8 hours 26 min ago:
Tile Pro and AirTag on the keys, and probably on the bike too.
withinboredom wrote 4 hours 47 min ago:
AirTags require people having iphones. Tile requires people
with the app. I've lost things with both these items on them
and never saw a ping from them ever again.
burnt-resistor wrote 3 hours 12 min ago:
Well, yeah, there are limitations to everything. They're not
going to work on stolen devices when they're overtly
advertised in cutesy keyfob holders that say "throw me away
first". Use your brain because you have to disguise
them on some objects.
AirTags and Tile Pro work fine wherever there are other
people. They're not going to work in the Atacama.
They worked fine every time I used them. I recently sent a
laptop to France and included one of each. Sometimes the Tile
pinged and sometimes the AirTag pinged, but they worked
really well across continents.
I also have about 4 of each in a vehicle left unattended for
a while in a parking garage that doesn't have a great deal of
people around it. And all of them ping at least once a day.
The Tile Pros have ~100m LoS range which are quite a bit more
than previous ones from years ago.
withinboredom wrote 2 hours 48 min ago:
I dropped one on a keychain on a sidewalk. It never pinged.
That was an AirTag.
The other was the time I left my car keys on top of my car.
Someone took the keys and put them in a random nearby
businessâs lost and found. The tile never pinged over the
course of days and I had to find it the old fashioned way.
These things never worked for me, but itâs good to know
that mail delivery people use these apps/devices that will
let you track your packages in realtime.
burnt-resistor wrote 1 hour 47 min ago:
I didn't realize I dropped AirPod Pros in a case with an
AirTag. I watched them bounce around inside an unoccupied
Google building like it was picked up by Google's
security people. Then, I watched it commute to a
residential area of a smaller town. The defunded local
police wouldn't even possibly look into it until 48 hours
later and only if they wanted to, and the smaller town
police wouldn't do anything. It pinged for a day or two
afterwards like someone had thrown it into a/their
neighbor's trash can.
Lesson: Don't lose shit.
arcanemachiner wrote 9 hours 28 min ago:
Combo lock
egypturnash wrote 11 hours 41 min ago:
Get your son a key ring with a chain and make him attach it to
his bag or his pants somewhere.
IshKebab wrote 13 hours 17 min ago:
Kind of insane that this works... Surely whoever implemented this knew
it was insecure? I honestly wouldn't have thought to check for this
vulnerability because... who would do that??
dylan604 wrote 13 hours 1 min ago:
I don't think the word "secure" was ever part of the discussion on
keyless entry for cars. They would have used something like
"convenience". Secure would maybe be considered in that the car doors
are now locked from the keyless. But as far as "secure" being used in
regards to the transmission/receiving of the wireless signal? I doubt
if it was ever mentioned by anyone other than PR.
IshKebab wrote 5 hours 7 min ago:
It definitely was because they used to not even use rolling codes.
Rolling codes were specifically created to prevent replay attacks,
and then they somehow thought "oh but if you replay two keys we'll
accept them". Insane. They must have just hoped nobody would even
think to try that because it's so ludicrous.
tamimio wrote 13 hours 32 min ago:
Cool, I was planning to get a spare car key, not anymore!
Also, glad I have one before they would ban it. Itâs a neat tool that
I have everything I want there, instead of having 4 fobs, one garage
remote, plenty of IR remotes, itâs AIO. Plus I donât have to pay
fees to replace my lost fobs
imzadi wrote 13 hours 26 min ago:
Sadly, it won't work as an extra key, because it causes the original
key to stop working.
tamimio wrote 13 hours 23 min ago:
Welp, thatâs a bummer! Have you tried it?
Alejandro9R wrote 13 hours 20 min ago:
It says in the article
tamimio wrote 12 hours 55 min ago:
In that case, it mostly will be used in a bad way.
imp0cat wrote 2 hours 44 min ago:
Yeah, by "researchers".
cakealert wrote 13 hours 58 min ago:
Why are so many car manufacturers incapable of using cryptography
properly?
ronsor wrote 10 hours 20 min ago:
You can ask this question about almost every non-software company.
Hell, you can ask this question about most software companies.
The real question is "why are most people and companies incapable of
using cryptography properly?"; and the answer is that doing
cryptography right is hard, especially if your use case isn't a
common one.
downrightmike wrote 10 hours 39 min ago:
Like when just putting in a usb-A anything into the steering column
and letting the car drive away? Nah man, no one will figure it out.
We're good. Our backdoors are the best
brk wrote 11 hours 3 min ago:
It's not like the systems they used for physical keys were ever very
robust either.
nullc wrote 11 hours 47 min ago:
Cryptography is actually difficult for the requirements of a key fob.
The principle issue is that requiring two way communication greatly
increases hardware cost and lowers range/reliability. You also would
prefer to minimize or eliminate any volitile storage on the devices.
Also you very much want to absolutely minimize the data sent, both
for battery life and range/reliability reasons.
And whatever volatile storage the devices have you need to have some
way of handling it being reset when its lost due to a dead battery or
replaced device.
So standard replay resistant protocols like "door sends a random
challenge, fob signs/decrypts/encrypts it and sends the result" are
excluded due to the two-way requirement.
The next obvious set is along the lines of "device sends an encrypted
counter, door enforces that the counter only goes up" requires nonvol
storage in both devices, and then gets tripped up when the fobs
counter goes back down due to being reset. (also harder to implement
multiple fobs, as they each need unique state).
cyberax wrote 9 hours 59 min ago:
> Cryptography is actually difficult for the requirements of a key
fob.
No, it's not.
> The next obvious set is along the lines of "device sends an
encrypted counter, door enforces that the counter only goes up"
That's already how rolling codes work. Running a strong crypto
algorithm (even Ascon/Speck would be fine here) requires negligible
power.
The issue is that this system is still susceptible to jam+replay
attack. An attacker can jam the transmitter signal, while recording
it at the same time. The user assumes that the button press just
didn't register and tries again. The attacker also jams this and
records the code. But then the attacker replays the _previous_ code
that they stored, keeping the latest code for their future use.
This can _also_ be fixed with a simple capacitor-powered timer
circuitry, charged during the keypress. The device can stay
completely inert at all other times.
fc417fc802 wrote 10 hours 38 min ago:
Agree about the requirements but disagree that it's difficult.
Two way communication and a few KiB of nonvolatile storage on the
fob shouldn't be a deal breaker when an ESP32 dev board runs under
$10 (an ESP32 being massive overkill for the described use case).
The device sending an encrypted counter is also trivially easy.
There's no reason a modern vehicle can't store hundreds (or
thousands, or tens of thousands ...) of { u64 fob_id, u64 fob_key,
u64 fob_counter } triplets. Push it up to 128 bits if you're
paranoid, it won't have a meaningful impact on resource usage.
Case in point regarding the car storing state, the (broken) rolling
window algorithm they use requires that the car track the window
and accept presses that are out of sync by a decently wide margin.
That's likely more complicated and resource intensive than simply
enforcing that the nonce only ever goes up.
The rational conclusion is that the manufacturers are either
incompetent or malicious. I firmly conclude the latter given that
the fobs they offer that are actually secure introduce vendor lock
in and a charge to replace a key.
SoftTalker wrote 10 hours 57 min ago:
If only almost everyone carried a computer with a radio and local
storage and a good battery with them almost everywhere
nullc wrote 10 hours 43 min ago:
with a battery life of two years? and durable against going
through the washing machine?
SoftTalker wrote 10 hours 16 min ago:
If you want simplicity and ruggedness we should never have
moved away from steel keys.
hollerith wrote 10 hours 9 min ago:
Very few keys are made of steel. Brass is the most common
material.
SoftTalker wrote 10 hours 6 min ago:
The problem with brass is that it wears away and the small
shavings of metal gunks up the lock mechanism.
Mercedes used steel keys to avoid this.
kube-system wrote 12 hours 0 min ago:
The reason these vulnerabilities affect many brands is because they
donât use cryptography. They buy these electronics from other
suppliers.
dylan604 wrote 13 hours 5 min ago:
Proper security is a total pain in the ass, and makes things nigh
impossible to use in the manner people want to use them. This
naturally makes things more expensive to recover from oopsies.
This is why YubiKeys will only ever work for people technical enough
to understand them. Normies will loose it at the first chance, and
then be locked out of everything. At that point, YubiKeys will be
banned by Congress from all of the people writing in demanding
something be done about their own inabilities to not be an ID10T
glitchc wrote 7 hours 46 min ago:
You're right. Sometimes I get tired of typing my sudo passwords and
wish there was a faster way. Biometrics are not bad.
jeroenhd wrote 5 hours 35 min ago:
It really depends on the way biometrics are implemented. If
you're doing it Apple style, where a dedicated chip validates
biometrics and uses encryption and signatures to prove to the OS
that the user is who the say they are, they're as good and
trustworthy as the software you're running on them (which in the
case of macOS for instance requires full trust).
If you're doing the "fingerprints implemented as a webcam" or
software based facial recognition from a shitty webcam, you're
risking quick and easy bypasses. Still good enough for a computer
you leave at home (as long as you don't need to protect yourself
against shady law enforcement) but definitely not that secure.
From what I've been able to gather online, nobody but Apple and
phone manufactures seem to care much about actually doing
biometrics securely, including the biometrics hardware companies.
It's such a shame because it's definitely possible to do better.
giantg2 wrote 10 hours 53 min ago:
Proper security doesn't need to be perfect security. In the case of
car manufacturers, most of their fob implementations are borderline
negligent.
theamk wrote 11 hours 54 min ago:
As far as car security is affected, "normies" really don't care
what the algorithm is. The entire UX is "press button to open car,
go to dealership if you need new key" and it allows a wide variety
of choices re algorithms.
The only reason they use KeeLoq (with whopping 32 bits of
security!) instead of something normal, like I dunno, AES-128 or
something, is because they are trying to save $0.50 in parts on the
item they sell for $100. Oh, and because they don't like any change
and don't have organizational ability to use anything recent, like
other poster says.
Terr_ wrote 10 hours 51 min ago:
I wonder if it's less about the cost of silicon, and more about
the energy budget for a device that uses a button-cell battery.
Even if it's a problem with off-the-shelf stuff, I imagine a
car-manufacturer could easily get something all nice and tiny and
special-purpose.
theamk wrote 10 hours 14 min ago:
The encryption only needs to happen when button is pressed, and
I am pretty sure the radio energy consumption will be much
higher that CPU one.
Airtags transmit much more frequently than car remotes, use
similar batteries, and yet do proper security.
selkin wrote 9 hours 46 min ago:
Modern keyfobs keep listening and transmitting all the time,
as you no longer need to push a button. Just get close enough
to the car and it opens.
Terr_ wrote 8 hours 5 min ago:
A terrible "feature", since it means someone can steal your
car just by relaying the signal from outside your home at
night, or an accomplice walking near you as you're entering
the grocery store, etc.
I've become a big believer in leveraging some security
features of the physical world, as it seems it's been long
enough that everyone's forgetting Therac-25-style problems.
(Or, perhaps more accurately, nobody cares because they
aren't liable.)
imp0cat wrote 7 hours 28 min ago:
It's not as bad.
Modern keyfobs actually detect motion and if they are
motionless for a while, they stop transmitting the signal
to both save battery and prevent such attacks.
For old keyfobs, you can get a battery sleeve with
integrated motion sensor which does the same (cuts power
when fob is not in motion for a while).
Alternatively, some cars let you disable the feature and
just use the keyfob as you would use an older one - then
you habe to push the button anytime you want to unlock
the car.
fc417fc802 wrote 10 hours 54 min ago:
> The entire UX is "press button to open car, go to dealership if
you need new key"
Ironically proper security in this case would likely improve the
user experience as well. The car provides a 64 bit (or larger)
secret value and you manually program a standardized fob with it.
No need for custom parts that are only available from the dealer.
dylan604 wrote 11 hours 26 min ago:
> (with whopping 32 bits of security!)
Ha! DVDs at least had 48 bits. /s
sneak wrote 13 hours 18 min ago:
They're not. There is AFAIK an ssh key infrastructure for OnStar
that's modern and well-run, for example.
Things like key fobs are most likely very incremental changes on
"this is the way we've always done it". These organizations are
behemoths and steer with all of the inertia of a containership.
VoidWhisperer wrote 10 hours 42 min ago:
And tend to get stuck in their ways like a container ship stuck in
the suez canal
tamimio wrote 13 hours 27 min ago:
Car manufacturers are like automation/control manufacturers; they
existed before cybersecurity and never caught up to the pace. If you
ever audited any SCADA system, you will see nightmares. For cars,
some new models of popular brands (not specifying any), you can
access the CANbus from the headlight where you can reprogram the ECM
to your new key. It's that simple to "own" a modern car.
Terr_ wrote 10 hours 54 min ago:
> It's that simple to "own" a modern car.
On the other hand, it's been a great excuse for a hobby project
with 12V relays and learning how to write code for an ESP32. :P
I still haven't yet figured out which CAN-bus to tap and which
undocumented byte-messages to interpret... but entering the Konami
Code on the steering wheel to unlock the ignition is quite
plausible. Or an NFC/RFID tag over a hidden reader, or an active
bluetooth connection to my phone, etc.
Whatever the case, quite enough to stop the average thief that
would target a cheaper vehicle like my own. You could also skip the
ESP32, and have a purely analog switch tucked away.
waste_monk wrote 5 hours 52 min ago:
>but entering the Konami Code on the steering wheel to unlock the
ignition is quite plausible.
The left, right, left, right part I can see, but surely up, up,
down, down, would be difficult on most steering wheels :)
reorder9695 wrote 4 hours 10 min ago:
What about media controls? My steering wheel anyway has up and
down buttons for skip songs
dfex wrote 12 hours 6 min ago:
PREACH!
Currently sitting in a control room at a greenfield manufacturing
facility trying to describe why even VLANning the control network
would be a good idea to some controls engineers who want a
plant-wide subnet for all PLCs that will be remotely supported by 6
different vendors. The struggle is real
protocolture wrote 10 hours 56 min ago:
Loosely aware a controller manufacturer who wanted a
bluetooth/wifi based password recovery utility with a fixed or
predictable recovery key.
They were asked what their exposure would be if someone walked
into a datacenter and used their phone to disable all the
airconditioning systems.
giantg2 wrote 11 hours 25 min ago:
Do they want the passwords for all their systems to match so they
don't need to remember as many?
dfex wrote 10 hours 26 min ago:
My suspicion is that they want all the passwords on this site
to match the one they use with all their other customers too.
Saves money on password management.
bbarnett wrote 12 hours 58 min ago:
I've seen one-manufacturer, 2024 models at least, which requires
two keys in range, before a third key may be programmed.
Good idea, don't know how effective it is in reality.
rootusrootus wrote 9 hours 39 min ago:
That's common, and it's often a bit stricter. E.g. my Ford
Lightning has a pocket you have to put the fob into for this kind
of activity. For certain things you need both fobs, so you do
one, and then the other, as part of a sequence in the
programming. Just being in range isn't good enough.
bayindirh wrote 12 hours 52 min ago:
Needing two keys for a third one is not new. My 25 year old car
needs two keys for adding the third, old Fiats has âred
masterâ keys which are also required during adding keys.
dzhiurgis wrote 10 hours 34 min ago:
Man wish we could copy that key onto smartphone (Apple needs to
add flipper zero's tech to iPhone) for easy keyless access.
serf wrote 12 hours 13 min ago:
Honda/Acura/Toyota have used similar systems for years; this is
one of the reasons why cloning a key costs less flagged hours
than making a new one for an owner that lost all of them : when
you lose all of them you need to get the actual computer out
and pair it with the ecm directly, when you clone them there is
a ritual that can be done with the other keys+ the new one.
tonyarkles wrote 8 hours 15 min ago:
> ritual
I cannot think of a better word to describe the process. The
ritual may involve some chanting. Thank you for that :D
pastage wrote 58 min ago:
Ceremony like what is done for the DNS root signing.
the_mitsuhiko wrote 13 hours 57 min ago:
To some degree customers love it. It allows you to program your own
replacement key without having to go through the manufacturer or an
official dealer.
theamk wrote 11 hours 47 min ago:
You can have strong cryptography + ability to self-pair. See
bluetooth or wifi or zigbee or many other technologies..
fc417fc802 wrote 10 hours 51 min ago:
Maybe the car manufacturers should just give up and adopt BTLE.
Proper security, and you could unlock with your phone.
IshKebab wrote 13 hours 27 min ago:
What does? The article is very unclear about what exactly this
does.
the_mitsuhiko wrote 13 hours 15 min ago:
The attacks to rolling code keys are well known but these keys
continue to exist. They allow you to pair a key yourself to the
car that you buy online. Particularly in the US it's quite
common that people buy used cars and then another key online that
they pair themselves.
You won't be able to do this for instance with VAG cars that have
KESSY. First of all the immobilizer is paired to the key,
secondly the only way to pair a new key to it is via the
manufacturer or a licensed dealership because you need a blob
from their central server. But the consequence is that people
feel like they are being fleeced when they need another key,
because it can cost you hundreds of dollars to pair one.
In general these types of attacks are much harder in Europe where
immobilizers have a legal minimum standard that manufacturers
have to meet. On the other hand in the US immobilizer are
entirely optional, which has famously led to KIA and Hyundai cars
shipping without them and the Kia Boys TikTok phenomenon.
IshKebab wrote 5 hours 2 min ago:
But the attack claims to not need access to the car to initiate
any kind of pairing sequence...
the_mitsuhiko wrote 3 hours 55 min ago:
Yes. With rolling codes this vulnerability and similar ones
are known for a very long time.
IshKebab wrote 38 min ago:
Seems to be from 2022. I wouldn't say that is "a very long
time".
fc417fc802 wrote 10 hours 47 min ago:
> But the consequence is that people feel like they are being
fleeced when they need another key, because it can cost you
hundreds of dollars to pair one.
Because the ARE being fleeced. It's an artificial dependency on
the vendor on the one hand versus a blatantly insecure approach
on the other.
Secure pairing that can be done by the end user isn't rocket
science.
the_mitsuhiko wrote 3 hours 53 min ago:
It is a bit rocket science because cars stand around. The CAN
bus can even be externally accessed if you pop open the right
part of the car (common fault are adaptive headlights). It is
not as trivial as people make it out to be because cars
violate one of the most important principles of having good
security: no physical access.
IshKebab wrote 1 min ago:
It is trivial:
1. Initiate pairing via the entertainment system interface.
2. Use rolling codes. Don't allow rewinding the codes.
3. Add a tiny tiny bit of non-volatile memory in the keys
so that batteries can be changed without breaking the key.
This is only necessary if the car can't be entered using
the physical key, otherwise the user can just open the car
with the physical key, turn on the ignition and re-pair the
key.
I could make a secure system to do this and I'm no crypto
genius. (Note this would still be vulnerable to rolljam but
that's not a very practical attack, and defeating that is a
bit difficult.)
To support car hire/share places if they want to prevent
users pairing new keys you could allow setting a password
on the pairing interface.
fc417fc802 wrote 3 hours 24 min ago:
That has nothing to do with secure pairing. It's an
entirely orthogonal concern. Any sensitive system on a
vehicle is going to be subject to the same thing.
I don't think anyone will be surprised if the security is
swiss cheese once you pop the hood open or bust a headlight
out. Keep in mind that a brick to the window and tearing up
the center console will get you physical access to the head
unit on most vehicles.
j1elo wrote 13 hours 55 min ago:
No doubt they would charge $100 or more for just clicking a button
and having the equivalent of an NFC writer.
hungmung wrote 11 hours 56 min ago:
Well they don't call them stealerships for nothing.
pkaye wrote 12 hours 45 min ago:
I wonder who make more money on this. The car dealer or the
manufacturer.
colechristensen wrote 13 hours 49 min ago:
When my favorite quadruped knocked my keys into the trash I had
to get my car towed to the dealer for them to program me a new
key. One one hand, top notch security as it was impossible to do
any other way. On the other hand the total to get this done was
something like $500 after everything.
dylan604 wrote 13 hours 8 min ago:
I did this to myself by placing my keys in a pocket of a bag
that I've never used before when returning to the airport
parking. I found the keys in the bag after paying to have it
re-keyed after paying for the tow from the airport to the
closest dealer.
mh- wrote 10 hours 22 min ago:
This is totally something I'd do. I'm very organized when I
travel for work and everything has a place. If I
absentmindedly slip something into the wrong part of my bag,
it might as well be invisible..
imp0cat wrote 7 hours 22 min ago:
Get a bluetooth tracker (Apple Air Tag, Samsung Smart Tag
or the generic Google Find My compatible one for other
Android devices), set it up with your phone and attach it
to your car keys.
Then anytime you misplace your keys, you can look at a map
on your phone and it will show you where to go.
mh- wrote 7 hours 19 min ago:
Yeah, big +1 on this tip. I have AirTags on my bags
themselves as well as some other things. Don't have them
on my key fob, but you may have inspired me to attach one
haha.
The map thing when you're nearby and it goes into the
sonar-like mode is super cool. Especially combined with
the ping noise.
dylan604 wrote 8 hours 0 min ago:
I'm a great example of "for someone supposed to be smart,
you do the dumbest things"
mh- wrote 7 hours 57 min ago:
Haha, I heard this a lot growing up. And now I have kids
of my own..
palata wrote 14 hours 35 min ago:
> A consequence of this is that the original keyfob gets out of sync,
and will no longer function.
I always wonder about this: what is the consequence of that? Can the
user reset it, or does it have to be done by a retailer or something?
brk wrote 13 hours 42 min ago:
Depends on the implementation. Most times you just have to click it a
few times in a row. The receiver then realizes it missed a few button
presses and it re-syncs. Iâm not sure what that window is though,
at some point it might get so out of sync that the receiver ignores
it and assumes it is a wrong fob.
siffin wrote 10 hours 54 min ago:
If I remember correctly the size of the rolling window differs,
more modern vehicles may allow about 100 code discrepancy before
ignoring the transmitter, while old models might have been 5 to 10.
DIR <- back to front page