Does this attack work if you do not push any of the key fob buttons i.e. if you unlock the car by touching the front door handle with the key in your pocket; starting the car by pushing the engine start button with the key in your pocket?
This is my question. I've been keeping my key fob in a faraday box for almost a year because I heard that keyless entry and keyless start can be pinged during a night-time drive-by when the owner is likely to be home.
Obviously not a replay attack, but still seems to be a huge vulnerability.
I work at a major American automotive OEM on entry and starting systems. Yes, many passive-entry/passive-start systems (like those that use door handle sensors to trigger an unlock) are vulnerable to relay attacks. Relay attacks are separate from re_p_lay attacks, as you note.
Relay attacks on keyfobs seem to be much more common in the UK than in the US. Some manufacturers now include accelerometers in their keyfobs to mitigate the risk, as one of the most common attacks is stealing a vehicle out of a driveway when somebody has left their keys on a hook inside the house. With an accelerometer in the keyfob, it will refuse to authorize starting if it hasn’t been jostled recently.
baking|4 years ago
Obviously not a replay attack, but still seems to be a huge vulnerability.
aaronbeekay|4 years ago
Relay attacks on keyfobs seem to be much more common in the UK than in the US. Some manufacturers now include accelerometers in their keyfobs to mitigate the risk, as one of the most common attacks is stealing a vehicle out of a driveway when somebody has left their keys on a hook inside the house. With an accelerometer in the keyfob, it will refuse to authorize starting if it hasn’t been jostled recently.