My car was parked at the grocery store during an electrical storm. Lighting hit nearby and my "keyless entry system" unlocked the doors. After that my key fob no longer opened the doors. In the next few weeks I noticed more odd behavior: My dad's key fob opened my doors, my sister's key fob opened my doors, and a couple of random stranger's key fobs opened my doors. I've had the dealership reset my security system three times now at $40 a pop, and it still don't work right. Great technology! I long for the days before keyless entry technology, when you had to use a key to open the doors.
Predictably, the car companies are stuck in the past. Much like GSM for your cell phone, keyless entry remotes are not secure and relied on security through obscurity.
The thieves simply have a small computer with an antenna that basically brute forces your keyless entry system.
It's like having 1000000 physical car keys in front of you and pushing the unlock button, key by key, until the door opens
It's aggravating, because even this kind of attack is easy to defend against. If the keyless entry system receives, say, five bad signals in a second, just go to sleep for five seconds. Makes brute force impractical.
So I don't know much about either these keyless ignition systems or security and encryption, but is it really that simple? According to my not-super-legitimate internet source (http://auto.howstuffworks.com/remote-entry2.htm), typical remote entry keys work with at least 40 bit codes, and different car manufactures use different systems/#s of bits. In additon, since the codes are encrypted with different random #s every time, you can't just enumerate every possible combination.
The concept of brute forcing, and doing it successfully for many different cars in a short period of time, just doesn't pass the smell test for me.
I am very far from alarmed. Though I can think of all of the 'scary' doom scenarios that go along with this, I figured out a long time ago that even my normal barely-running vehicles could be broken into or worse. Any doom beyond that has chances that are more rare than hurting myself while getting into the same car. So I'm not going to worry about it.
I'll continue to take reasonable precautions (don't keep valuables in the vehicle, have insurance, look into the car at night since I rarely lock it, etc). And yes, I rarely lock the car. I figure that a broken window (what I figure is the most common entry) will hurt me more financially and cause more inconvenience than anything in the car.
Technically speaking, if people can get my credit card numbers, it is unsurprising that the door lock technology can be manipulated. Locks never keep the determined out, it merely forces them to work more creatively.
the idea that any car even could be safe from thieves is laughable. all the crypto in the world isn't going to stop someone from smashing your window with a crowbar. hell, in SF it's safer to leave your windows open and doors unlocked with nothing inside.
don't leave valuables in your car, and buy insurance against theft.
The point of the car alarms and crypto is to notify you if your car is broken into, that will act as a deterrent.
That aside, many car thieves will even steel airbags (very expensive), and you can't exactly go around dismantling and removing them every time you leave the car.
[+] [-] ergoproxy|12 years ago|reply
[+] [-] na85|12 years ago|reply
Predictably, the car companies are stuck in the past. Much like GSM for your cell phone, keyless entry remotes are not secure and relied on security through obscurity.
The thieves simply have a small computer with an antenna that basically brute forces your keyless entry system.
It's like having 1000000 physical car keys in front of you and pushing the unlock button, key by key, until the door opens
[+] [-] beat|12 years ago|reply
[+] [-] gms7777|12 years ago|reply
The concept of brute forcing, and doing it successfully for many different cars in a short period of time, just doesn't pass the smell test for me.
[+] [-] Broken_Hippo|12 years ago|reply
I'll continue to take reasonable precautions (don't keep valuables in the vehicle, have insurance, look into the car at night since I rarely lock it, etc). And yes, I rarely lock the car. I figure that a broken window (what I figure is the most common entry) will hurt me more financially and cause more inconvenience than anything in the car.
Technically speaking, if people can get my credit card numbers, it is unsurprising that the door lock technology can be manipulated. Locks never keep the determined out, it merely forces them to work more creatively.
[+] [-] beachstartup|12 years ago|reply
don't leave valuables in your car, and buy insurance against theft.
[+] [-] gnaffle|12 years ago|reply
That aside, many car thieves will even steel airbags (very expensive), and you can't exactly go around dismantling and removing them every time you leave the car.
[+] [-] krapp|12 years ago|reply
... maybe being able to unlock a car remotely is a bad idea.