[mykal shoemaker]

The more we have technology and convenience features, the more the thief has to learn and polish his technologies. Locks and other mechanisms are a way to delay the thief, and not an all_proof_protection.

I did read many threads and stories in TBHP which narrated Scorpios with security locks getting stolen from a spot. 2 scorpios, after the owner upgraded the security on his second Scorpio that too got stolen. Forgot the thread link. We have a thread explaining the Pajero robbery story in detail.

Even today's highest encryptions are decryptable, with adequate time and number of processors and resources .

So, I don't believe that there will be theftproof cars ,EVER.

[NetfreakBombay]

@ mykal shoemaker:

Certainly. However, amount of time it takes to defeat the security is deterrent by itself.

Now, since thief has a tool that makes it automatic and convenient. That is a bigger cause of risk.

[latentpotential]

These tools are easily available in the market today if you know where to look. If not, google is your best friend, get your tools shipped from China.

As for Mumbai, most of the major malls have a keymaker in the premises now, in the basement or the ground floor. These guys have duplicators for any key, activators/ software to program almost any chip key, plus they have spares as well (rebranded, so I was not able to figure out the origin). They have instruction guides in their laptops on how to copy/ code/ program any key that should be able to make. Give it a try as an experiment, you would be surprised what they can do. The charges are steep, from 2k onwards for chip/ coded keys.

Cheers!

[latentpotential]

Car theft: Drivers warned proximity keys for newer models might be a risk
http://www.abc.net.au/news/2015-04-1...reezer/6399650

Keys in freezer may keep Lexus in your driveway
http://www.thestar.com/news/gta/2015...-driveway.html

TORONTO POLICE HELP SOLVE MYSTERIOUS BREAK-INS
http://www.autonet.ca/en/2015/04/17/...in-the-freezer

WHY YOUR KEYLESS CAR IS VULNERABLE TO HACKING
https://practicalmotoring.com.au/car...ble-to-attack/



It is a bad way to start a thread with links to various articles, but the topic is important enough to do so, hence the articles to show the magnitude of the problem.

I quote from the last article:

Quote:

All you need to do is walk up to the car, open the door, press the starter button and you’re away. This is known as PKES, or Passive Key Entry/Start, as distinct from an active system where you need to go to the effort of pressing an actual button.

How does this magic PKES work? Simple. The car recognises when the key is close by and unlocks the doors, and will respond a press of the starter button when the key is very close to the button. Technically, the car is constantly searching for the key using low-powered signals, if the key responds, then the car will unlock automatically, or allow itself to be started depending on exactly where the car thinks the key is.

Unfortunately, this system can be hacked.

It is possible to break the encryption between key and car, decipher the commands sent and then send your own commands. That is very difficult, given the nature of the encryption. But there’s an easier way, and it’s called a relay attack.

The concept is simple. Amplify the signals sent from the car that search for the key and send them, over a distance, to the key. Amplify the key’s return signals and send back to the car. It’s important to note that it’s not just amplifying the car’s signal, the key’s signal also needs to be amplified so the car sees the response.

Then car and key think they are close together, when in fact they may be hundreds of metres away – possibly more. The amplification and distance introduces a tiny delay, and the tolerance of the car/key system to that delay is the major factor limiting the distance. The basic flaw is that the car’s security system assumes that the key can only respond if it’s close by.

How it works in practice is equally simple. Let’s say you’re at a cafe, keys on the table. An antenna connected to an amplifier is placed close to your car, and a similar unit is placed close to your key. Now your key thinks it is close to your car, so the thief can simply open the car and get in. Then the thief places the antenna close to the keystart button, and presses the button. The car starts. Or you could be waiting by an elevator, at a friends house…there’s so many places where someone or something could be close enough to the key without arousing suspicion, and need only be close by for the moments it would take the thief to open the car. The research paper we’ve looked at indicates that the key-side antenna might be as far as eight metres away from the key, and the total distance from car-to-key might be as much as sixty metres.

Of course, once the car moves off it will break contact with the “key” but that won’t matter, because all cars I’ve tested (and have been tested for this attack) permit the vehicle to keep moving and operate even when it loses contact with the key. There may just be a warning message, nothing more.

This is a dangerous attack because it doesn’t need the encryption broken, there’s no proof of forced entry – indeed, it looks just like the owner has opened the car – and no alarms will go off because the actual, proper key has been used. Might make for an interesting insurance claim in the event of theft.

Thieves Thwarting Remote Keyless Entry Systems with $17 Device

http://www.techlicious.com/blog/toyo...s-entry-thief/

Yes indeed. Chinese websites have even got such devices posted for sale for just 17 Dollars. I hope if I buy in bulk (lets say, 100 units) they will even reduce on this price tag.

What vehicles are vulnerable? I am not sure, but based on the content available here (http://www.roadandtrack.com/new-cars...entry-hacking/), at present we can say that:

Quote:

most common vehicles stolen are, strangely enough, utility vans like the Ford Transit, Transit Connect, and Mercedes-Benz Sprinter. It's not clear whether that's because of a particular vulnerability in those vehicles, or some other compelling reason. High-value late model BMW (15 percent of all thefts, according to the report) and Land Rover (10 percent) models are the next most common.

The Scotland Yard article also points out another way that the key-less thefts occur:

Break into the car, connect to the OBD port and download the lock/ unlock information to a blank new key. ( http://content.met.police.uk/Article.../1400029057620 )

I request members to go through these links for starting off, and share whatever you can find on this topic.

If you are aware of resources that can help prevent such events from occurring for anyone, do share the same, as well as any tips/ tricks you may have as well.

Please do use this thread for information exchange as well as to have a healthy debate on the said subject.

[thoma]

Thanks for sharing.

Quote:

Originally Posted by latentpotential

I quote from the last article:

If at all there was a on/off switch to kill the key fob, once we decide to park it overnight. Removing the battery every night is not possible and can damage the fob.

Putting it in a closed metallic box is viable though.

Quote:

The Scotland Yard article also points out another way that the key-less thefts occur:

Break into the car, connect to the OBD port and download the lock/ unlock information to a blank new key.

Can the immobilizer code of an ordinary keyed entry car be hacked similarly?

[latentpotential]

Quote:

Originally Posted by thoma

Thanks for sharing.



If at all there was a on/off switch to kill the key fob, once we decide to park it overnight. Removing the battery every night is not possible and can damage the fob.

Putting it in a closed metallic box is viable though.

Can the immobilizer code of an ordinary keyed entry car be hacked similarly?

I have not considered a metal box yet, instead am checking to see the efficacy of anti-static metallic pouches.

Also, I do not know the answer for your query around regular cars. Hence the thread.

[varunsangal]

Quote:

Originally Posted by NetfreakBombay

@ mykal shoemaker:

Certainly. However, amount of time it takes to defeat the security is deterrent by itself.

Now, since thief has a tool that makes it automatic and convenient. That is a bigger cause of risk.

True, the time taken to break-in would act as a deterrant. With the number of cars on the road, a thief would probably pick the one which is easiest to steal. I personally favour the ubiquitous pedal lock in addition to the autocop/ keyless entry systems. Costs about 500INR apiece and provides a visual deterrant to thieves.

[thoma]

Quote:

Originally Posted by varunsangal

I personally favour the ubiquitous pedal lock in addition to the autocop/ keyless entry systems. Costs about 500INR apiece and provides a visual deterrant to thieves.

I did buy two of these from ebay for my two cars. Since one of that went useless after a months usage, the other is lying unused. The issue was that the locking could come apart if applied force with hand, as the locking mechanism has a lot of play, not precise engineered. Maybe a better design from a reputed manufacturer, I might buy one again; because, as you said, it definitely is a visual deterrent.

[varunsangal]

Quote:

Originally Posted by thoma

I did buy two of these from ebay for my two cars. Since one of that went useless after a months usage, the other is lying unused. The issue was that the locking could come apart if applied force with hand, as the locking mechanism has a lot of play, not precise engineered. Maybe a better design from a reputed manufacturer, I might buy one again; because, as you said, it definitely is a visual deterrent.

The one I have has lasted a full 11 years and counting. There is another version which uses the standard 'Harrison ka tala' a.ka. padlocks as the locking mechanism. It may help avoid the faulty engineering issue. Though, Have never used the padlocks version personally.

[zing]

Quote:

Originally Posted by varunsangal

The one I have has lasted a full 11 years and counting.

Was planning to buy these till I checked on youtube
Apparently, a half-decent hack-saw can saw the darn steering wheel itself within less than a minute! While it is still a good enough visual deterrent, somehow it still doesn't offer enough peace of mind. I agree though that "piece of mind" comes differently to everyone

[vin_b]

Came across an article where the Researchers at the Usenix security conference have found a way to unlock older generation VW cars very easily starting from 1995 to Golf MK6. Only the cars starting from MK7 which I believe launched in 2015 are safe and uses more modern security. The same researchers had earlier found a way to remotely start the VW cars in 2013 and also similar hack to unlock other cars such as Alfa Romeo, Fiat , Ford to name a few

Source

Quote:

It’s a bit worrying to see security techniques from the 1990s used in new vehicles

Researchers at the Usenix security conference in Austin will soon present a paper outlining two remote unlocking vulnerabilities, one of which puts nearly every Volkswagen Group vehicle manufactured since 1995 in jeopardy

The researchers said VW’s latest Golf 7 model and others that use the same locking system are immune to the hack because they use unique security keys. Most VWs, however, still use the older, vulnerable tech. Neither of the two hacks, which use different methods, do more than let thieves unlock and enter the cars, which of course would enable them to steal the contents. They’d have to use other tricks to start the engine and steal the car.

[Tanveer_2558]

Honestly, Keyless entry and go provides a great amount of convenience, But yes its not perfect, For instance i always keep the keys of my XUV 500 in my pockets, Now sometimes to meet someone out of the car, Or to just check on the wiper or for any random reason, I step out from the car, The car beeps and a warning about key not detected comes up on the screen but the car remains ON! Now i would have really liked to have a feature where the car would shut off itself if the key is not detected in the car or after a certain radius, Is such a thing present in any of the cars that i am not aware of?

[Nonstop-driver]

Reviving an old thread.

This recently got featured across auto portals on the internet
https://www.rushlane.com/thieves-ste...12234212.html/

But the question is - isn't it easy for Hyundai to identify who requested the PIN and nab the thief?

[ajmat]

Here is another case of BMW's getting stolen in London
http://www.dailymail.co.uk/news/arti...MW-MINUTE.html

[silverado]

If I understand this tech correctly, the cost involved is high but risk is very low.Can aluminum foils block such signals?