Team-BHP - Got Keyless entry & go? Your car could be easy to steal
Team-BHP

Team-BHP (https://www.team-bhp.com/forum/)
-   Technical Stuff (https://www.team-bhp.com/forum/technical-stuff/)
-   -   Got Keyless entry & go? Your car could be easy to steal (https://www.team-bhp.com/forum/technical-stuff/95270-got-keyless-entry-go-your-car-could-easy-steal.html)

Quote:

CAR THEFT BY ANTENNA

Researchers beat automatic locking and ignition systems.
By Erica Naone

Car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key, according to new research that will be presented at the Network and Distributed System Security Symposium next month in San Diego, California.

The researchers successfully attacked eight car manufacturers' passive keyless entry and start systems—wireless key fobs that open a car's doors and start the engine by proximity alone.


No key required:
A researcher shows
how an attacker could start a car
using an antenna. A signal from the car
is transmitted to a computerized key,
which is tricked into enabling the engine ignition.
Credit: ETH Zurich


Srdjan Capkun, an assistant professor of computer science in the system security group at ETH Zurich in Switzerland, who led the work, says he was inspired to investigate the security of keyless entry and start systems after buying a car that had one. Capkun and Aurélien Francillon and Boris Danev, both researchers in the same institution, examined 10 car models from the eight manufacturers. They were able to access all 10 and drive them away by intercepting and relaying signals from the cars to their wireless keys. While they could relay the signals from the key back to the car as well, usually they did not need to because the key transmits its signals up to around 100 meters. The attack works no matter what cryptography and protocols the key and car use to communicate with each other.

Normally, when a wireless key is within a few meters of the right car, it detects a low-powered signal that causes it to issue a command that opens the car enable the ignition. The researchers used a pair of antennas to transmit these signals from the car to the key when the key was farther away, tricking the car into opening without the ordinary authorization. One antenna needs to be very close to the car, and one needs to be within eight meters of the key.

The researchers came up with two versions of the attack. In one, they ran a cable from near the car to near the key and used it to transmit the signals. They conducted the other wirelessly. Francillon says that the materials for the wired attack cost about $50, and those for the wireless attack cost between $100 and $1,000, depending on the electronic components used.

The researchers tested a few scenarios. An attacker could watch a parking lot and have an accomplice watch as car owners as entered a nearby store. The accomplice would only need to be within eight meters of the targeted owner's key fob, making it easy to avoid arousing suspicion. In another scenario, a car owner might leave a car key on a table near a window. An antenna placed outside the house was able to communicate with the key, allowing the researchers then to start the car parked out front and drive away.

A car won't open or start if the signal from its key takes too long to arrive, so the researchers devised a way to speed communication between their antennas. Most relay attacks require the signals to be converted from analog to digital and back, which takes time. The researchers were able to keep the signals in analog format, which reduced their delay from microseconds to nanoseconds and made their attack more difficult to detect.

The researchers suggest things that car owners and manufacturers can do to protect themselves. Car owners can shield their keys when they're not in use, to prevent attackers from communicating with them. Alternatively, manufacturers could add a button to fobs that would allow owners to deactivate and reactivate them. Capkun worries, however, that these types of solutions detract from the convenience that makes passive keyless entry systems worthwhile.

Ultimately, he says, manufacturers will need to add secure technology that allows the car to confirm that the key is in fact nearby. "I don't see a way around it," Capkun says. His group is actively working on protocols that would accomplish this.

David Wagner, a professor of computer science at the University of California at Berkeley who has studied the cryptographic systems used in keyless entry systems, says the research "should help car manufacturers improve auto security systems in the future."

Wagner doesn't think the research ought to make car owners anxious. "There are probably easier ways to steal cars," he says. But, he adds, a "nasty aspect of high-tech car theft" is that "it doesn't leave any sign of forced entry," so if a thief did use this method to steal a car, he says, it might be hard for police and insurance companies to get sufficient evidence of what happened. Wagner believes that manufacturers, police, and insurance companies all need to prepare for this eventuality.

"Automobiles are a key example of a system that is pervasively computerized," so they need to be thoroughly examined to ensure they are secure, says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. Kohno helped form the Center for Automotive Embedded Systems Security, which is dedicated to identifying and solving security problems with car security systems before they cause problems in the real world.

source ~ Technology Review 2011.

Whoa! Thats a bit scary.

A question for any keyless system experts on this forum.

Once the vehicle has determined the presence of a key and the car started, does the car (immoblizer or a similar system in the car) check for presence of signal from the key regularly, or does it just keep engine running once started?

That could be one way around such a theft.

Micra owners needn't worry. Theives using such a hitech device will obviously gun for bigger cars :D

Even if a Keyless entry is prone to be hacked, would the engine not require any key to start. Most of the keyless cars have the code to disarm the security which when inserted in the key slot would recognise the code to allow the engine to be started.

This hacking may be the case where the car has keyless entry and start/stop button for the engine operation. Experts can throw more light on this.

Quote:

Originally Posted by ghodlur (Post 2211895)
Even if a Keyless entry is prone to be hacked, would the engine not require any key to start. Most of the keyless cars have the code to disarm the security which when inserted in the key slot would recognise the code to allow the engine to be started.

This hacking may be the case where the car has keyless entry and start/stop button for the engine operation. Experts can throw more light on this.

Precisely my thought as well. The ignition would require the original key for the engine to be started. For example, in the Civic, if a fake key is inserted, the system reads that as a malicious act and cuts off the fuel supply to the engine.

Things like this makes me really wary about more and more computerised technology incorporated in cars.
Scary to say the least.
But i though that, even if the car is started and moving, the absence of the real key will make it stop. Isn't it how that works?

Something similar is tried in the movie "Gone in 60 seconds" where they intercept the signal of the garage door.

Isn't the key-less only for the doors? The engine requires a physical key to be inserted, right?

Cars with an Immobilizer though should not start once they detect that the correct key has not been inserted.

Does the ignition have anything to do with the entry to the car being with key/keyless?

One question - Do cars with the Start/Stop button no other protection layer once the door has been opened?

This is really scary. Electronics always has a workaround ! Has anybody tried the remote locking via a mobile phone. It actually works.

Quote:

Originally Posted by fiat_tarun (Post 2212181)
This is really scary. Electronics always has a workaround ! Has anybody tried the remote locking via a mobile phone. It actually works.

Which car did you try it on?

Quote:

Originally Posted by libranof1987 (Post 2212160)
Isn't the key-less only for the doors? The engine requires a physical key to be inserted, right?

Not necessary. In some models, there is no need for physical key to start the car. As long as the key is in your pocket, the car can be started with the start/stop button.

Quote:

Originally Posted by DRIV3R (Post 2212189)
Which car did you try it on?

It worked with all vehicles that had after market central locking systems fitted on them. It did not work with the Figo's factory installed system.

I called the person who had the remote, he held the remote near the phone and pressed the unlock button. On my side, i held my mobile phone near the front of the car and the vehicle unlocked ! :Shockked:

I have tried this on 3 vehicles so far. All the alarm systems were autocop's.

Some members quoting physical insertion of key for starting. There are cars which does not require a key to start the engine (As of now Micra in India) are available.
The start-up of engine does not require physical insertion of key; It just requires proximity to key with messages exchanged between car and the key. These cars are the ones that will undergo such attacks.

Quote:

Originally Posted by fiat_tarun (Post 2212200)
It worked with all vehicles that had after market central locking systems fitted on them. It did not work with the Figo's factory installed system.

I called the person who had the remote, he held the remote near the phone and pressed the unlock button. On my side, i held my mobile phone near the front of the car and the vehicle unlocked ! :Shockked:

I have tried this on 3 vehicles so far. All the alarm systems were autocop's.

I could only imagine that the other person is close enough for the car to open :)

With reference to the original article, even if the car could be started and driven, it wouldn't switch off before very long once the car detects the key is not close-by? Or is the plan to follow the owner with one antenna and the other inside the car till they can put it in a safe house? (provided the range is good)

^^ I don't think that the engine needs the presence of the key nearby to keep running. It should need the key to start initially but not thereafter.

I think all keyless entry cars have start/stop buttons - the entire point of keyless being no need to take out the key at all so IMO this is fairly doable with the plan proposed by these guys.

Quote:

Originally Posted by CoolFire (Post 2211869)
Micra owners needn't worry. Theives using such a hitech device will obviously gun for bigger cars :D

Then Chevy Cruze LTZ owners need to worry... Those cars have keyless entry and start.


All times are GMT +5.5. The time now is 19:42.