Maybe there is a use for "tin foil hats" after all?

[pmv]

Apparently these high-tech car key systems are very easily hackable. Been a spate of cases of thieves reading the signal from them, even from keys kept inside the house, and then copying it to steal high-end cars.

Seems like a massive 'fail' on the part of car manufacturers. Surely they could have designed a system with some sort of 'one time password' setup, that would mean the key never using the same unlocking code twice? Couldn't the car itself provide some sort of seed code that the key then has to respond to?

AA chief reveals his microwave tip to foil tech-savvy car thieves

After his wife’s Lexus was stolen, Edmund King went the extra mile to ensure his keyless fob was safe

www.theguardian.com

A metal box inside a microwave is not most people’s idea of a sensible key cupboard, but the AA’s president has revealed it is where he stores his car fob.
Edmund King already used a Faraday pouch – a bag with a metal lining to block signals – to hold his keyless fob but has gone to extra lengths since his wife’s £50,000 Lexus was stolen by hackers.

 

[pete6032]

If you ever lock your keys the car, you can just call a family member from your cell phone. Put your phone on speaker and hold it up next to your car door. Have your family member retrieve the spare key fob and hold it up to their phone and push the unlock button. Your door will unlock and you can retrieve your keys.

 

[JimKiler]

Interesting.

 

[pcgeek11]

If you ever lock your keys the car, you can just call a family member from your cell phone. Put your phone on speaker and hold it up next to your car door. Have your family member retrieve the spare key fob and hold it up to their phone and push the unlock button. Your door will unlock and you can retrieve your keys.

I hope you forgot the sarcasm tag...

 

[Captante]

Honda has the same kind of problem with key-FOB's for nearly every car they've made since 2012, but unless your car has keyless ignition and/or remote-start all they can do is unlock it. (which still sucks!)

Remote-starters and "keyless" ignition are nice to have in some ways but given a choice I'll take a physical key (and/or a simple remote that ONLY unlocks doors) being required to unlock or start the car EVERY time thanks.

And you can KEEP your "connected-car" B$ too! The ONLY person who should be able to access/update your cars software is you the owner NOT the people who sold it to you!

 

[nakedfrog]

Yeah, I've had very low confidence in the digital security they use for... well, basically anything car-related. Yes, they could develop something more secure, but that would cost more.

 

[pcgeek11]

The only answer for car theft is to get good insurance and not worry about it. If they want it they will get it.

Tow or flatbed....

 

[MtnMan]

If you ever lock your keys the car, you can just call a family member from your cell phone. Put your phone on speaker and hold it up next to your car door. Have your family member retrieve the spare key fob and hold it up to their phone and push the unlock button. Your door will unlock and you can retrieve your keys.

And there is some prime ocean front property for sale in Kansas...

 

[Red Squirrel]

The most secure cars are ones with barely no electronics. All the fancy new ones have lot of attack surfaces now. Especially keyless entry cars.

 

[crashtech]

At the end of the day, it's just a car. Have good insurance, try not to leave valuables inside, and get on with life.

That said, this is the kind of thing that insurance companies are really good at sorting out with manufacturers. If they see that significant losses are occurring due to keyless attack vectors, they will pressure OEs to make their vehicles more secure. This is one of those instances where the market works.

 

[Captante]

Wait until they convert your electric heated leather seats to "subscription model" via OTA update and send you a bill!



Many of the issues with "always on" connected cars have nothing to do with "hackers" breaking in.

 

[Red Squirrel]

You'll own nothing, and you'll be happy.

Not a fan of the trend at all. This is why I do want to eventually get setup to work on cars. If it comes a time where this connected BS is the norm I want to just strip all that stuff out completely.

 

[crashtech]

What did people think was going to happen when they asked to be able to start their car with their phone?

 

[Tsinni Dave]

Here's a truly frightening bit of related news from a few years ago. Darpa research on car hacking as an assassination tool.

 

[Captante]

Here's a truly frightening bit of related news from a few years ago. Darpa research on car hacking as an assassination tool.

And killing the people in the car that's actually compromised by driving off a cliff or something is only half of the issue.

Taking control of a self-driving & super-fast EV for a sub 4-second 0-60 into a big crowd or 120+ mph into the back of a school-bus or gasoline tanker are just a few "neat" ideas that occurred to me.

 

[Lost_in_the_HTTP]

"Surely they could have designed a system with some sort of 'one time password' setup, that would mean the key never using the same unlocking code twice? Couldn't the car itself provide some sort of seed code that the key then has to respond to?"


So, you're saying that $250 garage door openers that have had rolling code systems for a couple of decades have better security than 'smart' cars?

 

[Captante]

So, you're saying that $250 garage door openers that have had rolling code systems for a couple of decades have better security than 'smart' cars?

The compromised Honda key-FOB's (9.5 years worth!) ALL use a "rolling" combination code.

That kind of garage-door opener "security" was cracked many years ago and is about as effective as securing your home-network with 128-bit WEP.