bhawthorne, 7 months ago

@it4sec @docpop Could be a good way of trapping criminals. Setup the car portion to control a gate closer and lock, and leave a fob just inside. When their device forwards the key fob signal, the gate behind them slams shut and locks, flood lights come on, and a siren blares. No reason this couldn’t be built in to the home security system.

bhawthorne, 7 months ago

@it4sec @docpop #AltText
Home surveillance video showing a masked thief holding a wire loop antenna in both arms held wide, and walking near the front door until the car parked there unlocks. An accomplice then gets in the car, starts it, and backs the car out of the driveway while the first thief walks away.

skry, 7 months ago

@it4sec @mhoye Smashing Security podcast this week said that the attack distance was 60 feet or so to get the signal from the keyfob. A second person next to the car receives and relays.

Faraday box or the refrigerator [and maybe some microwave ovens] are mitigations. Boxes are easier to self test.

@smashingsecurity

Ertain, 7 months ago

@it4sec Goddamn 😮

zem, 7 months ago

@it4sec
wtf! I thought those keys would send at least permanent status beacons but this really is crazy.
@Cryptomon

Mikal, 7 months ago (edited 7 months ago)

@it4sec

This and CAN attacks are a perfect illustration of "blue team has to be perfect every time, red team only needs to find one mistake." Until car manufacturers become liable for the thefts, they have little incentive to find and fix the vulnerabilities they've created. Being perfect is expensive.

Pro tip: drive an older car and put in a hidden fuel pump cut off switch. (I'm guessing that's probably too complicated in the modern motorized computers called cars.)

I recently crossed paths with an acquaintance in the parking lot who pointed to her new truck and excitedly told me how cool it was that she can control the entire thing with her phone... 😱🤦‍♂️

Ich_halt_, 7 months ago

@it4sec that's another pint on my 'Don't like new cars' list.

Ihazchaos, 7 months ago

@it4sec oh, a new kind of car sharing :-)

kimschulz, 7 months ago

@it4sec Why the huge backpack and wire anteanna? It can be done with a keyfob size device these days (available for cheep on the internet). Must be an old video

rowan_johnson, 7 months ago

@kimschulz @it4sec it says 2021 in the timestamp.

naturzukunft, 7 months ago

@it4sec Handsfree 😂 This is what happens when people become so comfortable that they prefer to be carried into the car.

masek, 7 months ago

@it4sec Would probably work with my bike lock too (using https://mobil.abus.com/int/Consumer/Bicycle-locks/Folding-Locks/BORDO-One-6500A-110-black-bracket-SH). Luckily those locks are still so rare, they confuse thieves ....

simonzerafa, 7 months ago

@it4sec

Lucky that an anti-terrorist squad didn't see that equipment.

Would give you pause that it's a suicide vest with unfortunate consiquences 🫤🤷‍♂️

jesusmargar, 7 months ago

@it4sec i have a car that requires me to press a button to unlock the doors but I need to put the key in the ignition to start. I've always assumed this kind of trick wouldn't work on it. Am I wrong?

dickon, 7 months ago

@it4sec We need to make the manufacturers liable for this. These attacks have been known about for years -- plenty long enough to enact a fix -- and there's simply no excuse for them doing nothing.

mago, 7 months ago

@it4sec key-less go went to key-less gone

BubblegumYeti, 7 months ago

@it4sec But wait... how can you drive out of range of the key? My car stops when you do this.

mxtthxw, 7 months ago

deleted_by_author

henrik, 7 months ago

@mxtthxw @it4sec

Wow. So... the keys were inside near the door, the guy located them with the antenna thingie? And then what happened?

mxtthxw, 7 months ago

deleted_by_author

henrik, 7 months ago

@mxtthxw @it4sec

Ah, just learned about "Relay Attack" 😬

xs4me2, 7 months ago

@it4sec

Wtf…

linuxandyarn, 7 months ago

@it4sec Is he walking around with a big loop of coax as an antenna?

it4sec, 7 months ago

@linuxandyarn yep, he use the loop if coax and his hands to create a frame antenna.

linuxandyarn, 7 months ago

@it4sec Further proof that "Nobody would do that" is always the wrong answer.

cultdev, 7 months ago

@it4sec i live somewhere robberies aren’t common at all, i have no idea what the heck i’m looking at

krizzzn, 7 months ago

@it4sec what will they do once they have the car? Are they able to clone the key from the car alone, or reflash the car to accept a new key?

it4sec, 7 months ago

@krizzzn.

In this particular case, I'm pretty sure it will go to parts and the rest to the scrap yard.

byteborg, 7 months ago

@it4sec
Keyless entry and drive, working as advertised. 🤷

cccac, 7 months ago

@it4sec crazy how Keyless Gone is still a thing today.

https://aachen.ccc.de/keyless-gone/

tito_swineflu, 7 months ago

@it4sec so are they scanning for the code from the keys near the door, then transferring that code to a device in the car? That's pretty amazing.

AustinB, 7 months ago

deleted_by_author

it4sec, 7 months ago

@AustinB

1. Usually - while engine is on.
2. This is a good advice - unlock is easier than engine start.