@it4sec@docpop Could be a good way of trapping criminals. Setup the car portion to control a gate closer and lock, and leave a fob just inside. When their device forwards the key fob signal, the gate behind them slams shut and locks, flood lights come on, and a siren blares. No reason this couldn’t be built in to the home security system.
@it4sec@docpop#AltText
Home surveillance video showing a masked thief holding a wire loop antenna in both arms held wide, and walking near the front door until the car parked there unlocks. An accomplice then gets in the car, starts it, and backs the car out of the driveway while the first thief walks away.
@it4sec@mhoye Smashing Security podcast this week said that the attack distance was 60 feet or so to get the signal from the keyfob. A second person next to the car receives and relays.
Faraday box or the refrigerator [and maybe some microwave ovens] are mitigations. Boxes are easier to self test.
This and CAN attacks are a perfect illustration of "blue team has to be perfect every time, red team only needs to find one mistake." Until car manufacturers become liable for the thefts, they have little incentive to find and fix the vulnerabilities they've created. Being perfect is expensive.
Pro tip: drive an older car and put in a hidden fuel pump cut off switch. (I'm guessing that's probably too complicated in the modern motorized computers called cars.)
I recently crossed paths with an acquaintance in the parking lot who pointed to her new truck and excitedly told me how cool it was that she can control the entire thing with her phone... 😱🤦♂️
@it4sec Why the huge backpack and wire anteanna? It can be done with a keyfob size device these days (available for cheep on the internet). Must be an old video
@it4sec i have a car that requires me to press a button to unlock the doors but I need to put the key in the ignition to start. I've always assumed this kind of trick wouldn't work on it. Am I wrong?
@it4sec We need to make the manufacturers liable for this. These attacks have been known about for years -- plenty long enough to enact a fix -- and there's simply no excuse for them doing nothing.
Add comment