Experts ​alerted motor trade to security risks of ‘smart key’ systems which have now fuelled highest level of car thefts for a decade.

  • Aatube
    link
    fedilink
    11
    edit-2
    10 months ago

    Seems to be specifically about these you unlock from your phone and then press a button to start

    A device disguised as a games console - known as an “emulator” - is being exploited by thieves to steal vehicles within 20 seconds by mimicking the electronic key.

    Don’t they use rolling codes? So I suppose this emulator is some malware you install on your phone

      • @kurwa@lemmy.world
        link
        fedilink
        English
        2610 months ago

        The flipper zero can’t get around rolling codes, unless it’s a very specific situation. Car thiefs aren’t using them.

        • @KairuByte@lemmy.dbzer0.com
          link
          fedilink
          English
          4
          edit-2
          10 months ago

          Default firmware cannot, and most cars won’t work. But specific makes have decades old security holes that still exist in new models… for reasons? And custom firmware unlocks the firmware limitations.

          So technically possible, but banning the flipper doesn’t fix the security hole. It’s like banning a hammer because it can break a window. It’s now more difficult to do construction work, and crow bars still exist.

    • @T156@lemmy.world
      link
      fedilink
      English
      510 months ago

      Don’t they use rolling codes? So I suppose this emulator is some malware you install on your phone

      I would hope that they would use rolling codes, but I would also not be all that surprised if they did not. Car manufacturers have cheaped out for less.

      The emulator part seems like it’s confusing a few different things together. Although I’m a little suspect of that, since someone holding up a games console to a car or house is suspicious anyway.

      It could also be described as an emulator (emulating the key), and the crossover with game emulators might be causing some confusion?

      A dedicated device might make sense there, if it has better antennas, or better capabilities than would be available with a basic phone, in addition to being less technical than having to install an app and fiddle about with all of that.

      • @sramder@lemmy.world
        link
        fedilink
        English
        310 months ago

        Yeah, someone got confused with all the terminology. Probably also old people think small stuff with a screen looks like a gameboy?

    • @mlg@lemmy.world
      link
      fedilink
      English
      210 months ago

      Don’t know about the article, but most have been doing relay attacks by just forwarding the rolling code sent by the key to unlock and then start the car. It works because keyless entry requires a transaction starting from the car, so you can effectively just stand between the car and wherever the keys are and do easy relay attacks.

      Then they usually drive it to a nearby safe location first so they can just reprogram the keys.

      I do feel like this could at least be cheaply mitigated by having an immobilizer for the gas pedal that stops throttle input if the key isn’t detected after a cooldown after moving a few feet, which would prevent thieves from being able to move the car very far after starting.