97 Percent of Keyless Entry and Start Systems are Vulnerable to Attack
- Thread starter GTPNewsWire
- 74 comments
- 3,861 views
- 87,441
- Rule 12
- GTP_Famine
I'm half wondering if it has something to do with the Activity Key.
Essentially, JLR markets this extra because lifestyle. You don't want to carry a bulky keyfob out with you when you're playing squash, hiking, canoeing or yachting - you might lose it and it might get wet - so it sells you a key on a strap. Like a locker key at the public swimming pool. You leave the real key in the car and take the Activity Key with you.
That system would require the key and car not to talk to each other while it's in/near the car unless also talked to by the Activity Key, so perhaps there's a specific system for JLR models that doesn't operate in the same key-broadcast/car-receive manner.
- 3,053
- England
- kilesa4568
I got my new Focus Titanium (keyless) in March last year and while they could grab the signal to open the car, the car won't start without the key being physically inside it. It lights up on the dash "Key not present" or words to that effect so does this mean the same signal they opened the door with can start my car?
- 87,441
- Rule 12
- GTP_Famine
It's more-or-less the same thing as when a dealer gets you a spare or replacement key. If you've got access to (or can make) spare keys and the car itself, you can recode a key pretty easily.
Yep - all you need is to send the correct signal to make the car think the key is inside it. The same device used to trick the car into thinking the signal is in proximity in order to unlock can be used to trick the car into thinking the signal is inside.
- 87,441
- Rule 12
- GTP_Famine
I've only ever been able to find one uncorroborated report of this not being true, so although I'm going to say it as if it is absolutely true, imagine that there's a "but", but once the starting system is activated by the key it does not deactivate until either manually deactivated or - amusingly - the stop/start system turns the engine off.
We tested every system we could find, by starting the key, handing it to a colleague and then driving it off round our work site (so if it did turn off we weren't in anyone's way). We managed to get a straight-line half-mile away without the car ever turning off, although it would warn that the key was not in the vehicle (presumably to prevent anyone from genuinely setting off without the key and being stranded).
Danoff
Premium
- 34,026
- Mile High City
Yea that's my understanding as well, that you can drive off without the key in the car for these systems... which is annoying. I'd love to leave my cars running while I drop my kids off and know that someone can't steal my car. But since you can put it in drive and take off without the key in, I can't do that (the toyota doesn't even allow you to lock the doors while the car is running without the keys in).
So if manufacturers stopped this nonsense, and didn't let the car drive without the keys, we'd have the thieves stopped. Except for the scenario where they record the signal and keep playing it back in the car.
Actually that could enable stealing the car while it's not near the key. Record the signal when you're near the key, play it back somewhere else when you're stealing the car - even though the key is nowhere nearby.
- 3,053
- England
- kilesa4568
RocZX
Premium
- 8,849
- New York
The sensor in the car should pick up the signal from the key fob as long as its in a 1ft radius of the car.
But the thieves could make a device ( its cheap and easy to make, you can find the instructions online how to make it) which copies the fobs signal, as long as the device is with them they can get in, drive, turn the engine off and lock it as if they had the key fob
The person makes a schedule when the typical drive the car and only when it's off schedule you would have to enter the code.
How hard would that actually be for a company to do, I'm sure they can do it with just a software update?
Yes thieves can make a device ( its cheap and easy to make, you can find the instructions online how to make it) which copies the fobs signal, as long as the device is with them they can get in, drive, turn the engine off and lock it as if they had the key fob
- 87,441
- Rule 12
- GTP_Famine
Indeed, but that could be as far as a 20-foot difference. I have a car booked in for a GTP road test that is 19 feet long. If the sensor is somewhere around the gear selector, one foot from the boot will be 10 feet from the sensor. And you'd need the doors to open while you're putting stuff in the boot so the kids can get in and belted before you do.
I've not looked into more recent systems, but I'd take a guess that there are multiple sensors at entry points and it'd need a much lower power signal as a result. Even so, if you hang your keys up by the front door, thieves could still detect the signal by opening your letter box...
I believe that there's a safety aspect to that; the one reported case of a car ceasing to drive after the key left the detection area resulted in the car instantly shutting off on an autobahn.
(It's in German, sorry)
I have had a car I was driving suddenly decide it couldn't find the key, and I was quite glad it got over it without turning itself off
I'm sure you can solve the problem with that by building in a non-detection window buffer (look every three seconds, if the car doesn't detect it during a three-second cycle, don't chuck up an error until it's missed two more successive cycles), and by a staged shut down (car will turn off in 60 seconds, please get to a place of refuge).
Danoff
Premium
- 34,026
- Mile High City
I believe that there's a safety aspect to that; the one reported case of a car ceasing to drive after the key left the detection area resulted in the car instantly shutting off on an autobahn.
(It's in German, sorry)
I have had a car I was driving suddenly decide it couldn't find the key, and I was quite glad it got over it without turning itself off
I'm sure you can solve the problem with that by building in a non-detection window buffer (look every three seconds, if the car doesn't detect it during a three-second cycle, don't chuck up an error until it's missed two more successive cycles), and by a staged shut down (car will turn off in 60 seconds, please get to a place of refuge).
Seems like you could figure something out. Like that the car won't shift to drive if the key is not detected to be inside the car. And the car just starts sounding a car alarm forever until it's put in park if the key is outside the detection area and it's in drive, and then won't shift to drive after it's put in park.
Or the car will turn off after it's been stationary for more than 5 seconds.
Or the car automatically reports its location and that's stolen if it's being driven without the key.
Or the car releases fart gas if it's being driven without the key.
I can think of things.
Is it not possible to reconfigure the key fob (and/or the computer in the car) to turn off this keyless functionality and be done with it? No more signal, no vulnerability, no absurdity like the car threatening to shut off because it can't detect the key in your pocket, better battery life for the remote buttons...
I'm aware some cars have gone totally "keyless" with their fobs, but surely this can be turned off in at least some cars that still have a key you can use?
I'm aware some cars have gone totally "keyless" with their fobs, but surely this can be turned off in at least some cars that still have a key you can use?
- 87,441
- Rule 12
- GTP_Famine
Danoff
Premium
- 34,026
- Mile High City
I'm not sure it would need to be "turned off". Just put your fobs in a box, or remove the battery. It's "turned off" from the perspective of thieves anyway, and there should be a key in the fob. So you can effectively turn any keyless car into a keyed car just by popping the key out of the fob and taking the battery out.
- 1,233
- VS & 74 (France)
- GT-Alex74
The difference is without the keyless entry thing, one actually has to act physically in a conspicuous way on the car in order to be able to access it. Here you just need to sit away from it, wait a few minutes and then enter the car casually even if a cop has parked right next to that car in the meantime.
I was under the impression that some new cars do not have any key ignition, only a push-button start/stop and maybe a hole to insert the fob. I guess I was mistaken.
Personally, I would not want to store my keys in a box or give up remote locking from the fob. It just seemed to me, based on the handful of programmable options on my 13-year-old car, that this ought to be something you can turn off with an input combo on the fob or something.
...Or by simply unplugging a connector somewhere, as I've done to my daytime running lights and seatbelt nagging circuit. Or by plucking a fuse.
- 5,897
- Canada
I found an old metal tin lying around and placed my keys in there. The signal was somewhat hindered but not consistently, so then I lined the tin with an added layer of aluminum foil and that seemed to have reliably kept the signal from my key from detection. The only problem with this is that it's not particular handy to carry around, as you may imagine. Does anyone have suggestions for a high quality portable faraday cage?
- 12,899
- Cambridge
- Moglet85
- Moglet
I can't speak for other cars but the Ioniq has a manual key hidden in the fob and manual locks hidden within the door handles but no way to start it manually that I can see. It suggests that you press the start/stop button with the keyfob rather than your hands if the battery is low/dead so maybe there's some sort of low power backup there.
Last edited:
Moby45
(Banned)
- 2,881
- Tulsa, Oklahoma
- Moby45
So basically, what I am reading is that totally keyless cars are the problem I thought they were going to be many years ago when the idea was introduced? lol :-)
I get why these things exist. It is all for comfort or convenience. To me, my safety is having a car with a key that goes into an ignition, even if it has a push button start. Even if stealing a car the old way is just as easy the new way. I would hate to be stranded because my fob lost battery and my car wont start because of it. A key is simple and works and never fails unless you break it off in the ignition(happened in my 95 miata). So I have to ask the question. Why get rid of the thing that works?
I get why these things exist. It is all for comfort or convenience. To me, my safety is having a car with a key that goes into an ignition, even if it has a push button start. Even if stealing a car the old way is just as easy the new way. I would hate to be stranded because my fob lost battery and my car wont start because of it. A key is simple and works and never fails unless you break it off in the ignition(happened in my 95 miata). So I have to ask the question. Why get rid of the thing that works?
Danoff
Premium
- 34,026
- Mile High City
Are we talking about keyless entry or keyless ignition? There are a few reasons why it exists...
1) So that you don't have to dig around in your pocket or purse, especially helpful if you have your hands full.
2) So that you don't accidentally try to start a very quiet vehicle that is already on, or a vehicle which shuts the engine off until it is needed.
