BMW i5 and 5-Series Forum

Post Reply
 
Thread Tools Search this Thread
      03-17-2016, 01:09 PM   #1
Sassicaia
Brigadier General
Sassicaia's Avatar
Canada
4461
Rep
3,308
Posts

Drives: SMB F80 6MT
Join Date: Apr 2015
Location: Vancouver, Canada

iTrader: (0)

Keyless system cars easy to steal - german car club

http://www.thelocal.de/20160317/keyl...car-club-shows


The German Automotive Club (ADAC) tested 24 different cars with the new Keyless Go technology for safety. The result: all of the cars could be stolen with one easy trick.

The locking system Keyless Go is a technology built into new cars from leading car manufacturers such as BMW and Mercedes which allows the driver to open the door and start the car without reaching into his pocket for his key.

He simply needs to approach the car and the doors automatically unlock. The sensors in the car and key combine to release the lock as soon as they are in close proximity with one another.

With most cars with Keyless Go technology there is a simple ignition button, meaning the key also isn't needed once the driver is inside.

The ADAC has now taken a deeper look into the safety issues of the locking system.

In a report released Thursday the ADAC tested 24 car models from 2015 from 19 different manufacturers, including Audi, BMW, VW, Toyota, Renault, and Ford.

The results were damning. They managed to illegally open every single car and drive it away within a few seconds.

“All you need to do is extend the transmission-range of the key from two or three meters to a few hundred meters. The car thinks that the owner is nearby, unlocks the doors and starts its engine - all without any trace of a break-in.” said Arnulf Thiemel, car-technician at the ADAC.

To extend the transmission-range, the thief doesn’t need to be a high-tech hacker, the car club said. The devices can be built out of every-day electronic items - and without much effort.

Broadcaster BR24 give an an example of how such a theft could take place:

One thief can follow the owner of a car with a Keyless Go system after he has parked and locked his vehicle at a supermarket. He then activates the transmission-range device to extend the range of the key’s signal.

Another thief, meanwhile, waits at the car with his device, receiving the signal of the key, transmitting it to the car.

Within a second, the door opens and the engine can be started. The car can be driven for as long as the tank is full - so from most places in Germany it wouldn't be a problem to drive the car abroad.

And there is more bad news: if the car owner reports his car as stolen and then police find it with no trace of break-in, the insurance firm may think he tried to fake the theft in order to make a claim.

Now the ADAC is pointing a finger at the car manufacturers.

“It’s the duty of all car manufacturers to get rid of this problem. It makes no sense that this more expensive locking system is way easier to break into than the normal one,” ADAC stated on its website.
Appreciate 0
      03-17-2016, 01:12 PM   #2
Killramos
Captain
Killramos's Avatar
Canada
314
Rep
863
Posts

Drives: '19 M2 '21 X5
Join Date: Mar 2014
Location: Calgary

iTrader: (1)

Garage List
"The car can be driven for as long as the tank is full "

Not sure this one is actually true.
Appreciate 0
      03-17-2016, 01:20 PM   #3
Sassicaia
Brigadier General
Sassicaia's Avatar
Canada
4461
Rep
3,308
Posts

Drives: SMB F80 6MT
Join Date: Apr 2015
Location: Vancouver, Canada

iTrader: (0)

Doesnt matter if its a full tank or not. If its as easy as they say the car manufactures need to solve this issue, and fast.
Appreciate 0
      03-17-2016, 05:03 PM   #4
verruckt
First Lieutenant
110
Rep
314
Posts

Drives: F82 M4, G05 X5, Gen 2 Raptor
Join Date: May 2015
Location: Florida

iTrader: (0)

Simple fix - a code on the keyfob that is required for the car to be started. Sounds like right now the whole communication process of the keyfob is interceptable and replayable with no validation taking place.

To expound, there's two methods to get in the car. First the fob is nearby to unlock the door. That's one set of signals with its own comm process, which apparently anyone can "record and replay" to unlock the door.

Then to start the car there's a similar chain of events, however this time the car interrogates the keyfob for a "code", unique id, or random number on the keyfob via low frequency which cannot be duplicated. If the response is valid the car starts - if not it won't start. Only the car's computer knows what response to expect.

Their best bet is to throw in the same technologies like RSA Tokens where the FOB is the token that generates random, LONG strings (when interrogated) that, again, only the car's computer has the algorithm to know whether or not it's right. You could even tie it to the unlocking of the car but have it a completely separate query with it's own required unique response.

Such a method would make man in the middle / replay attacks like this practically impossible.
Appreciate 0
      03-18-2016, 07:06 AM   #5
maddmatth
Captain
Australia
561
Rep
938
Posts

Drives: E92 M3 | Prev:E92 335i, F82 M4
Join Date: Jun 2015
Location: Sydney

iTrader: (0)

Quote:
Originally Posted by verruckt View Post
Simple fix - a code on the keyfob that is required for the car to be started. ....
The hack described is working by expanding the range of the keyfob, so this won't help, pretty sure they would already be using some measures like this anyway. Otherwise these keys would be easily copied.

Real solution could be even simpler. The cars already have multiple antennae to tell where the key is relative to the car, and key has an intentionally short range so for example if the key is inside the car, the door can't be unlocked from the outside.
If the signal is being boosted by such a hack the car should be able to detect that suddenly all or most antennae are suddenly picking up the same key, so with some simple logic it can detect this attack and refuse to unlock or start.
Appreciate 0
      03-26-2016, 03:50 PM   #6
ElSenor
Second Lieutenant
135
Rep
238
Posts

Drives: 16' AW/SO M3
Join Date: Oct 2015
Location: Stuttgart, Germany

iTrader: (0)

Quote:
Originally Posted by Killramos View Post
"The car can be driven for as long as the tank is full "

Not sure this one is actually true.
Haven't tested this on the M3, but on my previous car it would be true. Discovered this on my 2013 Renault Clio when the wife and I were in a rush to catch a train. Pulled into the parking lot (I was driving and I had the key in my pocked) and I got out to buy tickets, she hopped into the drivers seat to park the car and pay for parking. I have the tickets but no sign of her as the train approaches. I waited there until the train left in-case she showed up, that way I could hold the door. I head back out to the parking lot and she is standing by the car, still running, because it wouldn't let her turn it off because it didn't detect the key. She could still drive it no problem though.
Appreciate 0
      03-26-2016, 04:50 PM   #7
AIRPOWER
Lieutenant Colonel
AIRPOWER's Avatar
United_States
1687
Rep
1,812
Posts

Drives: 2015 6MT YMB M3, 1974 Corvette
Join Date: Apr 2015
Location: NW Florida

iTrader: (0)

Garage List
2015 BMW M3  [9.67]
That's why I have a class 5 integrated alarm, GPS tracking, anti-GPS jamming, 24 hour monitoring, and RF card reader to un-disable the starter on my M3. Because the OEM anti-theft is crap.
__________________
AIRPOWER

Appreciate 0
      03-26-2016, 05:11 PM   #8
The Wind Breezes
Lieutenant Colonel
919
Rep
1,848
Posts

Drives: 135i N55 DCT
Join Date: Apr 2015
Location: USA

iTrader: (0)

Yawn. Cars are easy as shit to steal--owners keep their keys in the most predictable places and if in doubt you can just tow it away. It would be nice if auto makers cared more than they do about security (they barely care) but it doesn't actually matter.
Appreciate 0
      03-26-2016, 05:29 PM   #9
08njSTEP
Captain
08njSTEP's Avatar
795
Rep
762
Posts

Drives: '07 335i, '66 SS396 Chevelle
Join Date: Dec 2015
Location: Manchester, NH

iTrader: (0)

Anti theft and key fobs has been crap forever. I was at a corvette show and a guy walked by a car and it disarmed and unlocked. It wasn't his car. Supposed to be over a billion codes and this guy found his double.
Appreciate 1
      03-26-2016, 08:09 PM   #10
The Wind Breezes
Lieutenant Colonel
919
Rep
1,848
Posts

Drives: 135i N55 DCT
Join Date: Apr 2015
Location: USA

iTrader: (0)

That's hilarious(ly bad).
Appreciate 0
      03-26-2016, 11:49 PM   #11
Abstraction
Private
Canada
17
Rep
67
Posts

Drives: 228i xDrive
Join Date: Jan 2016
Location: Toronto

iTrader: (0)

Quote:
Originally Posted by 08njSTEP View Post
Anti theft and key fobs has been crap forever. I was at a corvette show and a guy walked by a car and it disarmed and unlocked. It wasn't his car. Supposed to be over a billion codes and this guy found his double.
Sounds like an old Plymouth Voyager that my parents had back in the 90s... the keys from one of our other Chryslers would open the locks to the Voyager... wouldn't start the car, but still, it was sketchy as hell.
Appreciate 0
      03-28-2016, 10:48 AM   #12
CanadianGatorBacon
Lieutenant
CanadianGatorBacon's Avatar
United_States
239
Rep
417
Posts

Drives: M235i (holy crap!)
Join Date: Nov 2015
Location: D.C.

iTrader: (0)

Quote:
Originally Posted by maddmatth View Post
The hack described is working by expanding the range of the keyfob, so this won't help, pretty sure they would already be using some measures like this anyway. Otherwise these keys would be easily copied.

Real solution could be even simpler. The cars already have multiple antennae to tell where the key is relative to the car, and key has an intentionally short range so for example if the key is inside the car, the door can't be unlocked from the outside.
If the signal is being boosted by such a hack the car should be able to detect that suddenly all or most antennae are suddenly picking up the same key, so with some simple logic it can detect this attack and refuse to unlock or start.
"Another thief, meanwhile, waits at the car with his device, receiving the signal of the key, transmitting it to the car."

I think that there is a second transmitter near the car that receives the original fob signal from the broadcaster and re-transmits it from close proximity to make it seem like the original fob is in the right position. A lot of whether the car antennae can detect the signal from the broadcaster would depend on how its sent and the ability of the antennae to receive the broadcast signal, which may be different from the fob signal.
__________________
Current: 2016 BMW M235i | 2013 BMW X1 xDrive28i (wife's)
Gone but not forgotten: 1992 Buick LeSaber Limited | 1999 Acura CL 3.0 | 2003 Volvo S60 2.4T | 2006 BMW x3 3.0i | 2009 Honda Fit Sport
Appreciate 0
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 04:28 AM.




g60
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST