A NY Times columnist had his car stolen by kids who were possibly using a repeater to rebroadcast his key fob:
Keyless entry systems typically only communicate with their remote fobs over the distance of a few feet, but he thinks that the gadget is capable of extending this range, fooling the car into thinking that the remote is within range even though it was actually in Bilton's House, about 50 feet away. He arrived at this theory after he consulted with Boris Danev, a Swiss-based security expert:
"It's a bit like a loudspeaker, so when you say hello over it, people who are 100 meters away can hear the word, 'hello,'" Mr. Danev said. "You can buy these devices anywhere for under $100." He said some of the lower-range devices cost as little as $17 and can be bought online on sites like eBay, Amazon and Craigslist.
Sounds creative and easy. Maybe those clubs aren't so silly after all.
(Score: 2) by ikanreed on Friday April 17 2015, @07:12PM
It wasn't the unlocking that they rebroadcast, as, I'm sure you're all aware, requires pressing a button.
It's that priuses have a touch-button initiation that negotiates with a fob to verify its presence when starting the car. They enacted a sort of MITM attack on that negotiation.
(Score: 3, Informative) by frojack on Friday April 17 2015, @07:40PM
TFA says:
the perps used an electronic device to simply unlock his Toyota Prius, rather than doing things the old-fashioned way with a slim jim, coat hanger, or brick.
The article didn't say anything about starting the car.
The unlocking need not require a button push on the fob (but there is no reason to believe it wasn't.) The story is pretty unclear about this. (Its written by a journalist after all)
Some Keyless entry systems do not require pushing a fob button.
Merely putting your hand on the door handle will cause the car to look for your key fob nearby (usually within 5 feet or so), and unlock the door if it sees it.
(I know nothing about the Prius system, but that is how my car works).
Properly designed, the system would send out a coded challenge to the fob, and the fob would answer with a proper code. (seems unlikely these fobs would transmit ALL THE TIME, but that can't be discounted). If the car hears the fob, the door unlocks.
Regardless whether the fob is using a constant broadcast or a response broadcast, the digital encoded key is unlikely to be globally unique. Probably there is under 500 combinations, just like physical keys usually exist in a small number of actual tooth patterns. That would make it easy for their device to broadcast them all in rapid succession.
Or, they could have just stood near enough to record them, then come back later and burglarize your car.
No, you are mistaken. I've always had this sig.
(Score: 2) by captain normal on Friday April 17 2015, @08:04PM
Here is how the "Smart Key" works: https://www.youtube.com/watch?v=_5vln1ldUo8 [youtube.com]
So simple to gain entry by amplifying the fob signal.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 2, Disagree) by frojack on Friday April 17 2015, @08:24PM
Pretty much the same as my Chrysler. (And not at all clear as to the inner workings).
But it STILL can't be as simple as amplifying the fob signal, otherwise my fob would open every Chrysler.
What I suspect:
1) Fob batteries would not last long enough if they were constantly transmitting. Constant receiving takes very little power.
2) The car probably sends out a weak "Hello Fob" signal that the fob listens for. This would not need to be unique, but could have an authentication code attached).
3) Fob sends out a weak transmission of its returning digital key.
4) Car matches key, and unlocks doors.
So possible outcomes:
a) If the returning key can be computed from the Hello Fob call, someone needs to find that engineer and bitch slap him mercilessly. (I don't discount this by the way). And your break in box could simply compute the proper response in real time, and transmit it.
b) if the fob simply returns a unique key that the the car listens for, you would have to lurk near the car to capture these, and play them back later.
c) If there are a small set of these semi-unique keys your break-in-box would transmit them all in response to any car's Hello Fob signal.
No, you are mistaken. I've always had this sig.
(Score: 2) by FatPhil on Saturday April 18 2015, @10:58AM
You just said the equivalent of: "But it STILL can't be as simple as copying the key, otherwise my key would open every lock."
How can you not understand the concept of the (electronic) key and the (electronic) lock being paired?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by FatPhil on Saturday April 18 2015, @11:12AM
Why did you say:
> But it STILL can't be as simple as amplifying the fob signal, otherwise my fob would open every Chrysler.
rather than:
But it STILL can't be as simple as amplifying the fob signal, otherwise my fob would open every car.
?
Now think about your answer.
She never posts, so you'll never get the chance to mod her +1 Insightful. I will happily take them by proxy :-)
(don't bother, always capped, even after the flamebait storm I got myself in last weekend.)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Monday April 20 2015, @11:58PM
uhh, how many g/f's do you have? You later said she, so I'm guessing just one?
(Score: 0) by Anonymous Coward on Friday April 17 2015, @08:49PM
> The article didn't say anything about starting the car.
So, you are saying ikanreed picked an appropriate login?
> Regardless whether the fob is using a constant broadcast or a response broadcast, the digital encoded key is unlikely to be globally unique.
> Probably there is under 500 combinations, just like physical keys
That's an awful big assumption. There is no reason it needs to be true. Unlike physical keys the namespace is huge. With just 128 bits there technically could be identical combos but practically there would not.
(Score: 3, Informative) by wonkey_monkey on Friday April 17 2015, @09:26PM
It wasn't the unlocking that they rebroadcast, as, I'm sure you're all aware, requires pressing a button.
Nope. Some cars try to contact the fob when someone tries the door handle, and if it's in range, the car will unlock.
Not that we have any real idea what actually happened here. It seems a bit odd to me that a system which is normally supposed to work over a few feet could be amplified with a device 2 feet from the car and 48 feet from the key, but I have no real knowledge on the subject.
systemd is Roko's Basilisk
(Score: 2) by FatPhil on Saturday April 18 2015, @11:05AM
What does that even mean?
Translating it into a more familiar security concept you've just said: "It wasn't the victim's password that they typed in themselves, as [that], I'm sure you're all aware, requires typing on a keyboard."
Erm, yeah, and I didn't eat the neighbours' freshly baked apple pie, as I'm sure you're all aware, that requires a fork.
Train of logic I cannot see.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Informative) by Anonymous Coward on Friday April 17 2015, @07:14PM
> Maybe those clubs aren't so silly after all.
The club is no deterrant. The club itself is mostly impervious, but most of the time the steering wheel it is attached to is easy to saw through.
(Score: 2) by captain normal on Friday April 17 2015, @08:15PM
"The club itself is mostly impervious"... Unless one has an inexpensive battery powered high speed grinder/cutter with a composition metal cutting blade. Then it only takes a few seconds cut off the club.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 2) by frojack on Friday April 17 2015, @08:27PM
Wrong track guys.
Nobody is stealing the car. They are simply stealing everything left in the car.
No, you are mistaken. I've always had this sig.
(Score: 3, Funny) by nitehawk214 on Friday April 17 2015, @09:10PM
You wouldn't download a car.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Friday April 17 2015, @08:41PM
> "The club itself is mostly impervious"
> Unless one has an inexpensive battery powered high speed grinder/cutter
Pedant for the fail!
(1) 'mostly'
(2) If you have one of those you can cut through the steering wheel even faster, easier and quieter.
(Score: 3, Insightful) by DeathMonkey on Friday April 17 2015, @09:11PM
The club is no deterrant.
Anything that makes some other guy's car easier to steal than your own is a deterrant.
(Score: 0) by Anonymous Coward on Saturday April 18 2015, @02:40AM
Old beaters are easier to steal, yet their mere aesthetic appearance is a deterrent.
(Score: 1) by anubi on Saturday April 18 2015, @03:45AM
Not only that, they are apt to fall apart the instant you gun what's remaining of the engine!
I drive one of those old clunkers. There are many parts on their last legs. I would imagine all it would take is one good acceleration to take out what is left of the clutch.
Yup, all held together with bailing wire... but at least it gets me around. Cheaply. Its an old nag, well past its racing days, but I still feed her oats, and she still takes me to market.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by sjames on Saturday April 18 2015, @10:51AM
It isn't much deterrent to an intelligent thief that specifically wants to steal your car. It is plenty of deterrence if the crook just wants *A* car or if he isn't so smart and has no appropriate tools with him. The one in the next space over looks nice too and no need to cut anything.
(Score: 0) by Anonymous Coward on Saturday April 18 2015, @12:24PM
That thief is just as much deterred by the stock alarm system as he is by the club.
Since this story is about highly prepared thieves with techno doodads out the wazoo, I think we can assume that rando thief is not threat model under discussion.
(Score: 2) by sjames on Saturday April 18 2015, @08:04PM
It still applies though, perhaps moreso. You can either unlock the car without the club, get in and drive away looking exactly like you own the car, or you can hack away at the steering wheel of a car with the club looking like a car thief.
(Score: 0) by Anonymous Coward on Saturday April 18 2015, @08:39PM
Ok. Your epenis is about 10 seconds longer than mine. Winning!
(Score: 0) by Anonymous Coward on Friday April 17 2015, @07:17PM
If the range of the fob is a few feet, wouldn't the repeater have to be within a few feet of the fob?
(Score: 2, Insightful) by Anonymous Coward on Friday April 17 2015, @07:26PM
Not if the repeater has a more powerful transmitter to talk to the fob and a more a sensitive receiver to pick up the fob's response.
(Score: 3, Interesting) by kaszz on Saturday April 18 2015, @12:52AM
Kind of like Blue-sniping ;)
(Score: 1, Insightful) by Anonymous Coward on Friday April 17 2015, @07:32PM
a new car and free publicity
(Score: 5, Insightful) by wonkey_monkey on Friday April 17 2015, @07:35PM
New York Times Columnist Falls Prey to Signal Repeater Car Burglary
No, he fell prey to what he thinks was signal repeater car theft. Okay, I'm just being super-picky about the last word, but as for the rest, here are a few choice quotes:
...according to Bilton, the perps used an electronic device to simply unlock his Toyota Prius...
...he postulates that the young miscreants gained entry to his car...
...he thinks that the gadget is capable of extending this range...
He arrived at this theory after he consulted with Boris Danev...
Exactly how the thieves broke into Bilton's car might not be known unless they’re caught.
systemd is Roko's Basilisk
(Score: 3, Funny) by dyingtolive on Friday April 17 2015, @07:42PM
That's classic journalism for you.
Headline: "World is burning! Everyone to die!"
Story: Well, it's actually not burning, per se. It's really quite nice outside. But here's an artist's rendition of what the world would look like if it actually was burning though, blown up larger than this silly little text thing.
Don't blame me, I voted for moose wang!
(Score: 0) by Anonymous Coward on Friday April 17 2015, @08:05PM
Hey look! Even a broken clock is still right twice a day.
(Score: 2) by art guerrilla on Saturday April 18 2015, @12:04PM
pedant on/
a stopped clock is 'right' twice a day...
a 'broken' clock may still run, just not correctly, and thus may be 'right' no times a day, or many times a day...
/pedant off
(Score: 0) by Anonymous Coward on Saturday April 18 2015, @12:26PM
Wow, pedant flame of someone flaming a pedant.
You win teh internet woosh award!
(Score: 0) by Anonymous Coward on Friday April 17 2015, @10:25PM
I made plug wires out of vacuum hose, they looked just like plug wires. Didn't work, you could still start the car, the vacuum hose was somehow letting spark get from the distributor cap to the spark plugs.
(Score: 0) by Anonymous Coward on Saturday April 18 2015, @12:44AM
Lots of rubber hose is conductive to prevent static charge buildup.
Cool that you found some that would run your spark plugs (assuming you are not bs-ing us).
How well did the engine run under load??
(Score: 2, Interesting) by anubi on Saturday April 18 2015, @12:50AM
When I used to leave my car at airport parking lots, I used to take my distributor rotor with me.
I know it won't stop a determined thief, but at least it would make the casual slim-jimmer and hot-wirer work a bit to discover the problem then go get the correct rotor then return. I figured they would not want to attract attention doing hood-up work in the parking lot. At the least, I would force them to use a tow truck.
Another trick I had was a timer in the ignition wiring. It would let them get the car started, get onto the street, then shortly after getting to speed, the engine would shut down, leaving them with a "find out why it doesn't work" problem right in the middle of the street where they are the center of attention.
Anybody seen a Windows process I can launch that does nothing but ping a given address every ten minutes or so? In the event a laptop is stolen, start listening for it on the other machine you have already set up the laptop to ping to. Traceroute to it to find out where it is and who their ISP is...
After my go-around trying to nail "wuauserv", I have found out just how many services are running, and aptly named, it would be damned hard for anyone not intimately familiar with his machine, to discover another one.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Saturday April 18 2015, @04:04PM
Anybody seen a Windows process I can launch that does nothing but ping a given address every ten minutes or so? In the event a laptop is stolen, start listening for it on the other machine you have already set up the laptop to ping to. Traceroute to it to find out where it is and who their ISP is...
That should be easy enough to do. I'm not intimately familiar with Windows, but I'm sure it has a task schedular you could use to run something. Alternatively you could create a batch file that does this, and have that automatically run on startup, either by putting it in the Startup folder of the start menu or add an appropriate registry entry.
(Score: 1) by anubi on Sunday April 19 2015, @12:58AM
Yeh, I saw how easy that was to do by hiding it in the registry... I would write one, but it would take me some time to code it. I thought maybe someone already had a tidy little executable you could slip in and register it with some keys to tell it what IP to ping. Naturally, I would have it pinging my machine on my business line that has a static IP.
In the event of a missing laptop, I would have my other machine make detailed logs of the laptop's pings, so I could ping it back, traceroute it, and find out at least generally where it was.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by kaszz on Saturday April 18 2015, @01:06AM
Crappy car lock design from ignorant manufacturer bites a person that have access to whining in the newspaper?
Won't change the mind of manufacturer. Won't make most people demand adequate lock systems. Might contribute to eventual change, perhaps.