SoylentNews is people
SoylentNews
Hackers Can Clone Tesla Key Fobs in Seconds | SecurityWeek.Com:
[...] The attack described by KU Leuven researchers has four major phases. In the first phase, the attacker obtains the targeted vehicle's identifier, which is transmitted periodically. The identifier is then used to impersonate the vehicle and send two challenges to the key fob.
The response pairs are captured and the 40-bit encryption key can be recovered, allowing the attacker to impersonate the fob and unlock and start the car.
An attack can be conducted using Proxmark 3, a $400 tool designed for RFID analysis, from a distance of 1 meter (3 feet). However, experts believe the distance can be increased to up to 8 meters (26 feet) if purposely build antennas and transmission hardware are used.
This research focused on the PKES system used in the Tesla Model S. However, the analyzed PKES system is made by Pektron and is used by several other manufacturers, including McLaren, Karma and Triumph, which means their vehicles could be affected as well.
Tesla has worked with the researchers to implement measures that should prevent attacks, but none of the other companies responded to attempts to report the flaws.
[...] In general, these types of attacks can be prevented by keeping the key in a special box or pouch that blocks RF transmission. However, this defeats the purpose of the keyless entry and start system.
The researchers do not plan on making public any of the tools they have developed, but a paper containing technical details will become available soon.
(Score: 2) by darkfeline on Tuesday September 11 2018, @07:02PM (6 children)
Locks are easy to pick. A well-designed digital lock is more secure than a physical lock with the same manufacturing cost. Really good physical locks are expensive as hell and still pickable, just not by amateurs with a few hours practice.
Join the SDF Public Access UNIX System today!
(Score: 4, Funny) by NewNic on Tuesday September 11 2018, @07:17PM (1 child)
Yeah, but they probably can't figure out how to either start the engine or release the handbrake on my 6-decades old car. Then, they have to deal with the anti-theft device aimed at millenials: manual transmission.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: -1, Troll) by Anonymous Coward on Wednesday September 12 2018, @01:44AM
Even better is that your car being an old pile of shit makes nobody want to steal it in the first place.
If they somehow managed, you could just walk down to road the where it broke down and recover it.
(Score: 3, Informative) by Unixnut on Tuesday September 11 2018, @08:52PM (3 children)
> Locks are easy to pick. A well-designed digital lock is more secure than a physical lock with the same manufacturing cost. Really good physical locks are expensive as hell and still pickable, just not by amateurs with a few hours practice.
Maybe true, but the difference is that with a physical lock, your car thief has to be a good lock picker, and be able to do it on the spot, without drawing attention, fast enough to not get caught, all the while being worried that someone will see a dodgy character fiddling with a car lock, massively increasing the chances of being spotted and the police called.
Whereas the digital lock, even if harder to "pick" for your average thief, has the same (dis)advantage as piracy. You only need one smart person/group in the world to pirate a copy of something for it to spread like wildfire across the net. Likewise you only need one smart person/group to crack the digital lock, and then every low-iq criminal grunt can use an app to steal the car (after they purchased it of course).
Even worse, they don't have to look suspicious at all. If they clone the key, they can just walk up, get in, and drive off like they own it. Far less suspicious then trying to get into a physical lock.
I remember something similar with BMWs in the UK a few years ago. They had some fancy digital encrypted key, which was supposedly more secure than the manual locks. Until someone cracked the encryption, and sold a piece of software which made it trivial to reprogram a blank key to any BMW car you wanted. Every single petty criminal who could afford the software suddenly became a master car thief overnight, and so many of this particular model of BMW was stolen in such a short time, that the insurance companies actually started refusing to insure the cars until the security hole was patched.
(Score: 2) by tibman on Wednesday September 12 2018, @01:12AM (1 child)
There are automated tools for picking physical locks too. Amazon sells them. No skill required : )
SN won't survive on lurkers alone. Write comments.
(Score: 2) by Unixnut on Wednesday September 12 2018, @06:30AM
They don't tend to work on car locks though. Most of them are only good for basic locks, and perhaps the cheapest "budget" single barrel door locks. At least the ones I have seen...
(Score: 2, Disagree) by darkfeline on Wednesday September 12 2018, @05:48PM
>your car thief has to be a good lock picker
Not really, that's my point. Locks are easy to pick. Getting caught is not a big problem either, depending on the area and a bit of common luck. Even assuming someone spots you in the few minutes it takes for an amateur, city folk are known to ignore ongoing assault and injury ("someone else's problem"), they're not going to stop to phone in a carjacking.
Join the SDF Public Access UNIX System today!