this post was submitted on 25 Feb 2024
529 points (97.5% liked)

Technology

59675 readers
4836 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] atrielienz 10 points 9 months ago* (last edited 9 months ago) (1 children)

In theory (barring the bit where you could literally break into Hyundai cars of the last few years, plug a USB stick into them and drive away), it is technically easier to steal some older vehicles without keyless entry (any car that has a key but doesn't require that key to communicate with a security module). A criminal can (and some do) drill out the ignition lock cylinder, insert a blank one and then drive away with any thin bladed metal shank (flathead screw driver) as if nothing happened. Buy a new keying kit, and they take only a couple of minutes to install assuming they even care to do so (chop shop might care, joy rider won't, someone interested in rummaging through the vehicle and dumping it won't etc).

The keyless entry systems implemented on new cars work by having what's essentially like an RFID in the key that communicates with a security module or multiple modules in the car, and this transmission is pretty much always active and only checked by range. If the car is close enough to where you hang your keys by the door the car may pick up this signal, and in the case of vehicles with keyless entry where you just need to touch the door handle with the key nearby that would give the thieves entry to the vehicle.

They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key. Then using a GPS blocking tool they can prevent the car from pinging their location. At that point the only thing stopping them from taking the vehicle is their ability to take it out of park or start it. The tech to start it is fairly cheap. Taking it out of park is pretty simple for most cars if you already have access to the inside (ICE vehicles especially because there is usually a transmission selector switch attached to a cable that directly connects to the shifter (automatic or manual).

I could roll a car down the street if it was level or a light grade by myself and I'm not a big person. If you drive a truck or an SUV and that selector switch is on the bottom or side of the transmission that's even easier and simpler to access (and doesn't even require a thief to have access to the inside of vehicle to put it in neutral). If the horn is accessible through a wheel well? A thief can just disconnect it and the alarm won't even sound. If they already have access to the inside of the vehicle a thief can just pull the horn fuse.

Automotive companies rely on the premise that there aren't enough dishonest people in the world with the technical know how to circumvent their security so cost to benefit analysis says don't worry about making it more secure until they're forced to. Either by public demand, or by government oversight and regulation.

[–] T156 5 points 9 months ago (1 children)

They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key

Although if the signal is vulnerable to a replay attack just like that, it was a woefully poor design to begin with.

It's why a lot of garage door systems don't use a fixed code, but something more like 2FA codes, where it changes each time it's used.

[–] atrielienz 0 points 9 months ago* (last edited 9 months ago)

You'll get no disagreement from me. I feel the same way about RFID ID tags. I remember seeing a CSI episode once where girls were getting RFID chips implanted in their wrists or something and using that to pay door fees and tabs at bars. I would never. I can and have cloned an RFID badge (to avoid paying $80 to my apartment complex for a badge that was inaccessible because it fell into a crevice of a locker at a gym), and I gotta tell ya, it doesn't take enough time for me to be comfortable using it as a security feature for most anything.