this post was submitted on 26 Feb 2024
494 points (96.4% liked)

Technology

59594 readers
2945 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Experts ​alerted motor trade to security risks of ‘smart key’ systems which have now fuelled highest level of car thefts for a decade.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 9 months ago* (last edited 9 months ago) (3 children)

Seems to be specifically about these you unlock from your phone and then press a button to start

A device disguised as a games console - known as an “emulator” - is being exploited by thieves to steal vehicles within 20 seconds by mimicking the electronic key.

Don't they use rolling codes? So I suppose this emulator is some malware you install on your phone

[–] baronvonj 6 points 9 months ago (2 children)
[–] kurwa 26 points 9 months ago (2 children)

The flipper zero can't get around rolling codes, unless it's a very specific situation. Car thiefs aren't using them.

[–] baronvonj 13 points 9 months ago (1 children)

The OP's quote leaves out the "It is being targeted at Hyundai and Kia models." part. From what I can find those brands are (were?) susceptible to rollback where sending an old code reactivates codes that came after it

https://www.reddit.com/r/flipperzero/comments/z2fq6h/broken_rolling_code_system_old_sent_signal/

[–] kurwa 2 points 9 months ago

I think you would still have to wait for the owner to use their keys.

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

Default firmware cannot, and most cars won’t work. But specific makes have decades old security holes that still exist in new models… for reasons? And custom firmware unlocks the firmware limitations.

So technically possible, but banning the flipper doesn’t fix the security hole. It’s like banning a hammer because it can break a window. It’s now more difficult to do construction work, and crow bars still exist.

[–] T156 5 points 9 months ago (1 children)

Don’t they use rolling codes? So I suppose this emulator is some malware you install on your phone

I would hope that they would use rolling codes, but I would also not be all that surprised if they did not. Car manufacturers have cheaped out for less.

The emulator part seems like it's confusing a few different things together. Although I'm a little suspect of that, since someone holding up a games console to a car or house is suspicious anyway.

It could also be described as an emulator (emulating the key), and the crossover with game emulators might be causing some confusion?

A dedicated device might make sense there, if it has better antennas, or better capabilities than would be available with a basic phone, in addition to being less technical than having to install an app and fiddle about with all of that.

[–] sramder 3 points 9 months ago

Yeah, someone got confused with all the terminology. Probably also old people think small stuff with a screen looks like a gameboy?

[–] mlg 2 points 9 months ago (1 children)

Don't know about the article, but most have been doing relay attacks by just forwarding the rolling code sent by the key to unlock and then start the car. It works because keyless entry requires a transaction starting from the car, so you can effectively just stand between the car and wherever the keys are and do easy relay attacks.

Then they usually drive it to a nearby safe location first so they can just reprogram the keys.

I do feel like this could at least be cheaply mitigated by having an immobilizer for the gas pedal that stops throttle input if the key isn't detected after a cooldown after moving a few feet, which would prevent thieves from being able to move the car very far after starting.