3rd Gen Wireless Key Fob Hacking

Although I don't disagree with what your saying, but if I understood the article correctly it's about using a signal "repeater" or "strengthener". It's like putting a bridge in for the wifi. No hacking really needed.

FYI, manual transmission are still keyed from what I understand, i will know for sure in under two weeks

 

FYI, manual transmission are still keyed from what I understand, i will know for sure in under two weeks[/QUOTE]

My 2016 manual transmission has the ignition keyed but the door locks work remotely. As you stated, I don't believe there was a "smart key" option for it.

 

My 2016 manual transmission has the ignition keyed but the door locks work remotely. As you stated, I don't believe there was a "smart key" option for it.[/QUOTE]

So will I have to push a button or something to unlock, or just be able to open with the key in pocket like the autos?

 

Either or. The driver's door can still be locked/unlocked using the key if you want or you can push the fob button. I just read an article in an online paper that was discouraging use of the remote function for the reasons discussed in this thread. I tend to think the the odds of having my truck stolen in this manner are slim but of course they aren't zero.

 

Nah, sorry I'm not biting on this article it can't be done the way they say because the in-vehicle ecm is a protected network.
The only way to access it is by following a specific set of instructions to initialize the initial communication sequence between fob and ecm, and it can't be interrupted by anything else going on, or it will void the initialization, so NO it's not happening that way.

But if you valet park your vehicle and the thief is a valet with the necessary knowledge, then yes any vehicle including those with keys are at risk.
And btw, I never valet park any of my vehicles, I'd rather walk.

Plus is good and healthy for you to walk, trust me on this!

Hope that helps
Cheers!

 

I hate any one driving my vehicle, it sucks getting the seat just right, or the seat just being too dam close to even get in. Oh and I know how I would drive and expect others would do the same and that's just not good.

 

Well yes there is that, but that and it being stolen as mentioned above is the least of my concern as the insurance will cover it, albeit for an increase in my premium of course, but what I hate is what they do to them that causes expensive repairs (later down the line) NOT covered by insurance.

When I was a teen I worked part time to put myself thru-school and I know know what those guys did to the vehicle drivetrains every summer!

Hope that helps
Cheers!

 

Are you referring to the CAN bus? That's not typically encrypted traffic. Maybe you're saying it's because the protocol requires authentication to be accepted as valid data, which means the device must have the right identifiers.

But that's not what is being bounced around here. This is the RFID side of the key fob (and TPMS as well FWIW), which once hacked would be sending completely valid commands to the ECU or other microprocessors.

Unless you're saying that the challenge-response inherent with KeeLoq is what prevents unauthorized access. This is exactly what helped them crack it, the identify-friend-or-foe (e.g. IFF) handshaking when they did the side channel analysis. That's how they were able to figure out the secret keys. Read those differential power analysis papers, it was fairly trivial to do power-vs-response correlation after the algebraic methods had figured out the basic algorithm.

In particular this paper: https://www.iacr.org/archive/crypto2008/51570204/51570204.pdf

 

I'm not sure that would matter. You could look at it this way. Bob yells a password to Adam. Adam unlocks the doors if the password matches. Bob and Adam have agreed that they will use a random number generator that only they know about to create the passwords. So, when Bob yells the next random number; Adam also knows the same random number. If Edith sits between Bob and Adam and listens to the passwords go back and forth, she would only ever have the old passwords. She would *still* be unable to open the door, because she wouldn't know the next random numbers/password. Knowing the old passwords doesn't help you guess the new ones (theoretically).

DaveInDenver posted some great info that I still haven't read through yet. He indicated that some of the older methods used weak "seeding" and/or algorithms with too many fixed numbers and not enough randomness. To put it in terms of the analogy I used above, that would be like Adam and Bob using a random number generator based on their birthdays. Edith, knowing their b-days, could start to guess how their generator works and figure out their "random" numbers.

 

Not talking about CAN bus traffic here because it doesn't need encryption as is hardwired to the ecm like a local Ethernet network would be. The communication protocol has to be initiated with-inside the vehicle under a specific set of commands with nothing else going on as it would be if someone was trying to hack in from the outside, as it would be voided. Not happening on a Toyota.

 

Nice example, dam Edith sticking her noise in the middle of shit. Honestly I don't have a clue, but what I got out of the article was they are using a device to lengthen or strengthen the signal, nothing about about needing to code it or what not. So Edith would be holding a microphone next to Adam and/or Bob.

 

@tacoflavoredkisses1, the only weakness in your analogy would be Edith wouldn't have to know how Bob and Adam generated their passwords if neither knew she was there acting like a repeater. All she's doing is passing valid data between two end users that don't any better. The intermediary would only be retransmitting a bitstream but not actually decoding anything. If you take Bob or Adam out of the equation then the remaining party would be one hand clapping. That's why hiding the fob stops this type of very rudimentary attack, the blockchain is broken. If you don't have the key fob then you need to actually know how to generate valid keys.

 

You either didn't read the article, or you didn't understand what's going on.

They're using a dual-device relay; one near enough to the fob to Tx/Rx with it, another near enough the vehicle to Tx/Rx. Signals from the fob/vehicle are relayed to one another. No hacking, no cracking, just relaying the radio signals. Encryption is irrelevant. Rolling codes are irrelevant. The vehicle is communicating with its known fob via the relays and is fooled into thinking the fob is at and inside the vehicle.

As to it being a "serious problem"... I don't believe that to be the case for most people.

 

Even if the vehicle is communicating with its known fob via the relays and is fooled into thinking the fob is at and inside the vehicle, it could not be used later or next time without the owner using it (his fob) as each transmitter has to be logged by the ecm as an authorized transmitter during a sequence of events that must happen during the transmitter initialization and authorization process, so encryption and rolling codes are very relevant to preventing unauthorized use.

Edit: This is why the would be thief would need access to the vehicle, to initialize and authorize a new transmitter.

Hope that helps
Cheers!

 

Not worried or tore up here, just like more basic tech, not a fan of the latest and greatest tech that comes out every few months. Some people like it, and that's ok. And if someone's gonna steal my truck, they will do so however they can, and I have insurance that will cover it. But I just want to keep from going thru the hassle if I can.
But, I have learned a lot from you guys' informative posts above. I like learning everything I can, if no other reason than to broaden my knowledge base.

 

What I think about this situation.
I have Allstate
What I learned on this thread
The spare FOB is in sleep mode now, so the battery will last longer.
Thank you

 

How is the sleep mode activated again.??

 

Near the bottom of page

 

I'm no expert at auto theft, but I imagine the thieves either don't care (sending to chop shop or sending overseas and a new ECM is a fraction of the value of the stolen car) and they need only drive it to their lair, or they could potentially use the relay to present an existing fob while coding a new fob to the car in situ and drive off with that new fob. http://www.dailymail.co.uk/sciencet...h-cars-without-keys-thieves-driving-seat.html

 

For you guys knocking the article, I merely put this in as reference to help those who know nothing about this and can get an idea what happened.

What triggered me to start this thread was not the article itself, but the fact that there was car stolen in my neighborhood using this method of 'hacking'.

I've worked with computers and software long enough to know that nothing digital is fool proof (with the exception of maybe Bitcoin). This applies to encryption algorithms as well. All it takes a dedicated individual(s) with the skills to break these codes. The black marked (dark web) has many hackers who could easily crack these key fob codes and sell it to criminal organizations.

I'm not saying your car is gonna get stolen, all I was pointing out is that the technology is out there to do it and criminals appear to be using it now.

Most of you probably don't need to worry about this. But knowing there are thieves using sophisticated tools nearby, I have to adapt and take extra precaution.