Experts ​alerted motor trade to security risks of ‘smart key’ systems which have now fuelled highest level of car thefts for a decade.

  • joel_feila@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    8 months ago

    are they talking about smart phone app to unlock cars or the keyless entry that has been around since the 90s?

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      8 months ago

      Both, honestly. But the real problem in this case is the keys that can open and start a car with their mere presence. A relay attack makes bypassing them trivial, and when a large number of people leave their keys at the front door, it’s not difficult to give it a shot.

        • KairuByte@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          8 months ago

          For one, completely remove presence based unlock and start would be a good first move. They are inherently insecure, as they are much too easy to relay attack.

          Next, alter fob controls to encrypt the communication with private/public keys tied to the specific car. This way, even if the fob communication is intercepted, the information is functionally impossible to reverse engineer.

          Finally, implement two way communication. An initial handshake followed by the command. This would functionally remove any chance of a replay attack. Even if the handshake is recorded, the fob won’t send the command.

          These three changes would essentially remove any chance of using a device like a flipper for entry. Yes, it would still technically be susceptible with a relay attack, but the chances are so slim as to be essentially impossible.