This is the best summary I could come up with:
For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles.
But when one group of Chinese researchers actually checked whether it’s still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they’re as stealable as ever.
In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment.
Instead, a hacker’s device near the car has, in fact, relayed the signal from the owner’s real key, which might be dozens or hundreds of feet away.
Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be carried out by the person behind you in line at a café where your car is parked outside.
“That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.
The original article contains 437 words, the summary contains 220 words. Saved 50%. I’m a bot and I’m open source!
“That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.
That makes me laugh.
Just to be able to push a button to start you car, you have to keep your keys in a faraday bag or in the Freezer. That’s just silly
I was recently looking at new vehicles nearly all have push button starts.
I like my old keys of my 2010 car, turn to power the engine. I start to become an grumpy old fart waving his cane in his thirties. Technology seems to be 1 step forward two steps backwards sometimes. Don’t get me started on car screen buttons, tactile ones or some that have two functions like (fan speed + audio volume - rented a car that worked that way. My copilot didn’t want to touch on those buttons anymore)
I really wonder what will be my options when this one will not work anymore.
I think that this kind of tech is just fundamentally insecure. I can’t think of a way to secure it, at least not against gaining entry to the vehicle. And making it secure against driving away (by requiring it to continue to respond to changing cryptographic pings as you drive) opens the door to people being able to use jammers to disable your vehicle remotely. Maybe if they have a special Faraday cage place that you put your fob into, but at that point why not just use a key? Or just require a button press like the key fobs have for decades.
Oh and depending on the latency allowances for responding to pings, it might just be possible to leave a device in the vicinity of the key and relay it over the internet, so even that just increases the difficulty of defeating it a bit.
Same thing also applies to wireless keycards for secure entry, though I think the range for those is generally lower, so it would be more difficult to pull off.
The only thing I can think of is having incredibly tight timing on a challenge/response. With ~10 nanosecond level precision, it’s not physically possible for em waves to travel more a few meters before the time is up.
How about a simple faraday shield for the key fob?
Might as well have a push button instead. Having it work from your pocket without interaction is what makes a fob different and should be a design requirement.
How about making the signal so weak that you have to put the key inside a hole in the car for it to work?
How about just having a button on a fob/phone which initiates comms, like in the good old days. You can’t relay the signal if there isn’t one till you press the button. But that isn’t sexy and it’s too similar to traditional cars, so they won’t do it.