The electronic copying of signals was fixed back when the remote signals were being hijacked. Any manufacturers making the same mistake now are incompetent, and there's no point blaming the system for it - you can just as easily create a crap physical lock.
Advanced key - easy theft
- Thread starter Twizzler
- Start date
Utter crap. They haven't been contacting anyone. They hoped this would go away:
http://www.bbc.co.uk/programmes/b04nchtj
Last edited:
The hole here is in how they're doing public/private cryptography and man-in-the-middle garage attacks. Nothing has been fixed here. Yes manufacturers are incompetent and you ain't helping your argument.
Watchdog, that program well know for level-headed coverage of topics, and no sensationalism or fear mongering at all! Hahaha.
The security experts say that they are more secure, any issues are 'teething issues' (physical keys, remotes all had their fair share of these).
Also, I don't think you know what a man-in-the-middle attack actually is... and what issues do they have with public key cryptography specifically?
The security experts say that they are more secure, any issues are 'teething issues' (physical keys, remotes all had their fair share of these).
Also, I don't think you know what a man-in-the-middle attack actually is... and what issues do they have with public key cryptography specifically?
You need to read up on how this is being done I'm afraid and wrap your head around the implications. Once again, no physical access is required if necessary and it is a doddle next to lockpicking because it is procedural and repeatable.
Come back when you have understood this and have a coherent argument to make because you don't have the faintest idea what you're talking about. That post is meaningless. There are plenty of 'security experts' who are telling us this is a problem (teething issues......please.......
), I know very well what a man-in-the-middle attack is because that's where garages come in and public/private keys are a little bit meaningless when you start storing them in close proximity or in the same place.These key systems are inherently broken as they stand. As simple as.
The system is completely broken because the ability to clone keys through garages and multiple third parties is out in the wild. The physical element to that has gone completely.
Last edited:
Come back when you have understood this and have a coherent argument to make because you don't have the faintest idea what you're talking about. That post is meaningless. There are plenty of 'security experts' who are telling us this is a problem (teething issues......please.......
These key systems are inherently broken as they stand. As simple as.
Right. It's pretty clear you don't know what a man-in-the-middle attack is. It has nothing to do with garages.
Again, if the experts say that it's safer, and some bloke on a forum who uses security buzzwords without knowing what they mean and thinks he knows the ins and outs of the security systems that have been put in place says its not, I know who I'll go with thanks.
Guess you had better never use your remote to open your car again, or they'll scan it, get in your car, pop the bonnet, program an immobiliser through the ODB port, find the ignition wire and short it to the battery. Just as easy as any of the attacks being talked about here.
It does. A man-in-the-middle attack takes many forms conceptually and it's pretty clear that you're now being silly for the sake of it. If you want to be stupid great, but don't try and tell everyone else this isn't a problem when they take their car in for a service. That service tech who has debt problems does not need to physically copy your key, he doesn't need the key number to order a physical copy, doesn't need to alter your car in any way and doesn't need to arouse any suspicion whatsoever. There is no proof he was ever involved and that software he copied on to a USB disk means he can now concentrate on being nothing but a model employee.
WHO says 'it's safer' - whatever 'it' is? You've no idea what you are talking about. A wide variety of attacks have been performed on these systems from digital attacks on the vehicle itself to acquiring software to clone keys at will. Choose not to believe them all you want, but they exist.
So you'll believe a car manufacturer when they tell you they've fixed the problem despite reams of evidence to the contrary? Good luck with that.
You quite clearly don't want to comprehend how this is being done or how much easier it makes theft. If you want to do that fine, and good luck to you, but don't tell everyone else who is concerned about this that it isn't a problem because the good old manufacturer that always puts customer service first and their 'security experts' whispered in your shell-like ear and told you world peace has been achieved.
There's a picture of an ostrich on the previous page that is appropriate. If people want to do that, fine, but don't say you weren't warned and don't tell others there is no problem here.
Anyway, aside from the hysteria calls of the jealous 'have not's, the reality in publicising how to bypass the security of any car, and that is irresponsible journalism, as I have pointed out before, has made all of our cars more vulnerable whether they have 'keys' or not. Some it seems just do not get it. It still remains that the easiest, and most common, method of stealing a car is to steal the keys, full stop, however people wish to massage the facts by scaremongering and seem to wish to suggest there must hordes of individuals out there with technical equipment and knowledge ready to take your car, rofl. To me this similar to the same myth about the 2k bug, if anyone cares to remember. I for one will still sleep easy..
Last edited:
Its not about jealousy, its cute that you think that though. I dont pay too much attention to cars ill only ever see in my rear view mirror.
The simple fact of the matter is an additional method exists to steal cars with keyless entry that isn't present with a regular key. This has been demonstrated multiple times.
As such this fact (and the fact that the button is on the wrong side) put me off the advanced key. Its up to the consumers to make a fuss if the manufacturers arent listening, its as simple as that, and its something people should be aware of.
The simple fact of the matter is an additional method exists to steal cars with keyless entry that isn't present with a regular key. This has been demonstrated multiple times.
As such this fact (and the fact that the button is on the wrong side) put me off the advanced key. Its up to the consumers to make a fuss if the manufacturers arent listening, its as simple as that, and its something people should be aware of.
Yes you are correct, each level of security presents different challenges to someone who wants to steal your car, Nothing like stating the obvious, however I can't see what security benefits your rear view mirror has over mine :-?
- Joined
- Oct 7, 2014
- Messages
- 1,228
- Reaction score
- 1,467
- Points
- 113
Seriously, whether it's keyless or not is irrelevant. Just because some cars are stolen like this, doesn't mean that all other cars are immune. At the end of the day, the things that make a "regular" car hard to steal are the electronics anyway (immobilizer and so on)! Not the fact that it's got a key.
The Sunday Times 2/3 Nove 2014
No car is safe: How hi-tech thieves are defeating sophisticated security systems
SAM MILLER was settling down for the evening in her living room when her phone rang. Did she know that her Range Rover was on the move, asked the caller from Tracker, a vehicle location company.
“I said, ‘Are you sure? Because it’s sitting on my drive,’ ” says Miller, 45, a finance director from Marston Green in the West Midlands. “But when I looked out of the window, the car had disappeared. I don’t want to repeat what I said — there were a few expletives — but I was quite shocked, to say the least.”
When Miller looked at her CCTV system she was in for another shock. The thief had walked up, pulled the door handle and jumped into her two-year-old Autobiography-spec car, which would cost £100,000 new today. He started the engine and, after almost ploughing forwards into Miller’s house, found reverse gear and drove away. The theft was over in less than 30 seconds.
Miller’s tracking device led police to the car, which had been parked and abandoned, in less than an hour, but other owners have not been so lucky. Last week it emerged that some Range Rover owners who park their cars on the street in London are struggling to get insurance because so many of the cars are being stolen.
Quantum, a specialist insurer, says that underwriters are refusing to cover the cars because despite hi-tech security systems the vehicles suffer from a catastrophic flaw: they feature keyless entry and keyless start technology that thieves have found ways to bypass, enabling them to steal the cars at will.
The insurer says that unless Range Rovers and other high-end cars with the same technology are parked in a secure garage, the only way to get insurance for them is to combine it with household insurance to spread the risk.
“Stealing these cars is almost child’s play,” says James Wasdell, co-founder of Quantum. “Range Rovers are being targeted because they are desirable, but other cars with keyless systems have the same problem — they just aren’t as high up on thieves’ shopping lists.”
Security experts say that the problem, once confined to expensive models, now affects almost every manufacturer that sells cars with keyless systems, which allow drivers to start their engine with the push of a button rather than by putting their key into the ignition. High-performance Audis and BMW X5s have also recently been targeted.
After years of denial and obfuscation, it appears that the car industry is at last waking up to the scale of the problem. Later this month at an emergency summit held by the Institution of Engineering and Technology, Edmund King, president of the AA, will warn representatives of the motor and security industries that car crime figures are likely to rise for the first time in 20 years.
“Opportunist crime such as joyriding has gone away, but we are left with a hard core of organised and well resourced crime groups targeting high-value vehicles,” King says.
These hi-tech thieves can hack into a car’s electronic security system and then program a blank key fob (see below). Because there is no physical key to insert into the ignition, the thief can then start the car at will. Another technique can be used to fool the vehicle into unlocking the doors, giving thieves access to the car without their having to break windows and risk setting off alarms or activating immobilisers.
The electronic devices used to hack cars’ security systems are available on the internet for as little as £10. Some are fitted with torches to help thieves work in the dark.
Since The Sunday Times highlighted the vulnerability of keyless systems in 2011 the problem has escalated. The Metropolitan police say that around half of all car thefts in London are carried out without the use of any original keys. Owners can protect themselves by fitting a lock to their diagnostic port — the socket thieves plug their devices into to gain access to the car’s computer. But even that may not be enough: King will warn in his speech that crooks are already exploiting other loopholes.
Some are removing dashboard panels to reveal circuit boards so they can directly rewire the relevant microchip. And with the advent of mobile phone apps that can unlock your car at the swipe of a finger — they’re offered by BMW, Volvo and Tesla, among others — King warns that criminals are likely to try to steal passwords and obtain easy access. Other experts say that criminal gangs are developing key-programming software for smartphones that will make the process tougher for police to detect.
Motor manufacturers put the blame squarely on European competition regulations that force them to allow third parties such as mechanics and locksmiths to have access to the diagnostic port and the freedom to program new keys. But Mike Parris, head of the secure car division at the motoring technology consultancy SBD, says that the blame lies with crack coders from eastern Europe who can reverse-engineer vehicles to identify any security weakness and then develop devices to exploit the loophole, selling them online. As often happens with legitimate technology too, they are then copied by Chinese companies, which sell them for a lower price, making them more tempting to thieves.
The problem has become so acute that car makers could soon be forced to abandon keyless entry and revert to traditional metal keys.
The security standards of new vehicles sold in Britain are set by Thatcham, a research centre for the motor industry, which must approve cars’ security measures before insurers will cover them. Mike Briggs, security research manager at the Berkshire-based centre, says Thatcham’s tests are the toughest in Europe and have recently been tightened, which could result in some car makers failing them unless they abandon keyless entry for a conventional metal key.
Any such move will come too late for the thousands of drivers who have had their cars stolen by the cyberthieves — apparently with ease — while the manufacturers have continued to deny that there is a security problem.
Land Rover said it frequently updated its software to make it tougher for thieves to breach. It is thought that the company is finalising an update for Range Rover owners, but no details are yet available.
Although Miller’s car was recovered, it was damaged by the thieves and is now being repaired. “Range Rovers aren’t cheap,” she says. “You spend that amount of money on a vehicle and you think it should be impossible to steal. Obviously that isn’t the case.”
Driving leads from the front in the battle against car crime
The Sunday Times has led the campaign to make manufacturers do more to protect owners from theft and to highlight the security flaws in many modern cars.
The problem came to light as far back as February 2011, when we teamed up with a university in Switzerland to demonstrate how keyless entry systems could be exploited by thieves to gain access to cars and steal them. At the time car makers were reluctant to admit that they were affected. Both Toyota and Audi took a similar line to Jaguar Land Rover, which claimed that its cars were “robust” against hacking.
The problem didn’t go away, though. In February 2012 we reported on a street in London that had been plagued by vehicle thefts with no visible signs of damage and revealed that security experts were frustrated with car manufacturers, which they claimed were in denial about the problem. That summer we reported that insurance companies were refusing to pay out to owners who had had their car stolen by key hacking because they deemed the owner to be at fault on the basis that the vehicle was “impossible to steal” without the key, so it must have been left unlocked.
Car makers continued to deny there was a problem. Last year we reported on the case of Daniel Witte, who had his £70,000 Audi RS 4 stolen from his driveway in 90 seconds by thieves, who circumvented the keyless entry and start system. Even though we sent CCTV footage of the incident to the company, Audi defended its record on security and denied that there was a problem with its cars, saying the video was “inconclusive”.
In fact it wasn’t until July this year, when we reported that police had advised owners to use old-fashioned steering-wheel locks to thwart hi-tech thieves, that car companies including Jaguar Land Rover and Audi told us that there might have been weaknesses in the past. They said that their security software was constantly being updated to meet new threats.
http://www.driving.co.uk/news/no-ca...are-defeating-sophisticated-security-systems/
No car is safe: How hi-tech thieves are defeating sophisticated security systems
SAM MILLER was settling down for the evening in her living room when her phone rang. Did she know that her Range Rover was on the move, asked the caller from Tracker, a vehicle location company.
“I said, ‘Are you sure? Because it’s sitting on my drive,’ ” says Miller, 45, a finance director from Marston Green in the West Midlands. “But when I looked out of the window, the car had disappeared. I don’t want to repeat what I said — there were a few expletives — but I was quite shocked, to say the least.”
When Miller looked at her CCTV system she was in for another shock. The thief had walked up, pulled the door handle and jumped into her two-year-old Autobiography-spec car, which would cost £100,000 new today. He started the engine and, after almost ploughing forwards into Miller’s house, found reverse gear and drove away. The theft was over in less than 30 seconds.
Miller’s tracking device led police to the car, which had been parked and abandoned, in less than an hour, but other owners have not been so lucky. Last week it emerged that some Range Rover owners who park their cars on the street in London are struggling to get insurance because so many of the cars are being stolen.
Quantum, a specialist insurer, says that underwriters are refusing to cover the cars because despite hi-tech security systems the vehicles suffer from a catastrophic flaw: they feature keyless entry and keyless start technology that thieves have found ways to bypass, enabling them to steal the cars at will.
The insurer says that unless Range Rovers and other high-end cars with the same technology are parked in a secure garage, the only way to get insurance for them is to combine it with household insurance to spread the risk.
“Stealing these cars is almost child’s play,” says James Wasdell, co-founder of Quantum. “Range Rovers are being targeted because they are desirable, but other cars with keyless systems have the same problem — they just aren’t as high up on thieves’ shopping lists.”
Security experts say that the problem, once confined to expensive models, now affects almost every manufacturer that sells cars with keyless systems, which allow drivers to start their engine with the push of a button rather than by putting their key into the ignition. High-performance Audis and BMW X5s have also recently been targeted.
After years of denial and obfuscation, it appears that the car industry is at last waking up to the scale of the problem. Later this month at an emergency summit held by the Institution of Engineering and Technology, Edmund King, president of the AA, will warn representatives of the motor and security industries that car crime figures are likely to rise for the first time in 20 years.
“Opportunist crime such as joyriding has gone away, but we are left with a hard core of organised and well resourced crime groups targeting high-value vehicles,” King says.
These hi-tech thieves can hack into a car’s electronic security system and then program a blank key fob (see below). Because there is no physical key to insert into the ignition, the thief can then start the car at will. Another technique can be used to fool the vehicle into unlocking the doors, giving thieves access to the car without their having to break windows and risk setting off alarms or activating immobilisers.
The electronic devices used to hack cars’ security systems are available on the internet for as little as £10. Some are fitted with torches to help thieves work in the dark.
Since The Sunday Times highlighted the vulnerability of keyless systems in 2011 the problem has escalated. The Metropolitan police say that around half of all car thefts in London are carried out without the use of any original keys. Owners can protect themselves by fitting a lock to their diagnostic port — the socket thieves plug their devices into to gain access to the car’s computer. But even that may not be enough: King will warn in his speech that crooks are already exploiting other loopholes.
Some are removing dashboard panels to reveal circuit boards so they can directly rewire the relevant microchip. And with the advent of mobile phone apps that can unlock your car at the swipe of a finger — they’re offered by BMW, Volvo and Tesla, among others — King warns that criminals are likely to try to steal passwords and obtain easy access. Other experts say that criminal gangs are developing key-programming software for smartphones that will make the process tougher for police to detect.
Motor manufacturers put the blame squarely on European competition regulations that force them to allow third parties such as mechanics and locksmiths to have access to the diagnostic port and the freedom to program new keys. But Mike Parris, head of the secure car division at the motoring technology consultancy SBD, says that the blame lies with crack coders from eastern Europe who can reverse-engineer vehicles to identify any security weakness and then develop devices to exploit the loophole, selling them online. As often happens with legitimate technology too, they are then copied by Chinese companies, which sell them for a lower price, making them more tempting to thieves.
The problem has become so acute that car makers could soon be forced to abandon keyless entry and revert to traditional metal keys.
The security standards of new vehicles sold in Britain are set by Thatcham, a research centre for the motor industry, which must approve cars’ security measures before insurers will cover them. Mike Briggs, security research manager at the Berkshire-based centre, says Thatcham’s tests are the toughest in Europe and have recently been tightened, which could result in some car makers failing them unless they abandon keyless entry for a conventional metal key.
Any such move will come too late for the thousands of drivers who have had their cars stolen by the cyberthieves — apparently with ease — while the manufacturers have continued to deny that there is a security problem.
Land Rover said it frequently updated its software to make it tougher for thieves to breach. It is thought that the company is finalising an update for Range Rover owners, but no details are yet available.
Although Miller’s car was recovered, it was damaged by the thieves and is now being repaired. “Range Rovers aren’t cheap,” she says. “You spend that amount of money on a vehicle and you think it should be impossible to steal. Obviously that isn’t the case.”
Driving leads from the front in the battle against car crime
The Sunday Times has led the campaign to make manufacturers do more to protect owners from theft and to highlight the security flaws in many modern cars.
The problem came to light as far back as February 2011, when we teamed up with a university in Switzerland to demonstrate how keyless entry systems could be exploited by thieves to gain access to cars and steal them. At the time car makers were reluctant to admit that they were affected. Both Toyota and Audi took a similar line to Jaguar Land Rover, which claimed that its cars were “robust” against hacking.
The problem didn’t go away, though. In February 2012 we reported on a street in London that had been plagued by vehicle thefts with no visible signs of damage and revealed that security experts were frustrated with car manufacturers, which they claimed were in denial about the problem. That summer we reported that insurance companies were refusing to pay out to owners who had had their car stolen by key hacking because they deemed the owner to be at fault on the basis that the vehicle was “impossible to steal” without the key, so it must have been left unlocked.
Car makers continued to deny there was a problem. Last year we reported on the case of Daniel Witte, who had his £70,000 Audi RS 4 stolen from his driveway in 90 seconds by thieves, who circumvented the keyless entry and start system. Even though we sent CCTV footage of the incident to the company, Audi defended its record on security and denied that there was a problem with its cars, saying the video was “inconclusive”.
In fact it wasn’t until July this year, when we reported that police had advised owners to use old-fashioned steering-wheel locks to thwart hi-tech thieves, that car companies including Jaguar Land Rover and Audi told us that there might have been weaknesses in the past. They said that their security software was constantly being updated to meet new threats.
http://www.driving.co.uk/news/no-ca...are-defeating-sophisticated-security-systems/
Liquidfusion-S3
I fall to peer pressure!
Just confirms I'm not that paranoid after all V8 
http://www.audi-sport.net/xf/threads/am-i-being-paranoid.224743/
http://www.audi-sport.net/xf/threads/am-i-being-paranoid.224743/
This article will confirm you're not being paranoid
https://www.ala.co.uk/blog/bbc-cons...nuing-security-problems-on-prestige-vehicles/
https://www.ala.co.uk/blog/bbc-cons...nuing-security-problems-on-prestige-vehicles/
- Joined
- Sep 25, 2014
- Messages
- 330
- Reaction score
- 334
- Points
- 63
A few links from Audi uploaded last week:
http://www.audi.co.uk/content/audi/about-audi/latest-news/security.html
http://www.audi.co.uk/owners-area/security.html
http://www.audi.co.uk/content/audi/about-audi/latest-news/security.html
http://www.audi.co.uk/owners-area/security.html
I think that at least the beano gives us a good laugh instead of a work of sensationalst and irresponsible fiction the Sunday times gives us. They state thousands of cars have been stolen using this method, but where from and exactly how many they don't produce data to back up. The fact is high end cars have always been stolen to order what ever security systems are fitted and what ever the manufacturers do there will always be a way and having a key is the easiest and most complete way of doing this. I found this article interesting http://www.honestjohn.co.uk/crime/top-10s/top-10-most-stolen-cars/
So the only bit that Audi dispute is that the car was unlocked and unarmed. They didn't deny that the car could be stolen without a key.
Just wondering, would it be easier/quicker to steal a 'keyless start' car or a 'key start' car when you didn't have access to the original keys?
I wouldn't need your key as a duplicate key can easily be obtained and programmed to steal your car. With an actual key you can have more fun. Plus every day at least 53 householders in England and Wales find that their car has disappeared following burglary of their home to obtain the keys, so add to that keys being left in cars, front doors or stolen from you personally and you have a far bigger problem..
I'm seriously curious about the differences. So how would you obtain the required info to program a key and steal my car without access to my originals. Info available to 3rd party service centres?
If you have the technology and the know how, it has always been easy to obtain keys even from the dealerships themselves in some cases. You can even order them online..
0B1001001
Registered User
- Joined
- Sep 5, 2013
- Messages
- 452
- Reaction score
- 279
- Points
- 63
Liquidfusion-S3
I fall to peer pressure!
We should all be concerned, whether we have a key or in particular a keyless set up.
It's easy to use another device to make life more difficult.
By the way if I was a car thief I would prefer not to have to break into homes with all the attendant extra risks. Especially if there was an easier less risky way.
It's easy to use another device to make life more difficult.
By the way if I was a car thief I would prefer not to have to break into homes with all the attendant extra risks. Especially if there was an easier less risky way.
I honestly don't understand how anyone can't see that 'Keyless' cars are less secure than 'Key Start' cars.
If you look at both types a 'Key' car is a little bit more work to steal although no car security is infallible.
The difference might be minimal but it's there all the same whether or not you stick your head in the sand.
If you look at both types a 'Key' car is a little bit more work to steal although no car security is infallible.
The difference might be minimal but it's there all the same whether or not you stick your head in the sand.
