Sponsored

Push Button Auto Theft

InvertedLogic

Well-Known Member
Joined
Aug 2, 2018
Threads
12
Messages
592
Reaction score
542
Location
Denver, CO
Vehicle(s)
20 JTR
Listened to a great podcast about stealing cars with pushbutton and remote unlock. A common way is to capture the signal from the fob when the lock/unlock button is pressed while jamming the car's receiver. The owner thinks that the button press didn't work, so they press again, it works and off they go. Later, the thief can reply the captured code from earlier. Actually makes a better case for proximity locks since you're not broadcasting a code across a parking lot. The only communication is happening within 5ft of your door.

https://hackablepodcast.com/episodes/keyless-entry
Sponsored

 

hotttdogggg

Banned
Banned
Banned
Joined
Mar 4, 2019
Threads
0
Messages
58
Reaction score
49
Location
Eagan, MN
Vehicle(s)
2018 JLUR
I wonder if vehicles with proximity entry are more susceptible to being stolen than those without. Since all knew wranglers are push button start but not all wranglers have proximity entry.

I'm going to tell myself I'm right so I can sleep easy at night knowing I did the right thing not ordering proximity entry.
You do that.
 

Onyx Dragon

Well-Known Member
Joined
Mar 11, 2019
Threads
2
Messages
269
Reaction score
256
Location
Virginia
Vehicle(s)
2018 JLU, 1999 Xj, 2001 Trans Am
Vehicle Showcase
3
Listened to a great podcast about stealing cars with pushbutton and remote unlock. A common way is to capture the signal from the fob when the lock/unlock button is pressed while jamming the car's receiver. The owner thinks that the button press didn't work, so they press again, it works and off they go. Later, the thief can reply the captured code from earlier. Actually makes a better case for proximity locks since you're not broadcasting a code across a parking lot. The only communication is happening within 5ft of your door.

https://hackablepodcast.com/episodes/keyless-entry
If I recall correctly, most of the new devices use a scrambled/alternating/encrypted transmission. If it doesn't match up, the car ignores it. Just because they capture it, doesn't mean they can use it. Especially since most are supposedly using alternating and encrypted.
 

InvertedLogic

Well-Known Member
Joined
Aug 2, 2018
Threads
12
Messages
592
Reaction score
542
Location
Denver, CO
Vehicle(s)
20 JTR
If I recall correctly, most of the new devices use a scrambled/alternating/encrypted transmission. If it doesn't match up, the car ignores it. Just because they capture it, doesn't mean they can use it. Especially since most are supposedly using alternating and encrypted.
From the podcast and article I linked:

"However, in response to the weakness afforded by a fixed code system, automakers began using a rolling code system. Essentially, the codes used by the key and car as their “secret handshake,” changes every time the system is used to lock or unlock the car. This meant that Tim needed to jam the receiver in the car which allowed him to sniff the incoming signal from the key fob. Once Tim had the code he was able to replay that to unlock the car with ease."
 

TimmH

Well-Known Member
First Name
Timm
Joined
Sep 18, 2018
Threads
7
Messages
722
Reaction score
874
Location
Florida
Vehicle(s)
2018 JL Wrangler Sahara 3.6 Auto
Vehicle Showcase
1
Just seems with the technology, it would be next to nothing for FCA to add an option for a media system pin code..

Get in vehicle, with FOB, push start, media screen lights up and requests pin, only after pin is entered can the vehicle start.

This would make the thieves work harder :P
 

Sponsored

eck

Well-Known Member
First Name
John
Joined
Dec 3, 2018
Threads
1
Messages
404
Reaction score
612
Location
Apex NC
Vehicle(s)
2018 JLU MOAB HellaYella
You can't jam, steal, and replay fob codes on modern vehicles. Disclaimer being that I don't work on automotive software... however it's basically the same idea as HOTP (https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm) which is commonly used for two-factor auth on websites.

In a nutshell, the vehicle and the fob have a shared secret to begin. From this, they can compute the same list of future codes, indefinitely. Every time you press a button on the fob, the code advances by one. The vehicle will allow some amount of look-ahead from the fob to skip accidental codes. If you go out of range of your vehicle and mash the unlock button hundreds of times, it probably won't work anymore without resyncing it. This is because you've advanced the fob too far ahead of the look-ahead window allowed by the vehicle.

So say the initial secret is N=1, and the next code in sequence is always N+1. If I press the fob and it sends "2", and you jam the vehicle and record the "2", it doesn't help you steal the vehicle later. The next time I press the fob and it sends "3", then the vehicle just advances its list to 3, skipping 2 entirely. Now the vehicle will only accept codes greater than 4. Your 2 is useless.

This simplifies and glosses over some things, but hopefully gets the point across in a way that most folks can understand.

Now that said... the fact that these things phone home over satellite and you can send commands via app... that is a valid concern.
 

Ravager

Well-Known Member
First Name
Joe
Joined
Nov 29, 2018
Threads
14
Messages
126
Reaction score
137
Location
OKC
Vehicle(s)
2018 JL Unlimited Rubicon Granite Crystal Metallic Station Wagon
Vehicle Showcase
1
My son in 16. What is that? Post millennial? He can drive stick because he has an awesome dad who taught him on a brand new wrangler. :)
What did you teach him?
 

Dynomite1371

Well-Known Member
First Name
Ed
Joined
Dec 13, 2017
Threads
20
Messages
1,393
Reaction score
2,093
Location
Maryland
Vehicle(s)
2018 JLUR, Granite, Steel bumper, Safety, Cold Weather, Tow package, Premium Alpine, Black Leather and Mopar "self draining" Mats
Occupation
Police Officer

OldGuyNewJeep

Well-Known Member
First Name
Don
Joined
Sep 21, 2017
Threads
85
Messages
3,816
Reaction score
6,828
Location
CT
Vehicle(s)
2018 Wrangler JL, 2016 Yukon XL

Onyx Dragon

Well-Known Member
Joined
Mar 11, 2019
Threads
2
Messages
269
Reaction score
256
Location
Virginia
Vehicle(s)
2018 JLU, 1999 Xj, 2001 Trans Am
Vehicle Showcase
3
From the podcast and article I linked:

"However, in response to the weakness afforded by a fixed code system, automakers began using a rolling code system. Essentially, the codes used by the key and car as their “secret handshake,” changes every time the system is used to lock or unlock the car. This meant that Tim needed to jam the receiver in the car which allowed him to sniff the incoming signal from the key fob. Once Tim had the code he was able to replay that to unlock the car with ease."
Yeah...do you know what it would take to do all of that?
 

Sponsored

Onyx Dragon

Well-Known Member
Joined
Mar 11, 2019
Threads
2
Messages
269
Reaction score
256
Location
Virginia
Vehicle(s)
2018 JLU, 1999 Xj, 2001 Trans Am
Vehicle Showcase
3
Yeah I do, they outline exactly what it would take to do that in the article. They quite literally test it out on the journalist's rental car.
Then the answer is you probably don't ;) As much as I hate doing this, I'm going to listen to this 25 minutes of what is already a boring podcast to see if they get it right, and what they left out.
 

Onyx Dragon

Well-Known Member
Joined
Mar 11, 2019
Threads
2
Messages
269
Reaction score
256
Location
Virginia
Vehicle(s)
2018 JLU, 1999 Xj, 2001 Trans Am
Vehicle Showcase
3
OK, let's start with the "Can intercept from 1000 feet away!" statement. That isn't bad. But how far does your FOB transmit?

Relays are not new (they've been known for a LOOONG time in the IT field with wireless technologies), and in this case, really aren't even hacking. They are simply passing the signal on...which is why everyone knows you don't leave your FOB near your front door or a window (and is also why most manufacturers are giving them weaker transmitters).

They say it's fairly easy to do. It is. If you know what you are doing. The average street hood isn't going to do this. They don't have the know how or have the skill set.

Next, the statement that you can be pretty far away. You have to be within the transmit range of the FOB. So you can't really be all that far away.

The podcast doesn't actually tell you anything about what you would need to do, or the stuff you would need, in order to do this. You have to build the device yourself. You don't just walk into Best Buy and purchase one. You have a much higher chance of someone busting your window and taking your stuff.

Is it a threat? A very small one. As in, it probably won't happen to anyone on this forum.

Should you still try to protect against it? Of course. Just like you'd try to keep someone out of your house, too. But it isn't a world ending issue.
 

roaniecowpony

Well-Known Member
Joined
Dec 4, 2018
Threads
144
Messages
7,240
Reaction score
9,298
Location
SoCal
Vehicle(s)
2018 JLUR, 14 GMC 1500 CC All TERRAIN
Occupation
Retired Engineer
We've devolved to where being able to drive a stick is bragging rights....

Captain-Picard-meme-Toymark.jpg


screen-shot-2018-08-04-at-4-40-22-pm.png
Sponsored

 
 



Top