BMW -- Keyless -- Gone in 60 Seconds...
Discussion
Watch a CCTV video of a new keyless BMW stolen by a "relay attack" in under 1 minute.
Alleged suspect holding allegedly a signal amplifier.
http://www.dailymail.co.uk/news/article-4977134/Th...
Alleged suspect holding allegedly a signal amplifier.
http://www.dailymail.co.uk/news/article-4977134/Th...
http://www.ebay.co.uk/itm/Keyless-Key-Entry-Fob-Gu...
Don't forget to get one for the spare key as well or take the battery out.
Job jobbied.
Unless they then break in to steal the key.
Don't forget to get one for the spare key as well or take the battery out.
Job jobbied.
Unless they then break in to steal the key.
Mojooo said:
What happens when they get the car to wherever it is going? I am guessing the keyless times out after a certain while.
Do they put a new barrel in or something?
They create a new key via the obd and cloned factory software.Do they put a new barrel in or something?
Or just break the car for parts.
Ford very kindly set their keyless cars to run without the key, once started, until the engine was switched off.
They reckoned that was safer than designing the system to cut the engine after 10 mins or so.
What's more worrying - the ability to start the car via this relay method, or the ability to apparently get into the car without setting off the alarm *before* they even started waving their antenna around?
I guess car manufacturers might have to start adding round trip timing to their keyless entry/ignition systems to only accept signals from a keyfob genuinely within a few inches of the car, rather than just relying on the assumed maximum range of the wireless modules to provide the proximity-based side of keyless security.
I guess car manufacturers might have to start adding round trip timing to their keyless entry/ignition systems to only accept signals from a keyfob genuinely within a few inches of the car, rather than just relying on the assumed maximum range of the wireless modules to provide the proximity-based side of keyless security.
Zulu 10 said:
That's a good idea, but the speed of light is roughly 300 metres per microsecond, so 150 metres per microsecond for the round trip.
I suspect that the cost of the timing modules and high speed processing to be able to achieve range resolutions of the order of tens of nanoseconds would be prohibitive.
That's if you rely on a single round trip. If you can instead initiate a longer burst of data exchanges between the two ends of the link, ping ponging back and forth for long enough, then it can a) reduce the timing accuracy required down to something the average embedded micro can handle with ease and b) average out the response time jitter in each individual round trip, giving a more accurate distance estimate than might be possible from a single trip - remember that it's not just the time of flight you're measuring, but also how long it takes the fob to start transmitting its response signal after receiving the request from the car, as well as how quickly the car receiver can then validate the response, and if there's sufficient variation there, then the few ns it takes the signal to travel back and forth would be inconsequential.I suspect that the cost of the timing modules and high speed processing to be able to achieve range resolutions of the order of tens of nanoseconds would be prohibitive.
The trade off is the added time required to ping pong sufficient exchanges (and in this case, the consequential reduction in fob battery life) - when I looked into doing something similar for determining the position of a moving object, the time required (in the order of a couple of seconds iirc) was too high given how far the object could have moved in that time. But if you're starting off with the assumption that the object is either stationary or slow moving, or if you don't care about absolute positional accuracy and just need to establish that it's within a defined maximum distance from the base unit (i.e. the car) then it becomes a slightly easier problem to crack.
Jim1556 said:
How about having to press the key fob after a certain amount of time, say 1 hour? Or if you've locked it with the fob?
This might not have helped here, because it seems like the car already believed it'd been unlocked correctly - note how the antenna-holding scrotes partner in crime had already opened the drivers door before antenna-holder started scanning for the keyfob.Thermobaric said:
Or result in your front door getting kicked in looking for the keys to the disklok.
And kicking in the front door tips the owner off to the fact that they are being robbed, massively increasing the risk of the Police being called, and the risk of the owner of the car arming themselves and attacking the thieves! - Modern PVC front doors can take a fair old bit of effort to kick in (as often demonstrated by the Police TV programmes), and it makes quite a bit of noise.Most of these mid-night car thieves are sneak thieves, wanting to get into the car and have it away as quietly as possible, to give them the best chance of escaping cleanly and not get caught.
Based on your thinking, owners would be better off leaving the car unlocked with the key/fob/card inside it to make it as easy as possible for the thieves to take the car!
However, most people realise that if you make it as hard as possible for a thief to take the car, more often than not they will simply move on to an easier target.
Personally speaking, I'd go with a Disklok, security posts on the drive entrance, a good household alarm, and put the keys in an insulated key safe that stops the signal from being read (plus door mats inside all of the doors with some sharp rusty nails sticking through for the thieves to step on if they get into the house! [Just make sure you remember to move them out of the way before you step on them yourself in the morning! ] )
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff