[LINK] Thieves using a $17 power amplifier to break into cars with remote keyless systems

[Kim Holburn]

On 2015/Apr/22, at 12:55 PM, David Lochrin wrote:

>> Mr. Danev said that when the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter.  And just like that, open sesame.
> 
> Amplifying the car's interrogation signal would be easy but detecting the weak response from the "key" when it's some distance away must be difficult for the car's receiver, and the break-in device should it relay the signal.  The reported breakin with 50 feet between car & key isn't far, though it's further than I'd have imagined.

Do the car and the key use the same frequencies?  If they use different it's just a question of amplifying several frequencies.  If they use the same, I guess amplification would still work.  

Maybe they only have to amplify the key because the car is sitting there broadcasting continually. but the key only puts enough power out to be heard by the car when it's in range.

> However I could imagine a break-in device which simply recorded the response when the owner was nearby and played it back when they were away, a form of man-in-the-middle attack.  Nasty...
> 
> Toyota do attempt to foil breakins which take advantage of keyless entry, for example by ensuring that the person opening the car has to operate the door handle on the same side as the key is detected and enforcing a delay between locking & unlocking.  But I can't imagine any protection against the device other than biometrics (not worth it) or "something you know" as well as "something you have".
> 
> David L.

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request