Good. Maybe someone will filch those annoying, loud, obnoxious rice burners the kids drive around here and strip them for parts. :)
Hackers remotely start, unlock Honda Civics with $300 tech
If you're driving a Honda Civic manufactured between 2016 and 2020, this newly reported key fob hijack should start your worry engine. Keyless entry exploits are nothing new. Anyone armed with the right equipment can sniff out a lock or unlock code and retransmit it. This particular issue with some Honda vehicles is just the …
COMMENTS
-
Friday 25th March 2022 15:16 GMT jollyboyspecial
Maybe somebody should invent some sort of alternative to all this RF stuff. Something radical like maybe a uniquely shaped metal token of some sort that you fit into some sort of receptacle in the vehicle designed to only accept that uniquely shaped token. You could use the same token to open all the doors and maybe start the engine too.
Just random thoughts really...
-
-
Friday 25th March 2022 15:47 GMT jollyboyspecial
Re: Slim jim
There was a period when cars had physical locks as well as an RFID tag in the key. The security with them was pretty damned good. I had a late 90s Volvo with that set up and no remote fob until fairly recently.
I watched an expert try to "steal" it once as part of a demo. Modern cars he was driving away in seconds. My old Volvo defeated him. He had to admit the only way he was opening the door was would be by causing serious physical damage - breaking the window being the easiest route. But even inside the car he was stumped. With the key in the house (the house was actually the police station where the demo took place) the range on that old RFID tag was so low he couldn't activate it. But even with the RFID tag right next to his reader although he couldn't manage to crack things enough to start the car within the 15 minute limit he'd been set.
With access to the RFID tag - for example if the keys were right next to my front door he could fool the ECU into thinking the key was present, but the physical security was too much for him. He had to admin that in order to steal the car he would need to smash the window and then rip the steering column apart. Not just to hot wire the ignition switch, but to bust the steering lock.
And that's all it takes. If the potential thief has a choice of cars they are always going to go for the easy target. Time taken stealing a car is time at risk of being caught in the act. Also there is the risk from failure. Fail to steal a car and you risk leaving physical evidence on the car which is just another way of getting caught. The thing is that most modern cars are pretty easy to steal so the thief is spoiled for choice. Back in the day of course it was GM products every time because you could steal one as quickly as if you had the key.
Car security has gone backwards massively in the name of convenience. But I never found a physical key an inconvenience in the first place.
-
Tuesday 29th March 2022 08:14 GMT Down not across
Re: Slim jim
Car security has gone backwards massively in the name of convenience. But I never found a physical key an inconvenience in the first place.
I have. In cold weather. Remote unlock is nicer than try to thaw the barrel. Having said that, there is always a reasonable chance its not just the barrel that is frozen, and RKE doesn't help if the mechanism is frozen too.
-
-
Friday 25th March 2022 18:43 GMT Flocke Kroes
Re: rip the starter wires out
AFAIK, they only do that in films. For old cars, ramming a screwdriver into the ignition and twisting hard would often start the engine but will not defeat the steering lock - as partially competent thieves discovered with my car. The other problem with that method is it bends the electrical contacts so they no longer work reliably with the key.
The fix was to run a wire from a side light to the coil. Insert the key and twist to release the steering lock, turn on the side lights to activate the ignition and use a long screwdriver to connect the starter motor to the nearby big positive connection. Make sure you still have the same number of fingers you started with and drive away. To stop the engine: turn off the side lights.
[Do not try this with modern electronic cars. Only the old ones that you could build without microchips are this easy to hack after someone fails to steal it.]
-
-
Friday 25th March 2022 15:50 GMT Prst. V.Jeltz
uniquely shaped metal token of some sort
People would never go for such a cumbersome method. Its been proven recently , presumably by marketing men , that even pushing button on key fob to remotely open the vehicle is far too much trouble so now we have keyfobs that open the door 24/7 for whoever wants to get in , (and have to be kept in a special faraday cage at night to stop them giving your car away) somewhat bending the definition of a lock , in my opinion.
-
-
Sunday 27th March 2022 08:17 GMT John Miles
The Faraday cage is to stop a relay attack where a range extender is used to fool the car into thinking key is close to it. One person waves an aerial around the front door of house where lots of people keep their keys and another by the car door, then some electronics picks up the fob's/car's signals and relays them each way enabling them to open door and start car.
You Tube Link (at about 2 mins)
-
-
Sunday 27th March 2022 11:59 GMT Jellied Eel
Are those 'permanent config changes though?
I still don't get the benefit vs traditional keys, especially given the increased risks. Key management is easily learned. Also curious what challenges it gives law enforcement and firefighters. So removing keys from the ignition is a simple way to secure or make safe(ish) a vehicle. Suspect can't drive off, or it turns off risks like fuel pumps.
I guess there are advantages as well, like being able to remotely disable vehicles. Or exploit proximity features to make driving safer. Honda tailgating you? Just push a button and put it into limp mode.
-
Sunday 27th March 2022 16:19 GMT Prst. V.Jeltz
No need for the Faraday BS anymore. Both my recent cars with keyless have a procedure to disable the transmission from the key, or ignore it if you need to make the car secure. All these demos seem to "forget" this.
So the cost for the "convenience" of not simply pressing a button on the fob to unlock the car , like a sane person is to
"run a procedure to disable the key" ?
-
Monday 28th March 2022 08:29 GMT werdsmith
I don't know if you have keyless or not, but I prefer it to the old fashioned way.
On my previous Toyota, a double press on the lock button would switch off the RF for example, when the car is being left outside overnight. On my present car, when you do whatever you need to do to lock it (there is more than one way) you simply do it twice and the RF field is disabled. To unlock the car when in this state, you simply press a button on the fob and the thing wakes up again.
It's really no big deal. There's no "procedure".
-
-
-
-
-
-
Friday 25th March 2022 16:10 GMT John Miles
We had those back in 80s
Back then some manufacturers managed to make their keys less unique than they should have been especially after a couple of years of use, such that you could open them with any key. Keys didn't stop huge numbers of hot hatches going awol in UK during the 80s either
-
Friday 25th March 2022 16:14 GMT nematoad
"You could use the same token to open all the doors and maybe start the engine too."
I agree with you about the uniquely shaped piece of metal but having that, let's call it a "key", open all the doors, filler cap and ignition is a very bad idea.
My Mini Cooper S has a different key for each of those functions and that is generally thought that that adds to the security of the car. Lose one key, not nice but it happens, and you have only allowed access to one of the parts of the car.
With one key to rule than all, lose that and you're stuffed.
-
-
Saturday 26th March 2022 13:59 GMT ThatOne
> It most people will put all the keys on the same ring
I have all my house/work keys on one ring, and then a car ring and a bike ring. The first ring is always on me (never leaves my pocket), while I don't necessarily always need the other two (and certainly not both at the same time).
So when I leave home I always have my house keys on me (if I start forgetting to dress I have bigger problems than being locked out), and if I plan on using a vehicle I also take the fitting keys. There too I won't get far if I forget them, at most to the garage but no further.
-
-
Friday 25th March 2022 17:50 GMT Anonymous Coward
RE: only accept that uniquely shaped token
Make that only accept that uniquely shaped token or tokens that are shaped close enough.
I used my truck key to help a couple at church get into their mini van. Same brand and the shape was close enough that a little jiggle of the key and I was in and they could reach their keys that had been locked inside.
-
-
Friday 25th March 2022 15:16 GMT Nate Amsden
almost never use remote key fob features
Since I first heard about these kinds of attacks many years ago I almost never use my remote key fob(at least the buttons on it), of course I have to use it to unlock but I just make sure I am close to the car when I hit the unlock button(on the car not the key fob) so it can sense the proximity of the key fob to authenticate the unlock. I assume that is much harder to sniff out then pressing the unlock or lock buttons on the key fob from a distance anyway.
-
-
Friday 25th March 2022 16:33 GMT Nate Amsden
Re: almost never use remote key fob features
I don't think it transmits far when used in this manor? because if the key is further away than a couple of feet even I think the door won't unlock(note am not pressing any buttons on the key fob to transmit anything just pressing the unlock button on the car door). And the car recognizes when the key is inside the car or not(fortunately as it prevents me from locking the keys inside the car which I have accidentally tried to do many times).
-
Friday 25th March 2022 18:05 GMT Jellied Eel
Re: almost never use remote key fob features
I guess the risk is normally a function of the antenna design and receiver sensitivity. Especially if that's normally inside a 'convenient' sized pseudo-key. If you don't have those constraints, you could boost your range, especially if you're not to bothered about exceeding transmitter power levels.
-
Monday 28th March 2022 12:05 GMT Kayakerdude
Re: almost never use remote key fob features
The transmission range of the keyfob is the same no matter whether it's triggered by a button press on the fob, or a challenge from the car.
The car will often have multiple antennas - usually one in each handle, one in the boot, one in the center console, and one by the steering wheel - and the car will "verify" by comparing the signal strength seen by the antennas to the location of the pressed button, to give enough info whether to perform the desired action or not. If for example the keys are in the boot and someone presses the soft button on the driver door handle, the car will not lock as it's clear that the keys are not close to the driver's door. If all doors are closed and the in-boot antenna or center console antenna strengths are highest, the car will also not lock as the key is likely still in the car.
My car's a 2011 Cayenne, and this is how the keyless-go is set up. As far as I can see, there's no longer a facility for a physical key to unlock the physical steering column lock or to disable the electrical locks, but the driver's door can definitely be opened with the physical key present and hidden in the keyfob. Without a successful challenge-response sequence, none of the major electricals will activate.
As an amateur radio license holder, I legally own a few HackRFs, including one set up as a PortaPack with the Mayhem (!) firmware present. There's a specific module for car key store and replay, though very few cars are susceptible, as most have a rolling keycode.
-
-
Friday 25th March 2022 15:54 GMT jollyboyspecial
Re: almost never use remote key fob features
Buttons are getting more and more rare. It's almost twenty years since I drove a car where you never even had to take the keyfob out of your pocket. The RFID tag in that car was supposedly only effective when you were right next to the car. And we did find if I was standing two metres away somebody next to the car couldn't open the door. However I recently tried a modern equivalent and the doors would audibly unlock when I was more than six feet from the car and wouldn't lock again until I was twice that distance away.
With an RFI reader a thief could easilly read that thing from outside your house unless you were to deliberately find the point in your house least accessible to RF to keep your keys. Or maybe invested in a lead box to keep them in.
-
Friday 25th March 2022 20:26 GMT rcxb1
Re: almost never use remote key fob features
> I assume that is much harder to sniff out then pressing the unlock or lock buttons on the key fob from a distance
You assume wrong. Advanced two-way radios like Cell Phones and Wi-Fi adjust their transmit power based on proximity, but simple RF devices like key fobs have no such intelligence.
-
Friday 25th March 2022 22:21 GMT Emir Al Weeq
Re: almost never use remote key fob features
Nate, look for "relay attack" on Youtube and you'll see how distance between car and fob can be easliy overcome by relaying and amplifying the signals.
Replay attacks aside, fob unlocking requires access to the fob whereas keyless is initiated from a button often left on a driveway.
-
Monday 28th March 2022 12:05 GMT Kayakerdude
Re: almost never use remote key fob features
Relay attacks are also truly feasible on contactless payments, for exactly the same reasons.
Only foiled by the requirement to enter the PIN on the terminal, or having enough contactless cards in the wallet that picking one signal out is nigh-impossible, or having a shielded wallet to start with.
-
-
-
Friday 25th March 2022 15:22 GMT the.spike
Steering Wheel Lock Anyone?
Back when I was a lad it was all the rage to have a big fat bar across your steering wheel to make sure that if someone got into your car, they couldn't actually drive it away.
I've a feeling these will be making a comeback!
I'd certainly be investing in one if I had a big fat expensive car. Or even one of those little Hondas..
-
-
-
Friday 25th March 2022 18:29 GMT J. Cook
Re: Steering Wheel Lock Anyone?
That, and as an anti-carjacking deterrent- I know I wouldn't want to get smacked by one of those... :D
Regarding keys: I know that at one point in the 70's, one of the US auto companies had 'regional' key sets, and therefore it was possible that the truck you bought in region A had the same keypath as one in region B.
(a friend of mine used to be a fire fighter, and successfully performed this trick to move a truck that was blocking access on a call out one evening.)
-
-
-
-
Saturday 26th March 2022 15:25 GMT John Brown (no body)
Re: Steering Wheel Lock Anyone?
You really think running a fire hose over a car bonnet is slower than breaking a couple of car windows then feeding the hose through, hoping it doesn't get snagged? Have you seen firemen unrolling a hose in an emergency? Unless it's just the last few feet, then that's a big and heavy roll of hose to push through a car. It's far, far simpler and quicker to just go over it.
"We'll let the family of four know their house burned down because it would have been "more fun" to break some fool's windows... FTFY
Oh, and exactly why is the person who parked their car there a fool? Was this a marked fire hydrant? A marked emergency access route? The OP didn't say. Maybe the person who parked the car should have been expected to know there was going to be fire and parked in a different town? All the OP said was "blocking access", which covers a multitude of scenarios, 99.9% of of which could be totally innocent and reasonable for the person parking their car.
-
Monday 28th March 2022 12:05 GMT Kayakerdude
Re: Steering Wheel Lock Anyone?
Radius of curvature of those firehoses when pressurised and flowing means the bend needed to get over the roof isn't as feasible as the direct route. There are specific reasons why the runs need to be as straight as possible as far as is possible.
If the direct route is through the illegally-parked car, tough on that car owner, but that's what one can expect when parking illegally - there are likely to be consequences.
-
-
-
-
Sunday 27th March 2022 04:25 GMT Pirate Dave
Re: Steering Wheel Lock Anyone?
If memory serves (and I admit, it is a very hazy), I recall reading long ago that at one point the US law required (?) there to be 10,000 unique keys (per manufacturer? per model? per year? I can't recall). That may also be old urban legend stuff. I just vaguely remember that a given key was supposed to have a 1 in 10,000 chance of working with any random car it would fit in. Please, take with a pound of salt.
-
-
Monday 28th March 2022 09:46 GMT Peter Gathercole
Re: Steering Wheel Lock Anyone?
I made the mistake of not putting the one I had on the wheel once but leaving it visible, in a late '80s Vauxhall Astra CDi (nice car, shame about the security).
They broke in by breaking the sun-roof (although pressing the lock through the door would actually have been easier as I had already found out on another occasion), and then used the (unfitted) steering bar as a lever to break the column steering lock!
I got to see the car again (it was joy riders) but the cost of repairs exceeded the value of the car several times over, so that was the end of it.
-
-
Friday 25th March 2022 18:16 GMT MiguelC
Re: Steering Wheel Lock Anyone?
A neighbourhood kid bought an old Fiat Punto and was shown that to open his car's boot you just had to pull a cable underneath it. He then bought one of those locks and duly locked the steering wheel for the night. Next morning he found the car doors unlocked and the steering lock open and waiting for him on the driver's seat. Never found out who did it, but I'd buy him a pint for the laughs!
-
Friday 25th March 2022 22:02 GMT John Brown (no body)
Re: Steering Wheel Lock Anyone?
"There never was one of those that you couldn't pop the lock in under a minute. Doesn't matter how big and sturdy a security device is if you can open the lock with a ball point pen."
On the other hand, it was a visible deterrent. The casual car thief would more likely go for one without it because there's a known extra time involved. And anyone prepared to take the time to fit it when leaving the car will less likely leave valubales in the car and have an alarm or other anti-theft features.
It might be as much use, practically, as having a fake alarm box on your house wall, but it will most likely cause a thief to look for an easyer target. It won't stop the thief stealing a car, but it will more likely be someone else's car, not your.
-
Friday 25th March 2022 22:13 GMT rcxb1
Re: Steering Wheel Lock Anyone?
> it was a visible deterrent. The casual car thief would more likely go for one without it because there's a known extra time involved.
I guess that's true if all vehicles are equally valuable. Not so if it's a more valuable car that has the simple anti-theft bar in place.
> And anyone prepared to take the time to fit it when leaving the car will less likely leave valubales in the car and have an alarm or other anti-theft features.
Here, I'd assume the opposite... Someone installing a cheap bar on their steering wheel likely does NOT have a working anti-theft system, otherwise they wouldn't always bother with the hassle. Exceptions for vehicles found in long-term parking or other special scenarios.
-
Monday 28th March 2022 09:10 GMT Danny 2
Re: Steering Wheel Lock Anyone?
"Not so if it's a more valuable car"
I knew a software tester in a very poor area of Glasgow who bought a sports car, the only one in that postcode. Never had any trouble after that, everyone assumed he was a drug dealing gangster.
Conversely, someone 'keyed' (scratched with a key) a whole line of very posh cars but skipped my wee Micra which they obviously pitied.
-
-
-
-
Friday 25th March 2022 15:40 GMT Paul Hovnanian
Faraday pouch
Or an Altoids tin.
Only problem with these is that eventually you will have to take your keys out to use your car. And some ner-do-well hiding in your apartment garage with their sniffer grabs the code then. The tins do work well to prevent key fobs lying on your entry hall table from being sniffed through your front door.
-
-
Friday 25th March 2022 16:12 GMT Jellied Eel
Re: Faraday pouch
Look on the bright side, it helps sell more cars. I guess insurers could intervene by refusing to insure insecure vehicles for theft.
Like vanishing buttons, I miss real keys. Easy to get into the habit of locking, even with a fob and checking the door was locked. Proximity keys just seem dumb if locking means walking away and hoping it works.
-
-
Friday 25th March 2022 15:44 GMT Snake
Money questions
I question why the purchase of the $300 HackRF One is necessary. The fob is told to operate at 433mHz, and both cheap and a pence a dozen. All you should need to do it interface it with any Linux system who's driver can be set to "promiscuous" (which not too many people either use, or know about). Did that back in the day when I was fooling around with Linux but the WiFi refused to connect.
-
-
-
Friday 25th March 2022 22:38 GMT Jellied Eel
Re: Geek
Downvote wasn't me. I take the view that thumbs are best used for reasoned debate, others may not have grasped what opposable thumbs are about.
My reply was more that it's a neat gadget, and priced at an impulse buy level. Plus being more flexible, ie scan, capture, edit, replay etc. I guess once you've discovered a vulnerability, then you could turn it into a $45 kit & flog it on the 'net. Don't know there'd also be more risk of being caught 'going equipped' with a more specific kit.
-
Sunday 27th March 2022 11:39 GMT werdsmith
Re: Geek
Anyway, my point was being pragmatic: why would a thief spend $300 for a gizmo to do a job that, quite possibly, a $45 one might ($10 transmitter + $35 Pi)? I thought I was presenting an honest question, once considered.
It's not suggested that a thief needs a HackRF one (which is a lot less than 300), but this attack was deomonstrated using one. A researcher likely has one for loads of other tasks, including the work done to develop the hack.
Yes, a thief could do the same with less equipment once the work of discovering the vulnerability was done.
-
Monday 28th March 2022 12:05 GMT Kayakerdude
Re: Geek
Because the $10 transmitter firmware is not very likely to be able to differentiate the frequency in use, nor to control the output frequency.
Your question is similar to this:
"Why would anyone use a VGA projector when an LED torch will also provide light of the same colour"
The HackRF has enough bandwidth to be able to get the detail of the transmission from the keyfob, where the ten dollar transceiver almsot certainly would not.
(source:- am a HackRF owner, legally allowed to given I'm HAREC-certified.
-
-
-
Friday 25th March 2022 16:27 GMT ThatOne
Re: Water
Advertisement tries desperately to make you dream. That's why you see cars driving through breathtaking beautiful landscapes, or stylish, clean and most of all empty cities. All those sorts of things they will never see in their real life of creeping along, bumper-to-bumper, through some dirty and quite bland (if not obnoxious) and overcrowded city...
-
Friday 25th March 2022 19:02 GMT Snake
Re: advertisement dreams
(note: brackets [] to fill in specifics that I can't quote precisely)
During the '90's, or Aughts but I can't remember exactly, there was this great TV ad that started with a safari clothing-outfitted adventurer, seemingly set in the Outback, doing heroic thing and taking dramatic acts of action. All the while constantly referring to the time on his high-end luxury watch on this wrist. The voice narrative describes all the daring-do!
All perfectly in-line with beautiful luxury watch promotions.
20 seconds of this high adventure later, a voice-over finally comes on, "What could you do with the [Radian] Deluxe Chronograph?"
Seemingly ending a perfect luxury watch ad.
But...
then the male voice-over instantly continues. "Tell time. And that [$10,000] watch will cost you [$150,000] out of your retirement since you didn't invest it wisely."
[Talk to our retirement consultants at Leroy Price]
The concept was awesomely memorable.
-
-
-
Friday 25th March 2022 17:01 GMT Adrian 4
pushbutton start
What's with the current trend for pushbutton start/stop along with a nearby fob ? I remember them coming in with some flashy Renault but could never see the advantage. You still have to carry the fob and press the button. And to save the inconvenience of taking it out of your pocket you get all these security problems.
If it ain't broke, don't fix it.
-
Monday 28th March 2022 07:17 GMT Richard 12
Re: pushbutton start
In theory it's more secure, as it doesn't wear or require physical switch contacts that can be bypassed.
In practice, the manufacturers took shortcuts.
Though the RFID with pushbutton probably still is more secure, as they took shortcuts with the physical ignition keys too.
-
-
-
Friday 25th March 2022 17:49 GMT Yet Another Anonymous coward
Re: Another reminder
It did stop me stealing a VW polo.
Neither me, nor the owner of the same colour car parked on the same dark street bothered to lock the door.
Spent a long time trying to get the key to work before realising that there was a different selection of crap in the back of this car
-
Friday 25th March 2022 20:20 GMT Sam not the Viking
Re: Another reminder
It's a long time ago, but one of our reps was travelling from Manchester to the deep south and stopped at a Motorway Services for a breather. Returned to the car, opens the door with his key, starts up, drives off, and after about 15 minutes thinks:
"Someone's left their gloves on the back seat"
"I don't wear a hat."
"That's not my coat."
"This isn't my car......."
So he leaves the motorway at the next junction, returns up the motorway to the next junction after the services, returns down the motorway to the services and parks up next to a car that looks remarkably like the one he is driving.... Tries his key in the 'other' car. It opens. Gets in, recognises his own mess..... Drives off, leaving a car with an extra 75+ miles on the clock and no doubt a mystified owner and possibly a bemused traffic cop.....
-
-
-
Friday 25th March 2022 17:47 GMT heyrick
send the same, unencrypted RF signal for each
Wait, WHAT?
I get that my toy car (limited to 45kph) is like that, but a proper and upmarket car using the same lame-ass technology? The same, even, to remote start the engine? That's just an embarrassing fail.
By the way, what's with the expensive kit? These things run at 433MHz. I got a signal out of my scope by looking at mine using a 433MHz receiver salvaged from an old "weather display". I don't imagine it would take a lot to hook one up to something like an M0 or ESP32, run a timer, and just count ticks for when the output is on/off to later replay back to a 433MHz transmitter (though I've not bothered with this part). It might be more work (the fun part), but it's about a tenth of the cost.
-
Friday 25th March 2022 17:58 GMT DS999
There needs to be legislation
Even as tech companies design stuff that's very strongly protected and still have slip ups / bugs that lead to constant exploits, you have non tech companies like Honda still thinking security via obscurity is a thing.
If there was a law requiring some basic security measures in anything transmitting data over the air or they were 100% liable for all damages they'd quickly decide it is in their best interest to invest in at least trying to do it right. Imagine if Honda was on the hook for 100% of the loss for every stolen car, and sued for millions for a wrongful death resulting from an attacker being able to get in a car and hide in the back seat to kill you, etc. They would not have released something so poorly designed if they were.
-
Friday 25th March 2022 22:19 GMT John Brown (no body)
Re: There needs to be legislation
Imagine if your car insurence was hiked up because of this or something similar. And then you try to sue the manufacturer for the extra costs due to their cost-cutting on what should be a foreseeable outcome by "an expert in the field", which of course, they surely employ for something as important as the security of what for many people is the second most expensive thing they will buy during their lifetime.
Most modern cars, these days, seem to cost in the region of double what I paid for my current house, admittedly that was about 35 years ago :-)
-
-
-
Sunday 27th March 2022 17:49 GMT A random security guy
Re: Very quick way to fix this.
I work with insurance companies (not for) on security issues and, to tell the truth, they are not the bad guys. They are the people who are behind lots of the features like proximity sensors, lane assist/drift sensors, etc. They have number-crunchers who find patterns and force car companies to change their ways.
For example, their lawyers must already be talking to Honda, telling them that they will not absorb the cost of any theft. And Honda may quietly cover the cost.