Article below...

http://www.telegraph.co.uk/news/uknews/11808814/Thousands-of-cars-vulnerable-to-keyless-theft-according-to-researchers.html

 

Many vehicles mentioned, not just VAG - but being as VAG sought an injunction to stop this being made public I trust that in the mean time they have corrected the fault and are now in the process of sending out replacement (fixed) keys FOC to the many millions of people impacted, right?

 

Fabia, Felicia, Octavia, Roomster, Superb and Yeti all mentioned as having this issue.

I read sometime ago this possible hacking-in.

If it's wi-fi /over the air, it's open to hacking.

If the hackers can break into the USA Presidents e-mail, hacking the car is a walk in the park..

Luckily, the article doesn't mention central lock/alarm. And immobilizers are not that important. After all, a true car thief carries an ECU with them, which renders immobilizer useless.

I'm (easily...) confused, is this a problem only for vehicles with keyless entry / ignition systems, or does it also affect ordinary remote locking keys?

 

TIA, DC

I'm (easily...) confused, is this a problem only for vehicles with keyless entry / ignition systems, or does it also affect ordinary remote locking keys?

 

TIA, DC

 

No, regular ordinary remote locking keys. This isn't the recent 'hack your car and take control of it' thing, this is about anyone with a bit of know how being able to unlock most cars from early 00's onwards to probably previous gen of current.

 

Ie, manufacturers won't care, as not current cars.

I can see many car owners of every make, once again reverting to fitting the old fashioned steering wheel locks

This article is from 2014 as I couldn't find the specific article I was looking for, but it was recently reported sales of steering wheel locks have soared!

http://www.dailymail.co.uk/news/article-2726959/Dig-steering-locks-drivers-urged-car-thieves-high-tech-Organised-gangs-stealing-luxury-models-order-thought-rise-thefts.html

Gone are the days where the removal of the rotor arm in the distributor rendered vehicle immobile.

Organised crime will always catch up with security.

Sent from my SM-G900F using Tapatalk

I used to take my HT lead off back in the day [emoji106]

Had a fuel cut off switch under rear side trim speaker.

Sent from my SM-G900F using Tapatalk

You can easily unplug a number of connections to disable the car ie crank sensor would do it, just pick the easiest to get to , i heard of one guy using a switch that disconnected the 12+ ignition to the fuel pump and connected it to the horn so if they get the ignition on the horn would continually sound , quite inventive

 

Without putting too much info on a forum , on some cars they can easily scan the codes and unlock the car , with a new black "key" (For keyless cars) they can recode the new key using the OBD socket and a laptop and steal the car

 

So keyless cars are the most affected , but its been easy to unlock VAG cars for some years using this method , typical underhand tactics of course from VAG trying to silence the report , but they arent the only manufacturer affected

 

Disabling the obd socket and fitting a physical device like a disklock is my preferred method

This is about cracking the encryption on the immobliser transponder in the key, keyless cars are more vulnerable because they rely purely on the immobiliser and not on any mechanical steering locks.

it is in this case but this is not the only vulnerability and bypassing the immobiliser alone will not allow you to start the car without a key or an additional device acting as a key .

 

Bypass the obd and/or fit an extra lock and you are golden

Proprietary crypto fails again.

 

There is no point in making an in-house crypto system than no one inside the business can break and then keeping it secret.

Because there is always someone out there that is better at breaking crypto than you.

 

The best crypto systems are public and have been subject to (and survived) years of attack by the best in the world.

 

This flaw has been known for 3-4yr, if the researchers that have been gagged know about it then you can bet there are plenty of black hats that know it and are using it.

 

Looks like (yet again) the motor industry has a lot of security catchup.

Edited 20 August, 201510 yr by Aspman

Yay, insurance hikes ahoy

An update from German research

http://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/

Why I'm wary of getting a vehicle with KESSY

Why I'm wary of getting a vehicle with KESSY

Seems 'convenience' has its risks.

Keep them in a lead lined box perhaps.

Keeps your keys where you like doesn't matter. Just don't unlock your car remotely.

 

The car is hackable externally with off the shelf kit.

 

I've seen this demonstrated a few times at conferences now by the Prof who also wrote this -

 

http://theconversation.com/why-there-must-be-freedom-to-publish-flaws-and-security-vulnerabilities-46419

Edited 29 March, 201610 yr by Aspman

Last weeks post on this subject.

http://briskoda.net/forums/topic/393323-auto-express-keyless-entry-test

Keeps your keys where you like doesn't matter. Just don't unlock your car remotely.

 

The car is hackable externally with off the shelf kit.

 

I've seen this demonstrated a few times at conferences now by the Prof who also wrote this -

 

http://theconversation.com/why-there-must-be-freedom-to-publish-flaws-and-security-vulnerabilities-46419

Just also be aware ,that if in the vicinity of a truck using a remote to operate on board stuff, like HIAB, then check that the car is in fact locked, as the signal from this is that strong that it cancels out remotes,and the only safe way of locking car is with key.

I had a 2004 BMW 3 series, when the button was pressed to unlock it would activate my next door neighbours door bell and you've guessed it, when the door bell was pressed the car would unlock!        

 

 After changing a few jumper switches in the door bell, problem solved.

 

 

 I now have keyless entry on my Golf, not too bothered about security as there are millions of cars out there, odds of getting nicked are probably similar to that of winning the lottery.  Media Hype.