Is Our Yeti Security Flawed?

[busdriver]

Reading the digital 'i' newspaper on the iPad this morning reveals some worrying facts about car security.  The article does not tabulate models - but VAG group vehicles come in for some disturbing observations.  Seemingly, if you live in London, some 40% of car theft involves thieves by-passing the electronics with commercially available devices.

 

Wouldn't it be nice if Skoda(UK) came out with a list of known vulnerable models within their range?

 

Holding your breath can seriously damage your health.........

 

 

[softscoop]

I think it won't be long before the safest cars are old cars that were quite easily stolen in the "old" days with physical tools. Nobody will be able to remember how they did it without electronics.

[Ryeman]

You'd better not buy an Asian manufactured car then ......if you care about security that is.

[dbg400]

The list of affected vehicles is shown in this article, taken from the security researchers' paper. The Yeti is one of the vulnerable ones. http://www.alphr.com/cars/1001374/security-flaw-affecting-thousands-of-cars-published-two-years-after-vw-injunction

[looby]

People using this type of sophisticated equipment are most likely interested in Porsche, Audi and the like not Yetis..... :|

[Llanigraham]

Reading the digital 'i' newspaper on the iPad this morning reveals some worrying facts about car security.  The article does not tabulate models - but VAG group vehicles come in for some disturbing observations.  Seemingly, if you live in London, some 40% of car theft involves thieves by-passing the electronics with commercially available devices.

 

Wouldn't it be nice if Skoda(UK) came out with a list of known vulnerable models within their range?

 

Holding your breath can seriously damage your health.........

 

That sounds like a made-up statistic!

[JulieD]

Anyone feeling vulnerable could just invest a few quid in a physical deterrent - something like a stoplock for example.  Having said that, a determined thief will take your car no matter what security is in place.

[clv101]

The list of affected vehicles is shown in this article, taken from the security researchers' paper. The Yeti is one of the vulnerable ones. http://www.alphr.com/cars/1001374/security-flaw-affecting-thousands-of-cars-published-two-years-after-vw-injunction

 

Interesting that the Felicia is listed, hasn't been in production since 2001. Has the same system been used for ~15 years?

[VAGCF]

Hopefully they've sorted it on the latest Yetis! Ho, ho!

 

Though I guess I should be more worried about the TT.

[137699]

All I can say (as I have a friend who has a VW Passat and an Audi A1) is don't leave your keys near your front door.

Both of their cars got ransacked recently and was filmed on their neighbours CCTV - 2 people - one with a scanner by the front door "reading" the signature of the keyfobs, another with a laptop next to each car "relaying" that signature to gain access to the car.

 

I'm sure Skoda use the same locking system.

 

If your keyfob isn't located near the front door (or the accessible extremities of the house) the scanner won't pick up the signature from it.

[Urrell]

I find that strange. I'd imagine that the only thing a fob would show without the button being pressed would be the transponder ID to allow the engine to start, that bit is passive.

[Llanigraham]

I find that strange. I'd imagine that the only thing a fob would show without the button being pressed would be the transponder ID to allow the engine to start, that bit is passive.

 

Quite!

If the button isn't pressed it isn't transmitting anything.

[freedie]

KESSY only surely?

[137699]

His Passat doesn't have keyless. It still picked up a signature from the fob without anything being pressed.

Was all caught on CCTV and there have been a spate of such incidences in his area.

[Llanigraham]

Sorry but the fob does not transmit a code signal unless the button is pressed. 

It is a "dormant" circuit, not an active one.

[Phil-E]

They must have got a device within a few centimetres to the key and read the immobiliser chip from it.

 

The best way to stop this happening is wire a relay into the fuel pump and hide a switch somewhere for it.

 

Phil

[Phil-E]

Interesting that the Felicia is listed, hasn't been in production since 2001. Has the same system been used for ~15 years?

 

It uses a similar immobiliser system yes. So you can access the ECU and programme a new key to allow the engine to start.

 

Phil

[looby]

http://www.caranddriver.com/features/can-thieves-steal-your-keyless-entry-codes

[ejstubbs]

They must have got a device within a few centimetres to the key and read the immobiliser chip from it.

Being able to bypass the immobiliser does not give access to the cabin, which is what I understood when 137699 said that cars were "ransacked".

IIRC, back when remote locking & unlocking first became widely available, it was possible to "steal" the key code by intercepting and replaying the wireless remote signal. As I understand it, the manufacturers changed to a system which changed the key code every time the fob was used.

[Phil-E]

That's very true!

 

I wonder how they did it then. I can only think that it was a KESSY key/car but he says it wasn't.

 

And yes they change the code every time so it's impossible to just intercept the signal and copy it I believe.

[VAGCF]

I'd already started keeping the keys well away from the front door, so will continue to do so!

[137699]

Sorry but the fob does not transmit a code signal unless the button is pressed. 

It is a "dormant" circuit, not an active one.

 

Whatever you say Graham. Clearly you are right and the thieves are using "magic" to gain entry to the car.

I'm sorry to have clearly told you such nonsense.

[Ryeman]

I thought it was a 'proximity' key in your pocket that 'responds' to a question from the car.

[Urrell]

I thought it was a 'proximity' key in your pocket that 'responds' to a question from the car.

I suspect that would only be with a Kessy system and even then the car would would be looking for a rolling code reply that is never repeated and could be one of millions of code replies so grabbing the code would prove fruitless.

[Ryeman]

KESSY only surely?

That's what I would have thought.