Do you secure your KESSY? how?

[bego9]

Hi,

 

I came across this issue that the thieves/hacker can use the wireless extender to your KESSY (advanced keyless entry) and open the car.

 

https://youtu.be/g0SCgjMXwPM

 

Any idea how to prevent this from happening? beside to put inside the fridge and microwave.

 

Thanks for sharing.

 

 

[TheInsanity1234]

Just get a small metal box that fits around the key. The box will act as a Faraday cage and block any radio communications between the car and the key!

Sent from my SM-N9005 using Tapatalk

[bego9]

oh...when I check youtube I found another one.

 

@insanity Thanks for your tip..

[Ootohere]

Skoda is one of the best deterrent vehicles anyone can own.

Park in front of your property and thieves think that the homeowners are too tight to own anything of value so they just move on to another property.

[FelisBengalensis]

Just get a small metal box that fits around the key. The box will act as a Faraday cage and block any radio communications between the car and the key!

Sent from my SM-N9005 using Tapatalk

If only it was that simple.

[TheInsanity1234]

If only it was that simple.

Feel free to suggest better tips.

I'm going on what I know regarding physics, but I may be wrong.

Sent from my SM-N9005 using Tapatalk

[FelisBengalensis]

Take the battery out....no power, no signal.....though a bit of a pain.

Faraday cages need to be the right metal alloy, right thickness and physical sizes to match the relevant radio frequencies or the 'cage' could actually 'couple' to the transmitter/receiver and just act as another aerial, and that is not the desired effect. All ours are also fully grounded to prevent ref energy leaking off the boxes themselves. The device you are screening also needs to be in the right place within the screened volume.

I don't know if our keys are passive until close to the car which wakes them up to respond to a 'ping' from the vehicle, or constantly active and radiating? Never put one in a measurement cell to see what it does.

[tmg]

i keep my keys in these once I get home 

 

http://www.fobguard.com/products/keyless-entry-fob-guard

 

even right beside the car, and pressing the buttons, nothing much happens

[Mike66]

Have GAP Insurance and it doesn't matter if they take the car, you get more than the car is worth.

[dstev2000]

I actually keep my keys in a small copper plated biscuit tin. Laugh as you might, I've stuck the keys in there and tried to unlock/open both front doors and the tailgate with the tin right next to me - no dice. Open the lid and the car unlocks straight away.

As a general and basic rule, something that's highly conductive like copper is usually the best thing for this. Also, ensure the holes in the cage are smaller than 10% of the signal's wavelength. This isn't usually a problem with fine copper mesh.

And snarky comments about Skodas really don't work any more. Car thieves are well clued up, and they do their homework. They probably know the Mk3 L&K will have KESSY as standard, and that the car is usually north of £35k when new, making it a tempting target for wireless based theft. A 280 would make for a perfect miscreant's getaway car. The 190 won't, it's too slow.

All of this aside, a good old fashioned mechanical lock on the steering wheel, pedals and/or the gear shifter will add a layer of visible and physical security that may put off a potential thief.

There are ways of securing the OBD port as well, but I've yet to look into this.

[jthyssen]

How many VAG cars have actually be stolen this way?

[dstev2000]

How many VAG cars have actually be stolen this way?

 

I have no idea, but I for one don't intent to find out first hand. 

 

According to this ADAC test, all VAG cars that were tested were vulnerable. The A3 and Golf that were tested would be MQB cars so it's very likely the Superb shares some - if not all - of the hardware that makes KESSY work.

 

http://www.autoexpress.co.uk/car-news/consumer-news/94918/tests-uncover-major-security-risk-to-keyless-cars

[jthyssen]

So it is theoretically possible, but no confirmed thefts yet?

So the scenario would be that two thieves survey a parking lot, spot entering cars fitted with keyless entry, one thief shadow the driver and get really close (within a few ft) before they are out of range of their range extender...

I am not going to bother with Faraday cages until I hear confirmed solid cases of theft in my geography

[dstev2000]

There is an added layer of protection available in the form of OBD port protection. Normally, the port is completely unprotected and totally accessible at all times, accessing this port is usually necessary to circumvent the immobiliser, or to programme a blank key. This sort of thing might slow down a car thief who doesn't want to be sat in a car fannying around for 5-10 minutes. They'll most likely do the off when the port is found to be secured. 

 

This applies to any car, KESSY or otherwise. 

 

Just my two-penneth......

 

https://www.obdportector.com

[dstev2000]

So it is theoretically possible, but no confirmed thefts yet?

So the scenario would be that two thieves survey a parking lot, spot entering cars fitted with keyless entry, one thief shadow the driver and get really close (within a few ft) before they are out of range of their range extender...

I am not going to bother with Faraday cages until I hear confirmed solid cases of theft in my geography

 

AFAIK, there aren't any known cases of a Superb being stolen in this way. That being said, I don't have access to such information, so who knows? 

 

The really expensive stuff like £100K+ Range Rovers and such like make the news due to their obvious high value. As this technology is quickly filtering down to 'lesser' vehicles it will no doubt lead to a wider range of cars being stolen in this manner. 

 

Stripping parts from stolen cars is also a very lucrative business, make and model aside. 

[CapstanPlug]

Reading this with interest - as owner of a Fabia III that has Full KESSY ...

 

I now use a Stoplock Pro on the car every night.

I had very wrongly assumed that the days of using Krookloks on Cortinas and Cavaliers were well consigned to the 1970s and 80s!!

 

I also keep the keys in a metal box at the back of the house! I've checked the box beside the car, and it seems to work (i.e. stop the radio signal). I've also tried wrapping the keys in cooking foil - and that is *very* effective too. (Cheaper than the Fobguard above - though admittedly, not as pretty)

As someone mentions above, not all metal boxes work -  some just re-radiate the signal.

 

Here's an article with two video clips of actual thefts, here in Dublin, in the last 2 months. It is the second clip that is of interest here, where the BMW 520 is a keyless model.

It shows how quickly this can be done. A bit scary really :

http://www.independent.ie/irish-news/watch-terrifying-moment-three-raiders-broke-into-a-house-in-bid-to-steal-car-keys-34770530.html

Edited 29 July, 2016 by Dithane

[blahde2]

So the scenario would be that two thieves survey a parking lot, spot entering cars fitted with keyless entry, one thief shadow the driver and get really close (within a few ft) before they are out of range of their range extender...

In that instance it is more likely they are trying to take your contactless credit card details & hope fully you would notice theor srange behaviour. Cracking your key fob is tougher and takes time and more computing power than a scanner, hence the thief is more likely to pick the car they want then follow you home.

Once you are safely asleep and your property has been scoped for an IR security light (or even with one, they are really necky now), they move up to your front door and set up shop.

Laptop out, search for a signal (car keys in plenty of houses are kept on hooks or in a basket by front door) so it's a good place to start. If they have no luck they move to next window etc until they pick up your keys weak signal. They hit go on their laptop and once cracked they can leave. If you keep his and hers keys together & or have multiple keyless cars they can crack both sets (or all) which means even more chance of success when they decide to take your motor/s.

Then using a dummy keyfob transmitters programmed with your key data, they turn up at your work/ home ( whenever) and take your pride and joy wiyh you none the woser. If your car has a tracker, a good tech with the right tools can build a detector and isolate it within a 15mins window. Once deactivated and the number plates changed, they go on a nice drive to some ISO containers and ship your car off to be sold or stripped for parts.

So, no KESSY for me please, I'll stick with cheap man tech, not that it's a huge amount better. If they offered a transmission lock as an option in the UK like they do abroad, I would have one of them. Crack my key yes, but drive my car with the GBOX all locked up, no you won't be!

Edited 29 July, 2016 by blahde2

[tris]

After hearing things about this and reading the above this has me quite worried.

 

Might have to try the FobGuard posted above. Or tin foil.  

[BennyS3]

I actually keep my keys in a small copper plated biscuit tin. Laugh as you might, I've stuck the keys in there and tried to unlock/open both front doors and the tailgate with the tin right next to me - no dice. Open the lid and the car unlocks straight away.

Would you mind posting a picture of the biscuit tin or something similar. Any that I have looked at are silver. I thought kessy was a extra with the L&K until I this article and I don't particularly want it. I have no access to kessy to test a silver tin out otherwise it might be tinfoil for me too.

[Mike66]

Cars are stolen all of the time, that's why we have insurance. I think there are more important things going on in the world, then worrying about if my skoda will get stolen.

[SkodaVRS1963]

I also keep the keys in a metal box. I've also tried wrapping the keys in cooking foil

 

This thread is becoming somewhat awkward................

[Samo78]

One cheap offer for same product http://aliexpress.com/item/Mobile-Cell-Phone-RF-Signal-Blocker-Anti-Radiation-Shield-Case-Bag-Pouch-Black-51024/1703614299.html?spm=2114.13010608.0.99.pwVI4T

[doublev]

RANT

 

It seems this vulnerability is know for years. Thanks VW for fixing it so fast.  :|

 

And the hack stems from the fact that cryptography has been implemented poorly in this system. Something they warn you on orientation day of Cryptography 101 summer school for kindergarten kids. 

But this will not stop VW and other companies to market "safe" cryptography secure keyless entry and starting system.

 

Keyless entry system can be hacked in minutes and nobody actually cares. It is "just" a car. If someone found a vulnerability in Facebook, everybody would scream and yell. After all, they need to hide summer pics from their neighbors... Or wife...

 

Strange world we are living in.

 

/RANT

 

Sorry for the rant

[micloi]

A seller is selling these on eBay, brand new, for £80. Good for deterring cloning a key using your OBD port.

https://www.sailesmarketing.com/shop/obdsaver/obdsaver-part-no-obd100a/

Edited 10 August, 2016 by micloi

[Nuuki]

Its been a while since I read up on this issue in detail, but I thought I'd share some specifics as it does factor into some of the assumptions I'm seeing in the comments.

 

Firstly, exploiting this weakness doesn't require cloning fobs or decrypting anything - its actually a very simple attack that now known, requires zero technical knowledge and involves a cheap piece of easily acquired equipment.

 

In normal use, when you touch the handle, the car will send out a low frequency radio "ping". This only has the power to reach a short distance (say a metre), which is fine when the key is in your pocket. The fob receives the ping and responds by sending the unlock signal with its own, high frequency antenna. The car unlocks as intended.

 

The issue is that while the car's ping is only *intended* to be low range, there's nothing to ensure that's the case. A simple amplifier that's within range can receive the ping and amplify it out to a much longer range - enough to be picked up by your key inside the house. The problem then is that the fob's unlock signal isn't similarly constrained - its intended to be longer range to allow you to unlock your car from some distance using a button on the fob. The upshot is that by wandering up to a car holding a bag containing the small amplifier, a thief can simply touch the handle, the car's ping will be amplified sufficiently to reach your house, and if the fob is close enough for the car to receive the unlock signal, it'll open. No messing around, no fuss.

 

A misconception, and one that's perhaps particularly important on this forum, is that thieves aren't necessarily out to steal the car. Its a lot easier and lower risk simply to take belongings - they can be in and out in 10 seconds and no-one will be any the wiser, allowing them to go down a whole street easily enough. That may yield a lot less than stealing and selling a car, but doing so involves a whole lot more risk, as well as the necessary know how to sell it on, so if you're a small time thief which approach are you going to take? In that regard owning a less prestige car isn't going to keep you safe. Of course not leaving valuables in the car in the first place is a good idea, but that's not always possible.

 

Evidence of the wide spread use of this vulnerability had taken some time to build. Its very easy to put this down to the owner simply forgetting to lock their car, and its only by seeing the pattern that's emerged, combined with the proven vulnerability of these systems that we can see that such attacks are not uncommon - given how easy they are why would we expect otherwise.

 

The proper fix for this is for the system to more accurately measure the distance between the car and the key, rather than assuming its within the low range of the radio signal. They can do this by accurately measuring the time it takes for the fob to receive the signal from the car - as this is fixed based on the speed of light it provides a pretty fool proof way to know they're close. In the meantime turning off keyless entry entirely, or storing the key out of range or in a faraday bag is sensible.

 

I should add that NFC based contactless payment systems suffer from similar issues. Its true its not likely that anyone is going to deliberately try to spoof a payment as it would be pretty obvious with you standing there, but there are plenty of reports of payments going to cards that were way beyond the 2 inches its supposed to work to, again because radio waves are subject to anomalies in how they propagate based on numerous factors, and not only power levels.

 

Sorry for the long post, but thought some might find the details interesting.