Kessy security problems

[cheezemonkhai]

So since this was apparently first published in 2011, does anyone know if VW/Skoda have seen fit to fix the amplify/relay attack on Kessy?

 

Are there any updates for 2019.

 

can you install a normal key to start?

 

can you disable the Kessy unlock.

[JR RS]

they have made changes to KESSY from MY19 onwards, however MY19s are yet to roll off the production line........

 

SKODA SUPERB - change of the product MY2019
KESSY-key motion sensor

Key without movement does not transmit signal for a certain period of time - protection against thefts.
The wireless remote control will be equipped with a position sensor.
Presently

- Possibility of theft

New

- Key without movement secure
- The key is in motion without protections

 

details here from a Russian website - https://www.drive2.ru/l/502985613973127732/

 

i also have this spreadsheet .......MY19 Changes .pdf

Edited 30 July, 2018 by JR RS

[Kenny R]

11 hours ago, cheezemonkhai said:

 

 

can you disable the Kessy unlock.

Yes, but you have to do it every time you lock the car.

Press the lock on the remote, quickly followed by touching the lock indent in the door handle. Kessy is now disabled and you have to use the remote button to unlock car on your return.

[cheezemonkhai]

5 hours ago, JR RS said:

they have made changes to KESSY from MY19 onwards, however MY19s are yet to roll off the production line........

 

SKODA SUPERB - change of the product MY2019
KESSY-key motion sensor

Key without movement does not transmit signal for a certain period of time - protection against thefts.
The wireless remote control will be equipped with a position sensor.
Presently

- Possibility of theft

New

- Key without movement secure
- The key is in motion without protections

 

details here from a Russian website - https://www.drive2.ru/l/502985613973127732/

 

i also have this spreadsheet .......MY19 Changes .pdf

 

That if true is definitely an improvement, although how far it goes who knows.

 

Another reason to insist on MY19.

[Kenny R]

Just buy a Faraday cage key pouch, the key can’t transmit when it’s in the pouch.

Edited 30 July, 2018 by Kenny R

[TerryMcK]

Yes I agree with Kenny. They don't cost much and work really well.

[FelisBengalensis]

Like these.....

 

https://www.amazon.co.uk/MONOJOY-Blocking-Antitheft-Protection-Security/dp/B076KZF645/ref=sr_1_3?ie=UTF8&qid=1532953086&sr=8-3&keywords=rfid+key+pouch

 

£7.59 a pair.  Worked perfectly with my S3 with KESSY.  even holding the pouch next to the car had no effect.  The car could not get a signal from the key.

[cheezemonkhai]

10 hours ago, Kenny R said:

Just buy a Faraday cage key pouch, the key can’t transmit when it’s in the pouch.

 

9 hours ago, TerryMcK said:

Yes I agree with Kenny. They don't cost much and work really well.

 

6 hours ago, FelisBengalensis said:

Like these.....

 

https://www.amazon.co.uk/MONOJOY-Blocking-Antitheft-Protection-Security/dp/B076KZF645/ref=sr_1_3?ie=UTF8&qid=1532953086&sr=8-3&keywords=rfid+key+pouch

 

£7.59 a pair.  Worked perfectly with my S3 with KESSY.  even holding the pouch next to the car had no effect.  The car could not get a signal from the key.

 

That’s a pain for a system that was supposed to make it easy. Instead of getting a key out you have to open a pouch and even in the pouch run the risk somebody can open the car.

 

Might as well just save the money and get a different car without the problem.

 

I don’t want to go back to putting the disclok on every time. The car isn’t secure either.

 

Personally I believe if VW group have (as it sounds) known about since 2011, then why have they not fixed it.

 

security by obscurity doesn’t work and they won’t change unless people stop buying.

 

Anyway, asked the dealer, but if UK doesn’t get a fixed system the car is off.

 

there has already been an l&k nicked by this method on the forum.

[FelisBengalensis]

The entire industry is finally waking up to this.  Convenience doesn’t mean ‘right to do’ and this is what happens when cyber security experts aren’t involved but bean counters are.  Then add the media luvvies producing the sales brochures and all the downsides are forgotten.  It will take a customer revolt, the manufacturer being made liable (unlikely in the EU) or a massive reaction from the Insurance Industry before changes will be forced.  

 

As an aside sales of Disklok and Stoplock Pro have rocketed recently.  I wonder why.....

Edited 30 July, 2018 by FelisBengalensis

[Kenny R]

It’s hardly a pain, you arrive home put key in Faraday cage pouch put it in a safe place, and keep your spare key in one, safe in the knowledge that it’s signal can’t be picked up by would be thieves outside. When out and about the key is as safe as a normal key in your pocket, it would be easier to just mug you and take your key off you. 

[D402]

Be aware that the cheap eBay Faraday pouches become ineffective after a few months use.  I guess the conductive lining wears off. 

[cheezemonkhai]

1 hour ago, Kenny R said:

It’s hardly a pain, you arrive home put key in Faraday cage pouch put it in a safe place, and keep your spare key in one, safe in the knowledge that it’s signal can’t be picked up by would be thieves outside. When out and about the key is as safe as a normal key in your pocket, it would be easier to just mug you and take your key off you. 

 

Hardly worth it, pulling it out of a pouch is harder than just using a normal key. Plus more chance of a dropped key.

 

Not to mention the bulk of said pouch vs a key.

 

It’s still a lot riskier than a key that requires a press as faraday bags can be damaged, faulty or just outdone with enough power if they’re borderline effective and leaking but just a little.

 

It makes a stupid design problem our problem. As opposed to making the manufacture fix it at their cost.

 

https://community.nxp.com/servlet/JiveServlet/downloadBody/335157-102-2-276640/AMF-AUT-T2761.pdf

 

that shows the issue had a solution available for a fair while but they were still using the old one rather than an emergency change for a huge security hole.

 

Edited 30 July, 2018 by cheezemonkhai

[boydeee]

18 hours ago, JR RS said:

they have made changes to KESSY from MY19 onwards, however MY19s are yet to roll off the production line........

 

SKODA SUPERB - change of the product MY2019
KESSY-key motion sensor

Key without movement does not transmit signal for a certain period of time - protection against thefts.
The wireless remote control will be equipped with a position sensor.
Presently

- Possibility of theft

New

- Key without movement secure
- The key is in motion without protections

 

details here from a Russian website - https://www.drive2.ru/l/502985613973127732/

 

i also have this spreadsheet .......MY19 Changes .pdf

Thank you @JR RS for the info. The pdf is great!

Do you know of any confirmation of the 7 speed dsg box for the 280/272 tsi engine?

[daveo138]

Where do people with KESSY keep their keys when driving?

 

When I had a keyless car, it meant I either had to keep the keys in my pocket - uncomfortable - or find somewhere else inside the car to stow them. 

 

With a normal key and ignition lock, you get a really handy slot, so you have somewhere to hang your keys. 

[Penpusher]

4 minutes ago, daveo138 said:

Where do people with KESSY keep their keys when driving?

 

In the summer, in my man bag on the back seat.  

 

In the winter, in my jacket pocket on the back seat.

[Gomezz]

It may seem odd to others but after 55 years of keys in the ignition I just didn't feel right with a bunch of keys in my pocket or chucked into the centre space so I have stuck a hook near the start button and hang them there, so now it's like it's always been for me! Suits me in my Karoq

 

[FelisBengalensis]

Trouser pocket.  I only use the storage pouch overnight.  The risk of the car key signal being grabbed as you walk away from it is minute and anyone trying it would be very obvious - the antennas are 30cm squares typically.  Plus you are a moving target so maintaining a ‘lock’ on the key is very difficult.  The key range with the KESSY signal is very low.

 

The problem is in homes where keys are often left near a door and therefore easy to ‘grab’.  Keep the key further away or in a biscuit tin or pouch and no more problem.

[Kenny R]

10 hours ago, cheezemonkhai said:

 

Hardly worth it, pulling it out of a pouch is harder than just using a normal key. Plus more chance of a dropped key.

 

Not to mention the bulk of said pouch vs a key.

 

It’s still a lot riskier than a key that requires a press as faraday bags can be damaged, faulty or just outdone with enough power if they’re borderline effective and leaking but just a little.

 

 

 

Normal key signals can be intercepted as well you know. Your missing the point on the Faraday pouch, you only really need to use it in the house there is no need to have it in your pocket. I think your worrying a lot about nothing. I don’t think car thieves with all the electronic gear would really give a Skoda a second glance as they tour the area looking for top end Audi, Mercs etc. If someone really wants  to steal  your Skoda they will just break into your house and steal your keys. 

[cheezemonkhai]

 

 

They also steal cars for spares and the l&k is desirable elsewhere in Europe.

 

However that’s not really the point.

 

The pouch may be needed out as you could be in the services on holiday while they open the car and take your luggage.

 

i think just generally I cannot get over how stupid whoever designed the system is. Look at that nxp pdf.

 

As for the key, yes but they have to intercept a press (easy) and either program a key or get past the key.

 

this system is a massive backwards step.

Edited 31 July, 2018 by cheezemonkhai

[cheezemonkhai]

 

That makes it look like the unlock cling can be permanently disabled though, which would be a work around...

 

i have asked the dealer to confirm if the motion active active key is in MY19

[xman]

1 hour ago, Kenny R said:

Normal key signals can be intercepted as well you know.

 

Not really. A normal key has an active transmitter only when button is pressed to open/close the car. The encrypted rolling codes used are nowadays extremely secure so unusable by someone listening to and replicating a sequence. To start the car the immobiliser in a conventional key uses a passive transponder chip which requires the key to be within a cm or so from the reader coil which is in the ignition key barrel. The transponder is queried only when the ignition is turned on by the key.

 

Kessy is weak because all the thief is doing is using a bridge between the car and the remote key. The open/close/start is performed by the owners key/car. Kessy on the car is active all the time. Fundamental design flaw.

[Penpusher]

1 hour ago, cheezemonkhai said:

...The pouch may be needed out as you could be in the services on holiday while they open the car and take your luggage.....

 

I don't disagree, but 

• At most service areas, you park too far away for the key signal to be picked up near the car;
• Thieves would look rather obvious waving an antenna in the air in the car park that measures about a square foot;
• Would they bother to do that to steal a suitcase full of used and/or dirty clothes?

I haven't bothered using my Faraday bag when on holiday except overnight when I'm in a hotel room, but even then I didn't always use it.  For instance, when I was in the Holiday Inn in Bialystok, Poland, our room was on the 11th floor and the car was parked in the underground car park beneath the hotel, so there's no way the signal from the key could reach the car.

[xman]

28 minutes ago, Penpusher said:

I don't disagree, but 

• At most service areas, you park too far away for the key signal to be picked up near the car;
• Thieves would look rather obvious waving an antenna in the air in the car park that measures about a square foot;
• Would they bother to do that to steal a suitcase full of used and/or dirty clothes?

I haven't bothered using my Faraday bag when on holiday except overnight when I'm in a hotel room, but even then I didn't always use it.  For instance, when I was in the Holiday Inn in Bialystok, Poland, our room was on the 11th floor and the car was parked in the underground car park beneath the hotel, so there's no way the signal from the key could reach the car.

 

No guarantee that the bridge technology used will not evolve quickly. Satellite phones once upon a time required a dish. Its quite feasible that in the not too distant future all that is required is for someone to wait outside your hotel room with his mkiii key reader in his pocket, which has a mobile link via a tethered phone to the other chap stood by your car with the mkiii opening unit.

 

Just ask the banks how sophisticated tech criminals are nowadays.

[cheezemonkhai]

Previously the technology required what looked like a board about the size of an A4 sheet.

 

Now we are talking it fits in a small bag, such as a reusable shopping bag, that wouldn’t look out of place.

 

Clearly not everyone agrees with me here, but I think this is a massive hole and a stupid mistake to make.

 

look at that nxp pdf and how simple a fix was.

[alf.onso]

43 minutes ago, Penpusher said:

I don't disagree, but 

• At most service areas, you park too far away for the key signal to be picked up near the car;
• Thieves would look rather obvious waving an antenna in the air in the car park that measures about a square foot;
• Would they bother to do that to steal a suitcase full of used and/or dirty clothes?

I haven't bothered using my Faraday bag when on holiday except overnight when I'm in a hotel room, but even then I didn't always use it.  For instance, when I was in the Holiday Inn in Bialystok, Poland, our room was on the 11th floor and the car was parked in the underground car park beneath the hotel, so there's no way the signal from the key could reach the car.

 

I don't use RFID pouch myself because no-one actually steals Skoda's around here. I don't know how it is in UK but around here most of the cars stolen are more luxurious models of Porsche, Mercedes, Audi, BMW  and .... VolksWagen (yeah, I don't get it too....). Those luxury cars are usually stolen by criminals from abroad who come fast and leave even faster. Most of the other stolen cars are old ones stolen for a brief joyride.

 

But if I were scared that my beloved Skoda would catch some criminals attention, I would definately use RFID pouch even if I am 20 meeters underground in a bomb shelter. Car thiefs don't have big antennas anymore and it is much more sophisticated. There are usually two criminals. One standing by the car with a wireless reciever and another goes near house with signal magnifier. There is wireless link between those two so they can be very far from each other. Or when they find a target in a shoping mall parking lot, one stays at the car and another just has to get close to the owner of that car. It's easy to follow car owner to the mall and stand by him so no-one would even notice. 

 

Criminals have best equipment that money can buy and they are always two steps ahead.