| ▲ | RachelF 6 days ago |
| This is why keyless "start button" functions on cars is a bad idea. The old approach of keyfob to unlock the car and a real key for the ignition is safer. Having multiple levels of security is good. However, having worked in the car security industry many years ago, I discovered that car manufacturers actually like it when their customer's cars are stolen - Insurance payouts often result in another sale. |
|
| ▲ | bri3d 6 days ago | parent | next [-] |
| As far as I know no vehicles use this kind of rolling code algorithm for push button start, only key fob functions. Certainly not in Europe (due to immobilizer regulations) but I don’t believe anywhere else either. Generally, long range key fob button functions and the short range start release functions are separated, both intentionally for security reasons and due to the different problem space occupied by each. It’s also worth noting that European makes in general tend to have much better cryptographic key security. My understanding is that this is due to a combination of regulation, a relationship between insurance and automakers which requires some security standard, and a high rate of theft leading to an adversarial environment. |
| |
| ▲ | majke 6 days ago | parent | next [-] | | Can you expand on the “immobilizer regulations”? I wasn’t aware any of this was regulated in. | | |
| ▲ | bri3d 6 days ago | parent [-] | | UN/ECE 116 | | |
| ▲ | extraduder_ire 5 days ago | parent [-] | | From a quick skim through the text, it seems to define what an immobiliser is, how it should work, and how it can be advertised on a car. I don't see anything in there about them being mandatory across the EU. I know some member states passed laws mandating them before that document was published. Perhaps I got the wrong document. | | |
| ▲ | bri3d 5 days ago | parent [-] | | Also take a look at 74/61/EEC. Some form of “immobilizer” has been required in Europe since 1998, and between actual ECE/UN directives and insurance partnerships, the standard increases every few years. |
|
|
| |
| ▲ | tekknik 5 days ago | parent | prev | next [-] | | > Generally, long range key fob button functions and the short range start release functions are separated, both intentionally for security reasons and due to the different problem space occupied by each. I don’t think this is true, for instance how does the key fob trigger a start sequence for vehicles equipped with remote start? They must be connected to the same CANBUS, so the key fob can interface with the start systems. This is also how a lot of vehicles are stollen, because of abuse/misuse of CANBUS (i.e. headlights being addressable in CANBUS) | | |
| ▲ | bri3d 5 days ago | parent [-] | | Yes, remote start breaks the model… which is why drive off release and remote start are separate systems. On modern European cars with automatic transmissions, the TCU will not release Park until the immobilizer (short range, challenge response) is released, and generally the ECU also limits torque request and vehicle speed. > This is also how a lot of vehicles are stollen, because of abuse/misuse of CANBUS On vehicles with poor cryptography architecture (Honda!), yes. On most other vehicles, no, because the immobilizer messages are cryptographically authenticated, usually by using an AES MAC where the key must encrypt random bytes transmitted by the immobilizer master using a shared AES key, and all participating immobilizer modules use a similar system to verify that every module shares the same secret material. Now of course if this secret material can be extracted the system breaks (see XHorse, Abrites, etc.) but this usually requires invasive and time consuming attacks far beyond the headlight thing (for example, removing and physically opening a control unit to use an exploit to dump its key material). |
| |
| ▲ | inferiorhuman 6 days ago | parent | prev [-] | | It’s also worth noting that European makes in general tend to have much
better cryptographic key security.
Counter point:https://www.usenix.org/system/files/conference/usenixsecurit... | | |
| ▲ | bri3d 6 days ago | parent [-] | | Hitag2, while broken, is worlds better than rolling code. All modern European cars that I’m aware of now use AES. | | |
| ▲ | inferiorhuman 5 days ago | parent [-] | | Right but the comparison was between Euro and American brands not between Hitag and rolling codes. In that regard the Euro brands are no better. |
|
|
|
|
| ▲ | derektank 6 days ago | parent | prev | next [-] |
| Pretty short sighted, given how much we've seen insurance rates climb for specific makes. People know you'll be paying through the nose for certain Hyundais models. That kind of brand damage can't be cheap |
| |
| ▲ | appreciatorBus 6 days ago | parent | next [-] | | Sure, but in my experience, people never attribute high insurance costs to the underlying risks being high, rather they blame that on the insurance companies and then vote for people who promise to “do something about it“. I’m sure there is brand damage from people hearing that a particular car is frequently stolen, because having your car stolen as a pain. I am skeptical the analysis reaches deeper than this first level tho. | | |
| ▲ | tomatocracy 6 days ago | parent [-] | | I don't think high insurance costs would result in brand damage as such. But it absolutely would result in reduced sales and/or reduced resale value, because sufficiently many people comparing which car to buy will look at the insurance cost for each particular car they are comparing as part of that decision. | | |
| ▲ | appreciatorBus 6 days ago | parent [-] | | I agree that if sufficiently many people consider insurance costs in the buying decision, then a high theft rate will reduce sales. I guess I am just wondering whether or not most people actually do that. It’s been a while since I bought a car, but my impression was that many (most?) people just buy based on the biweekly payment, and everything else from depreciation to gas to insurance is an afterthought. |
|
| |
| ▲ | vel0city 6 days ago | parent | prev [-] | | Note those Hyundai's relied on old fashioned cut keys and not electronic transponders, and the solution was electronic transponders because the old style stuff was so trivially bypassed. | | |
| ▲ | ge96 6 days ago | parent [-] | | Yeah something about immobilizer on push starts being better than the key since they can just jam a USB/screwdriver in there and steal the car, Kia boys |
|
|
|
| ▲ | nextlevelwizard 6 days ago | parent | prev | next [-] |
| I know this might be splitting hairs, but... >The old approach of keyfob to unlock the car and a real key for the ignition is safer. "Safe" feels like wrong word to use here. Safety is not same as security. One could also argue that criminals being able to steal parked cars is safer over all for society as they then don't feel the need to car jack you while you are actually in the vehicle. If you actually want to keep your car secure (meaning criminals wont break into it or steal it in this context) just drive old beater and do not leave anything valuable in the car or trunk. I am driving a car that is nearly as old as I am and its fighting a losing battle against rust and I have nothing more valuable than trash inside the car. |
| |
| ▲ | leoedin 6 days ago | parent | next [-] | | > One could also argue that criminals being able to steal parked cars is safer over all for society as they then don't feel the need to car jack you while you are actually in the vehicle. Here in the UK vehicle theft reached an all time low in 2014. It’s doubled since then. If there was an increase in car jacking it must have been minescule by comparison. It’s not really a crime that happens here. I had an old beater van that got stolen. It turned out that model was known to be easy to steal. I suspect most car theft is done because it’s easy and fairly low risk. Walk up to a car in the night, fiddle around for a few minutes and drive off. I still drive a car with a key. It’s completely fine. Who actually asked for keyless entry? | | |
| ▲ | kayodelycaon 6 days ago | parent | next [-] | | > Who actually asked for keyless entry? Me. I have problems with short-term memory and I kept forgetting my keys in the ignition. This isn’t due to laziness or lack of trying. It’s a hardware problem that makes developing or following habits in certain situations nearly impossible. It’s like asking a blind man to organize things by color. Now that I don’t have to take my keys out of my pocket, I’ve never left them in my car. | |
| ▲ | teruakohatu 6 days ago | parent | prev | next [-] | | > Who actually asked for keyless entry? Probably the vast majority of consumers? There is no reason why keyless entry cannot be more secure than a physical key, other than incompetence. The cars stolen in New Zealand are usually, as you say, cars that are known to be easy to enter and drive away. Even then, they break a window. But I have also heard of break-ins at night targeting certain high-end cars and going as far as gaining entry to a garage. | | |
| ▲ | cjrp 6 days ago | parent | next [-] | | > There is no reason why keyless entry cannot be more secure than a physical key, other than incompetence. Isn't the problem that it's designed to work from a distance, and that by boosting the signal the criminals can just increase the distance so that the key inside your house reaches the car? It seems inherently less secure than the old system where the physical key has to be practically touching the ignition to disable the immobiliser. | | |
| ▲ | Kirby64 6 days ago | parent | next [-] | | More modern implementations of this use a time of flight check, so unless you have the ability to violate the laws of physics, boosting the signal so that a far away key transmits its signal to a nearby car is insufficient to unlock/start the car. | | |
| ▲ | giobox 5 days ago | parent [-] | | Are there many car keys actually using time of flight in the fob? Most of the cars I’ve owned use a much simpler approach - the key sleeps (stops broadcasting) unless moved. Drives me nuts with some fobs which have to be vigorously shaken to start broadcasting again and open my car etc. if key isn’t broadcasting, it can’t be mitm’d.
It’s been awhile but I seem to recall time of flight being patent encumbered vs sleeping the key. This obviously isn’t 100 percent full proof but likely works well enough for preventing many common mitm scenarios such as stealing from a car park or drive way most of the time etc. | | |
| ▲ | Kirby64 4 days ago | parent [-] | | No idea on actual implementation, but the UWB keys these days all seem to be capable of it. Plenty of manufacturers advertise the capable, e.g., Bosch. |
|
| |
| ▲ | dzhiurgis 6 days ago | parent | prev [-] | | You can boost signal only so much. Apple solved this to be less than a meter or smth like that. With Tesla you can disable keyless entry and use key card if you are so paranoid. But stealing connected car doesn't make much sense to me. | | |
| ▲ | tekknik 5 days ago | parent [-] | | > But stealing connected car doesn't make much sense to me. How so? Even if you know the location you need someone with jurisdiction to go get it. You disable vehicle, then it gets destroyed. EVs are entirely different designs than an ICE vehicle, and Tesla in particular is moving beyond the flawed CANBUS to something more robust and secure. |
|
| |
| ▲ | alias_neo 6 days ago | parent | prev [-] | | > I have also heard of break-ins at night targeting certain high-end cars and going as far as gaining entry to a garage My next door neighbour had someone enter their home while they slept, take the key and drive off in their car, because it was "stolen to order" most likely. I couldn't give a shit if someone breaks in to my garage, or frankly if the car is stolen, but I don't want them coming into my house where my family is asleep for the keys. What happens if the keys weren't downstairs by the front door, because I left them on the bedside table or something? I shudder at the thought. | | |
| ▲ | 542354234235 6 days ago | parent | next [-] | | I'm not sure what you are saying here. Are you saying cars should be easier to steal so that no one ever breaks into your house to access the keys to your car? | | |
| ▲ | alias_neo 3 days ago | parent [-] | | Of course not, that's ridiculous. I simply don't drive a car anyone would want to steal. |
| |
| ▲ | tekknik 5 days ago | parent | prev [-] | | Alarm and a gun in the home, problem solved. |
|
| |
| ▲ | ponector 6 days ago | parent | prev | next [-] | | >> Who actually asked for keyless entry? Almost everyone? It's one of the best feature I have in a car, the most convenient one. | | |
| ▲ | calcifer 6 days ago | parent [-] | | It's a feature we like now that we have it, but not one we asked for. | | |
| ▲ | iwanttocomment 6 days ago | parent [-] | | Hi! It me. I had a car with keyless entry years ago. It was great. I got another car, more recently, that had a physical key. I've hated having to use the physical key. I personally am asking for keyless entry. Sorry! Also: Hyundai/Kia cars have physical keys and are known to be trivially hot-wired. Given the "kia boyz" I'd have a hard time moving to physical keys again. Again, sorry! | | |
| ▲ | dzhiurgis 6 days ago | parent [-] | | Time to get flipper zero. Realistically there is not reason some Android maker couldn't roll a phone out with a keyless entry support (with or without OEM blessing heh) | | |
| ▲ | ponector 6 days ago | parent | next [-] | | If I can unlock my car with my Android's NFC and drive - is it a keyless entry? Is mentioned vulnerability affecting older/cheaper cars? I don't need to press any buttons on my key fob to enter the car and turn on the engine. | | | |
| ▲ | iwanttocomment 5 days ago | parent | prev [-] | | Flipper Zero is just too thicc. |
|
|
|
| |
| ▲ | I_dream_of_Geni 5 days ago | parent | prev [-] | | I LOVED my Chevy Volt!! Walk up to the car, door unlocks and I climb in. When leaving the car, shut the door, walk away, doors lock. I didn't ask for keyless entry, but I LOVE KEYLESS ENTRY! |
| |
| ▲ | a96 6 days ago | parent | prev | next [-] | | Old beaters are exactly the things that get stolen. Their security can often be beaten with a butter knife or coat hanger. That's more about minimizing the losses, for which it's a useful approach. Running costs tend to be lower as there's little purchase price and no incentive to do expensive repairs instead of dumping a broken one for another running beater. | | |
| ▲ | tmerc 5 days ago | parent [-] | | You should look up what strikers are and maybe check the statistics for most stolen cars. |
| |
| ▲ | xlii 6 days ago | parent | prev | next [-] | | If someone wants to stole the car they will steal it. Stealing a car is not the same as stealing a candy. In Europe all parts are marked so it takes significant effort to sell or modify such cars. It's not like people steal them and then sell it at yard sales. As for the "beaters": shortly after Russian invasion on Ukraine plenty of cars were stolen in Poland. Not the expensive kind but usually 10-30 years old cars with big and reliable engines (V6, V8). I know 6 people that had Jeeps Grand Cherokee stolen (different generations). My uncle wanted to renovate Isuzu Rodeo with completely rusty frame but V6 engine of a value of like 300€ and it was stolen too. And it happened ~1 month after it started. | | |
| ▲ | lupusreal 6 days ago | parent | next [-] | | People stealing cars to sell or chop them up for profit is less of a problem than people stealing cars so they can commit violent crimes with them. | | |
| ▲ | CyberDildonics 6 days ago | parent [-] | | Based on what data? | | |
| ▲ | lupusreal 6 days ago | parent | next [-] | | Based on the "data" of human lives being worth more than cars. WTF! | | |
| ▲ | gertlex 6 days ago | parent | next [-] | | I'm probably completely missing the (presumably relatively common) scenarios you have in mind where stolen cars are used for violent crimes. (I'm assuming reckless joyriding isn't what you're referring to as "violent crime"; maybe that's my issue) | | |
| ▲ | Nicook 5 days ago | parent | next [-] | | If you want to go commit a violent crime, and have motorized transport, and not be caught. Then it is helpful to have a vehicle that is not tied to you. | |
| ▲ | kayodelycaon 6 days ago | parent | prev | next [-] | | Happens in places like New Orleans. Some gang members steal a car, go shoot up a neighborhood, and ditch the car. | |
| ▲ | lupusreal 5 days ago | parent | prev [-] | | > I'm assuming reckless joyriding isn't what you're referring to as "violent crime" It is, and worse. There have been numerous cases of scumbag teenager stealing cars and then crashing them into people, mostly by accident but often enough on purpose. They also use the cars for gangbanging shit since they know the car can't be traced back to them. A lot of this stuff wouldn't be happening if cars weren't so easy to steal. There is a casual accessibility to stealing certain cars which makes it an easier crime to commit than carjacking (parked cars aren't witnesses, parked cars won't fight back or pull a gun of their own, parked cars won't try to run you over, etc.) Once the car is stolen, other impromptu violence seems and becomes easier. |
| |
| ▲ | CyberDildonics 5 days ago | parent | prev [-] | | Then why are you worried about cars, worry about murders. | | |
| ▲ | lupusreal 5 days ago | parent [-] | | That's like asking why people are concerned about easily available guns. Because they facilitate murders! Seriously, stop being deliberately obtuse. | | |
| ▲ | CyberDildonics 5 days ago | parent [-] | | Shouldn't we be more worried about nuclear weapons than guns, it's human lives after all. | | |
| ▲ | lupusreal 4 days ago | parent [-] | | Again with the deliberately obtuse routine. | | |
| ▲ | CyberDildonics 3 days ago | parent [-] | | What's wrong with that? If the rate that something happens doesn't matter, then we should ignore everything except for the most severe problem. |
|
|
|
|
| |
| ▲ | BobaFloutist 5 days ago | parent | prev [-] | | By "less of a problem" they don't mean "doesn't happen as much," they mean "doesn't matter as much." | | |
|
| |
| ▲ | tekknik 5 days ago | parent | prev [-] | | > In Europe all parts are marked so it takes significant effort to sell or modify such cars. It's not like people steal them and then sell it at yard sales. This is the same in the US, at least for the expensive parts. They won’t part it out or even sell it in your country, it gets shipped out to another country where your laws don’t apply. |
| |
| ▲ | jiscariot 6 days ago | parent | prev | next [-] | | Where I live, the ability for the "Kia Boys" to easily steal cars, really boosts their effectiveness at robbing people at gunpoint. Sprees of 20 people being robbed by the same group. It's not poor kids who lack school transporation options, doing their best to get by. | |
| ▲ | lupusreal 6 days ago | parent | prev | next [-] | | Strong disagree. Many car thefts are by POS teenagers who do it because it's easy and they can get away with it. They then proceed to drive those cars recklessly, endangering the lives of other people, or worse, use the sense of anonymity and power provided by the stolen car to commit violent crimes. https://www.krqe.com/news/crime/teen-given-max-sentence-afte... | |
| ▲ | lm28469 6 days ago | parent | prev [-] | | > One could also argue that One could also argue that most people didn't bother because violent crimes are much more severely punished, now that the bar is so low people steal much more. And the stats would back it up https://images.vivintcdn.com/global/Blog%202022/01-Number-of... |
|
|
| ▲ | ethagnawl 6 days ago | parent | prev | next [-] |
| I'm currently driving a rental which has this feature and I can't stand it. There is no added value and this feature exists solely to appeal to people who think it's "cool". (They must exist, right?) I guess you get used to it with time but I find myself constantly having to throw the key back into the car so I can do things like exit momentarily and keep the air conditioning going. I also don't trust that the car won't then lock itself with the key and my child inside, so I also have to remember to roll down the window. |
| |
| ▲ | vachina 6 days ago | parent | next [-] | | Unwarranted worries. I keep the fob in my pocket all the time, the car will keep running without the fob. Also usually these systems have incar fob detection. Mine will refuse to lock if it senses the fob is inside the car. | | |
| ▲ | SirMaster 6 days ago | parent [-] | | That doesn’t make sense. You can’t lock the car if your key is inside? So a bad person can just open your door and attack you because you can’t lock your door when your key is inside? My Camry has incar fob detection and I can definitely lock the car while the fob is inside. | | |
| ▲ | alias_neo 6 days ago | parent | next [-] | | It won't let you press the button on the handle to lock it if the key is inside and you're not, prevents you from locking the keys in the car, mine does the same, the car will beep 3 times if I try to lock it from outside while the key is inside. If you're also inside, you just press the lock button in the car and it'll lock just fine. | |
| ▲ | vachina 6 days ago | parent | prev [-] | | I meant lock the car from the outside, using the door handle. | | |
| ▲ | gertlex 6 days ago | parent [-] | | Thanks for the clarification. Wild to me I didn't know this external lock button was a thing (my car's 16 years old... but I drive a rental a couple times/year...). |
|
|
| |
| ▲ | vel0city 6 days ago | parent | prev | next [-] | | There's a huge value feature, I can keep the "key" in my pocket or bag or whatever and I don't have to fetch it out. Plus the "key" can be a phone or other device. Adding in a stick of metal that can be trivially bypassed does nothing to make the car more secure. | | |
| ▲ | rpcope1 6 days ago | parent | next [-] | | Automotive ignitions barring a few stupid setups in the 90s like the Jeep XJ (which was laughably easy to steal, but it was Chrysler and AMC so you can just expect certain levels of incompetence and shit design) have been much more than just a simple cut key. Going back to even the 80s, GM had a mostly excellent simple theft deterrent in the keys (a special resistor whose value the ECM knew, called passkeys) that made it harder than just brute forcing the ignition cylinder. It honestly made stealing someone's thirdgen or corvette a lot harder. Keys with things like fobs have evolved since and on a car with a real key made since the vast majority of this sites userbase was probably born is going to take some real specific smarts and work if you need both a physical key and whatever additional security the manufacturer has cooked into the fob. You really need an immobilizer system that requires both a transponder and a correct cut key for the security on the car to be decent. | | |
| ▲ | vel0city 6 days ago | parent [-] | | Tumblers can be trivially bypassed or broken. The only thing providing real security in your examples are the transponders. The cut keys are worthless. If you get rid of the transponder, it has weak security. If you get rid of the cut key, you have pretty much the same security. |
| |
| ▲ | jsiepkes 6 days ago | parent | prev [-] | | > Adding in a stick of metal that can be trivially bypassed does nothing to make the car more secure. Everyone can use a flipper zero to unlock a car. Not everyone can hotwire a car. Keyless ignition means criminals have a vastly larger recruitment pool of people they can offer money to do something stupid (like stealing a car for them). | | |
| ▲ | 6 days ago | parent | next [-] | | [deleted] | |
| ▲ | kube-system 6 days ago | parent | prev [-] | | > Everyone can use a flipper zero to unlock a car. Not everyone can hotwire a car. You live in a tech bubble if you really think this is the case. Attacking a lock cylinder is a lot lower-skill of an attack than a cryptographic attack. Recent car theft epidemics have shown this, e.g. #kiaboys |
|
| |
| ▲ | ponector 6 days ago | parent | prev | next [-] | | >> throw the key back into the car so I can do things Isn't it the same for old style key, but with even more actions? Like to navigate a keyhole, turn the key... | |
| ▲ | wat10000 6 days ago | parent | prev [-] | | It’s convenient. If I want to keep the AC on when I exit, I push the button for that before I get out. It’s especially nice when the key is my phone. I never have to worry about keys. I just get in my car and drive, and when I arrive I get out. I keep a key card in my wallet as a backup in case my phone explodes. |
|
|
| ▲ | boobsbr 6 days ago | parent | prev | next [-] |
| > car manufacturers actually like it when their customer's cars are stolen Hyundai and Kia have joined the chat |
| |
| ▲ | Hamuko 6 days ago | parent [-] | | Except those guys had it go so far that trying to insure a cheap Kia was extremely expensive, since insurers considered them a toxic asset. | | |
| ▲ | kube-system 6 days ago | parent [-] | | It actually got worse than that -- some insurers in some locations were refusing to insure them at any price. |
|
|
|
| ▲ | someothherguyy 6 days ago | parent | prev | next [-] |
| As a DIY option, there are definitely ways you could add MFA-like security with a simple switch/relay (attached to said authentication factor) in most ignition systems. However, that wouldn't help with the "desyncing" or unlocking aspects of this attack. |
| |
| ▲ | acomjean 6 days ago | parent | next [-] | | I had a used VW gti (late last century) with an imobilizer. It let the engine crank but wouldn’t start. It also locked the hood from opening, leading to some panic when first getting the car and forgetting it had this feature. It was a circular key below the steering wheel. | |
| ▲ | _kb 6 days ago | parent | prev [-] | | A physical steering wheel lock works too. Not every problem needs a tech solution. | | |
| ▲ | arcanemachiner 6 days ago | parent | next [-] | | They're basically describing a hidden kill switch/toggle, which is just as much of a tech solution as the one you're describing. Of course, they wrapped it in some nerdy terminology, which IMO obscures the intent of their suggestion. | |
| ▲ | bitexploder 6 days ago | parent | prev [-] | | Removable steering wheel. Most thieves do not carry a steering wheel with them. | | |
|
|
|
| ▲ | jiveturkey 6 days ago | parent | prev | next [-] |
| disagree, if you mean simple cut key. a screwdriver defeats it. ok, if you mean a key that has a chip embedded, where the key cuts are just window dressing and the real magic is still in cryptographic proof of "something you have". i am not aware of any such key ever being produced, but i certainly do not have comprehensive knowledge. GM had something close to that. |
| |
| ▲ | gchadwick 6 days ago | parent | next [-] | | Immobilizers (which lock out the engine until there's been some authorization from another device, i.e. from a chip in the key) have been mandatory in cars in the UK at least (and I would presume Europe on similar time scales) for almost 30 years (from 1998). Seems they've been sold in cars for a few years longer than that (from 1992). According to: https://www.carwow.co.uk/guides/glossary/what-is-a-car-immob.... Maybe never introduced into the US market? Would find that hard to believe. | | |
| ▲ | kube-system 6 days ago | parent [-] | | Immobilizers were introduced into the US long before that, but never mandated. | | |
| ▲ | jiveturkey 3 days ago | parent [-] | | immobilizers that use a chip in a physical key, are to the best of my knowledge, all simple clonable protocols. the predecessor to a code was a simple resistor. i specifically meant a kind that uses private key crypto. we absolutely could have that today but we've moved on to fobs. please correct me if I'm wrong ... i haven't studied it that extensively. | | |
| ▲ | kube-system 3 days ago | parent [-] | | Early immobilizers were just resistors, yes. (e.g. GM VATS) However, later "chipped keys" do use strong crypto over short-range wireless. The "fobs" in modern push-to-start cars actually have two separate radios in them. The one that this article is about is the long-range keyless entry radio, which primarily opens the doors. These all have separate short-range wireless radios that work inside of the car to authenticate the key before you can press the push-to-start button. That is unaffected by this hack. | | |
| ▲ | jiveturkey a day ago | parent [-] | | Thanks for that info. OK, then i'll double down on my criticism of the G_G_G_P, a "real key" for the ignition is not safer by any reasonable criteria, since the crypto part doesn't occur through the metal of the key (resistor style), but wirelessly. The key is just annoying. | | |
| ▲ | kube-system 11 hours ago | parent [-] | | Agreed. Physical ignition locks are not great security because they fail under attacks that street criminals are best at: brute force. |
|
|
|
|
| |
| ▲ | leoedin 6 days ago | parent | prev | next [-] | | I’m pretty sure most cars in the later key era used some sort of chip verification on ignition for the key. It wasn’t just a physical thing. Given it was 15 years ago, I don’t know how cryptographic the proof was - perhaps it was just reading a number from the key. But the hyper short range nature of it made it quite secure. | |
| ▲ | tmerc 5 days ago | parent | prev [-] | | I think the early 90s gm keys with the chip were just resistors in the key body. They stop reading over time but you can splice in the correct value to bypass |
|
|
| ▲ | rpcope1 6 days ago | parent | prev [-] |
| I've never seen anything but problems with keyless ignitions. It really seems like a solution in search of a problem no one actually had, and makes the car much more irritating. I guess it's in line with the whole remove real controls and buttons crap because "muh software", "muh reprogrammable interfaces" etc that certain nerds think is a good idea for who knows what reason. |
| |
| ▲ | kube-system 6 days ago | parent [-] | | I've only ever personally seen failures with keyed ignitions. They are subject to physical wear. This is a problem solved by keyless ignitions which have zero physical wear parts. |
|
