Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
phire 6 days ago

You don't even need a physical connection.

As long as you have two-way wireless communication (which any keyless entry/start system does), then you can simply do a Diffie-Hellman key exchange during the pairing process.

Diffie-Hellman is designed for exactly this usecase, allowing two parties to derive a shared secret key over a public channel without exposing it.

tux1968 6 days ago | parent | next [-]

That allows the conversation to proceed in secret from listeners, but it provides no authentication to ensure that only legitimate parties are involved. The reason for physical contact is to "prove" that you are legitimately in control of the vehicle, not a random passerby.

kube-system 6 days ago | parent | next [-]

Physical possession isn't enough to prove someone is legitimately in control of the vehicle, though. If a physical connection under the dash will hand out the key, you can bust the window, and get the key.

Part of the utility of the baked-in manufacturer key is that it is unable to be extracted by thieves.

userbinator 5 days ago | parent [-]

Clearly it isn't "unable to be extracted" as the other comments here have remarked.

Having to break into the vehicle already raises the bar significantly and makes the security equivalent to a physical lock.

wat10000 6 days ago | parent | prev | next [-]

It works well enough to just require some action to be taken on both ends. Push a button on the opener (or an already-paired remote), then pair the remote while the opener is in the pairing state. It’s possible for a passerby to intercept, but they’d have to have very good timing.

tux1968 6 days ago | parent [-]

Pressing a button on the opener is physical contact. That's the entire idea that the OP was trying to relay, that you need some physical way to prove that you're eligible to pair. Not that the key itself had to be hard-wired for the process to proceed.

exe34 6 days ago | parent [-]

> requires a physical connection between the fob and the receiver (located inside the locked part of the car) to

that sounds pretty clear to me that the connection isn't the human holding both buttons here.

phire 6 days ago | parent | prev | next [-]

I'm not sure you should be that concerned about man-in-the-middle attacks.

If someone does successfully MITM while walking by the key is going to stop working as soon as they are out of range, and you will notice.

I'm just wanting a system that could be implemented with the hardware that's already there. I guess you could use the RFID chip that most keyless start cars already have as a secondary channel. Still Not 100% secure, but the MITM device would need to be physically in your car to intercept the pairing request, and at that point you have bigger problems.

tux1968 6 days ago | parent [-]

Sorry, I didn't mean to make it sound like the problem was MITM. The issue is initiating a pairing request, you can't allow just any key to request it, that allows bad actors to pair a key with your car.

While I worry that it's not really secure enough, the OP was suggesting that physical contact is a way to "prove" that you are indeed eligible to pair, by excluding everyone who lacks physical contact.

phire 6 days ago | parent | next [-]

Modern cars already have a complex sequence to enter pairing mode.

You need to press buttons inside the car, buttons on the currently paired key (to prove possession of that) and buttons on the key you want to pair with.

So a passer by would have to press a button on their fob at just the right moment. Then when you go to test your new key fob, it wouldn't work, so you would pair again until it was your key that was paired.

tux1968 6 days ago | parent | next [-]

Yeah, it's the same for garage door openers today. I took the OP simply to be saying that physical access of some type needs to be available (ie. to stop anyone initiating a pairing). Some cars require the key to be physically inserted into the ignition switch, which requires the key to be correctly cut to match the car, before pairing; which is a nice extra hurdle to stop thieves quickly pairing after they break into your car.

Whatever the case, making it easier to pair, shouldn't be the primary focus, no need to help a thief doing it quickly. It would just be nice to have a way to do it, that didn't ultimately require the manufacturer to get involved; but that does remove a big hurdle for thieves, too.

monster_truck 6 days ago | parent | prev [-]

Which can be easily bypassed by accessing any obd2 connected port, which you can conveniently find in the headlight housing of most automobiles.

0x457 5 days ago | parent | next [-]

That's CANBUS not OBD2, and it only works on some cars because not moronic manufacturer prevent it. Try doing it, on a European car you will fail.

chipsa 6 days ago | parent | prev [-]

I promise there is not an OBD2 port inside the headlights of cars.

There is CANBUS to the headlights, but that is not a OBD2 port. And more securely designed cars can put that in a less secure zone, so it can only send and receive commands for exterior things like lights, and not be able to have commands for keys injected, because that bus will not accept those commands.

exe34 6 days ago | parent | prev [-]

you can press a button in the car, you don't need a cable.

jandrese 5 days ago | parent | prev | next [-]

In theory, but since this attack has to happen at the time of pairing and leaves evidence--the key you are trying to pair doesn't work afterward--I don't think this is a realistic concern.

amy_petrik 5 days ago | parent [-]

>In theory, but since this attack has to happen at the time of pairing and leaves evidence--the key you are trying to pair doesn't work afterward-

You're assuming the goal is to discretely enter the vehicle and leave no trace. If we consider the Kia challenge [https://en.wikipedia.org/wiki/Kia_Challenge] then the goal is to take possession of the vehicle in an immediate and opportunistic fashion. If the possession fails and the key FOB now stops working, whatever, not the thiefs care. If the possession works, now there's a sweet car to abuse. Or, in the case of a crime syndicate, a sweet car to take to the chop shop.

This type of attack is not to mention a simple relay attack. If radio waves of a home (say near the front door, where the keys are stored) are relayed to another location (the car, 30 feet away), then the exact crypto and protocol is irrelevant, the car "sees" the real life actual FOB as nearby. That's another attack used in the wild.

aDyslecticCrow 5 days ago | parent | prev | next [-]

I think you're overcomplicating it. The primary purpose of field programming is manufacturing logistics. Produce a billion identical devices with identical firmware, and then pair the key once to the car.

So it just needs to block rewrites, and the risk of any security barrier breach is negligible since it's done in factory.

tenacious_tuna 5 days ago | parent [-]

> The primary purpose of field programming is manufacturing logistics

Or if I lose my car key

numpad0 6 days ago | parent | prev [-]

I think this is technically correct but a bit confusing, since "pairing" processes usually require user actions at both ends. A keyhole that reprograms to any key from the outside makes little sense.

theamk 3 days ago | parent | prev | next [-]

Given how bad the "single master key" idea is, even simple update like "transmit secret key in the open, but with reduced power, during paring mode", would be a great improvement.

It'd instantly mean there is 0% chance of someone figuring the key based on day-to-day operation.

conradev 6 days ago | parent | prev [-]

A PAKE scheme with a passcode communicated out of band during pairing feels more appropriate to make sure no one is snooping.

A one-time out of band authentication (usually some form of trusted physical interaction) is key if you don’t want to trust intermediaries.