this post was submitted on 29 Jul 2023
12 points (92.9% liked)
Security
522 readers
6 users here now
A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.
Rules :
- All instance-wide rules apply.
- Keep it totally legal.
- Remember the human, be civil.
- Be helpful, don't be rude.
Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This seems flawed. If the hacker knows that there is one of these devices, and they already have access to the driver's seat, they could pop the hood and recircuit the red wire.
A better idea is if your keyfob used a regenerating code. Current vehicles use the same code every time. And this device does as well.
When your car turns on, it would send a new code to your fob. If the fob returns that code the next time the car is started, it starts normally and a new code is generated. This code is also the one responsible for door locks, etc.
In order for a hacker to obtain the correct code, they have to be near the car when the car is started, then have to go with the car to its destination. Each time the car is started, the password changes.
If a fob gets out of sync, the fob and car can be reset at a dealership.
I think with a regenerating code, there needs to be an easier way to deal with the fob getting out of sync. It would be pretty annoying to miss the fob hit and then have your vehicle become unusable.
The way @Oka described it the fob would only change the code if the car sends a new code. So if you're out of range the fob would send the same code again on the next press.
However, if the dealership can reset the fob and car then in due time so will any criminal, either by acquiring the necessary hard- and software from a dealership going out of business or someone reverse-engineering it.
How do you deal with 2 key fobs?