Jeep Garage  - Jeep Forum

Jeep Garage - Jeep Forum (http://www.jeepgarage.org/forums.php)
-   Trouble Shooting/Problems/Service (http://www.jeepgarage.org/f107/)
-   -   Keyless entry vulnerability (http://www.jeepgarage.org/f107/keyless-entry-vulnerability-17155.html)

JoeSchmoe007 01-07-2011 11:12 AM

Keyless entry vulnerability
 
Really interesting read:

http://www.technologyreview.com/computing/27037/page1/

All it does is fools a car into thinking a key is nearby/inside. There is no need to decrypt/replay signal, so this will operate on any brand of cars. If I understood it correctly workaround on WK2 would be disabling keyless entry.

Another 2 interesting articles from the same source:

http://www.technologyreview.com/comp...9/?mod=related

http://www.technologyreview.com/comm...2/?mod=related

Bmwister 01-07-2011 11:42 AM

Re: Keyless entry vulnerability
 
No pun intended, but the possibility of theft is remote being that the thieves need to figure out whose car they want, where it is, where the owner is, and expeditiously position antennas near the owner/key and vehicle with an amplified signal transfer to make it work. Even then, once they drive the car away there is no fob inside so they'll eventually find the JGC disabled. Interesting article nonetheless.

bpmcgee 01-07-2011 11:45 AM

Re: Keyless entry vulnerability
 
That's an interesting concept, but it would be difficult to put into practice.

Essentially what they did is establish a radio relay from your key (where ever it is) to your car, fooling the car to think it's within range of the key. So they had to do two things:

Easy - Bad guy one stands with an antenna and powered relay module very close to your car.

Hard - Bad guy two stands with an antenna and a powered relay module within a few meters of YOUR KEY. Depending on where you're located, this would be challenging in a couple of ways -- If you're far from the car, it would be difficult to discretely provide enough power to complete the link. It also requires them identifying you as the owner of the target car.

So there are scenarios that might make this work -- like your vehicle gets identified in the mall parking lot and a bad guy follows you away from your vehicle while the second guy tries to enter your car -- but this isn't a "The Sky is Falling!" problem.

I'm far enough from my car right now that the bad guy following me would need a ton of power to make this work. And I think I'd notice being followed by a guy pulling a little red wagon full of car batteries.

JoeSchmoe007 01-07-2011 11:46 AM

Re: Keyless entry vulnerability
 
Quote:

Originally Posted by Bmwister (Post 329979)
No pun intended, but the possibility of theft is remote being that the thieves need to figure out whose car they want, where it is, where the owner is, and expeditiously position antennas near the owner/key and vehicle with an amplified signal transfer to make it work. Even then, once they drive the car away there is no fob inside so they'll eventually find the JGC disabled. Interesting article nonetheless.

You are correct. However, I still think allowing engine to run if key is not inside the car (as it works in WK2 and probably a lot of other cars) is not a good idea IMO. The way it should work is if you started a car somehow computer should still keep checking for key inside every X seconds. Then if key is not present you are alerted and in 5 minutes engine is disabled or speed limited to 5 MPH. Only way to enable it back again is through the dealer.

bpmcgee 01-07-2011 11:47 AM

Re: Keyless entry vulnerability
 
Joe,

While the car is on remote start, you can't put it in gear. I tried by accident, and the shift lever wouldn't move. Another system would have to be circumvented to overcome that.

JoeSchmoe007 01-07-2011 11:51 AM

Re: Keyless entry vulnerability
 
Quote:

Originally Posted by bpmcgee (Post 329980)
... And i think i'd notice being followed by a guy pulling a little red wagon full of car batteries.

lmao!

JoeSchmoe007 01-07-2011 11:57 AM

Re: Keyless entry vulnerability
 
Quote:

Originally Posted by bpmcgee (Post 329982)
Joe,

While the car is on remote start, you can't put it in gear. I tried by accident, and the shift lever wouldn't move. Another system would have to be circumvented to overcome that.

I am not 100% sure what you mean - please elaborate

JTS97Z28 01-07-2011 12:08 PM

Re: Keyless entry vulnerability
 
Yeah I wouldnt worry too much about this. Atleast in my case when my car is at home its in the garsge 100% of the time and I work for the U.S. Gov't so work is surrounded by 13' barbed wire fences. Even if it wasnt still not an issue.

James

bpmcgee 01-07-2011 12:10 PM

Re: Keyless entry vulnerability
 
I started the car remotely, then walked up to it and got in. Normally you THEN have to press the "Start" button to transition from "remote start" to "start" mode. And in order for that to work you have to have the fob.

I had the fob, but I didn't press the "start" button. I tried to move the shift lever from "P" and it would not move. So even if a bad guy is SITTING IN THE DRIVERS SEAT when you start it, he still can't just drive it off.

In other words, having the car start remotely doesn't help the bad guy very much. First it will only run for 15 mins. Second you have to circumvent the transmission interlock. I imagine there is probably another failsafe after that, but I'm not going to jamb my transmission to satisfy my curiosity.

Ultimately it would be easier for him to break the window, put the trans in neutral, and tow it.

JoeSchmoe007 01-07-2011 12:26 PM

Re: Keyless entry vulnerability
 
Quote:

Originally Posted by bpmcgee (Post 329994)
I started the car remotely, then walked up to it and got in. Normally you THEN have to press the "Start" button to transition from "remote start" to "start" mode. And in order for that to work you have to have the fob....

But the thief relay is still on. Car thinks fob is inside. Nothing prevents thief pressing "Start" button which will unlock transmission interlock and engine will work until it is stopped

Cperez 01-07-2011 01:01 PM

Re: Keyless entry vulnerability
 
This raises a related question that I haven't had time to research (and my baby is way too new for me to have put myself in this situation):

Has anyone been in a valet situation yet? Did you just toss the fob to the attendant and hope for the best? I think that if there's ever a chance that I'll be getting my vehicle parked by someone else, I'll pack both fobs and keep one on me just in case...

JoeSchmoe007 01-07-2011 01:09 PM

Re: Keyless entry vulnerability
 
Quote:

Originally Posted by Cperez (Post 330023)
This raises a related question that I haven't had time to research (and my baby is way too new for me to have put myself in this situation):

Has anyone been in a valet situation yet? Did you just toss the fob to the attendant and hope for the best? I think that if there's ever a chance that I'll be getting my vehicle parked by someone else, I'll pack both fobs and keep one on me just in case...

What are potential issues with valet situation? The only one I see is that they will lock your key in the car. What I do is give them FOB ONLY - metal key that unlocks the driver door stays on my chain. This, of course, is only partially helpful - if valet locks your key in your car while you are not around he probably won't have your cell phone # to call you right away.


All times are GMT -5. The time now is 04:12 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community