I hope to god those contactless credit cards can't be just cloned with a long range rfid reader or else this is gonna be a very funny few years
I'd park a Porsche with a vulnerable system in a fancy suburb or in a high-rise parking garage without a second thought. I wouldn't park a Chevy in the ghetto with any system without lots of worry.
A Prius would cost me £21,995 - around 16 times as much. Though there are far more expensive cars out there, that they can't even get basic security right is fairly disgraceful....
Any car theft will hurt a lot for most people.
Someone did a demo where they snagged someone's private details by "bumping into" them on the street.
They can. That's why they require your PIN every N tries (N is configurable by the issuer, I think). All the money spent up to and until N is reached is just lost though, I guess.
This is why I have an RFID-blocking wallet.
Anyway, fortunately, I can never find street parking near my apartment for my Prius anyway. But I'm still going to find a small faraday cage I can leave by my bed to put my keys in before I go to sleep...
A small, all-metal box will probably do just as well. For bonus points, connect it to earth ground.
some aluminium foil would do just as nicely!
I have one from http://difrwear.com/; I've tested it and it's never leaked any signal from cards inside; should work fine with keys too.
Quick Google search suggests it isn't really effective:
http://mentalfloss.com/article/51597/does-refrigerator-make-...
If you have remote but no self-unlock it should be okay, for now.
Toyota has a way to turn on and off certain features from the lock system by reprogramming using a pattern of opening and closing the driver door and inserting/removing the key. Same way you add/remove fobs.
So it might be possible to turn off self-unlock. You'd have to find the dealer manual though.
added, or google it: http://thepoch.com/2013/automatic-door-locking-and-unlocking...
http://www.toyota.com/t3Portal/document/om/OM33856U/pdf/sec_...
But that sucks there are so few codes they can all be scanned.
Harder to do with a car unless you forgot your keys and someone playing a joke on you had an amplifier near your car.
With Tesla you have a backup, in that you can unlock the car with your phone, as long as both the car and the phone have a signal. Of course this fellow locked his phone in the car too....
Anyway, what happens there is you usually lock all doors before closing them. Then when you close them, if the key is inside, oops.
This is mitigated in slightly moderner cars by the fact that driver-side doors don't lock when they're open.
So I guess we had this beautiful period of the last 15 or 20 years where we locked our cars by pressing a button on the key. Makes it impossible to lock your keys into the car.
I wonder if we're going to decide that was better than keyless before keyless becomes widespread.
If keyless ignition does make it big in the motorcycle world, I would expect that motorcycle manufacturers would add lights/beeping/ignition cutoff if you got too far from the key.
In any case, they'd just drive it to the chop shop.
When my key battery was low this would occasionally happen and it wouldn't actually do anything until you need to actually start the car again after stopping it.
Battery charged in fob:
Walk up to car push any button located on handle of doors to lock vehicle or push button on trunk to open trunk.
Within proximity to any door lights under side view mirror light up, interior lights also turn on. After touching driver handle driver door opens, any other door handle touched (within proximity to fob) will cause all doors to open.
Battery dead: Trunk will open if fob is held directly near button. Similar behavior on doors fob must almost be in hand pushing button. Valet key can open the driver door. Buttons to unlock etc dont work. Have to hold fob near push to start to start vehicle. Depending on proximity during drive the alert on dash may light up.
Few times I or S.O. has driven off without key (luckily realizing within a few miles of house or location of key). The Avalon will continue to run only having the alert on the dash. I'm guessing my defense here would be to let the batteries die in the fob. Ill still get most of the functionality without the risk. Keeping the battery one (when I want to sacrifice security for convenience) stored in a cage. Really like the attack though.
Assuming that the unlock is accomplished over 2-way communication (car calls to key, key responds), I can understand how an amplifier could boost the car signal to a key that was far away, but how does it boost the key's response to accomplish the second half of the process?
In practice, I have found the keyfobs tend to transmit with enough power that 50ft isn't a problem, provided they get an activation ping from the car.
[1] http://www.ebay.com/itm/Signal-Repeater-Enhance-wireless-ran...
Mr. Danev said his company was in talks with several car
manufacturers to install a chip that can tell how far the key
is from the car, thereby defeating the power-amplifier trick.However now with the new chipped keys that is far less likely. Yet at the same time we introduce new means to communicate with cars its likely without some sort of industry standards there will be holes as manufacturers will not be inclined to pass on lessons learned to others
Could be a small but lucrative business!
For this, I'd opt for a button on the key; it's still better than not forgetting to put the key to a Faraday cage. Cutting the power circuit and adding a button that restores it must be much simpler that refitting the entire car's locking system.
https://en.wikipedia.org/wiki/Distance-bounding_protocol
Apparently a solution was available in 2010.
Who knows, maybe I'm just not paying attention.
"How much worse could it be in Europe?"
Last month, Range Rovers in posh areas of London were being stolen so often that police were instructed to pull over any Range Rover in the vicinity to confirm it was being driven by its owner, the paper reported—which seems to be an extraordinary measure.
It’s problematic enough that Scotland Yard has published bulletins on it, and has a website about the kinds of thefts and how to prevent it: http://content.met.police.uk/Site/keylessvehicletheft
For those a bit more interested on the topic, The Sunday Times did a neat overview: http://www.driving.co.uk/car-clinic/six-ways-thieves-can-bre...
http://www.autoexpress.co.uk/land-rover/range-rover/89183/ra...
Here's another article from four years back; the tactic is likely older than that: https://news.ycombinator.com/item?id=2079289
Always remember: "Internet Of Things is also called IOT, because you'd have to be an IDIOT to believe they're secure".
http://thelede.blogs.nytimes.com/2013/06/25/why-snowdens-vis...
The attackers are just extending the range over which the key and the car can hear each other. The attackers don't need to decrypt or modify any of the traffic.
This is why I despair at all these new keyless cars. I would pay money to have a normal key over one of those, because it's more secure.
Also, one huge reason I would never want a keyless car: I can't check if it's locked before I walk off; I just have to trust that it will lock once I'm far enough away and before someone else jumps into it and drives off.
Only thing I'm gonna add is a Raspberry Pi for general monitoring, webcam and a 3G uplink with GPS.