Thursday, March 28, 2019

Security Precautions for Keyless Ignition vs Remote Entry

This is certainly the most practical post in the history of this blog, but it involves the hazards of relying on modern technology; specifically, power over reliability; one characteristic of the twenty-first century.

Some months ago I came home from vacation to find my car door open - not wide open, in fact as shut as it could be without actually being closed. Of course the battery was stone dead. I worried that this meant my electronic entry system had been hacked (otherwise, I would have to accept that I'm the kind of idiot who doesn't close my car door all the way when I'm about to leave for vacation.) Recently, another person on my street had both their cars entered without any signs of being forced, and they're quite sure the cars were both locked. Neighbors have been advising me to put my car keys in a Faraday cage when I'm out of the house.

If this is actually a problem, you can't rely on car manufacturers and dealerships telling you about it, despite it being clearly documented as a real problem that occurs in the real world. (Also, yes I do physically block cameras on my devices when I'm not using them - and yes, my wife once caught a virus which started taking photos from her camera - and yes, when James Comey was director of the FBI, he recommended covering your device cameras as well.)

For grins, I called my Honda dealership and asked the service department about this. With what sounded like a straight face, the technician told me that this has never happened. When I told him it's been documented on video, his counterargument was: no it hasn't, it's never happened. So they weren't much help. Ultimately I called a locksmith who verified what I thought must be the case about the various systems. (If you're reading this and I have anything wrong, PLEASE comment.)

The reason I'm posting this is that I had so much difficulty trying to answer the question by searching online, partly because there's no consistent terminology that I could find online. That's why I ended up having to call the (useless) dealership and quite helpful locksmith. So let's define terminology.

A remote door opener (the older original kind, which is the kind I have) requires you to press a button to send a radio signal, which unlocks the car or opens the trunk. There may be a chip in the key that is required for the car to start when you turn the ignition - but you do have to put the key in an ignition. Most of these use a rolling code that changes each time. In other words, every time you press the unlock button, the car sends back a signal saying "okay, that's the right code and I'm opening the lock - but here's the new code for next time."

To review: remote door openers only send a signal when you press the button, and you have to physically turn the ignition.

Keyless entry may require you to press a button on a key fob to open the door, or it may just automatically unlock the car when you're standing right next to it. Then, once you're in the car, there's no ignition to turn, just a button to push. The car will only start if the key fob is very close (inside the car.) In this case, the key fob is constantly sending out a signal to the car without you doing anything - certainly, in order for the car to start, and (if your locks open automatically without pushing any buttons) to open the locks as well.

To review: keyless entry constantly sends out a signal, and when you're close enough to the car, the car will allow you turn it on (and may unlock automatically.)

The "hack" is called a signal amplification relay attack (SARA), and really only is useful for keyless entry, not for remote door openers. Why? Your keyless entry key fob is designed to be very weak so your car can't detect it from more than a few feet away. But if the key is close enough to the outside wall of your house, with a special device, a criminal can detect the coded signal, amplify it, and send it to another device that's right next to the car which repeats the code. No code-breaking required; just one device for picking up the code as it's being constantly transmitted by the keyless entry key fob, sending it to a second device next to the car which repeats it. The car thinks that the key fob is right there, opens, and allows itself to be driven. (This is exactly what they did in the link above.)

You could conceivably do the same thing to a remote door opener like mine, but the bad guys would have to be sitting on your street with their devices to record the signal when you press it. The weakness of keyless entry is that it's constantly transmitting and actually lets you start the car. This is in contrast to remote door openers, which only transmit when you press the button - and even then you still need the physical key to start the car.

CONCLUSION: if you have keyless entry, then YES, you should keep your keys in a Faraday cage - especially when they're going to be sitting unused for a long period (when you're on vacation.) Most people recommend wrapping in aluminum foil or putting them in a coffee can, inside your refrigerator. (I'm only repeating what I've read and make no claim as to whether this is actually enough to defeat SARA devices.) It would be much harder to do this to one of the older remote entry keys, and I am definitely not planning to get a keyless entry key fob. The risk:benefit is obvious. The only benefit to keyless entry is literally that you don't have to press a button, and don't have to move your arm to turn a key - in exchange for exposing yourself to this security problem.

No comments: