SwedeSpeed - Volvo Performance Forum banner

1 - 20 of 25 Posts

·
Registered
Joined
·
807 Posts
Discussion Starter · #1 ·
How big is are the keycodes used by the new S80 "keyless go" option? I hope that they are a lot bigger than the 40-bit DES encoding used by BMW. David Beckham has had two X5s stolen because of hackers with laptops figuring out the key code.<p><A HREF="http://www.engadget.com/2006/05/03/becks-loses-two-bimmers-to-laptop-toting-thieves" TARGET="_blank">http://www.engadget.com/2006/0...ieves</A>/<p>And it is not just BMW:<p><A HREF="http://www.merit.edu/mail.archives/netsec/msg01448.html" TARGET="_blank">http://www.merit.edu/mail.arch....html</A><p>"Let's say you just bought a Mercedes S550--a state-of-the-art,<br>high-tech vehicle with an antitheft keyless ignition system.<p>After you pull into a Starbucks to celebrate with a grande latte and a<br>scone, a man in a T-shirt and jeans with a laptop sits next to you and<br>starts up a friendly conversation: "Is that the S550? How do you like<br>it so far?" Eager to share, you converse for a few minutes, then the<br>man thanks you and is gone. A moment later, you look up to discover<br>your new Mercedes is gone as well.<p>Now, decrypting one 40-bit code sequence can not only disengage the<br>security system and unlock the doors, it can also start the<br>car--making the hack tempting for thieves. The owner of the code is<br>now the true owner of the car. And while high-end, high-tech auto<br>thefts like this are more common in Europe today, they will soon start<br>happening in America. The sad thing is that manufacturers of keyless<br>devices don't seem to care."<p><br>
 

·
Registered
Joined
·
11,927 Posts
Re: easy to steal keyless drive car? (e1618978)

From the story it sounds like they don't even need to "copy" the signal of the key, they can just flood the car with keys until one works. That's really poor. Just making the keyspace larger (128bit) would solve that. Also only have the car accept maybe one signal per second so you can't brute force the attack in a short time period. This isn't difficult.
 

·
Super Moderator
Joined
·
39,263 Posts
Re: easy to steal keyless drive car? (Warpedcow)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>Warpedcow</b> »</i></TD></TR><TR><TD CLASS="quote">From the story it sounds like they don't even need to "copy" the signal of the key, they can just flood the car with keys until one works. That's really poor. Just making the keyspace larger (128bit) would solve that. Also only have the car accept maybe one signal per second so you can't brute force the attack in a short time period. This isn't difficult.</TD></TR></TABLE><p>You do not hear about scores of these cars disappearing, have you??? Come on, people. You think that auto manufacturers are THAT stupid???<p>Yannis
 

·
Registered
Joined
·
807 Posts
Discussion Starter · #4 ·
Re: easy to steal keyless drive car? (GrecianVolvo)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>GrecianVolvo</b> »</i></TD></TR><TR><TD CLASS="quote">You do not hear about scores of these cars disappearing, have you??? Come on, people. You think that auto manufacturers are THAT stupid???<p>Yannis</TD></TR></TABLE><p>Only because keyless go is not common in the US yet - and yes, it sounds like tons of these cars are getting stolen in Europe.<p>Warpedcow - it is not as easy as flooding the system with keycodes, that would take too long (with a trillion codes in 40 bits). But you can capture the key sequence, and it takes just a few minutes to decode a 40-bit key - in 1997 it took 4 hours, but computers are a lot faster now.<p>Yannis - if they are using 40-bit codes, then yes, they are that stupid (BMW and Mercedes seem to be). That is my question - what kind of encryption is Volvo using for their keyless go?
 

·
Registered
Joined
·
11,927 Posts
Re: easy to steal keyless drive car? (GrecianVolvo)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>GrecianVolvo</b> »</i></TD></TR><TR><TD CLASS="quote">You do not hear about scores of these cars disappearing, have you??? Come on, people. You think that auto manufacturers are THAT stupid???<br></TD></TR></TABLE><p>After reading more about it, I realize it's not as simplistic as I made it seem... however there are still "bugs" (security flaws) that allow a knowledgable person dump the data (wirelessly) off the car to figure out the code. They don't even need the key to crack the car! That's just poor.<p>The reason not "tons" are disappearing is because professional thieves don't post their tools on the public internet. It's the same with hacking computers. Despite the gazillion security patches for windows, you can't just do 5 minutes of google searching to find a program that lets you haxor an unpatched computer. It takes WAY more digging than that.
 

·
Registered
Joined
·
807 Posts
Discussion Starter · #6 ·
Re: easy to steal keyless drive car? (Warpedcow)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>Warpedcow</b> »</i></TD></TR><TR><TD CLASS="quote">The reason not "tons" are disappearing is because professional thieves don't post their tools on the public internet. It's the same with hacking computers. Despite the gazillion security patches for windows, you can't just do 5 minutes of google searching to find a program that lets you haxor an unpatched computer. It takes WAY more digging than that.</TD></TR></TABLE><p>The difference is that you don't need an underground contact to figure it out - there are plenty of books and university publications on cryptography that will teach you how to do it. True security would not come from restricted hacking information, it would come from keys that are long enough to be too hard to crack (128 bit?).<p>
 

·
Registered
Joined
·
11,927 Posts
Re: easy to steal keyless drive car? (e1618978)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>e1618978</b> »</i></TD></TR><TR><TD CLASS="quote">True security would not come from restricted hacking information, it would come from keys that are long enough to be too hard to crack (128 bit?).</TD></TR></TABLE><p>True security comes from more than just keysize - sometimes large keys (128bit or more) take too much "power" to encode with when you're talking about a keyfob with a small battery that is supposed to last "years". But you can make up for it with better security on the car itself, among other things - things like brute-force prevention (limit number of "tries" over a time period).
 

·
Registered
Joined
·
807 Posts
Discussion Starter · #8 ·
Re: easy to steal keyless drive car? (Warpedcow)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>Warpedcow</b> »</i></TD></TR><TR><TD CLASS="quote">True security comes from more than just keysize - sometimes large keys (128bit or more) take too much "power" to encode with when you're talking about a keyfob with a small battery that is supposed to last "years". But you can make up for it with better security on the car itself, among other things - things like brute-force prevention (limit number of "tries" over a time period).</TD></TR></TABLE><p>Or you can wrap your keyfob in tinfoil when not in use. <IMG NAME="icon" SRC="http://www.vwvortex.com/vwbb/smile.gif" BORDER="0"> <p>We have been protected for so long because our keys have double protection - the physical structure of the key has to match the lock, and the RFID inside the key has to match up with what the car expects. By removing one of those two checks, we are losing a lot of security.
 

·
Registered
Joined
·
189 Posts
Re: easy to steal keyless drive car? (e1618978)

Which way the signal broadcasting goes, is the car broadcasting the signall all the time or only the key ? Is the system never passive ?
 

·
Registered
Joined
·
807 Posts
Discussion Starter · #10 ·
Re: easy to steal keyless drive car? (turbot)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>turbot</b> »</i></TD></TR><TR><TD CLASS="quote">Which way the signal broadcasting goes, is the car broadcasting the signall all the time or only the key ? Is the system never passive ?</TD></TR></TABLE><p>The car is broadcasting periodically, the key responds when in range. In order to crack the code, the hacker needs two broadcasts and two responses in sequence (car->key, key responds, car->key, key responds) but some John Hopkins professors have a device that can do it when the key is not present.<p><A HREF="http://www.hackaday.com/entry/1234000303032502" TARGET="_blank">http://www.hackaday.com/entry/1234000303032502</A>/<br><A HREF="http://rfidanalysis.org" TARGET="_blank">http://rfidanalysis.org</A>/
 

·
Registered
Joined
·
189 Posts
Re: easy to steal keyless drive car? (e1618978)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>e1618978</b> »</i></TD></TR><TR><TD CLASS="quote">The car is broadcasting periodically, the key responds when in range. In order to crack the code, the hacker needs two broadcasts and two responses in sequence (car->key, key responds, car->key, key responds) but some John Hopkins professors have a device that can do it when the key is not present.<p><A HREF="http://www.hackaday.com/entry/1234000303032502" TARGET="_blank">http://www.hackaday.com/entry/1234000303032502</A>/<br><A HREF="http://rfidanalysis.org" TARGET="_blank">http://rfidanalysis.org</A>/</TD></TR></TABLE><p>I have never thought so far that this kind of keyless drive can really be a security risk, but it seems that it really can. Hope Volvo has thought this issue.
 

·
Registered
Joined
·
807 Posts
Discussion Starter · #12 ·
Re: easy to steal keyless drive car? (Warpedcow)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>Warpedcow</b> »</i></TD></TR><TR><TD CLASS="quote">True security comes from more than just keysize - sometimes large keys (128bit or more) take too much "power" to encode with when you're talking about a keyfob with a small battery that is supposed to last "years". But you can make up for it with better security on the car itself, among other things - things like brute-force prevention (limit number of "tries" over a time period).</TD></TR></TABLE><p>The S80 keyless fob is pretty big - I saw a picture somewhere, but can't find it now. I think that they probably have a lot of room for batteries in there.<p>Also - you used to be able to replace batteries in keyfobs (my 1995 850 had this - but I can't see how to do it in my more modern Volvo keys). Volvo may have to return to replaceable batteries.
 

·
Super Moderator
Joined
·
39,263 Posts
Re: easy to steal keyless drive car? (e1618978)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>e1618978</b> »</i></TD></TR><TR><TD CLASS="quote"><p>The S80 keyless fob is pretty big - I saw a picture somewhere, but can't find it now. I think that they probably have a lot of room for batteries in there.</TD></TR></TABLE><p>1.5" x 3".<p>Yannis
 

·
Registered
Joined
·
2,305 Posts
Re: easy to steal keyless drive car? (GrecianVolvo)

<A HREF="http://img89.imageshack.us/my.php?image=140sm.jpg" TARGET="_blank"><IMG SRC="http://img89.imageshack.us/img89/2333/140sm.th.jpg" BORDER="0"></A> <A HREF="http://img89.imageshack.us/my.php?image=130qf.jpg" TARGET="_blank"><IMG SRC="http://img89.imageshack.us/img89/8366/130qf.th.jpg" BORDER="0"></A>
 

·
Registered
Joined
·
187 Posts
Re: easy to steal keyless drive car? (T5_awd)

The large size and the fact that you need to insert the fob into the dash seems to somewhat defeat the purpose of the keyless function. Not a very good design IMO.<p>I do have keyless ignition on our other car as it came packaged with other options. While I didn't have any desire to get it, I actually really like it a lot!
 

·
Registered
Joined
·
189 Posts
Re: easy to steal keyless drive car? (PK)

<TABLE WIDTH="90%" CELLSPACING=0 CELLPADDING=0 ALIGN=CENTER><TR><TD><i>Quote, originally posted by <b>PK</b> »</i></TD></TR><TR><TD CLASS="quote">The large size and the fact that you need to insert the fob into the dash seems to somewhat defeat the purpose of the keyless function. Not a very good design IMO.</TD></TR></TABLE><p>Atleast in the S80 promotion video, where the car had a keyless system, the man just pressed the button and started driving. So no key in the hole.
 

·
Registered
Joined
·
2,305 Posts
Re: easy to steal keyless drive car? (turbot)

All the S80 there, had keyless. Then you don't have to insert the key. You can have it in you pocket etc. and just press the start/stop button. The picture with the key in the slot was just to show how it looks without keyless. I took that picture for you. Swedespeed only <IMG NAME="icon" SRC="http://www.vwvortex.com/vwbb/wink.gif" BORDER="0"> <IMG NAME="icon" SRC="http://www.vwvortex.com/vwbb/biggrin.gif" BORDER="0">
 

·
Registered
Joined
·
400 Posts
Re: easy to steal keyless drive car? (T5_awd)

When is Volvo ever going to design a fob that looks nice? They should shoot the company that makes those things. My sister's keyfob on her S40 is terrible too. I like Lexus' integration of the keyless with the key. Great idea.
 

·
Registered
Joined
·
189 Posts
How the keyless car is locked, automatically after a while when the driver has left the car or how the locking works in generally (is there some two way communication also in this case) ?
 
1 - 20 of 25 Posts
Top