Urban myth or not?

[devonwoody]

pasted this email I received from Oz.





Subject: FW: Fw: Car Locking - Just in case


















Car Locking – Just in case - -
How to Lock Your Car and Why

I locked my car. As I walked away I heard my car door unlock. I went back and locked my car again three times.
Each time, as soon as I started to walk away, I would hear it unlock again!! Naturally alarmed, I looked around and there were two guys sitting in a car next to the store. They were obviously watching me intently, and there was no doubt they were somehow involved in this very weird situation. I quickly chucked the errand I was on, jumped in my car and sped away. I went straight to the police station, told them what had happened, and found out I was part of a new, and very successful, scheme being used to gain entry into cars.
Two weeks later, my friend's son had a similar happening.....While traveling, my friend's son stopped at a roadside rest to use the bathroom. When he came out to his car less than 4-5 minutes later, someone had gotten into his car and stolen his mobile phone, laptop computer, sat nav, briefcase......you name it. He called the police and since there were no signs of his car being broken into, the police told him he had been a victim of the latest robbery tactic – there is a device that robbers are using now to clone your security code when you lock your doors on your car using your remote locking device.

They sit a distance away and watch for their next victim. They know you are going inside of the store, restaurant, or bathroom and that they now have a few minutes to steal and run. The police officer said to manually lock your car with the key -- that way if there is someone sitting in a parking lot watching for their next victim, it will not be you.

When you lock up with the key upon exiting, it does not send the security code, but if you walk away and use the remote button, it sends the code through the airwaves where it can be instantly stolen.
This is very real.

Be wisely aware of what you just read and please pass this note on. Look how many times we all lock our doors with our remote just to be sure we remembered to lock them -- and bingo, someone has our code...and what ever was in our car.

Snopes Approved --.Please share with everyone you know

 

[monkeybiter]

Sound feasible.

 

[misterfish]

If you look at http://www.snopes.com/autos/techno/lockcode.asp they on the second half of the page actually explain and say that technology since the 1990s have moved on and this is most unlikely.

Misterfish

 

[nanscombe]

Whoops, the bit below says ...

In mid-2008 some anonymous person thought to add a "Snopes approved" line to the e-mail being circulated. In a nutshell, no, the item is not "Snopes approved" — we take issue with almost all of the e-mail's premise

I seem to remember, from the dim and distant past, seeing a science programme (possibly Tommorow's World) demonstrating a keyless remote locking system working on a (pseudo) random sequence of numbers. The system would know what the next 5 (or whatever) numbers in the sequence should be and the lock would would only respond if it received one of them.

I guess the reasoning would be that if the key were pressed, whilst out of range, it would be out of sync with the lock.

ETA:
Keeloq

Microchip introduced in 1996[5] a version of KeeLoq ICs which use a 60-bit seed. If a 60-bit seed is being used, an attacker would require approximately 100 days of processing on a dedicated parallel brute force attacking machine before the system is broken

 

[Heath Robinson]

Copying your code and brute force are two very different things.
Your car can pick up, and interpret your fob's signal, so I don't see that that signal couldn't be picked up by something else. It's just a matter of having the right algorithms for each make/model of blipper.
I'll ask one of my more interesting friends to find out if this is doable, and if it's being done.

 

[Heath Robinson]

P.s. he's not a naughty man, just a very clever one, and one who knows where to look for naughty information.

 

[nanscombe]

The Wiki article also mention the Side Channel method of attack.

The most devastating practical consequence of the side-channel analysis is an attack in which an attacker, having previously learned the system's master key, can clone any legitimate encoder by intercepting only two messages from this encoder from a distance of up to 100 metres (330 ft). Another attack allows to re-set the internal counter of the receiver (garage door, car door, etc.) which makes it impossible for a legitimate user to open the door.

If such an attack were planned, I imagine that the victim would have to be staked out and attacked at a later date once the code had been cracked.

 

[devonwoody]

I reckon the easiest way would be to employ Oliver Twist and get the keys when the lady is shopping in the supermarket. :wink:

Or I would just walk off with her trolly and handbag in the cage.

 

[Setch]

This is indeed an urban myth, fobs have been immune to this technique for many, many years, and the handful which might still be vulnerable are not remotely desirable to thieves who are ambitious enough to invest in the technology required.

However, there is a related lesson to learn about locking your car, which should be common sense, but isn't (you know what they say about common sense...).

ALWAYS check for the visual and audible indicators that your car has responded to the remote. Criminals are apparently targeting cars using a simple jamming device, which prevents the car receiving the signal from the remote, with the result that people 'beep' their car, and walk off leaving it unlocked. This can happen anyway without outside intervention if your remote battery is low, but it can ONLY happen to careless folk who assume their car has locked without checking. Frankly, it's no different to leaving the house without checking the door has closed behind you, but people do that too!

 

[JakeS]

It's just a matter of having the right algorithms for each make/model of blipper.

I know more about this from the point of view of computer/Internet security than I do specifically related to car fobs, but assuming that the people who make car fobs learn from the same sources: in practice there's no reason whatsoever that a message should ever be so insecure that simply intercepting a few messages and knowing the algorithm used to encode them would be enough to easily decrypt them and/or forge a message that appears to be legitimate but isn't.

If it were so easy, then it would be impossible to safely use your credit card over the Internet without the details being stolen, because the public Internet between you and the website you're buying stuff from is effectively eavesdroppable.



A simple(!) example is public/private key encryption, which is used on a massive scale and is very reliable. It's based on a mathematical method which produces two keys, such that messages encrypted with one key can only be decrypted with the other one, and vice versa. This has been mathematically proven, it's a solid technology and it's been in use for a long time and works.
So in this method, maybe your key fob and your car start out with keys A1 and A2.
- You press the button, and your key fob would encrypt a "lock this car" message using A1 and send it out.
- The car receives the message, and uses key A2 to decrypt that message. It knows that the message must have come from the key fob, because only the key fob knew the key A1 which allowed the message to be encrypted, so it locks the car.
- Then the car generates a new pair of keys B1 and B2, puts B1 of them in a message, encrypts that message with key A2 that it started with and sends it out; the fob picks up the message, decrypts it with key A1 that it started with, and realises that these new keys must have come from the car, because only the car knew key A2 that allowed the message to be encrypted.
- The fob then forgets A1 and remembers B1 instead, because this is the key it needs to use next time; the car likewise forgets A2 and remembers B2 instead.

The criminal with a snooper can't do much with the messages he intercepts, because he doesn't have either of the keys. Replaying the A1-encrypted "unlock this car" message won't help him, because the car has already forgotten key A2 and moved on to a new key pair. He doesn't have key A2, so he can't decrypt the message, and he doesn't have key A1 so he can't decrypt the message with the new fob-key in, so he can't construct a new "unlock this car" message which would work.

If he knows exactly which algorithm is being used he can brute-force it, and just try every single possible key to see if it works, but generally encryption using this kind of technique uses keys which are so long it would take more time than is left in the universe to try them all, and even if he does get lucky, you'll have locked and unlocked your car several times and be on a completely different pair of keys by the time he works out the first message. Your car probably also has a built-in limit to only listen to X messages every second to make the criminal's life even more difficult if he tries to unlock your car rather than trying to decrypt a captured message.



To the best of my knowledge, outside of programming mistakes this kind of encryption is only known to be vulnerable to an attack by quantum computers - and they don't really exist yet. There's more to the process than I outlined above, because you'll need a more complex handshake to ensure that both sides know the new key before forgetting the old ones, and odds are that the two sides will also use a different 'lock this car' message each time - maybe one that they arranged six lock cycles ago or something - to make it even more difficult for someone to do anything based on a handful of intercepted messages, but the principle is sound and in regular use in Internet communications.

I guess there's a small chance that the criminal may be able to intercept every single one of your lock/unlock messages, start work brute-forcing the first one and follow your car around for the next week, month, year... monitoring every single time you use the key fob just on the incredibly unlikely chance that he'll be unbelievably lucky and quickly find the right key to decrypt the first message, then he can run through all the messages and work out the chain of keys being used and then finally unlock your car with a forged unlock message... but frankly, the odds of success are so low and the time and hassle involved so high that if he can do this purely on the speculative chance he might possibly eventually brute-force crack the first message, he probably has the money to buy his own damn laptop.

 

[Chems]

Don't know about other car makes, but someone got hold of the BMW master key system and started knicking the cars, watch the video. This was very recently about Sep-Oct last year.

http://www.bbc.co.uk/programmes/b006mg7 ... technology


On a un-related note, my car locked itself a few months back with the key in the ignition. It wasn't on just in there. The car was having a spring replaced, we could only assume it was some anti-tamper protocol as the car was jacked up or some electrical oddity. Not very helpful considering the spare key was 50 miles away.

 

[Tom K]

On a un-related note, my car locked itself a few months back with the key in the ignition. It wasn't on just in there. The car was having a spring replaced, we could only assume it was some anti-tamper protocol as the car was jacked up or some electrical oddity. Not very helpful considering the spare key was 50 miles away.

Mondeos do that quite a lot what are you driving?

 

[monkeybiter]

There's more to the process than I outlined above, because you'll need a more complex handshake to ensure that both sides know the new key before forgetting the old ones

And to allow for two fobs to work independently on the same car.

 

[Robbo3]

Because modern anti theft devices now make a vehicle almost un-stealable the thieves have changed tactics & target the keys instead, either by theft, burglary or using extendable poles poked through the letterbox.

To my surprise, modern cars automatically lock all the doors a short time after the engine has been started to prevent hijacking.

Why surprise? Because back in the 1970s a friend of mine got threatened with arrest by the local Bobby if he ever caught him driving with the doors locked. The reason given was for easy access by the Emergency Services in the event of an accident.

Robbo

 

[monkeybiter]

25 Years ago in the US the car I was in had auto central locking once moving.

 

[Chems]

On a un-related note, my car locked itself a few months back with the key in the ignition. It wasn't on just in there. The car was having a spring replaced, we could only assume it was some anti-tamper protocol as the car was jacked up or some electrical oddity. Not very helpful considering the spare key was 50 miles away.

Mondeos do that quite a lot what are you driving?

The Mondeo's little brother. The thing is the work was been done by one of Fords top mechanics, been working for them for years, teaches at the Ford college and troubleshoots the new models, and he said he'd never seen it happen before. Its so easy to lock your keys in, the fiesta has no boot button, but the focus does and its still easy, you can open the boot with the key and shut the boot, but the car is still locked so have to be careful not to leave them in there. And if you open some of the newer cars with the spare key using it in the door lock it sets off the alarm?

Why surprise? Because back in the 1970s a friend of mine got threatened with arrest by the local Bobby if he ever caught him driving with the doors locked. The reason given was for easy access by the Emergency Services in the event of an accident.

Common urban myth that one, obviously its valid if your knocked out and the door is just locked. But I think its more people saying that it will make it harder for the doors to be forced open. I asked about it when I was training to be a firefighter. The explanation is that the mechanic that holds the door shut is still the same weather locked or unlocked, all that happens when you lock the door is it deactivates the handle on the outside and deadlock does the inner handle too. Modern locks are so strong that we prefer to attack the hinges with the spreader over the lock because the lock just tends to rip the metal as its so strong rather than pop open whereas the hinges will pop a little easier.

Best urban myth though is that mobiles cause explosions in petrol stations.

 

[nanscombe]

Modern locks are so strong that we prefer to attack the hinges with the spreader over the lock because the lock just tends to rip the metal as its so strong rather than pop open whereas the hinges will pop a little easier.

Or simply go in through the roof ... :shock:

Firemen forced to cut off roof from £16,000 police car to rescue injured woman

 

[Chems]

Yeah that is actually really common, people get out feel ok, nice passer by says "oh come sit in my car". Adrenalin passes and next thing you know the good samiritan is having their roof off! Maybe less common now as ambulances carry a bit of kit now called the kedge (sp?), its sort of an inflatable spineboard that you can put on while seated and take someone out without the need for the roof coming off.

 

[Robbo3]

Why surprise? Because back in the 1970s a friend of mine got threatened with arrest by the local Bobby if he ever caught him driving with the doors locked. The reason given was for easy access by the Emergency Services in the event of an accident.

Common urban myth that one.

No urban myth. I was there & heard the conversation.

Possibly it was bluster on the part of the PC because he couldn't find anything for which to nick my friend.

Robbo

 

[John Brown]

I got the impression that the BMW scare currently being reported involves breaking into the car and then access the on-board computer(via the OBD, maybe?) to extract the info required to clone a key.
I could be wrong, as the news reports were a bit sketchy.
Certainly all modern cars use rolling codes, and I think most lock the doors at 15MPH or thereabouts.