Do Not Sell My Personal Information Jump to content


Keyless entry


Chammers
 Share

Recommended Posts

Just been reading about the amount of cars with a keyless entry system that are stolen using a relay to transmit the code. My Lexus LC500 is due to be delivered in September and I wondered if anyone knew how secure or otherwise the Lexus security system is?

Link to comment
Share on other sites


Or buy a big yellow steering lock - not pretty but deterrent is the best defence. If they think it's too much hassle they'll move to a softer target.


IMG_20190120_193536.thumb.jpg.0e92d03acb05144051a5ae8342d10f5e.jpg

  • Like 1
Link to comment
Share on other sites

8 minutes ago, NemesisUK said:

One can easily disable the fob by a double press of the lock button. This prevents the fob from transmitting.

You sure Peter? Doesn't that just double-lock the car? It does on my RX450h.

Link to comment
Share on other sites

1 hour ago, Herbie said:

You sure Peter? Doesn't that just double-lock the car? It does on my RX450h.

Sorry posted in a haste...

I ment the lock button on the fob, not the door. As you say double touch on the door handle will deadlock the car.

Link to comment
Share on other sites

2 minutes ago, NemesisUK said:

Sorry posted in a haste...

I ment the lock button on the fob, not the door. As you say double touch on the door handle will deadlock the car.

So will a double press of the lock button on the fob.

Link to comment
Share on other sites


14 minutes ago, Herbie said:

So will a double press of the lock button on the fob.

See, now, nothing ever goes right when one is rushing...

Now I've sat down, gathered my thoughts (consulted with the handbook !) and this is what I was trying to say.

On the key fob, press unlock twice while pressing and holding
lock. Confirm that the electronic key indicator flashes 4 times.

This will disable that fob from operating the keyless entry system. Remember to do this with the spare key also.

  • Haha 1
Link to comment
Share on other sites

When will other manufacturers implement 2 factor authentication? So far as I know only Tesla currently offer it, but with all the screens and keypads and buttons in cars it shouldn't be difficult to do (but it needs to be designed in from the start - however, people have been aware of Relay theft for plenty long now that a car as new as the LC should have it). 

Link to comment
Share on other sites

On 8/22/2019 at 4:25 PM, i-s said:

When will other manufacturers implement 2 factor authentication? So far as I know only Tesla currently offer it, but with all the screens and keypads and buttons in cars it shouldn't be difficult to do (but it needs to be designed in from the start - however, people have been aware of Relay theft for plenty long now that a car as new as the LC should have it). 

Well iam not to sure about that

https://www.businessinsider.com/locked-tesla-stolen-30-seconds-london-signal-relay-2019-8?r=US&IR=T&utm_content=bufferda727&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer-ti&fbclid=IwAR06adcp4OeQbXNKgK3xxCuu69GxxMNd_oqi_4W0Yis-y6FuFefcaVnoqhw

 

just put your keys, including your spare in a Faraday pouch, problem solved for £2.99

  • Like 1
Link to comment
Share on other sites

A new problem has come to light. If you have a tracker, the company won't tell you where the car is as it breaches the thieves GDPR data rights, namely 'location data'.

Have to laugh.

Sent from my BV5800 using Tapatalk

Link to comment
Share on other sites

4 hours ago, wendle said:

Yes, it does require the user to actually enable it in the first place...

Link to comment
Share on other sites

On 8/22/2019 at 1:06 PM, NemesisUK said:

See, now, nothing ever goes right when one is rushing...

Now I've sat down, gathered my thoughts (consulted with the handbook !) and this is what I was trying to say.

On the key fob, press unlock twice while pressing and holding
lock. Confirm that the electronic key indicator flashes 4 times.

This will disable that fob from operating the keyless entry system. Remember to do this with the spare key also.

This only works on the later gen key fobs ( systems ) and not the one present on the  3RX unfortunately. 

  • Like 1
Link to comment
Share on other sites


3 hours ago, ISJason said:

What is two-step verification? I’m not familiar with the thing when it applies to cars.


Sent from my iPad using Tapatalk

It is where you need two forms of identification before you can start the car. So I’m guessing it will be the app on your phone on the Tesla which takes the place of a ‘key fob’ plus a pin you input on the screen. 

The old pre facelift Peugeot 306 from the mid 90’s required a physical key and a pin code to be inputted via a number pad before it would start. 

Link to comment
Share on other sites

Security theory says that there are 3 ways to verify a user's identity:

What they have -  a key

What they are -  biometrics, fingerprint, facial recognition, iris/retina scan

What they know - password, pin

Single factor security is what most of our cars and houses rely upon - possession of a key. 2 factor security requires something from two of the above groups (for example, to withdraw cash from your bank account you need your card (something you have) and your PIN (something you know)). 

Tesla have a PIN-to-drive option, so that you must know the PIN in addition to possessing a valid key (whether it's a fob, card key or phone key). 

2 factor security isn't new, as the above peugeot example highlights. I'm sure we've all heard tales of people hiding fuel pump switches under the dashboard of old cars - something as simple as that still requires the user to know something. 

Relay thefts overcome the need to have the key, by exploiting the weakness of keyless entry. Relay thieves don't want to mess about, they want to be in and gone. A simple steering lock typically deters relay theft

  • Like 2
Link to comment
Share on other sites

Hello,

Really interesting. I’m surprised Lexus along with other marques didn’t introduce this ages ago. Surely a smart system with the addition of a pin code introduced on the dash display would solve the problem of theft.


Sent from my iPad using Tapatalk

Link to comment
Share on other sites

The problem for most car manufacturers is that they don't design or make what is in their vehicles. 

Most cars are basically a box of bits from different suppliers - Infotainment from PASA, seats from Chevalier, glass from St Gobain, window modules from Pektron, lights from Hella, Ignition/ECU from Denso, turbochargers from BorgWarner, wheels from Enkei, shocks from Sachs, etc. Traditional car makers basically produce engines and bodyshells and put all of the bits together. 

This is then the reason why they can't do this - the Infotainment system is from a third party supplier (PASA, Garmin, Aptiv, Conti,etc) and is completely separate from the engine/driving electronics. Ceding authority over starting the car to an additional third party supplier opens the car manufacturer up to significant risks (especially if the infotainment system has connected services, ie an internet connection - you've now opened up the possibilty for external attack to have authority over disabling the car). 

FCA suffered from this: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Tesla are much more vertically integrated than other car makers - they design their own hardware for all body electronics and infotainment and ADAS, and write all of their own software. They make their own seats even. They have engaged very positively with white-hat hacking groups, often running hackathons (and offering up cars as prizes - hack this tesla and you can have it, as long as you help us fix the vulnerability: https://www.cnbc.com/2019/03/25/pwn2own-hackers-found-a-bug-in-teslas-system-won-model-3-and-cash.html) and they have a long-running "bug bounty" scheme. Of course they are not perfectly secure, but they are doing the right things to resolve vulnerabilities as far as possible. 

The other part of this puzzle is that Tesla are able to make updates to all Tesla vehicles (well ok, not the roadster, but all others) remotely, over-the-air. Every other vehicle on the market requires a trip to the dealer to update software (and in my experience, dealers are very unwilling to perform software updates on vehicles unless the vehicle is specifically recalled to do so). Tesla introduced Pin-to-drive in 2018 in response to the relay theft threat, and pushed to all Tesla built from 2012 onwards. Other car manufacturers can't do this because, as I said earlier, they do not own the hardware nor the software design of the systems inside their vehicles. 

This will have to change as cars move forward. Car manufacturers have to take ownership of electronics hardware and software, otherwise they will lose out in the marketplace. This is beginning to take place (for example, Ford bought Research In Motion (aka Blackberry, the phone people) in order to acquire skills and experience in these two areas, and through that are bringing the design of their systems in-house). 

  • Like 3
Link to comment
Share on other sites

6 minutes ago, ISJason said:

So, who makes the parts for Lexus and Toyota? Don’t they make their own cars ?


Sent from my iPad using Tapatalk

 

Toyota and Lexus do make their own cars but what I-s is referring to is that they do not make every component that goes in to building their cars. 

Link to comment
Share on other sites

It's not a criticism, it's simply the way that most of the auto business works. 

I don't know who the specific OEMs that Toyota use are, and it varies between models anyway. Each oem bids on various projects from each auto maker. 

For example, Garmin just won the contract for the next generation of BMW iDrive. 

Another example is Gentex, who have over 90% market share for auto-dimming mirrors. They also own Homelink. 

Each tier one supplier will supply multiple auto makers, and each auto maker uses multiple tier one suppliers, so that way everyone is hedged against any one company having a problem. 

Link to comment
Share on other sites

2 hours ago, i-s said:

It's not a criticism, it's simply the way that most of the auto business works. 

I don't know who the specific OEMs that Toyota use are, and it varies between models anyway. Each oem bids on various projects from each auto maker. 

For example, Garmin just won the contract for the next generation of BMW iDrive. 

Another example is Gentex, who have over 90% market share for auto-dimming mirrors. They also own Homelink. 

Each tier one supplier will supply multiple auto makers, and each auto maker uses multiple tier one suppliers, so that way everyone is hedged against any one company having a problem. 

They may not own their whole supply chain (but in the case of Toyota they have a significant investment in a lot of it, look up Denso) but the car manufacturers do specify all the components that go into their cars. 

This is the way a lot of consumer electronics works, you may have an OEM who is good at core electronics, but not LED panels or software so they will buy these items in specifying requirements, including security so that they can produce say a TV. 

From your description sounds like maybe the car industry has a lot of catching up to do. 

Link to comment
Share on other sites

Some really interesting contributions to the topic I started - many thanks.

I have read about Faraday pouches before, but understand the bag has to be completely sealed to work - not always easy if your car key is one of many on a key ring.

And a further question if I may, regarding relay theft - how close to the car key does someone have to be to be able to relay the code?

Link to comment
Share on other sites

5 minutes ago, Chammers said:

And a further question if I may, regarding relay theft - how close to the car key does someone have to be to be able to relay the code?

If the scrote with the relay box is at the front of the house and the key is at the furthest point at the back of the house, they can receive the signal.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



×
×
  • Create New...