Speak EV - Electric Car Forums banner

1 - 20 of 24 Posts

·
Registered
2017 Golf GTE
Joined
·
2,128 Posts
Discussion Starter #1
I am taken aback by the ID3 keyless entry and start system.

Maybe no-one steals cars in Germany. Now it seems that you can get in via electronic signals ( reproduceable by criminals) and the car is ready to go without further unlocking.

Very convenient, cheaper to build, a gift for the felons.

Have I missed something?
 

·
Premium Member
Joined
·
11,453 Posts
In a recent report VW claimed they had implemented fixes to thwart relay attacks. Do you have any information contradicting that? Obviously VW aren't know to be always truthful :rolleyes:
 
  • Like
Reactions: cah197

·
Registered
Joined
·
950 Posts
I believe the latest VW keys have a go to sleep function where they don't transmit if they have not moved for a short period even if polled by the car. This effectively stops the man in the middle type of thefts unless you're doing aerobics next to the front door with the key in your pocket when they are trying to steal the car!
 

·
Registered
Kia Soul EV 2020
Joined
·
1,828 Posts
I believe the latest VW keys have a go to sleep function where they don't transmit if they have not moved for a short period even if polled by the car. This effectively stops the man in the middle type of thefts unless you're doing aerobics next to the front door with the key in your pocket when they are trying to steal the car!
I'm not sure what specific tools VW is using but I have also heard of a "time of flight" approach as well, basically comparing the time it takes the key to respond to a query by the car. Which is a rough "distance from the car" calculation.
 

·
Registered
Renault Zoe 50
Joined
·
17,741 Posts
I'm not sure what specific tools VW is using but I have also heard of a "time of flight" approach as well, basically comparing the time it takes the key to respond to a query by the car. Which is a rough "distance from the car" calculation.
Is that what the Bluetooth keys use, or do they just use another method?
 

·
Registered
Joined
·
41 Posts
The whole world uses secure over the air access to anything from bank accounts to power plants to nuclear weapons. Although tbf Homer does have a BIG key labelled 'KEY'.
 

·
Registered
Renault Zoe 50
Joined
·
17,741 Posts
The whole world uses secure over the air access to anything from bank accounts to power plants to nuclear weapons. Although tbf Homer does have a BIG key labelled 'KEY'.
The relay attack is a different problem. It doesn’t require the signal to be decrypted.
 

·
Registered
KIA Soul EV 64kWh
Joined
·
204 Posts
I am taken aback by the ID3 keyless entry and start system.

Maybe no-one steals cars in Germany. Now it seems that you can get in via electronic signals ( reproduceable by criminals) and the car is ready to go without further unlocking.

Very convenient, cheaper to build, a gift for the felons.

Have I missed something?
Isn't that the same as most cars built in the last 10 years? Some keyless systems have protection against man-in-the-middle attacks
 

·
Registered
2017 Golf GTE
Joined
·
2,128 Posts
Discussion Starter #9
In a recent report VW claimed they had implemented fixes to thwart relay attacks. Do you have any information contradicting that? Obviously VW aren't know to be always truthful :rolleyes:
I'm sure VW have been very clever and I expect that they are being truthful too. However there are plenty clever hackers out there who will eventually find a way round whatever electronic system you develop. It's an industry.

Certainly keeps the security software people employed, not to mention the police, insurance loss adjusters etc etc.
 

·
Registered
Joined
·
3,879 Posts
You aren't going to be able to hack round a time-of-flight check, unless you've discovered a way to transmit information faster than the speed of light! :eek:
 

·
Registered
2017 Golf GTE
Joined
·
2,128 Posts
Discussion Starter #13
Good to know that the car is protected by a TLA!

In all seriousness, I will probably chance it anyway.
 

·
Registered
Joined
·
209 Posts
Maybe I'm being dense, but I don't really get how using UWB for positioning fixes the issue. All it does is locate the signal source, it doesn't verify the signal source is actually the key in the owner's pocket. I wonder what their secret sauce is... I'd guess either clever handshaking that stops relays working, or just hoping that nobody looks at it too closely.
 

·
Registered
Joined
·
49 Posts
I'm no technical expert but the German articles says (via Google translate in Chrome)"
"The spatial position of the rightful car owner is precisely determined from the time it takes to send and receive these signals - the so-called "time of flight". A previously possible tapping of the radio signal, for example for theft, is now no longer possible.
With conventional "keyless" systems, only the signal strength of the key is measured: the larger it is, the closer the user is to his vehicle. This signal could be tapped and used by unauthorized persons.
UWB enables a centimeter-accurate and above all non-manipulable position control of the user - at any time and at the speed of light. This is also a real plausibility check that the lawful driver or passenger is approaching the vehicle. The car can also unlock individual doors appropriately, depending on where the driver is approaching the car."
 

·
Registered
Joined
·
3,879 Posts
Interesting article here: UWB on Car Fobs article and it says "...With UWB, an attempt to intercept and amplify a signal during a relay attack will only delay the arrival of the responding device’s acknowledgement signal, which should then make it obvious to the UWB-based lock that the responding device is actually farther away, not closer. According to the FiRa consortium, any UWB signal that attackers succeed in intercepting and boosting won’t trick a UWB-equipped lock into opening. ..."

If they're successfully timing the Time-Of-Flight to 2 nanosec precision, that's about 60 cms the radio signal has travelled. So if the fob-they're-trying-to-boot-the signals-of is significantly further away than this, the time of flight reveals the true total distance, also this will apear even larger than it really is if there's any delay in the interception kit, so the spoof becomes obvious.
 

·
Registered
Joined
·
209 Posts
I think you have to add in delay on any amplifier circuits as well.
And the variation you get in amplifiers, timing circuits, etc. from changes in operating conditions and aging of the circuits - which will be partially systematic and partially random. They might be cal-ing the arse off all of their circuits periodically, or they might have blown the tolerances wide open, or mystery third option... the system teardown reports will be very interesting reading.
 

·
Registered
Joined
·
546 Posts
From my reading of it (at least as VW are implementing it) there are multiple fixed nodes around the car all communicating with the 'key fob', so for engine start at least it works out that the key fob is between the nodes (ie in the car).

But still - the short time periods being measured and the cumulative errors in measuring differences in times suggests they are either doing something very clever with the electronics, or they are not being entirely honest.
 

·
Registered
Joined
·
209 Posts
they are either doing something very clever with the electronics, or they are not being entirely honest
Probably a bit of both. Half of the stuff I do at work is clever electronics, the other half is carefully wording answers to questions. I'd rather just do clever electronics, but the industry doesn't favour that as it's more expensive than a clever answer.
 
1 - 20 of 24 Posts
Top