More details:
http://www.isoc.org/isoc/conferences/ndss/11/program.shtml#id2a
Relay Attacks on Passive Keyless Entry and Start Systems in Modern
Cars
Aurelien Francillon, Boris Danev, and Srdjan Capkun
We demonstrate relay attacks on Passive Keyless Entry and Start
(PKES) systems used in modern cars. We build two attack realizations,
wired and wireless physical-layer relays. They allow the attacker to
enter and start a car by relaying messages between the car and the
smart key, independently of the presence of authentication and
encryption. We evaluate PKES systems of 10 car models from 8
manufacturers, discuss relevant systems’ details and propose a set of
countermeasures.
These attacks exist and Bluetooth proximity isn't proof against them.
I'll grant you that relay attacks aren't *common* methods of stealing
cars for one reason: a hammer, a hacksaw blade, and a broken window are
cheaper than $500 worth of electronics.
Back to the Bluetooth proximity fob. Geofencing has a number of serious
drawbacks. First is that it requires the GPS receiver and the Bluetooth
transceiver be operating continuously while the device is away and
that's going to kill battery life. Second is that GPS reception indoors
is often nil making it impossible for the app to detect its absolute
coordinates.
Even if you manage to overcome the first two issues then there is a
third problem that you can't overcome: accuracy. DGPS has a positional
(horizonal) margin of error of +/-5 meters and an altitude (vertical)
margin of error of +/-10 meters. The fob could be in a different room
or even a different building and still detect as close enough; or it
could be 3 inches away and detect as too distant.
Using a Bluetooth device as a key is certainly an interesting idea but
proximity isn't reliable as a security token.
--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
