On 2015-04-22 13:31 Jim Birch wrote:
>> However I could imagine a break-in device which simply recorded the response
>> when the owner was nearby and played it back when they were away, a form of
>> man-in-the-middle attack.
>
> Does that mean there is no challenge/response protocol in this system?
> Hard to believe - except that even more pissweak security mechanisms seem to
> be regularly attempted by people who should know better. I guess nothing
> happens until the proximity sensor changes from a selling feature to
> do-not-buy feature.
A challenge-response scheme would require the owner to get out the key and do
something ("what you know") which would defeat the whole purpose.
There's a good Wikipedia article at http://en.wikipedia.org/wiki/Smart_key if
anyone has the time & interest.
QUOTE:
In 2005, the UK motor insurance research expert Thatcham introduced a standard
for keyless entry, requiring the device to be inoperable at a distance of more
than 10 cm from the vehicle.[2] In an independent test, the Nissan Micra's
system was found to be the most secure, while certain BMW and Mercedes keys
failed, being theoretically capable of allowing cars to be driven away while
their owners were refuelling.[3] Despite these security vulnerabilities, auto
theft rates have decreased 7 percent between 2009 and 2010, and the National
Insurance Crime Bureau credits smart keys for this decrease. [4] [5]
UNQUOTE
But the article does confirm that malfeasance of the sort described in the
original report must have been a "relay station attack" which needs two
devices, one close to the key and another close to the car, as I suspected.
> It might be possible to develop signalling strategies that detect a repeater
> signal. It might also be possible to backrev a good old entry button (or an
> off switch) into the key.
The Prius-C key thingy has the usual manually operated wireless lock-unlock
buttons, as well as a mechanical key if all this modern-type technology becomes
too much or even fails. I've also noticed the key is detected at a much
greater range than 10cm, but still only in close proximity to the car.
A number of default settings for the Toyota Prius-C (at least) can be
customised, and that allows the manual lock-unlock feature and/or the smart
entry feature to be switched off altogether.
David L.
_______________________________________________
Link mailing list
[email protected]
http://mailman.anu.edu.au/mailman/listinfo/link
