Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> A simple button on the fob (rather than in the car) that you must press to open the doors and to start the engine would mitigate the attack.

Yes, reverting from passive-supported to active-only remote entry/start would eliminate the attack by eliminating the feature on which it is based. OTOH, the handsfree nature of passive remote entry is a major selling point.



Selling point for some. For others, either a "do not buy" point or "crammed down your throat" point.

There is a general trend that car electronics is increasingly acquiring behavioral features that annoy me, that cannot be disabled. This is all across the board; if you don't like it, you have fewer and fewer options: pretty soon, you will have to drive a used old beater if you don't like what new cars are doing.


As long as they’re not susceptible to replay attacks.

If they are, just do a stakeout and then replay it later in the day to gain access.


A challenge-response notification would not be susceptible for a replay attack


Mount the receiver to a drone and park it on the roof of a garage you want. Even hop around the neighborhood and capture - a whole new level of war-driving.

Fly the drone into gated estates, or better yet a country club drive-up near the valet and record many high-value signals.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: