Hacking: how do the "keyless" systems in our cars really work?

For some time now, the "tech" press (including us) has echoed the massive hacking of vehicles using so -called keyless systems allowing you to open your car with a simple remote control that you just need to have in the pocket or in his bag to be detected by the car. Many were surprised at the simplicity of the technique and above all, the lack of security on the part of the manufacturers . It must be said that there is a lot of information circulating on the technique in question and that most of the media (even specialized ones) omit certain essential points. Thanks to a reader (Nicolas), an expert in the automotive sector, we were able to come back to certain information, partly erroneous , which is relayed abundantly online, such as for example: In fact, both of these statements are false . If we tell you about it, it's also because we were fooled, because many oversimplify the technique. If we refer for example to the site of the famous Swiss Touring Club, it is written: This kind of assertion - which suggests that the key emits permanently - is also schematized in this way , as here at hackernoon.com: Even the prestigious Wired writes A hacker holds a device a few meters from the victim's key , while one thief holds the other close to the targeted car. The device near the car re-transmits the signal from the key. This generates a radio signal from the car's keyless entry system. In reality, it must be understood that our keys do not permanently emit RF waves (those which trigger unlocking and starting), this would probably consume too much electricity . Instead, they listen to a low frequency (LF) signal sent by the car. The detection of LF waves is done within a radius of only a few meters. The key (which receives) must be close to the car (which transmits). On the other hand, the key responds - not in LF - but by RF and there, the radius of action can reach several hundred meters (Think of the radio trigger for flashes and cameras for example.). Nicolas tells us. Take the case of the key, left in a house : In short, if your car is out of reach of the key , the risk is therefore more limited (but not completely zero). The only effective way to guard against this type of attack is to leave the key in a place far from outside access (at the other end of the house, for example) or to place it in a special pocket, impermeable to waves. (You can find them for 5€ on Amazon) Here is the real diagram of how our car keys work , which specifies that the signals are two-way and use different types of waves: Theoretically, there can therefore be the case where the key is located several kilometers away or out of reach of the car (in an underground car park, etc.). In this case, it will be necessary to relay not only the LF signal, but also the RF signal. And there, the technological means are much more substantial! I can confirm 100% that all PASE (Passive Start Entry) systems work the same way. says Nicholas. Another important information, there is a good exchange between the key and the car and the latter are obviously secure. A car key must operate between 2 to 5 years with normal use with a small battery. The microcontrollers used are very specific with limited computing power and must still perform AES128/256 encryption and decryption for example, and this , in record time to have a responsive system. In short, the exchanges are therefore indeed encrypted, and reproducing such a signal is therefore not enough to compromise the vehicle over time . As for the techniques intended to better secure the keys and avoid this type of attack, they should arrive soon: Solutions are under study and in development to make more reliable systems using other technologies such as UWB for example. This time, it will not be the strength of the signal that will be measured but the ToF (Time Of Flight) of the waves. Suffice to say that it will be extremely difficult to deceive this type of system 😉. Adding an accelerometer (as at Ford) adds components to the key , which increases its cost. Finally, we must not forget that the automobile is currently a sector in full mutation, where IT, AI and electronics now play a key role . And it is true that the media specializing in tech are often a little harsh on manufacturers, often considered unresponsive, outdated in terms of security, using old systems and unable to keep up with current developments . I would like to add, that in the automotive industry, we have constraints and requirements that make things that seem simple, are in fact much more complicated than they seem. Nicolas tells us correctly.