The future looks bleak for us.

[amschind]

So your key fob constantly blasts a VERY finite list of RF unloc and start codes to the whole world. It is not challenging for someone to pick up on these and then spoof them to your truck, which is blissfully ignorant that the car thief in booth next to you at the coffee shop isn't you. I want to see if I can get my Flipper Zero to read the codes and then try to use that as a key. The advantage is that the fob is constantly blasting out the secret code like 'Coy's redhead girlfriend at the Shriners' dinner, while you can toggle a Flipper on or off.

I bring this up as an example of stuff that should actually be the priority, vs internal MITM attacks. Phone as Key with a biometric authorization isn't going to adequately secure the nuclear launch codes, but it would eliminate a lot of the stupid backdoors that the current system has.

Sponsored

 

[Alfecupe]

Yeah, I don't even want to talk about stuff the gov or defense contractors are coming up with. Besides "AI" being a buzzword to pump stock, the way companies push garbage software updates, I can guarantee malfunctioning "perfectly safe" combat robots will be regularly killing civilians accidentally before my grandkids are old.

I suggest we just start calling them Skynet right away

 

[RGrove]

So your key fob constantly blasts a VERY finite list of RF unloc and start codes to the whole world. It is not challenging for someone to pick up on these and then spoof them to your truck, which is blissfully ignorant that the car thief in booth next to you at the coffee shop isn't you. I want to see if I can get my Flipper Zero to read the codes and then try to use that as a key. The advantage is that the fob is constantly blasting out the secret code like 'Coy's redhead girlfriend at the Shriners' dinner, while you can toggle a Flipper on or off.

Did you ever try the flipper on the keyfob?
I didn't think they worked like that. I assumed the truck was constantly putting out a short range signal, and the fob received it when in range, then responded with a code that ID'S it to the truck. Then they recoded to each other for the next interaction. Garage door openers mastered rotating codes long ago, so I'd be really surprised if this software monster of a vehicle completely overlooked such a basic security concept.

 

[amschind]

Did you ever try the flipper on the keyfob?
I didn't think they worked like that. I assumed the truck was constantly putting out a short range signal, and the fob received it when in range, then responded with a code that ID'S it to the truck. Then they recoded to each other for the next interaction. Garage door openers mastered rotating codes long ago, so I'd be really surprised if this software monster of a vehicle completely overlooked such a basic security concept.

I haven't yet. The issues as I see them are 1) that yes, opposite of what you'd expect, giant automakers muck this up and 2) the truck's broadcast request for a handshake is at best sniffable and at worst a finite list.

To expand upon 2, let's say a bad guy wants your vehicle. If the list of truck broadcast codes is finite and sufficiently small, then bad guy just loads that list of codes on his device, sits beside you at the restaurant, and then his device runs the list of codes until it gets a hit. He then walks to your vehicle, replies to the truck's handshake request with the code that he got from your fob's reply, and drives off in your wheels (or just loots your stuff, depending upon an additional level of security for engine start). It's a bit different if the list of truck broadcast codes is larger, but fundamentally not much harder. Bad guy's device sniffs the RF range near your truck as he walks past it, he then makes sure he got some codes, THEN he sits down next to you and his device broadcasts the codes that he got from sniffing your truck. From that point on it's the same.

The core flaw in this process is waving the keys to the kingdom out the open....it's there if you know where to look. Assuming that bad guys won't know RF bands or code lists is, in my opinion, foolhardy and boils down to "security through obscurity", with obscurity referring to "data that a teenager can google".

The simple fix for this, IMHO, is a toggle that the user controls. By that I mean that your device (in this case likely a phone) broadcasts a request IF and ONLY IF it receives a 2FA authoriation (i.e. you apply your thumb to the screen).

It's not an ironclad solution, and it is not how you secure the nuclear launch codes, but ALL security is about trading your cost and convenience to increase the cost and effort required from a would be thief or spy. Thumb swipe biometrics have gotten good and easy enough to use that it's a minimal increase in effort vs the fob, but for a thief it represents a big step up. In the 2FA phone as key scenario, the thief must get your thumbprint AND enough data to log in as you on the FordPass app. A very determined thief absolutely could do this, but the cost, effort and risk involved are much higher vs a purely RF hack that only requires that the bad guy be within a few feet of you and then have brief access to your truck without you noticing.

I hope that makes more sense. Here's a discussion about the challenges/pitfalls on the Flipper forums:
Flipper Discussion on Rolling Codes

A lot of the discussion there focuses on the fact that knowing the equation for the rolling code is basically the keys to the kingdom; without that knowlege, bad guy can STILL open/make off with a vehicle, but it will only work for the code that bad guy sniffed, which means that bad guy's device will be unable to replicate the next code in sequence. That protects you from guy who wants to use your truck, but the pro is gonna drive it straight to a chop shop and only needs it to run one time.

I am not a fan of the Fordpass app, but I would gladly use it to get a 2FA phone as key.

 

[draggam01]

This is a really good thread. I have a ooma.ai and it worked great. I now have a 24 and now my comma 3x is a boat anchor. So you think there will be any changes in the near future. I miss it dearly.

 

[HammaMan]

My aren't you just the ray of sunshine...

These now exist w/ facial recognition. My what a difference a year makes.

 

[Spiffy]

This is a really good thread. I have a ooma.ai and it worked great. I now have a 24 and now my comma 3x is a boat anchor. So you think there will be any changes in the near future. I miss it dearly.

Its hard to say. I was part of the satellite hacking revolution. Every week the satellite companies would try to encrypt the communications between the card and the receiver. We broke that encryption fast each time. They then made the receivers cardless. We built devices that jtaged onto the motherboard. Essentially we tunneled around the security. Ultimate goal was every channel authorized. It was a blast, that cat and mouse thing we had going between us.
In the end they won. But not with better security. They had bigger lawyers. And a lot of bribery money to congress to make new laws.

Yes I see the encryption getting compromised but the fix won't be published. If a big tuner like 5star were to sell their tunes based on broken encryption they would get their asses handed to them in court. Same for open AI.
Someone said earlier that these auto manufacturers are just locking everything down.
The only way we have in this fight is going to the courts. Right to repair is still a big fight.
Hopefully some judge has a flat tire and he need finds out he needs a subscription and a code to unlock the tire jack.

 

[lrb_35128]

These now exist w/ facial recognition. My what a difference a year makes.

... or prophets from nearly 100 years ago. Philip Nowlan described similar capabilities in his, "Armageddon 2419 A.D."

Unfortunately, our expanding knowledge and resultant technology is far too often applied to both constructive and destructive paths. It's a frightening enough world. It'll only get more so as AI/ML continues to progress; especially if humanistic morality-based safeguards are not in place.

Sponsored