Two Scumbags nicked my Car

tlogic

Inactive User
Joined
Nov 24, 2005
Messages
2,805
Reaction score
222
Location
underground
My car was stolen last week by two scumbags at around 5:30 in the morning.

From the CCTV it looks like it was a relay attack on the car. My car was W205 mercedes c220d amg line (16 Plate) I'm amazed how these little shits got in my car so quick, it was all over in about 20 seconds.[/QUOTE]

Once I realised my car was missing I straight away thought I'll check the mercedes me app and check the tracker but it seems like they disabled it at the top of my road.

How is this possible and why would Mercedes put such a cheap tracking system in the car when it can be disabled so easily?

These keyless cars are a joke, the manufacturers should stop selling them or update the security software on the car.

The police were a joke, they contacted me after 4 days even though I told them the car had a tracker
:wallbash:
 
Just curious, who do the insurance blame when this happens? do they pay out?
If I ran an insurance firm I wouldn't insure these keyless vehicles until the technology
was proven to be secure.

Anyway, sorry You lost your car @tlogic .
 
The insurer been pretty good up until now. I received a settlement figure today which I was pleased with and my GAP insurance will cover the rest.
But I know what you mean, apparently Key less theft is the top on the list. I blame the manufacturers for this security breach, but they as usual are blaming the government because the equipment used for the relay attack is not illegal. If the equipment wasn't illegal in a county then why design such a system in car when it can be so easily hacked.
 
The technology is flawed, making the devices that do this illegal isn't going to stop people making or using them.
 
Going by the video one guy goes to the house door so that a booster can be directed to the house hallway where the fob is likely to be and the other guy stays by the car to use an open clone fob to open and start the car.
 
Yep that exactly what happened. One guy was near the bay window waving something around.
 
Any car can be pinched without a key are fob
 
they scan to pick your fob up guys , bet thing it to have the fob upstairs not near the passage
 
Why don't they just make the fobs only transmit a signal when a button is pressed? You have to ask why is any signal is going out when not in use, flawed I say.
 
This has been a known issue for quite sometime. You can buy these devices pretty cheaply, although it's pretty much organised crime groups doing the work. No doubt your car will be put in a container and sent abroad, or stripped and sold as parts.

It's basically the security on the fob is poor, there is no encryption on them, so they just relay the signal from the house to a receiver, and then send that to the car. The relay device is about the size of an ipad iirc.
 
This has been a known issue for quite sometime. You can buy these devices pretty cheaply, although it's pretty much organised crime groups doing the work. No doubt your car will be put in a container and sent abroad, or stripped and sold as parts.

It's basically the security on the fob is poor, there is no encryption on them, so they just relay the signal from the house to a receiver, and then send that to the car. The relay device is about the size of an ipad iirc.

Even with encryption how would the car or the transponder know they were communicating through a relay?

I don't see how encryption would help in this case as even if it were (is?) implemented then it doesn't prevent the transaction being relayed. Like how CS works.

Some adjustment of the protocol might be useful; such as measuring the round-trip time of the transaction. This is currently in some types of payment token card systems and whatnot.

Not sure if transponders have rolling codes but even then it wouldn't stop a relay attack. Encryption takes a lot of computing too so a transponder can't do much due to the way they are powered.
 
Last edited:
Even with encryption how would the car or the transponder know they were communicating through a relay?

I don't see how encryption would help in this case as even if it were (is?) implemented then it doesn't prevent the transaction being relayed. Like how CS works.

Some adjustment of the protocol might be useful; such as measuring the round-trip time of the transaction. This is currently in some types of payment token card systems and whatnot.

Not sure if transponders have rolling codes but even then it wouldn't stop a relay attack. Encryption takes a lot of computing too so a transponder can't do much due to the way they are powered.

Something like they're using on whatsapp now, use end to end encryption, public and private keys, I dont believe these can be sniffed.

Code:
You don't have permission to view the code content. Log in or register now.

Plenty of information around, if it's man made, then it can be hacked regardless. The handbook has been around since 2014, car companies are just not interested in security at present, much like games companies. Remember when the PS was initially released, there was no security measures on the disk, so you could literally just copy it 1-1. It was only when medievil was released that they started using security on their disks.

The difference being that car companies are not the ones on the losing end here, it's the customer! So they have no reason to add better security.
 
Something like they're using on whatsapp now, use end to end encryption, public and private keys, I dont believe these can be sniffed.

Code:
You don't have permission to view the code content. Log in or register now.

Plenty of information around, if it's man made, then it can be hacked regardless. The handbook has been around since 2014, car companies are just not interested in security at present, much like games companies. Remember when the PS was initially released, there was no security measures on the disk, so you could literally just copy it 1-1. It was only when medievil was released that they started using security on their disks.

The difference being that car companies are not the ones on the losing end here, it's the customer! So they have no reason to add better security.

It doesn't matter if the keys can be sniffed or not as the car doesn't know it's talking to a relay and neither does the transponder. It's like putting a transparent conduit between the car and the transponder to extend their range. I bet this processing bit between adds a bit time and that's why I mentioned measuring the round-trip time as it could be used to detect a relay attack.

Keys are usually one-time use in systems like this hence I mentioned rolling codes. Even if you sniff a key it will be invalid unless you use another technique which involves trying to jam the receiver so that the key remains valid. That only works on certain types of system.

My software defined radio abilities of such things are still at the level of seeing neighbouring smartmeters, garage door openers and cloning a Wilko doorbell I bought :). I did see someone speculating that the equipment I have could be used for transponder relay attacks but I'm not so sure. I suspect what is being used are development kits for these transponder systems with amplifiers.
 
I can elaborate a bit, I think :).

It's not the encryption scheme being exploited here, it's the RF communications channel.
 
Last edited:
Wrap them in tin foil, just worked for me.
 
Back
Top