Hundreds of popular cars ‘at risk of keyless theft’

If you have a good faraday pouch that works, I don’t see why you would want to switch keyless off? I think its a great function.

No nothing.

No Mods. No rockers. Just a chunky knob, thats now been replaced by an RS knob innit.

No tackiness.

Std as Ford intended, but with a space saver wheel and jack and nuts and wheel brace. oh.. and flaps, a man has got to have flaps.

Innit?

I purchased mine because it had this feature plus many more endearing features.

Coastliner

Even with keyless turned off, there’s still a risk that your signal could be captured when you click the fob to open the doors. And doesn’t the immobiliser signal still carry on transmitting in any case? Or have I missed something?

Until Ford come up with a solution I’ll use a Faraday pouch. Interested in a reply though from the experts on here to the questions posted above by RS77.

@tonys, @RS77

Lock the car with the window open, lean in and trigger it off, with the key in your hand, press the start / stop buttton and see what happens.  Couldn’t find the option to turn off in mine, but found it in my ST.

So Squirel has confirmed the test I had not implemented, so if a window is broken, relay  amplifier method can still simulate the key being in the car, and would fire up, and stop the alarm, etc.  On the mark 3, if the key cannot be found, i.e in a faraday cage, does the armed state disable the OBD port?

Thanks.

@rog correct Rolljam can jam and store single or multiple codes. However this should be easy to spot as an owner – it only happens when you press the fob key (unlike a relay attack). Only press they fob when you can see the indicators – if you press and the indicators don’t flash it’s possible you’ve been rolljammed. As rolljam captures the rolling code it can only be used once (or the number of times you pressed the fob button and the car didn’t unlock).

The countermeasure to this is to move the vehicle to another location and press the buttons a few times – if it works each time then the code will have been moved on from the captured one and the captured one will no longer work. You are also correct that this will not allow engine start, but would allow physical access to the vehicle with the alarm disabled. It is also possible to use just a jamming attack to jam the signal and leave the vehicle open on locking – again this only gains physical access to the car. The moral is – always watch your car when you unlock and particularly lock it!

@18stealth There wouldn’t be much point in smashing the window and then using a relay attack – the relay attack is repeatable multiple times and can be used to both open the doors and start the car. An attacker would use the relay attack to open the car and then simulate the key being inside the car to start it. I would also strongly suspect (don’t know how Ford have implemented it though) that an alarm condition would inhibit the keyless start and OBD access.

None of this would affect Ghost and should not affect 3rd party trackers / immobilizers or alarms.

Also to note that Tesla implemented a worse solution on their Model S that allowed an attacker to duplicate the fob after being close to it:

https://www.theregister.co.uk/2018/09/12/tesla_hack/

Time to get a big scary dog (or layer your security)!