"Passive" electronic keys for cars - not very serious protection

Direct evidence of this is the work of a team of security experts from the University of Zurich. A team of researchers has proven that passive car security systems are very easily cracked (of course, easy - for security experts, not for student Petit, but Peter, with $ 100 and some knowledge, will be able to steal such a car). It may be too early to talk about the possibility of hijacking cars with the PKES protection system, but experts were able to overcome various protection systems for different cars with the help of publicly available equipment. The cost of equipment necessary to hijack cars of various models ranges from 50 to 1000 dollars.

How does all this happen? The principle is very simple - the system of signal repeaters is used, which transmit the signal of the electronic key, located in the pocket of the car owner, to the door opening system and the engine factory. Signal transmission through such a system is possible over long distances - hundreds of meters, if not kilometers. In principle, everything depends only on the number of repeaters and the reliability of the signal transmission system.
')
The experts were able to crack PKES ten car models from eight different manufacturers. It is worth noting that the possibility of car theft, protected by PKES, is a very attractive opportunity for car thieves. There are some difficulties here, for example, if the engine is turned off, the hijacker will not be able to start it a second time. Why? Let's see how it all works.

As already mentioned, the system is simple. Almost all PKES systems open the door of the car when the owner approaches, plus the engine starts. Conveniently? Of course, you don’t need to get the key out of your pocket, or press a button. But the lack of such a system is in the constant broadcast of the signal, which it is enough just to pick up, possibly strengthen, and direct it to the system of opening doors in the car.

Researchers for burglary used ring antennas, one of which was located closer to the door lock opening system, the second was located close to the electronic key. The first antenna picks up and transmits the signal of the car, which is then transmitted to the second antenna, located next to the key. That, in turn, reacted to the “native” signal, transmitting the response signal. Now the second antenna picks up the key signal, transmitting the first antenna, located next to the door opening system. The latter, having received a familiar signal, opens the door and starts the engine (for the engine factory, the first antenna moved directly into the vehicle interior, and the “hijacker” pressed the start button).

That's all - the car is hacked and ready to go any distance. A small problem for the car thief - some cars, moving away from the key for a considerable distance, begin to react, a corresponding signal is heard in the cabin. But since the car is in motion, the auto security system does not allow it to stop, and the hijacker can steer wherever you want. Other car models did not react at all to removal from the key. Of course, if you stop the engine, it will not go anywhere. But the hijacker is unlikely to turn off the engine - after all, you usually need to deliver the car to a known address, where the hijacker's partner team will already receive it.

Researchers claim that this method of hacking the security system is very simple, and car manufacturers should pay attention to this problem. Otherwise, PKES will not receive special distribution - who needs a car that can hijack anyone who has the necessary equipment and a little technical knowledge?

Via ieee