Vehicle Security - Theft Methods Deployed By Thieves

All Porsche Macan Related Discussion
Post Reply
User avatar
Ian.g
Posts: 1156
Joined: Sat Jul 23, 2016 8:04 pm
Location: Worcestershire

Post by Ian.g »

I thought that they used rotating codes to prevent being grabbed like this and re-used. Maybe they jammed the signal to lock the car or she had keyless entry?

Kasfranks99
Posts: 2522
Joined: Thu Jul 28, 2016 8:38 pm

Post by Kasfranks99 »

Ian.g wrote: Fri Apr 13, 2018 7:33 pm I thought that they used rotating codes to prevent being grabbed like this and re-used. Maybe they jammed the signal to lock the car or she had keyless entry?
When they capture the initial rotating code or part of it they can then brute force many hundreds of codes a minute until it unlocks the car using thier simple devices.
The flaws in the very poor encryption in the cars and keyfobs has existed for many many years.

It just the equipment and knowledge required to bypass this now costs peanuts and easy to use.

Manufacturers seriously need to increase the encryption level which solves one issue but there is a flaw in every car entry be it keyless or not.
Just different methods are used and in specific circumstances.
GTS 😀
User avatar
Paul
Posts: 8603
Joined: Fri Sep 05, 2014 6:19 pm
Location: Bristol
Contact:

Post by Paul »

As Bazza says (and I’ve posted this annecdote before, so my apologies) if they want the car badly enough, they’ll take it.....an aquaintance of mine a good few year ago had the latest Ferrari with alarm, immobiliser, tilt sensors and so on....which was lifted on to a hi-ab and containered away in less than 2 hours......
Having said all this (and with all due respect to the model) a Porsche Macan does not rate amongst the most highly desirable / rare cars out there...so a minimum of precautions should see you OK (I hope😳)
1st Sapphire SD
2nd Sapphire GTS
viewtopic.php?f=23&t=4296
Current 992 S Cab
viewtopic.php?f=23&t=9845&p=196465#p196465
Bazza06
Posts: 1991
Joined: Sun Jul 10, 2016 11:00 pm

Post by Bazza06 »

Col Lamb wrote: Fri Apr 13, 2018 5:17 pm Bazza

Do these scanners also pickup the lock / unlock signal from a non enter and drive car?
Not by relay theft as the key from a non enter and drive vehicle does not constantly transmit whereas an enter and drive key does.

However, the signal from a standard central locking vehicle key can be intercepted, stored and replayed to open the car but they would have to be within close vicinity to do so. A car park poses no issues.
Previously owned:
2022 Macan GTS Gentian Blue
Macan SD - Volcano Grey
Boxster S - Polar Silver
Bazza06
Posts: 1991
Joined: Sun Jul 10, 2016 11:00 pm

Post by Bazza06 »

Kasfranks99 wrote: Fri Apr 13, 2018 9:20 pm
Ian.g wrote: Fri Apr 13, 2018 7:33 pm I thought that they used rotating codes to prevent being grabbed like this and re-used. Maybe they jammed the signal to lock the car or she had keyless entry?
When they capture the initial rotating code or part of it they can then brute force many hundreds of codes a minute until it unlocks the car using thier simple devices.
The flaws in the very poor encryption in the cars and keyfobs has existed for many many years.

It just the equipment and knowledge required to bypass this now costs peanuts and easy to use.

Manufacturers seriously need to increase the encryption level which solves one issue but there is a flaw in every car entry be it keyless or not.
Just different methods are used and in specific circumstances.
You’re right, Kas, but the cost to manufacturers is hugely more expensive than to those that easily break the newly written code soon after it’s released. One premium vehicle brand told me that they had given up trying to defeat them.

Last year I went to a vehicle security conference in South Africa and a month later another in Czech Republic. In the month between the conferences new products capable of defeating all vehicle security had been developed.

I did hear an interesting concept designed to try and defeat relay theft which involved using a movement sensor in the key. If the vehicle receiver didn’t detect movement, which it wouldn’t in most relay attacks, the vehicle would deny access.

Whether this technology will be adopted remains to be seen.
Previously owned:
2022 Macan GTS Gentian Blue
Macan SD - Volcano Grey
Boxster S - Polar Silver
JBA
Posts: 286
Joined: Thu Feb 02, 2017 6:19 pm

Post by JBA »

Bazza06 wrote: Thu Apr 12, 2018 9:05 pm
JBA wrote: Wed Apr 11, 2018 11:42 am The articles are a bit confusing because they point to key less fobs but all new cars have a key less fob to unlock the car but not all have keyless start (no ignition key).
Therefore if you have a key to put into the ignition and start the car (which comes as standard in Porsche) then you should be ok..I think/hope.
Sadly not. Relay theft is the latest method used to steal vehicles with keyless entry. It works by using a receiver / transmitter device to pick up the key signal, amplify it and transmit to the vehicle fooling the car into believing the key is present.

Prior to this and still a massive issue is OBD Port intrusion. This works by using a device, now commonly available, to program a new key to the vehicle. This is can be achieved in less than a minute and does not require the original vehicle key.

Before this technology existed criminals would burgle homes or commit robbery in order to gain access to the key as vehicle security was sufficient enough to overcome the previous methods used to breach the vehicle. Not anymore.

Check out this statement in the options menu for Porsche Entry & Drive:

“However, it cannot be completely ruled out that the key´s wireless encryption code is intercepted and used to open or steal the vehicle”
Very interesting Bazza and scary. So even if a key-in-the-ignition is required to start the car ( as opposed to keyless entry and start) , these thieves can still start the engine and steal the car?
Macan GTS Mark 1 - bought new 2017 and sold 2024
Macan GTS Mark 3 - bought new 2024
Bazza06
Posts: 1991
Joined: Sun Jul 10, 2016 11:00 pm

Post by Bazza06 »

JBA wrote: Sun Apr 15, 2018 12:11 am
Bazza06 wrote: Thu Apr 12, 2018 9:05 pm
JBA wrote: Wed Apr 11, 2018 11:42 am The articles are a bit confusing because they point to key less fobs but all new cars have a key less fob to unlock the car but not all have keyless start (no ignition key).
Therefore if you have a key to put into the ignition and start the car (which comes as standard in Porsche) then you should be ok..I think/hope.
Sadly not. Relay theft is the latest method used to steal vehicles with keyless entry. It works by using a receiver / transmitter device to pick up the key signal, amplify it and transmit to the vehicle fooling the car into believing the key is present.

Prior to this and still a massive issue is OBD Port intrusion. This works by using a device, now commonly available, to program a new key to the vehicle. This is can be achieved in less than a minute and does not require the original vehicle key.

Before this technology existed criminals would burgle homes or commit robbery in order to gain access to the key as vehicle security was sufficient enough to overcome the previous methods used to breach the vehicle. Not anymore.

Check out this statement in the options menu for Porsche Entry & Drive:

“However, it cannot be completely ruled out that the key´s wireless encryption code is intercepted and used to open or steal the vehicle”
Very interesting Bazza and scary. So even if a key-in-the-ignition is required to start the car ( as opposed to keyless entry and start) , these thieves can still start the engine and steal the car?
That is correct but they are going in via the OBD port and programming a new key. I have used the following video many times as an example although versions of the device shown which cost about £6500 at the time can now be bought for a few hundred and are quicker to program.

https://www.youtube.com/watch?v=kVmPfCFFkqQ&t=10s
Previously owned:
2022 Macan GTS Gentian Blue
Macan SD - Volcano Grey
Boxster S - Polar Silver
John_M
Posts: 353
Joined: Sat Jan 21, 2017 9:43 am

Post by John_M »

Bazza06 wrote: Fri Apr 13, 2018 10:32 pmYou’re right, Kas, but the cost to manufacturers is hugely more expensive than to those that easily break the newly written code soon after it’s released. One premium vehicle brand told me that they had given up trying to defeat them.
You know I am not convinced on cost side - security is hard, I grant you but if you apply it like a band-aid created by the average programmer rather than an integral part of your designs then you'll never get it right.
Bazza06
Posts: 1991
Joined: Sun Jul 10, 2016 11:00 pm

Post by Bazza06 »

John_M wrote: Sun Apr 15, 2018 10:32 pm
Bazza06 wrote: Fri Apr 13, 2018 10:32 pmYou’re right, Kas, but the cost to manufacturers is hugely more expensive than to those that easily break the newly written code soon after it’s released. One premium vehicle brand told me that they had given up trying to defeat them.
You know I am not convinced on cost side - security is hard, I grant you but if you apply it like a band-aid created by the average programmer rather than an integral part of your designs then you'll never get it right.
I’m also taking into account the cost and time involved in updating the vehicle software to the thousands of affected vehicles each time the code is cracked .

I don’t know the mechanics of it well enough but when changes to the law made it available for any registered business that provided key replacement services the ability to have access to the programming software previously only supplied to the manufacturers authorised dealers this issue sky rocketed.
Previously owned:
2022 Macan GTS Gentian Blue
Macan SD - Volcano Grey
Boxster S - Polar Silver
John_M
Posts: 353
Joined: Sat Jan 21, 2017 9:43 am

Post by John_M »

Bazza06 wrote: Sun Apr 15, 2018 10:56 pmI’m also taking into account the cost and time involved in updating the vehicle software to the thousands of affected vehicles each time the code is cracked .

I don’t know the mechanics of it well enough but when changes to the law made it available for any registered business that provided key replacement services the ability to have access to the programming software previously only supplied to the manufacturers authorised dealers this issue sky rocketed.
It sounds like a single point can break the whole system, they'd need rethink it - security isn't just about stopping the bad guy, it is assuming you can't and how do you limit what they can get for given effort - I find it amazing at work (top half of FTSE 100), when I am inside the n/w I don't encounter barriers between areas.

Updating software shouldn't be expensive - arrives in dealer, plug in card, vehicle confirms by encryption certificate it is valid and untampered and updates - 2 mins work, but they don't design it to be easily updatable.

One problem though, engineers and programmers don't generally think like hackers, so tend to not see the holes.
Post Reply

  • Similar Topics
    Replies
    Views
    Last post