Keyless-Go compromised...
02-28-2011, 03:51 AM
#1
MBWorld Fanatic!
Thread Starter
Keyless-Go compromised...
http://eprint.iacr.org/2010/332.pdf
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
02-28-2011, 07:03 AM
#3
MBWorld Fanatic!
Thread Starter
02-28-2011, 07:57 AM
#4
Newbie
Join Date: Feb 2011
Posts: 5
Likes: 0
Received 0 Likes
on
0 Posts
E 300
http://eprint.iacr.org/2010/332.pdf
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
Well, Thanks for telling everyone how to steal my car...
Besides, if that's the case, wouldn't that apply to "any" car with the keyless feature...Damn even Mazda has it nowadays..
02-28-2011, 08:12 AM
#5
MBWorld Fanatic!
Thread Starter
If you read the article you would discover that it affects many different manufacturers cars and not just MB.
02-28-2011, 09:24 AM
#6
Newbie
Join Date: Feb 2011
Posts: 5
Likes: 0
Received 0 Likes
on
0 Posts
E 300
Well, it's good we're not stuck with the keyless feature since it's optional and you might want to use it or not...
So No keyless feature while in LA...
03-01-2011, 01:55 AM
#7
Newbie
Join Date: Jan 2011
Location: Bay Area, California
Posts: 2
Likes: 0
Received 0 Likes
on
0 Posts
2007 e550 P2, Sports Pkg., aFe Pro Dry S, AMG Pedals, Mud Guards
Thanks Polar Bear! I wrap my extra key in aluminum foil and will need to devise a similar shield perhaps lining the case for the key I carry.
Trending Topics
03-01-2011, 03:05 AM
#8
MBWorld Fanatic!
This came out quite a while ago and though it is technically possible, it requires quite a bit of groundwork to make it actually work. They basically need to have someone with a transmitter repeater literally a couple of feet from you (yes, a hot woman would probably make this part of the heist a lot easier!) and from there they may need multiple other repeater/transmitters to where your car is for for the initiation of an uninterrupted key less go "handshake." If this ever becomes prevalent there is a pretty easy work around. You can put your keyless go fob in a case/enclosure that blocks RF transmissions and you can just take the key-fob out when you are close to the car.
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
Oh and if the hot woman gets so close to you that she can actually take the key away from you, then all bets are off
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
Oh and if the hot woman gets so close to you that she can actually take the key away from you, then all bets are off
Last edited by WEBSRFR; 03-01-2011 at 03:08 AM.
03-01-2011, 07:53 AM
#9
Junior Member
Join Date: Dec 2010
Location: Dallas, TX
Posts: 35
Likes: 0
Received 0 Likes
on
0 Posts
2008 E350 4Matic
03-02-2011, 12:17 PM
#10
Super Member
If this ever becomes prevalent there is a pretty easy work around. You can put your keyless go fob in a case/enclosure that blocks RF transmissions and you can just take the key-fob out when you are close to the car.
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
