Keyless-Go compromised...
Thread Starter
MBWorld Fanatic!
Joined: Nov 2004
Posts: 1,691
Likes: 143
W221 S600, W220 S55 AMG Kompressor, W124 300E, W140 S320, W210 E3204M W164 ML320 Bluetec
Keyless-Go compromised...
http://eprint.iacr.org/2010/332.pdf
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
Thread Starter
MBWorld Fanatic!
Joined: Nov 2004
Posts: 1,691
Likes: 143
W221 S600, W220 S55 AMG Kompressor, W124 300E, W140 S320, W210 E3204M W164 ML320 Bluetec
Newbie
Joined: Feb 2011
Posts: 5
Likes: 0
E 300
http://eprint.iacr.org/2010/332.pdf
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
In essence, they are using a relay attack that extends the range the car can talk to the key. i.e. If you are in a store, an attacker with antenna 1 can approach you. Another attacker with antenna 2 next to your car outside could pull the door handle and the car would actively search for the key. Antenna 2 would receive this "search" signal and relay it to the attacker in close proximity to your location in the store holding antenna 1. Your key would receive this signal transmitted from antenna 1 in the store and would respond. Then antenna 1 would relay it back to antenna 2 close to the car and the car would open (and also start if this was repeated).
Well, Thanks for telling everyone how to steal my car...
Besides, if that's the case, wouldn't that apply to "any" car with the keyless feature...Damn even Mazda has it nowadays..
Thread Starter
MBWorld Fanatic!
Joined: Nov 2004
Posts: 1,691
Likes: 143
W221 S600, W220 S55 AMG Kompressor, W124 300E, W140 S320, W210 E3204M W164 ML320 Bluetec
If you read the article you would discover that it affects many different manufacturers cars and not just MB.
Newbie
Joined: Feb 2011
Posts: 5
Likes: 0
E 300
Well, it's good we're not stuck with the keyless feature since it's optional and you might want to use it or not...
So No keyless feature while in LA...
Newbie
Joined: Jan 2011
Posts: 2
Likes: 0
From: Bay Area, California
2007 e550 P2, Sports Pkg., aFe Pro Dry S, AMG Pedals, Mud Guards
Thanks Polar Bear! I wrap my extra key in aluminum foil and will need to devise a similar shield perhaps lining the case for the key I carry.
Trending Topics
MBWorld Fanatic!
Joined: Apr 2006
Posts: 2,139
Likes: 41
Tesla Model S P100D
This came out quite a while ago and though it is technically possible, it requires quite a bit of groundwork to make it actually work. They basically need to have someone with a transmitter repeater literally a couple of feet from you (yes, a hot woman would probably make this part of the heist a lot easier!) and from there they may need multiple other repeater/transmitters to where your car is for for the initiation of an uninterrupted key less go "handshake." If this ever becomes prevalent there is a pretty easy work around. You can put your keyless go fob in a case/enclosure that blocks RF transmissions and you can just take the key-fob out when you are close to the car.
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
Oh and if the hot woman gets so close to you that she can actually take the key away from you, then all bets are off
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
Oh and if the hot woman gets so close to you that she can actually take the key away from you, then all bets are off
Last edited by WEBSRFR; Mar 1, 2011 at 03:08 AM.
MB World Stories
The Best of Mercedes & AMG
6 Mercedes Models That Did NOT Age Well (But Are Somehow Still Cool)
Verdad Gallardo
Manual Mercedes? 6 Times Sindelfingen Let Drivers Have All The Fun
Verdad Gallardo
Mercedes SLR McLaren 722 S Is Extremely Rare Example Modified by McLaren
Verdad Gallardo
8 Classic Boxy Mercedes Designs That Have Aged Like Fine Wine
Verdad Gallardo
Flawlessly Restored Mercedes 190E Evo II Heads to Auction
Verdad Gallardo
Electric Mercedes C-Class Unveiled: 11 Things You Need to Know
Verdad Gallardo
Mercedes EQS Gets A Major Update: Everything You Need to Know
Verdad Gallardo
5 Underrated Mercedes-Benz Models That Don't Get the Love They Deserve
Verdad Gallardo
Mercedes 300D Has Pushed Well Past 1 Million Miles and It Ain't Stopping
Verdad Gallardo
Junior Member
Joined: Dec 2010
Posts: 35
Likes: 0
From: Dallas, TX
2008 E350 4Matic
Super Member
Joined: May 2003
Posts: 968
Likes: 77
From: Long Island, New York
2018 E400 4matic Wagon
If this ever becomes prevalent there is a pretty easy work around. You can put your keyless go fob in a case/enclosure that blocks RF transmissions and you can just take the key-fob out when you are close to the car.
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
It is probably not a bad idea for MB to install an "off switch" in the fob for turning off the keyless go handshake transmission so you can turn the fob off when you walk away from the car.
