Hacker News new | ask | show | jobs
by galangalalgol 1388 days ago
Is software that can open car doors illegal? Why?

Also, opening car doors isn't as simple as repeating a signal you captured(in general)

That said, capturing the car's question when you press the button on the door, amplifying it in the direction of the nearby fob, and then capturing and amplifying the fob's response would work for some systems.
2 comments
larusso 1388 days ago
> Also, opening car doors isn't as simple as repeating a signal you captured(in general)

There are a lot of reports (I’m from Germany) from car brands selling cars in 2022 which can be opened easily by repeating/relaying the keyfob signal. Newer systems which also check the signal delay mitigate this. [1] the German ADAC (German Automobile Club) did a test with 500 cars. I was happy to learn that my new car is save from the simple repeat attack. [1] https://www.adac.de/rund-ums-fahrzeug/ausstattung-technik-zu...

link
H8crilA 1388 days ago
I am to lazy to dig it up and link the PDF, but there was a whitepaper about the Volkswagen keyfobs. In terms of modulation it's unsurprisingly simple, on-off keying, nothing wrong with that. In terms of data transmitted they have several encrypted protocols/versions, but they all suffer from the same implementation problem: there is only one encryption key used for the entire global fleet of cars. Imagine making something as brutally broken as that :D
link
galangalalgol 1388 days ago
Older systems that don't let the car interrogate the fob mitigate it as well as long as you have mutiple encryption keys. Looking at you vw.
link
yomkippur 1388 days ago
It's sad that I have to even spell out for you the consequences of people being able to open any car's doors and how the law and security apparatus will react to such news.
link
galangalalgol 1388 days ago
I should have clarified. If one of the many things this framework gets used for is building systems for car theives that shouldn't make an entire framework illegal. I understand a software product whose overwhelmingly predominant use is to break the law will have trouble in many jurisdictions. But using the framework as a white hat to find vulnerabilities with a POC should always be legal. (or grey, grey is kind of the new white given how unresponsive people are to fixing things)
link