[hsbauauvhabzb]

I think a fundamental problem is that keys aren’t security forward compatible - break the keys and you’ve broken an entire generation (or more) of cars.

The only solutions I can see are software based keying and a mobile app or legally enforced security guarantees.

But the car manufacturers don’t give a fuck if your 3 years and one day old car gets stolen. You move to the next competitor, only for the same to happen in just over three years time. Repeat. Repeat. Repeat.

[mlrtime]

>The only solutions I can see are software based keying and a mobile app or legally enforced security guarantees.

Wouldn't this require the phone to be trusted and not run unsigned software?

[BrandoElFollito]

The software part is a solved problem - this is how the web is secured. There would be an exchange of keys with the car, and done.

This does not solve the problem of the timing (but the sibling comment explained that this one has a solution)

[omoikane]

I think the problem here is that traditional keys expect physical security, and this expectation is broken because key fobs are now wireless and thieves have range extenders. I thought the best practice here is to store the wireless capable key fobs inside Faraday cages when they are not in use to restore physical security.