|
|
|
|
|
|
by TheLoneWolfling
4067 days ago
|
|
|
Please elaborate as to how the fob or car would detect the MITM: 1. You place device A near car and device B near fob.
2. Device A relays all Rf transmissions in the target frequency range(s) to device B, which rebroadcasts, and vice versa. Public-key encryption / authentication only ensures that no-one in the middle is reading or editing your connection. It does not prevent someone from relaying your communication. (And a good thing too, else the entire encrypted web wouldn't work.) |
|
|
When the driver presses lock/unlock on the fob, the car first sends a signed message with a session secret. The fob checks the signature, takes the secret and creates a _single use_ auth token and signs it with the private key stored on the fob. That signed auth token is then sent from the fob to the car to lock/unlock the car.
To check if there was a MITM you would have to pull the door handle to see if your keypress was successful. If it was successful, you don't need to worry if the key was grabbed by a MITM, they can't use it even if they tried. If it was unsuccessful for some reason (e.g. the MITM knew it was single use auth token so they didn't pass the token onto the car in hopes you might not be paying attention and will press the button a second time) then there should be a manual override outside and inside the car that clears the valid auth tokens and allows you to lock/unlock/start the vehicle without sending any RF transmissions. A slot that you insert the key would work.