Thieves have a device which can unlock the 3G TL
#1
Burning Brakes
Thread Starter
Thieves have a device which can unlock the 3G TL
I came across this article today: http://www.today.com/news/police-adm...fts-6C10169993
Watch the video in the article. A thief walks up to a TL with a device in his hand, the lights in the TL turn on, then he just pulls the door handle and it opens. The video also shows a thief doing it to a 1st gen MDX and an Accord. Police are stumped because they have no idea what this device is or how it works. Don't keep anything valuable in your TL.
Watch the video in the article. A thief walks up to a TL with a device in his hand, the lights in the TL turn on, then he just pulls the door handle and it opens. The video also shows a thief doing it to a 1st gen MDX and an Accord. Police are stumped because they have no idea what this device is or how it works. Don't keep anything valuable in your TL.
The following users liked this post:
Sean S Thuok (06-06-2013)
The following users liked this post:
Acura_Dude (06-05-2013)
#6
Team Owner
iTrader: (2)
Join Date: Jan 2008
Location: Kansas City, MO (Overland Park, KS)
Posts: 36,545
Received 6,470 Likes
on
5,162 Posts
This is not just for the TL-it's for almost any car.
This really belongs in Car Talk, but it's important enough that I'll leave it.
This really belongs in Car Talk, but it's important enough that I'll leave it.
The following users liked this post:
Acura_Dude (06-05-2013)
#7
Burning Brakes
Thread Starter
My bad, the article was written today so I assumed this was new news.
Actually the article says the thieves were seen trying it on a cadillac and a ford and it didn't work. It works on acuras and hondas, do you have evidence it works on other makes?
Actually the article says the thieves were seen trying it on a cadillac and a ford and it didn't work. It works on acuras and hondas, do you have evidence it works on other makes?
Last edited by Steven Bell; 06-05-2013 at 09:21 PM. Reason: Merged Posts
Trending Topics
#8
Drifting
The early video is old but the rest of the story was new to me- must have been a slow news day.
Looks like Honda products are vulnerable to this. I'm stumped why the Police and manufacturers are stumped on this issue. My guess is vendor for the Honda/Acura security device must have a a cypher key that can be used to quickly hack the system. The video states that each remote sends a 'rolling' security key to the system- the system can be hacked and the video clearly shows that the hack takes seconds.
I'm glad my car is garaged and parked by my office window during the day. At least the thieves can't drive the system so the advice of removing valuables is very good advice. Just pretend you're driving a convertible now.
I wonder what it would take to add a 'kill' switch to the powerlock module? I guess I would be tempted to disable the remote unlocking feature of the car alarm when parked in a dicey public area (hotel, amusement park, beach,shopping center) but still have the normal unlock feature available. I would simply use the mechanical key lock to unlock the car door instead. Any thoughts on that idea?
Looks like Honda products are vulnerable to this. I'm stumped why the Police and manufacturers are stumped on this issue. My guess is vendor for the Honda/Acura security device must have a a cypher key that can be used to quickly hack the system. The video states that each remote sends a 'rolling' security key to the system- the system can be hacked and the video clearly shows that the hack takes seconds.
I'm glad my car is garaged and parked by my office window during the day. At least the thieves can't drive the system so the advice of removing valuables is very good advice. Just pretend you're driving a convertible now.
I wonder what it would take to add a 'kill' switch to the powerlock module? I guess I would be tempted to disable the remote unlocking feature of the car alarm when parked in a dicey public area (hotel, amusement park, beach,shopping center) but still have the normal unlock feature available. I would simply use the mechanical key lock to unlock the car door instead. Any thoughts on that idea?
Last edited by Steven Bell; 06-06-2013 at 03:41 PM. Reason: Merged Posts
#9
Suzuka Master
cant you just run the ignition wire thru a hidden switch and avoid the whole lock system? I am not to worried about access, but more concerned about starting and driving. I have sports equipment in the trunk but not much valuables. a iTouch in the console not a big concern
#11
David_Dude
From the video that's what it appears to be. Wouldn't surprise me if they could drive off with the car. Didn't a member on here have his TL-S stolen and lojack helped him recover the car, with the thieves actually driving it? I know I've seen the thread.
#12
Essentially it's just a rolling code RFID reader. Same concept as the ability to take an RFID reader and swipe across someone's back pocket to lift their credit card info.
This issue is well known to law enforcement, because with the advent of the newer wireless communications with cars (OBDII WiFi, Remote Unlock, Keyless Start...etc), the encryption packages complexity only moves as fast as what can be broken by the computing power of your iPhone.
If you recall, there was a story not too long ago about two young guys upset with an auto manufacturer, ended up using their iPhones to log into and control two cars on a dealer lot (not like drive it off or anything, but hack in, start the engine, shut it down...etc).
I'd doubt you'd be able to drive off with it though. The immobilizer system in our cars has a computer recognition code sequence tied to your key. That's not to say that they couldn't intercept that signal off your key, but at that point, it's advanced targeting.
This issue is well known to law enforcement, because with the advent of the newer wireless communications with cars (OBDII WiFi, Remote Unlock, Keyless Start...etc), the encryption packages complexity only moves as fast as what can be broken by the computing power of your iPhone.
If you recall, there was a story not too long ago about two young guys upset with an auto manufacturer, ended up using their iPhones to log into and control two cars on a dealer lot (not like drive it off or anything, but hack in, start the engine, shut it down...etc).
I'd doubt you'd be able to drive off with it though. The immobilizer system in our cars has a computer recognition code sequence tied to your key. That's not to say that they couldn't intercept that signal off your key, but at that point, it's advanced targeting.
Last edited by AirForceFX; 06-06-2013 at 07:48 AM. Reason: Grammar
#13
Deezy ™
iTrader: (2)
Crazy!
I wish there was a way to track this story to get some updates, I am really curious how long it will take them to figure this out.
I was reading through some discussions about this and someone with some fancy degree in a related field) posted this:
Not idea to the validity of this, but he may know what's up.
I wish there was a way to track this story to get some updates, I am really curious how long it will take them to figure this out.
I was reading through some discussions about this and someone with some fancy degree in a related field) posted this:
It's not an electromagnetic DoS attack. It is not a virus. It is not a brute force attack. It is not a door lock motor hack (urban legend). It is not done with air pressure (urban legend). This is a type of Relay Attack.
The way remote lock works: The key is programmed with the key in the ignition to synchronize key encryption. When you press the lock button on the remote an instruction is sent with a 40bit encryption key. After the key is used, the car and the remote and car lock relay change encryption keys in synchronization from when the key was first programmed.
The theif is using cheap in simple technology to break the lock. It consists of an an RF receiver and an RF transmitter. If the origional key remote is close enough it will grab the signal from the key and amplify it. It will send the amplified signal out the other RF antenna with the actual 40bit key and instruction to unlock the car. The origional key remote has to be withing about 50 meters to work.
Brute force (guessing keys) can only work up to 300 tries in fast in fast succession, after which the origional key remote becomes out of synchronization and the origional remote has to be reprogrammed.
If the police need how these devices are made, I have a PDF file that descibes the technology being used.
Owners may be able to protect themselves by locking their remote in a metal box that would prevent wireless hacking. RF signals cannot pass through metal. The only other option is to set up a jammer that will jam the signal, but no one else in the vicinity would be able to use their key remote either or possibly other devices that run on the same frequecy.
The way remote lock works: The key is programmed with the key in the ignition to synchronize key encryption. When you press the lock button on the remote an instruction is sent with a 40bit encryption key. After the key is used, the car and the remote and car lock relay change encryption keys in synchronization from when the key was first programmed.
The theif is using cheap in simple technology to break the lock. It consists of an an RF receiver and an RF transmitter. If the origional key remote is close enough it will grab the signal from the key and amplify it. It will send the amplified signal out the other RF antenna with the actual 40bit key and instruction to unlock the car. The origional key remote has to be withing about 50 meters to work.
Brute force (guessing keys) can only work up to 300 tries in fast in fast succession, after which the origional key remote becomes out of synchronization and the origional remote has to be reprogrammed.
If the police need how these devices are made, I have a PDF file that descibes the technology being used.
Owners may be able to protect themselves by locking their remote in a metal box that would prevent wireless hacking. RF signals cannot pass through metal. The only other option is to set up a jammer that will jam the signal, but no one else in the vicinity would be able to use their key remote either or possibly other devices that run on the same frequecy.
#14
My first ricer
iTrader: (4)
The only reason I'm not concerned about this is that people have been successfully using slim jims or smashing windows for years. That's what insurance is for. I've unlocked (not broken into) a car with a coat hanger before, it's not that hard.
#15
Race Director
iTrader: (3)
Join Date: Feb 2012
Location: South Florida
Age: 30
Posts: 18,278
Received 3,824 Likes
on
2,847 Posts
He got pretty lucky.
#16
tehLEGOman
Join Date: Dec 2004
Location: Charlotte, NC
Age: 40
Posts: 9,135
Received 1,982 Likes
on
1,335 Posts
That sucks.
#17
Racer
If what whoismiked's quote said is true about the 40-bit encryption. Doesn't surprise me it only takes a couple seconds to hack. Considering that 128-bit encryptions don't take much longer.
Thread
Thread Starter
Forum
Replies
Last Post
MetalGearTypeS
3G TL Audio, Bluetooth, Electronics & Navigation
6
08-29-2016 08:28 PM
soupi
2G TSX Audio, Bluetooth, Electronics & Navigation
14
11-15-2015 11:15 AM
dirleton
2G RDX (2013-2018)
8
09-28-2015 04:48 PM