In theory (barring the bit where you could literally break into Hyundai cars of the last few years, plug a USB stick into them and drive away), it is technically easier to steal some older vehicles without keyless entry (any car that has a key but doesn’t require that key to communicate with a security module). A criminal can (and some do) drill out the ignition lock cylinder, insert a blank one and then drive away with any thin bladed metal shank (flathead screw driver) as if nothing happened. Buy a new keying kit, and they take only a couple of minutes to install assuming they even care to do so (chop shop might care, joy rider won’t, someone interested in rummaging through the vehicle and dumping it won’t etc).
The keyless entry systems implemented on new cars work by having what’s essentially like an RFID in the key that communicates with a security module or multiple modules in the car, and this transmission is pretty much always active and only checked by range. If the car is close enough to where you hang your keys by the door the car may pick up this signal, and in the case of vehicles with keyless entry where you just need to touch the door handle with the key nearby that would give the thieves entry to the vehicle.
They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key. Then using a GPS blocking tool they can prevent the car from pinging their location. At that point the only thing stopping them from taking the vehicle is their ability to take it out of park or start it. The tech to start it is fairly cheap. Taking it out of park is pretty simple for most cars if you already have access to the inside (ICE vehicles especially because there is usually a transmission selector switch attached to a cable that directly connects to the shifter (automatic or manual).
I could roll a car down the street if it was level or a light grade by myself and I’m not a big person. If you drive a truck or an SUV and that selector switch is on the bottom or side of the transmission that’s even easier and simpler to access (and doesn’t even require a thief to have access to the inside of vehicle to put it in neutral). If the horn is accessible through a wheel well? A thief can just disconnect it and the alarm won’t even sound. If they already have access to the inside of the vehicle a thief can just pull the horn fuse.
Automotive companies rely on the premise that there aren’t enough dishonest people in the world with the technical know how to circumvent their security so cost to benefit analysis says don’t worry about making it more secure until they’re forced to. Either by public demand, or by government oversight and regulation.
They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key
Although if the signal is vulnerable to a replay attack just like that, it was a woefully poor design to begin with.
It’s why a lot of garage door systems don’t use a fixed code, but something more like 2FA codes, where it changes each time it’s used.
You’ll get no disagreement from me. I feel the same way about RFID ID tags. I remember seeing a CSI episode once where girls were getting RFID chips implanted in their wrists or something and using that to pay door fees and tabs at bars. I would never. I can and have cloned an RFID badge (to avoid paying $80 to my apartment complex for a badge that was inaccessible because it fell into a crevice of a locker at a gym), and I gotta tell ya, it doesn’t take enough time for me to be comfortable using it as a security feature for most anything.
In theory (barring the bit where you could literally break into Hyundai cars of the last few years, plug a USB stick into them and drive away), it is technically easier to steal some older vehicles without keyless entry (any car that has a key but doesn’t require that key to communicate with a security module). A criminal can (and some do) drill out the ignition lock cylinder, insert a blank one and then drive away with any thin bladed metal shank (flathead screw driver) as if nothing happened. Buy a new keying kit, and they take only a couple of minutes to install assuming they even care to do so (chop shop might care, joy rider won’t, someone interested in rummaging through the vehicle and dumping it won’t etc).
The keyless entry systems implemented on new cars work by having what’s essentially like an RFID in the key that communicates with a security module or multiple modules in the car, and this transmission is pretty much always active and only checked by range. If the car is close enough to where you hang your keys by the door the car may pick up this signal, and in the case of vehicles with keyless entry where you just need to touch the door handle with the key nearby that would give the thieves entry to the vehicle.
They use the tech that Canada is trying to ban to intercept that signal and another piece of tech to basically repeat it so the vehicle thinks the thieves have the key. Then using a GPS blocking tool they can prevent the car from pinging their location. At that point the only thing stopping them from taking the vehicle is their ability to take it out of park or start it. The tech to start it is fairly cheap. Taking it out of park is pretty simple for most cars if you already have access to the inside (ICE vehicles especially because there is usually a transmission selector switch attached to a cable that directly connects to the shifter (automatic or manual).
I could roll a car down the street if it was level or a light grade by myself and I’m not a big person. If you drive a truck or an SUV and that selector switch is on the bottom or side of the transmission that’s even easier and simpler to access (and doesn’t even require a thief to have access to the inside of vehicle to put it in neutral). If the horn is accessible through a wheel well? A thief can just disconnect it and the alarm won’t even sound. If they already have access to the inside of the vehicle a thief can just pull the horn fuse.
Automotive companies rely on the premise that there aren’t enough dishonest people in the world with the technical know how to circumvent their security so cost to benefit analysis says don’t worry about making it more secure until they’re forced to. Either by public demand, or by government oversight and regulation.
Although if the signal is vulnerable to a replay attack just like that, it was a woefully poor design to begin with.
It’s why a lot of garage door systems don’t use a fixed code, but something more like 2FA codes, where it changes each time it’s used.
You’ll get no disagreement from me. I feel the same way about RFID ID tags. I remember seeing a CSI episode once where girls were getting RFID chips implanted in their wrists or something and using that to pay door fees and tabs at bars. I would never. I can and have cloned an RFID badge (to avoid paying $80 to my apartment complex for a badge that was inaccessible because it fell into a crevice of a locker at a gym), and I gotta tell ya, it doesn’t take enough time for me to be comfortable using it as a security feature for most anything.