[Marine Corps]

Cars are stolen thousands of times a day in the U.S. with or without the keys. I'm pretty sure his insurance company will settle his claim timely. Life goes on!

[Juliannnt]

People really suck sometimes, I'm sorry man...

[HumanWiki]

Hope you locate the individual(s) in question and are able to give them an "education"

[RenegadeXR]

Quote:

Originally Posted by GroundhogSS

There's an electronic box that scans for the keyfob frequencies and can open and start the car. Several stolen in California last year. I keep my fob in a Faraday bag to prevent that. A local TV station did a story on this a few months ago and recommended keeping your fob in a metal can when you're inside your house if the car is outside.

Sorry to be "that guy" but can you cite a source? This doesn't line up with what I've seen in other stories. I think somebody actually needs to scan for the specific radio message that the FOB sends to the car when unlocking or starting it, and then the "recording" is played back to get access to the vehicle. I've never heard of somebody committing a carjacking by reading some signal from a FOB sitting dormant in somebody's pocket. On the other hand, the FOB must also transmit some signal to the car to let the remote start work, so I admit that I don't fully understand how this works. Does the FOB continuously transmit a low power periodic signal, or does the car and the FOB have some sort of a "handshake" where they need to send at least a few different messages back and forth before the ignition is activated? If it's the latter case, then unless somebody picks up on the full conversation of that "handshake", a dormant FOB should not pose a risk of radio interception either.

On a side note: I wonder why FOB's don't use some secure wireless encryption to prevent a replay attack like this. Just like HTTPS traffic is encrypted by your browser so nobody can intercept and read your requests to view websites or "replay" your requests to get unauthorized access to things like banking accounts, why can't a key fob work on the same principle to encrypt its conversation with the car? Maybe it would require too much processing power on the FOB's part and run down the battery very quickly? There should be a better engineering solution when it comes to the safety of your car. This sounds way too easy to hack and reminds me early days when WiFi first came out and any kid in your local neighborhood with the right knowledge could basically snoop on your unsecured connections.

Eg: Scenario 1, insecure.

Fob: I'm here, I'm here, I'm here, ... I'm here.
Car: Request to start the ignition was made. I see you're here. Ok, starting ignition.

Eg: Scenario 2, more secure:

Fob: I'm here, I'm here, I'm here, ... I'm here.
Car: Request to start ignition was made. Whats your private key?
Fob: Here is my encrypted key. (Transmitted securely.)
Car: Acknowledged the encrypted key, ignition is starting.

Quote:

Originally Posted by crash0117

I always leave my fob in my cupholder why I tow and I keep one in my truck console. After I unloaded the car from the trailer I was getting my bags out of the truck. I thought I locked it, but the keyfob was still in the cupholder.

Cupholder in this case = cupholder of the Camaro, not the truck that's towing it? If so, the thief didn't exactly need to be cunning. The keys were in an unlocked car if I'm reading that correctly. Even if the car was locked, though, doesn't the fact that the FOB is so close mean the doors will unlock just by lifting the handle?

Still sucks though.

[tones2SS]

Sorry about your car OP!
I hate thieves!!!

[BlueThunder2SS]

It seems to me to be in any thief's best interest to try the door handles on every newer car in the neighborhood, for that time when someone forgot and left a proximity key in the cupholder. We do that about 2x per year with our outside vehicle, which is just under 1% of the time, a free car with a key for someone.

Learn to keep it in your pants.

[Nor Cal ZL1]

Quote:

Originally Posted by Captain Slow

How does one go about stealing a car without a key?

Its actually really easy. Clone FOB. Steal car. Push button made it even easier. They grab the signal out of the air and clone it using the same tech the car uses to pick up the signal. Been happening for years. Started in europe about 6 years ago with BMW's.

[GroundhogSS]

Quote:

Originally Posted by RenegadeXR

Sorry to be "that guy" but can you cite a source? This doesn't line up with what I've seen in other stories. I think somebody actually needs to scan for the specific radio message that the FOB sends to the car when unlocking or starting it, and then the "recording" is played back to get access to the vehicle. I've never heard of somebody committing a carjacking by reading some signal from a FOB sitting dormant in somebody's pocket. On the other hand, the FOB must also transmit some signal to the car to let the remote start work, so I admit that I don't fully understand how this works. Does the FOB continuously transmit a low power periodic signal, or does the car and the FOB have some sort of a "handshake" where they need to send at least a few different messages back and forth before the ignition is activated? If it's the latter case, then unless somebody picks up on the full conversation of that "handshake", a dormant FOB should not pose a risk of radio interception either.
...

Still sucks though.

Quote:

Originally Posted by Nor Cal ZL1

Its actually really easy. Clone FOB. Steal car. Push button made it even easier. They grab the signal out of the air and clone it using the same tech the car uses to pick up the signal. Been happening for years. Started in europe about 6 years ago with BMW's.

I'm getting an error on the search right now but a thread last year about one member who got his car stolen in a parking lot, Target I think, led to a discussion about how the fobs can be cloned using a receiver/amplifier and can open and start the car. They had links to some news stories and some security camera videos of people walking down a street at night with some kind of box in their hand and opening cars to rummage through. I'll keep trying to find that thread. I keep my fob in a Faraday pouch when I'm not driving the car. No signal gets out to the car or anything else.

[z06psi]

Yep, that sucks! Insurance hopefully is being nice.

[01pewterz28]

These days I would not be surprised if someone can hack into the wifi in the vehicle unlock it, and start it if needed.

[HumanWiki]

Quote:

Originally Posted by RenegadeXR

They can do more than that, actually. They can potentially send any command they want through the CAN bus, which is the internal network in your car that controls pretty much everything including steering, acceleration, and braking.

https://www.wired.com/2015/07/hacker...-jeep-highway/

This is why I am glad I have a 2011 Camaro that requires manual use of a key, has no WiFi, and no aftermarket dongles attached to the OBD-II port either. If I yank the OnStar fuse and avoid using remote unlock and start, it will be totally of the radar at that point. Cars have gotten way too complicated and networked in the last 5-10 years.

I'm waiting for the day we're able to have wet wired neural circuity and more complex body augments. Hacking and compromised systems will be much more personal then. Even in Ghost in the Shell, with all the layers of security and offensive internal systems, people still got their cyberbrains hacked.

[RenegadeXR]

Quote:

Originally Posted by 01pewterz28

These days I would not be surprised if someone can hack into the wifi in the vehicle unlock it, and start it if needed.

They can do more than that, actually. They can potentially send any command they want through the CAN bus, which is the internal network in your car that controls pretty much everything including steering, acceleration, and braking.

https://www.wired.com/2015/07/hacker...-jeep-highway/

Now for my own personal tirade. Feel free to skip this.

This is why I am glad I have a 2011 Camaro that requires manual use of a key, has no WiFi hotspot, and no aftermarket dongles attached to the OBD-II port either. If I yank the OnStar fuse and avoid using remote unlock and start, it will be totally off the radar at that point. Cars have gotten way too complicated and networked in the last 5-10 years for the sake of convenience, and it really sounds like auto manufacturers are always a few steps behind when it comes to the digital technology space including security unfortunately. My view is this: It isn't an iPad that you can easily upgrade or throw away in a few years, therefore, excessive use of hackable or outdated technology that's infused in the car itself is an inherently very bad idea. I'm not talking about computerized functionality that's basic to the inner workings of the car like the ECU and stuff. I'm talking about convenience technologies that people (and thieves) can interact with.

Heck, for the same above reasons, I don't even like the idea of infotainment systems. An integrated screen running an operating system that I'll either never be able to upgrade or which will have a limited cycle for minor firmware updates at best? Yeah, that's not going to age too nicely with the rest of the car. Imagine a 1970's Camaro with a computer of the same era sitting on the console. Cars and computers age extremely differently. This is the reason why a market has emerged for things like Apple CarPlay and Android Auto. Keep that crap modular. :P

[Nor Cal ZL1]

Quote:

Originally Posted by GroundhogSS

I'm getting an error on the search right now but a thread last year about one member who got his car stolen in a parking lot, Target I think, led to a discussion about how the fobs can be cloned using a receiver/amplifier and can open and start the car. They had links to some news stories and some security camera videos of people walking down a street at night with some kind of box in their hand and opening cars to rummage through. I'll keep trying to find that thread. I keep my fob in a Faraday pouch when I'm not driving the car. No signal gets out to the car or anything else.

Yep the bay area brand new ZL1 stolen using this hack was caught on their security camera system at the store. These cars are followed or cased then they lie in wait. Owner then thinks car is secure, but it gone in a minute and gonestar disconnected by the passenger thief. Hopefully they burried the gonestar module in the 6th better than the 5th. It was childs play to steal the 5th, but with pushbutton start they removed one layer of a ti theft.
Bottom line is a kill switch, and an additional tracking device hidden in the car. Its nust a matter of time before they figure out how to defeat gonestar.