The Silly World of Cybersecurity
The Silly World of Cybersecurity
For Petty Laws, Let’s just ban antennas!
Yesterday, five cars were stolen in my local area. These were high-end vehicles, and it is likely that they involved keyless entry. In fact, most of the cars that are stolen these days involve keyless entry, and where the days of feeding a coat hanger down your window are gone. The days, too, of a piece of metal in a slot protecting our vehicles are also gone. Most people like the convenience of using key fobs, and most would like a vehicle that they do not even need to take the key fobs out of their pockets. We now live in a world where we like automation and we love our “tech”.
For keyless carjacking, the key continually transmits a beacon, and the car will only sense the key when the signal strength is strong enough. To open the car, a person then stands near to where the keys are, and then broadcasts this signal to someone waiting near the car:
The recorded signal can then be stored, and played back for future use to start the car. What’s the problem here? Well, car owners should be shielding their keys when they are at home, such as putting them in a metal container or at least placing them away from the door. Along with this, car manufacturers need to mitigate against this, and use systems which detect this type of attack (or even just stop doing keyless entry).
Overall, this attack has been known about for a long time, and why someone in the car industry did not think of this basic type of attack as they were creating keyless entry systems perhaps shows how little the manufacturers have cared about cybersecurity in the past. Basically, it’s all about adding features and then worrying about their security after they have gone into production.
And, so, along with repeating the signal, we see the rise of software radios, and where the signal from a key fob can be captured, and played back. But, governments are starting to push back against these systems, such as with [here]:
Personally, I think this is a silly move, as the problem with car stealing is typically not the capture of the signal from the keyfob but from basic radio repeaters. Along with this, if you ban the Flipper Zero, you basically have to ban anything with an antenna. And, so, rather than manufacturers improving their products and going for security-by-design, it seems a move that will have little effect on the number of stolen cars. The software radio that I have is much more powerful than the Flipper, and there’s not really anything to stop someone from using a laptop with a software radio adapter.
In conclusion, rather than banning devices such as Flipper, let’s get manufacturers to take cybersecurity seriously and let them be more liable for the vulnerabilities they create. And, if we ban Flippers, we ban software radios, we ban antennas, we ban laptops, we ban software which can access antennas, we ban Flash memory, we ban Simcards, we ban RFID, we ban processors, we ban memory, we ban the Internet … in fact, let’s just let’s ban computers, and go back to pen-and-paper! I am sure governments of the world would be happy with that.
If you are interested in car hacks, read on here: