[Discuss] A Little OT: The Password Post-It

[richard.pieri at gmail.com (Richard Pieri)]

More details:
http://www.isoc.org/isoc/conferences/ndss/11/program.shtml#id2a

> Relay Attacks on Passive Keyless Entry and Start Systems in Modern
> Cars
>
> Aurelien Francillon, Boris Danev, and Srdjan Capkun
>
> We demonstrate relay attacks on Passive Keyless Entry and Start
> (PKES) systems used in modern cars. We build two attack realizations,
> wired and wireless physical-layer relays. They allow the attacker to
> enter and start a car by relaying messages between the car and the
> smart key, independently of the presence of authentication and
> encryption. We evaluate PKES systems of 10 car models from 8
> manufacturers, discuss relevant systems? details and propose a set of
> countermeasures.

These attacks exist and Bluetooth proximity isn't proof against them.

I'll grant you that relay attacks aren't *common* methods of stealing 
cars for one reason: a hammer, a hacksaw blade, and a broken window are 
cheaper than $500 worth of electronics.

Back to the Bluetooth proximity fob.  Geofencing has a number of serious 
drawbacks.  First is that it requires the GPS receiver and the Bluetooth 
transceiver be operating continuously while the device is away and 
that's going to kill battery life.  Second is that GPS reception indoors 
is often nil making it impossible for the app to detect its absolute 
coordinates.

Even if you manage to overcome the first two issues then there is a 
third problem that you can't overcome: accuracy.  DGPS has a positional 
(horizonal) margin of error of +/-5 meters and an altitude (vertical) 
margin of error of +/-10 meters.  The fob could be in a different room 
or even a different building and still detect as close enough; or it 
could be 3 inches away and detect as too distant.

Using a Bluetooth device as a key is certainly an interesting idea but 
proximity isn't reliable as a security token.

-- 
Rich P.