Comment on Electronic devices or 'signal jammers' used in car thefts to be banned
cmnybo@discuss.tchncs.de 2 days agoAn SDR is not a signal jammer and the flipper zero can’t clone a rolling code remote.
Comment on Electronic devices or 'signal jammers' used in car thefts to be banned
cmnybo@discuss.tchncs.de 2 days agoAn SDR is not a signal jammer and the flipper zero can’t clone a rolling code remote.
swizzlestick@lemmy.zip 2 days ago
An SDR can be made to jam, even if that is not the normal purpose. Just like a kitchen knife can be used to murder people, instead of its normal culinary purpose.
Of course an F0 can’t clone a rolling code as-is. I never said it could. But it can harvest and replay a single or multiple consecutive codes just fine, providing the original key is not used in the meantime. Only need physical access to the key while it is out of range of the vehicle.
This alone puts the F0 on dangerous ground as an “electronic device (such as a signal jammer) for use in theft of a vehicle or theft of anything in a vehicle”
People have locked out their original keys by messing with this before.
The point is that our laws are reactionary, vague, and open to too much interpretation.
If someone gets shit stolen out their car and I happen to be nearby, then I will become suspect merely through possession. Even without intent.
sugar_in_your_tea@sh.itjust.works 1 day ago
Exactly!
To add to this, I used to work at a physical security company, and we needed to alert the guards of someone attempted to jam signals. How do you properly test that? By jamming signals!
I guess this scenario could be resolved through licensing, but that’s a ridiculous solution since criminals could still get it.
It should be illegal to use a jammer maliciously or negligently. It shouldn’t be illegal to posses one. Car manufacturers should also be held liable for losses due to lack of protection against jamming.
KairuByte@lemmy.dbzer0.com 4 hours ago
Did you mean something else here? You can’t “protect” against jamming. That’s like protecting from too much noise in a conversation.
sugar_in_your_tea@sh.itjust.works 3 hours ago
I meant they should have failsafes in place so jamming isn’t an effective attack.
A simple analogy is locks. Instead of making lock picking kits illegal, design better locks to increase the time and knowledge needed to defeat a lock.
Car remote unlock design is lazy: you push the button and it generates a key, which is invalidated when used. There’s nothing more complex here than a defined order. To protect against that, add a time element (like TOTP in Google Authenticator). Your fob and car would keep time independently, so an attacker would have a very narrow window (i.e. under a second) to attack the car, if that. Resync the fob with the car after a successful challenge/response process so they don’t drift too much, and allow resyncing with physical entry.
Car companies should pay when their laziness leads to compromise.