Why do we still have replay attacks on our cars?

Question

So today my car got stolen in front of my house. It was a 2021's Hyundai Tucson.We clearly see on some cameras in the street that it took less than 1 minute for the thief to take it.I was not aware that the "replay" attack (as I understand consists simply in listening to my keys signal through my door and replicating it to open and start the car), so my key was not far at all.So my question is, why is my worthless github account secured by a free android 2FA app which makes replicating attacks impossible, and my 50K&euro; car secured by the dumbest only-one-forever-the-same key ever?Is it not possible in the car keys to make some pgpsign-like technology?(Also I am now aware of the tiktok trend of stealing these Kia and Hyundai car because their security is so easy to abuse)

mecklyuii · Accepted Answer

I'm confused.I thought normal replay attacks are solved and the issue here is more to do to forward they key range close to the car to simulate the car.key being close.That's what I can't easily just solve if not needing a button on the key which defeats the purpose of the said feature

Scaevolus · Answer

It probably wasn't a replay attack. You can steal a Hyundai with a screwdriver and a USB cable. https://www.hotcars.com/kia-boyz-easily-steal-base-kia-hyund...

badpun · Answer

I thought these attacks work on a much lower layer - by adding a repeater, which is essentially extending the range of your fob? I.e. they just pass the radio signals back and forth, without analysing their content at all. Can anyone confirm/deny?

t-3 · Answer

What incentives do automakers have to provide you with a secure product? "Old-school" key ignitions work perfectly fine, so why were they replaced with the obviously-flawed dongle?How complex would a device have to be to not be trivially defeated by a replay attack? How do you get both ends to reliably communicate without requiring an always-on internet connection in both the dongle and the vehicle to sync timing or some other state? What do you do when the manufacturer no longer exists or doesn't want to pay for servers to enable people to drive "old models"?

kypro · Answer

For anyone interested in replay attacks and ways in which manufacturers protect against them this is an excellent video on the topic, https://www.youtube.com/watch?v=5CsD8I396wo

giantg2 · Answer

I don't have to worry about this.My car is cheap and doesn't have a wireless key.

deafpolygon · Answer

Insurance.

Why do we still have replay attacks on our cars?

I'm confused.
I thought normal replay attacks are solved and the issue here is more to do to forward they key range close to the car to simulate the car.key being close.
That's what I can't easily just solve if not needing a button on the key which defeats the purpose of the said feature

It probably wasn't a replay attack. You can steal a Hyundai with a screwdriver and a USB cable. https://www.hotcars.com/kia-boyz-easily-steal-base-kia-hyund...

I thought these attacks work on a much lower layer - by adding a repeater, which is essentially extending the range of your fob? I.e. they just pass the radio signals back and forth, without analysing their content at all. Can anyone confirm/deny?

For anyone interested in replay attacks and ways in which manufacturers protect against them this is an excellent video on the topic, https://www.youtube.com/watch?v=5CsD8I396wo

I don't have to worry about this.
My car is cheap and doesn't have a wireless key.

Insurance.