Comment by H8crilA 17 hours ago
BTW, car keys (physical keys) are notoriously weak, generally susceptible to simple raking attacks. You can learn how to rake a lock in a few minutes, and the rake+tensioner itself costs around $5. And all cars include a physical key as a backup entry method. This was partially solved by adding another device that cuts off the engine, the immobilizer, which still allows the attacker to get in, but not to drive off.
Funfact: in the past Ford and Volkswagen had only a number of different variations for the coding of the physical keys. So that you could open and start several cars with the very same physical key.
I assume that this was also true for other brands.
Many fleet vehicles are still this way. The 1284x key, for example, can open a surprising number of things including many older police vehicles.
A few hundred dollars more on Amazon will net you a magic keyring that can open a surprising number of vehicles, buildings, control systems, and vending machines.
If you're into that sort of thing check out Deviant Ollam's physical pentesting videos on Youtube.
That's a good start. To do better you'll need to do some reading or watch a ton of youtube videos to identify the keys that will get you the most bang for the buck.
I think mine has something like 20 keys on it now, and it will open a truly surprising number of things that it shouldn't.
This happened to me! Friend had a similar car and at night they went to mine and the door unlocked but the car wouldn't start. The door only had a few pins it checked while the ignition used every pin. We compared our keys and sure enough one part of it was the same.
OBS Ford F-150s do this and it's not common knowledge even among enthusiasts. The back 4 pins work the door, the front 6 or so pins work the ignition. A common problem is that the ignition barrel keyswitch dies and you have to replace it, but then you have separate keys for the door and ignition. I took the new ignition key to a locksmith and had him copy the 4 back pins from the factory key, and I was back to a single key!
My mom amd my friends mom both drove toyotas, completely different models and many years apart. By coincidence the key for my friends moms car worked for my moms, for unlock and start, but, my moms could only unlock the other one.
The thing is if you have time to rake a car lock, you can also just break the window if you're going to rob the interior.
The key fob attack is superior since no one looks twice if you walk up to a car, it unlocks from a hand held device and then you get in and drive off.
With practice raking doesn't take that much time and "usually" comes with the benefit of not tripping the alarm that the door was opened (because the car "thinks" the door has just been unlocked with a key).
<EDIT> Seems HN has different experiences with their cars then my own, So I'll concede the idea that the alarm doesn't trip when using the key. It seems the cars I've had in the past are the exception to the rule. </EDIT>
The thing is, in the real world, no one really looks twice when someone gets into a car unless they are using obvious brute force to get into the car.
I had a non electronic key cut for my Jeep so I could zip tie it under the frame for emergency use. It will not start the engine, but does open the door locks. When I open the doors with it, the alarm goes off.
Yeah, I think it is car dependant. But the car I use (gave up my own car, but the family has a shared "work horse" car we are all insured on.) is a 10 year old UK Ford fiesta and that car doesn't trip the alarm if the door is unlocked with the key, and its not the transponder in the key, cause one of the keys to that car doesn't have a transponder and the keys get mixed up from time to time (So you only know you have picked up the wrong key only when you insert the key into the ignition and the immobilizer light is a solid red light - 3 keys, one with a fob, 2 without a fob, one of which has a failed transponder chip in it, these two keys look the same and not one of us has been arsed enough to take both keys to the car, figure out which doesn't work and label it :-P).
(One day, when I can be arsed, I'll rekey the car and reprogram it with fresh transponders, but today is not that day!)
It is superior, but a lot more difficult to pull off. And what if raking takes just 5-15 seconds? Because that's how fast it often is.
And in either case you still need to deal with the immobilizer, and turn the core of the ignition lock. Unless your radio device is that comprehensive :)
Presuming its a modern car (and if we are talking about keyless entry/start we are), well then you just plug an "Emergency Start Device" into the OBD port or to the BCM module, and drive away. Heck a lot of these "Emergency Start Devices" can also unlock the car, but often involve pulling panels/lights from the car to get to the can bus to run the attack.
So that attack when done on its own is mainly left to stealing cars off drives at night rather than say from a supermarkets car park during the day.
Push-to-start eliminates the need to turn a physical lock. They drop to zero security once their RF is broken.
> And all cars include a physical key as a backup entry method.
Which means you are safer with just keys rather than keys plus another way to open the doors.
> This was partially solved by adding another device that cuts off the engine, the immobilizer
If they key does not need to be physically inserted to start the engine (which is true in many cars) then that is liable to attack using the remotes too, right?