I think that this kind of tech is just fundamentally insecure. I can’t think of a way to secure it, at least not against gaining entry to the vehicle. And making it secure against driving away (by requiring it to continue to respond to changing cryptographic pings as you drive) opens the door to people being able to use jammers to disable your vehicle remotely. Maybe if they have a special Faraday cage place that you put your fob into, but at that point why not just use a key? Or just require a button press like the key fobs have for decades.
Oh and depending on the latency allowances for responding to pings, it might just be possible to leave a device in the vicinity of the key and relay it over the internet, so even that just increases the difficulty of defeating it a bit.
Same thing also applies to wireless keycards for secure entry, though I think the range for those is generally lower, so it would be more difficult to pull off.
The only thing I can think of is having incredibly tight timing on a challenge/response. With ~10 nanosecond level precision, it’s not physically possible for em waves to travel more a few meters before the time is up.
Might as well have a push button instead. Having it work from your pocket without interaction is what makes a fob different and should be a design requirement.
Potentially better idea, add a gyroscope to the key fob, and stop broadcasting after the fob is perfectly still for some threshold. That way when you set it down inside it can’t be relayed, but if it’s in your pocket, it won’t remain perfectly still, and will start transmitting. Could also add an IR blaster to detect if you set it down in the car. Battery life would start to become a bigger issue, but I think solutions to these problems could be engineered.
Problem with that is that it really only covers the keys sitting on a nightstand situation. You could still get your car stolen while you’re shopping or in a restaurant.
How about just having a button on a fob/phone which initiates comms, like in the good old days. You can’t relay the signal if there isn’t one till you press the button. But that isn’t sexy and it’s too similar to traditional cars, so they won’t do it.
I think that this kind of tech is just fundamentally insecure. I can’t think of a way to secure it, at least not against gaining entry to the vehicle. And making it secure against driving away (by requiring it to continue to respond to changing cryptographic pings as you drive) opens the door to people being able to use jammers to disable your vehicle remotely. Maybe if they have a special Faraday cage place that you put your fob into, but at that point why not just use a key? Or just require a button press like the key fobs have for decades.
Oh and depending on the latency allowances for responding to pings, it might just be possible to leave a device in the vicinity of the key and relay it over the internet, so even that just increases the difficulty of defeating it a bit.
Same thing also applies to wireless keycards for secure entry, though I think the range for those is generally lower, so it would be more difficult to pull off.
The only thing I can think of is having incredibly tight timing on a challenge/response. With ~10 nanosecond level precision, it’s not physically possible for em waves to travel more a few meters before the time is up.
How about a simple faraday shield for the key fob?
Might as well have a push button instead. Having it work from your pocket without interaction is what makes a fob different and should be a design requirement.
How about making the signal so weak that you have to put the key inside a hole in the car for it to work?
Potentially better idea, add a gyroscope to the key fob, and stop broadcasting after the fob is perfectly still for some threshold. That way when you set it down inside it can’t be relayed, but if it’s in your pocket, it won’t remain perfectly still, and will start transmitting. Could also add an IR blaster to detect if you set it down in the car. Battery life would start to become a bigger issue, but I think solutions to these problems could be engineered.
Problem with that is that it really only covers the keys sitting on a nightstand situation. You could still get your car stolen while you’re shopping or in a restaurant.
They have “pin to drive” so you can’t drive even if you’ve gained access to the vehicle, without entering the pin-code first.
How about just having a button on a fob/phone which initiates comms, like in the good old days. You can’t relay the signal if there isn’t one till you press the button. But that isn’t sexy and it’s too similar to traditional cars, so they won’t do it.