In a Computerworld article today, some researchers have shown how easily circumvented the PKES or passive keyless and start systems used by all the major manufacturers are. For as little as $100, equipment can be obtained off-the-shelf and configured to sniff the codes used by these systems. “In this paper, we demonstrate that these attacks are both feasible and practical,” the researchers said.
The article notes very specific details about how the attack can be successfully pulled off and states the researcher’s opinion that the attacks are not theoretical. The only recommendation to mitigate the attack is to use a protective magnetic envelope to prevent the fob from emitting signals or removing the fob’s battery.
This is a great case of a manufacturer not taking security seriously. In this case it shows the laxity and arrogance of entire industry. Are there any manufacturers that have multifactor security available? Simply using a thumbprint in conjunction with the fob, would have prevented the mess the industry is in now having to fix the issue. I wonder if any security consultants were consulted? I am guessing no.