Keyless Entry hack affecting Mazda CX-5?

sillyxone said:
Yes, they probably use rolling code, but this is not a store-and-use-later like the garage's hack that jams the signal, tricking the owner in pressing the request twice. This is instant relay. It works similar to how you have wifi-repeater to extend the range of your home wireless network.
Click to expand...


I wonder if frequency hopping would reduce this vulnerability.
 
craigo said:
I wonder if frequency hopping would reduce this vulnerability.
Click to expand...

I think that would reduce the risk as sweeping technique is still complicated and doesn't always have good result, but again, it's up to car makers to choose how advanced their implementation will be (e.g. using the same sequence and variation of bands on all cars would be pointless).

If the amplification attack starting to get popular, I think one compromise is to install a push button on the fob so that it only wires the battery to the circuit when pressed. You can then hold this button on the fob while pressing the request switch or the ignition button on the car, then release it to prevent the fob from replying to unexpected requests. Of course, it doesn't seem to be any more convenient than not having the battery. Would be cool if instead of dis/connecting the battery, you can pin-point the circuit to switch on/off the authorization signal, but still leave the door lock/unlock buttons intact as those two buttons seem to be independent of the verification process (they are still vulnerable to the RollingJam attack, although the attacker can only unlock the door but not starting the car).

I've been testing out my life without the battery in the fob since yesterday, not too bad, just like having the old physical key but without actually inserting it into the key hole. However, this works for me because I have a 3rd-party lock/unlock remote (Compustar remote-starter).

Another option is to have this feature disabled in the car by the dealer/tech. IIRC, to save battery, the key fob is usually in sleep mode. The car when requested would send a burst of high-power signal in low frequency to wake up the key fob circuit, then both switch to the high frequency (433MHz?) to communicate. Because this high-power burst of low frequency could affect implanted medical device, you can request to have the wireless authorization feature turned off. This probably will leave the door un/lock intact, so you can still use the Mazda key fob to un/lock the door, but will need to touch the fob to the ignition button to start the car.
 
I simply am not in the least bothered with these scare stories.
I remember the same stories doing the rounds when cars first moved to a remote fob, rather than just a key.

Since 2009 i have been using keyless, but no matter what system i've had no one has ever stolen my car ever.
Breakings i've had 5 for theft all before car alarms were standard.
 
Last edited:
No forum members have had their CX-5 stolen. I'm pretty sure all of us have actively transmitting key fobs.

Worrying about this is like being paralyzed to get on a commercial flight (except one is potentially deadly, the other is simply an insurance claim).
 
MikeM. said:
No forum members have had their CX-5 stolen. I'm pretty sure all of us have actively transmitting key fobs.

Worrying about this is like being paralyzed to get on a commercial flight (except one is potentially deadly, the other is simply an insurance claim).
Click to expand...

Agreed, MikeM. :)

I'm sure if the hack becomes prevalent, the burden would be on the manufacturers to re-engineer the design.
I do appreciate hearing sillyxone's insights into how the system and hack work, though. Thanks for that!
 
I guess it also depends on where you are. For example, I'm in the suburb area of Minnesota where I can probably forget to roll up the window the whole day in the parking lot without loosing a thing, but my car can easily get a broken window parking on Minneapolis streets. Also, crimes tend to increase during summer. You can check the crime heat map of where you park the car if you aren't familiar enough with the area yet.

http://www.crimemapping.com/map.aspx
 
Perpetual Nomad said:
An interesting paper on the subject:
http://www.syssec.ethz.ch/content/d...oup-dam/research/publications/pub2011/332.pdf
Click to expand...

Thanks for the link, that paper confirms my imagination of the attack, and my proposal of installing an on-demand button on the fob doesn't seem to be far off from what the paper proposed neither :)

I emailed the dealer last night asking if the wireless authorization can be turned off without affecting the un/lock ability of the fob, still waiting for a response.
 
Perpetual Nomad said:
Would love to hear if that's the case -- really curious
Click to expand...

Just had a quick chat with the dealer ...

Alyssa M.: Good afternoon! Thank you for contacting Walser Automotive Service, my name is Alyssa, how may I assist you?

You: From the User Manual of the CX-5:
"NOTE: The advanced keyless entry system functions can be deactivated to prevent any possible adverse effect on a user wearing a pacemaker or other medical device. If the system is deactivated, you will be unable to start the engine by carrying the key. Consult an Authorized Mazda Dealer for details. If the advanced keyless entry system has been deactivated, you can start the engine by following the procedure indicated when the key battery goes dead.
Refer to Engine Start Function When Key Battery is Dead on page 4-6."

You: If I request to de-activate the Advanced Keyless entry, I would then will have to bring the key fob next to the ignition button to start the car, and that is fine. My question is, can I still use the key fob to lock/unlock the car remotely?

Alyssa M.: Let me check on that for you real quick

You: thanks!

Alyssa M.: My advisor informed me that deactivating the remote start would prevent any automatic lock or unlock. You would have to pull the hard key out of the fob and manually lock/unlock the vehicle.

You: just want to clarify, you advisor uses the term "remote start", it's not the same as a remote starter that allows you to start the car from far away, right?

Alyssa M.: That is correct, it is not the same as the one that starts the vehicle from far away.

You: The feature that I mentioned would be de-activated is the one that allows me to keep the key fob in my pocket and still can push the start button on the car?

Alyssa M.: Yes, that is the one my advisor was referring to.

You: thank you!!!
Click to expand...
 
sillyxone said:
Thanks for the link, that paper confirms my imagination of the attack, and my proposal of installing an on-demand button on the fob doesn't seem to be far off from what the paper proposed neither :)

I emailed the dealer last night asking if the wireless authorization can be turned off without affecting the un/lock ability of the fob, still waiting for a response.
Click to expand...

The distance measuring idea is an interesting challenge.
 
sillyxone said:
Just had a quick chat with the dealer ...
Click to expand...

That's rather interesting. So yeah, you can revert to the physical key method to open the doors, but will it allow you to keep the standard push-to-start (without using the RFID backup mechanism: pressing fob to engine start button)? If you can't I don't see how it's any different then than just pulling the battery.

If you can keep the key-in-pocket push-to-start feature perhaps get your physical key duplicated at a box store and added to your key ring.

Any way to simply revert to using the buttons on the fob to open & close and drop the proximity door unlocking? Sure would nice if it could be reverted to a more traditional fob, like the one I just gave away with my 2011 Mazda3
 
Last edited:
Perpetual Nomad said:
That's rather interesting. So yeah, you can revert to the physical key method to open the doors, but will it allow you to keep the standard push-to-start (without using the RFID backup mechanism: pressing fob to engine start button)? If you can't I don't see how it's any different then than just pulling the battery.

If you can keep the key-in-pocket push-to-start feature perhaps get your physical key duplicated at a box store and added to your key ring.

Any way to simply revert to using the buttons on the fob to open & close and drop the proximity door unlocking? Sure would nice if it could be reverted to a more traditional fob, like the one I just gave away with my 2011 Mazda3
Click to expand...


meh.. If it's really a concern wrap it in a couple layers of thick aluminum foil when not in use. Simple and very effective.
 
Interesting thread...

However...

Are Mazda CX5's being stolen in droves?

I don't recall it being on any top ten most stolen lists nor have I heard of any instance in the news where CX5 owners are being stalked by folks with copy-cat code reader devices so they can steal your CX5 after you enter your fav big-box-store...

It's close to April Fools - is this an early one? :)
 
In the Baltimore area they'll steal your car just for fun. Doesn't matter who you are, what you have in it, or what kind of car.
 
AllezDada said:
In the Baltimore area they'll steal your car just for fun. Doesn't matter who you are, what you have in it, or what kind of car.
Click to expand...

We don't have that kind of problem here. But my car is insured so they can have at it.
 
Please log in or register to reply here.

Similar threads

B
Advanced Keyless entry issue…Any ideas? 2020 CX-5
Replies
2
Views
585
ceric
ceric
S
Keyless System Malfunction and unable to start
Replies
19
Views
92K
bental
B
9
Shattered sunroof (2016 CX-5)
Replies
3
Views
895
Wendel7213
W

Latest posts

Back