MarketSqHero said:
Zapad said:
OK so if you've got motion sensing keys then only car park relay attacks are a problem.. And those are real.
The obd key attack, is that not defeated by the new digitally locked obd access? Don't know if bmw have introduced that yet, vag have. It should be stopped the same way as you not being able to use obd11 to mod your car any more...
You got any source for VAG using locked OBD? All the VAG forums seem to think theft by OBD is still an issue.
Possibly.... on MQB2020 cars (eg the Mk8 Golf) they use SFD protection (Schutz Fahrzeug Diagnose). Its not explicitly designed for key protection afaik, its designed to prevent autonomous driving parameters being accessed.
It uses a security gateway to protect most of the configuration items, pretty much anything that can be written to, and is only accessible using a one time code generated by a VW system, tied to the VIN and valid for only 90 minutes. All access to the vehicle via this is tracked and logins are really tied down tight to VW dealers and qualified independents.
As an infosec professional, I rate that security as a tough target. Possible to win, but hard, I won't explain how.
Its why you can't modify the parameters like you used to be able to.
You can plug into the OBD port, you can talk to it, but I doubt if you can use anything useful like pairing a new key with it - not without a VW authorisation token.
The other countermeasure to OBD assault (even on not quite the newest cars) is that you cannot even read from OBD without the bonnet being open. Thats's really quite common these days, even without SFD. So smashing a window and plugging in doesn't work - you'd need to get the door open to access the bonnet catch (recessed in the door frame)