Quote: "By contrast, the cloning attack the Birmingham and KU Leuven researchers developed requires that a thief scan a target key fob with an RFID reader from just an inch or two away."
Story time: Back in 2005/2006 when I worked for Siemens Automotive on Immobilizer feature (was involved in Mazda and Ford projects) I got my hands on the highly secret crypto source...and much to my surprise I've seen they implemented a Vigenere style of cipher. I was astounded by this. Having some crypto background as pet projects on previous years I knew this class of ciphers are at least 1.5 centuries obsolete and they are thought only from historical perspective. Therefore I prepared and called a panel of higher-ups (managers, group leaders and even including the hardware department chief) showing to them that the source code implementation is very dangerous and that for a criminal group to mass steal cars would be very easy. Including telling them exactly what the article is talking about - put an RF recorder under the handle door (how many car owners will check there?), record sessions of radio communications between key fob and the car, analyze that, extract the crypto key and steal the car with a duplicate no more then maximum a week after. Their reply? : "standard in industry call that we also allow mechanical keys to open doors/start the car, so a criminal group can do them as well much easier", and that was the end of that meeting.
I have a Ford from about that time, and the key broke in a way that caused it to fall off my keychain.
Instead of paying $100’s to rekey the car, I stuck the broken key into a machine at Home Depot. It cracked the encryption in a few minutes and produced a duplicate key. The brand on the replacement is “Ilco”. It’s bulkier than the OEM key, but it works great.
Anyway, I’m not at all surprised to hear the car uses an obsolete encryption protocol.
DST40 https://en.wikipedia.org/wiki/Digital_signature_transponder used in Fords of that period is a Feistel cipher not a Vigenere cipher. Now, I wouldn't choose a Feistel cipher for this problem today but it certainly is not 1.5 centuries obsolete, this type of encryption wasn't even invented until the mid 20th century and a very famous example would be DES.
I am sure yes. Mind you, this was Immobilizer feature, sold by Siemens Automotive to auto-makers. As to what in rest of their car Ford itself was using I have no idea, since I was not working for them at the time.
Here is an analogy - Microsoft is Siemens and Ford is IBM. Microsoft sold DOS to IBM to equip their PC's. As for what IBM implemented/used for BIOS, was not Microsoft's job, get it?
An immobilizer simply keeps the ecu from running the fuel pump, thus preventing the car from starting. The challenge-response from the key is used to authenticate the ecu. It’s not so much that it’s bad encryption (it is) it’s just that the access to override such encryption has physical controls (e.g. if one breaks the glass then one typically has complete access to the vehicle). Second the cpu of the time where maybe 4mhz in a good case so it required a system that was fast. This is very similar to the encryption used to immobilize Mercedes and BMW of early 90s.
Also I can tell you on all current and last gen Ford and Mazda’s, the inter-car encryption and authentication has vastly improved.
<An immobilizer simply keeps the ecu from running the fuel pump>.
Wrong! Immobilizer is just a tiny part of the BCM (Body Control Module), to which the normal folks usually interact with and call it on-board computer. The truth is that you have CAN (Controlled Area Network), used by BCM and ECU to communicate through, at the very least. When you press the start button, ECU asks BCM "hey dude, can I start the car?", and BCM responds with "yes" or "no" based on various factors, one of them which is Immobilizer. Even with correct key fob and authenticated, if your door is opened it will not let you drive. Of course, all these varies from car maker to car maker. Some will let you start it but you can't drive for more then 3 meters, others won't even let you idle the engine. You have a crapload of sensors that are part of BCM (tire-guard, wipers, door ajar, belt, etc etc) all of which are taken in consideration to yield that "yes"/"no" response.
And that's just a small part of what BCM does. Also poor ECU, an entire computer on its own right, reducing him to running the fuel pump is like saying a house is to shelter you from bad weather.
Saying immobilizer simply keeps the ECU from running the fuel pump is like saying that all you need to create Witcher 3 game is Visual Studio.
<Also I can tell you on all current and last gen Ford and Mazda’s, the inter-car encryption and authentication has vastly improved. >
As per article, you can see for yourself this is not really true. My code that I've worked in those years (2005/2006) were to be deployed in 2007 Mazda RX-2 and 2008 Ford, so in regards to last gen (cca. 2010) I bet you're simply wrong again. I do hope latest gen has better encryption but I doubt, wanna know why? Because economics. Lemme tell you first hand experience. Managers care about economics and that means cheaper parts. Cheaper parts means less memory, less speed. The goal was always to have the BCM's CPU load between 70% and 90%. Did a smart code and you reduced the load bellow 70%? The higher-ups were jumping happily in the air because it meant a big fat bonus for them due to allowing them to stick a crappier chip on that PCB. That's what they care about, not strong encryption and elimination of theft. Also read about Ford/GM practices in 60's when they preferred to allocate about 200 millions USD/year for paying victims of accidents than have belts. Until they got regulated by law, they could not care less about lives.
The encryption has been broken already but it’s basically trailing bmw and Mercedes etc by about 13 years, so definitely money related but likely they don’t want to or are unable to negotiate patent rights in their technology
BCM is Body Control Module. ECU is Engine Control Unit. 2 different parts (logically). Both are physically PCB's (Printed Circuit Board) that physically can sit either side by side or in very different sides of the car - that's car maker decision. I can't explain it simpler than this.
ECU is usually an Electronic Control Unit. Some OME's name one of there ECU's, Engine Control Unit to make stuff more complex. Not app manufacturers have Engine Control Unit or a Body Control Module. The electronic architecture of a Volkwagen, GM, Volvo or Tesla is very different. Hardly any of the ECU's have the same name.
Or PCM (powertrain control module, since the transmission and engine typically work as one unit) which has been used by Ford (and Mazda) since ODB-2 was standardized in the 90s.
It depends on the manufacturer. Some OEMs call the Engine Control Unit the ECU while others use the general terminology where all Electronic Control Units are ECUs and the engine controller is an Electronic Control Unit named the PCM (Powertrain Control Module) or ECM (Engine Control Module). In those cases, there are some strange ECUs... ex. the steering wheel is an ECU, the stereo headunit is an ECU, etc.
It's not. Was an internal meeting and around 2008 Siemens also sold its entire Automotive division. Also they are the original inventors of Immobilizer feature back in late 80's, and their code "stood" the test of time. You have no idea how much opposition you get to touch even a line of code in Automotive industry when codebase is a decade old, not to mention an entire feature. So I am not surprised this is now all over the place in all auto-makers.
[ Edited to insert: 1056 sort-of covers this, that's what I get for not having seen his latest video ]
The lesson in 1052 sort of misses the point. LPL (his videos are a lot of fun by the way and I recommend them to anyone who is curious about lock picking) says:
> So, if you are installing an access control system like this it is really important to use one that only transmits encrypted data
This would defeat the ESPKey demonstrated, but of course that product exists precisely because it's all you need for common systems today. If "encrypted data" was common the ESPKey's successor would probably be a product that sits next to the reader and gets its own copy of the raw RFID signal. Not as convenient, and less fun for doing cool demos, but still plenty effective enough for crooks.
What you actually need to do to defeat this is a bit more expensive. You need the token (keyfob, card, etcetera) to be smart enough to use the tiny surge of power to do local computation, and then produce one-time-only access codes. That would actually fix the problem, because to get the current code a bad guy needs to steal the token and that's an ordinary physical security consideration that humans are used to dealing with. This way an ESPKey gets the one-time code you just used, but neither replaying it nor copying it to a card to try later will do anything useful.
Unfortunately this smarter token would be significantly more expensive. We saw with EMV cards (payment cards) that the smart and secure option (DDA with changing cryptograms) is expensive enough that providers would often rather take a risk and give you an insecure cheaper alternative which looks identical, especially if they believe regulators, courts etc. won't realise they took the cheap option and so the risk actually lands on their customers not on them.
What you are describing is basically MIFARE, which is commonly used by transport cards. Rather than just being an ID, the card is responsible for storing and deducting the balance, and often stores other things like trip history. The allows them to be used without a internet connection on the ticketing machine (e.g. on a bus).
There have been vulnerabilities found in older versions, but as far as I know, later versions are still considered secure.
Apologies if this reply seems a little pedantic; your reply is mostly correct, but there are some large shortcuts.
MIFARE is not a card type, it's more a family of cards in the 13.56MHz space, produced by NXP.
There are multiple cards under the banner of Mifare, including:
- Mifare Classic 1/4k - UID + Storage space, with individual keys and crypto. Suffers/ed from multiple vulnerabilities. Used mainly in cheaper hotel access systems, gym cards, etc etc. Can be secure, if your security layer relies on strong crypto on card contents, as opposed to the crypto of the card itself. There are no counters in Mifare Classic.
- Ultralight / Ultralight-C / Ultralight EV1
These cards are low cost, reduced storage space, and are / were conceived specifically for the transport industry. They have 'one way' counters that can be used to deduct 'credits' - but these can't be re-written - so they fulfill the task of discardable tickets.
- Mifare DESFire 3DES / EV1 / EV2
The EV2 is the latest generation - ID + Storage + "Applications", with AES encryption. The 3DES was cracked with side-channel power analysis (like the items in this article) - but the EV2 has no practical attacks to this day.
Information aside, most transport systems do not store value on the cards, but allow for offline use by forcing sync the next time the card passes by an online system - IE, limited trust.
Thanks for the explanation! Regarding the storing value on the card, one notable deployment that does work like this is the London Oyster card. These were first rolled out in 2003, so getting a reliable internet connection everywhere they were used wasn't possible.
When you topped up online (I haven't lived in London for a few years, so don't know if it still works like that) you had to select which station your top up would be applied to, then overnight that station would download a list of topups, and apply it to your card when you touched in or out next. So at the time there was no real time connection to a centralised database.
LPL's recent videos are quite interesting, but the RFID cards he targets are one the 'low hanging fruit's side of the spectrum: very old systems with no encryption that only transmit an ID. The system he demonstrates harkens back to the 1980s. [1]
There are literally hundreds of other protocols and systems that are much better: the DesFire EV2, etc [2] for similar costs (ie 80c vs 70c) [3][4]
Just wanted to point out that the systems that you hypothesize exist already, and are not orders "Significantly" more expensive.
> What you actually need to do to defeat this is a bit more expensive. You need the token (keyfob, card, etcetera) to be smart enough to use the tiny surge of power to do local computation, and then produce one-time-only access codes.
Why do you need the keyfob to rely on a "surge of power"? Can't you put a battery in it and charge that battery when driving? If the battery runs down, you needed a backup anyway (physical key or phone app) in every implementation I've seen.
Why couldn't it work like credit cards? Physically touch the car with the key like a normal key hole if the battery dies. The car can provide whatever small current it needs, and the key can be as complex as we want.
Most popular card/fobs (95%+ of all I've seen) don't use challenge-response, but always transmit the same 26 bytes. I don't have to explain how "secure" is that.
My reaction: Great! Reproducing these keys costs hundreds of dollars and a trip to the dealer. Maybe it can finally be affordable again.
I'm less concerned about someone stealing my car. The local police department takes it seriously, no less because stolen cars are used to commit other crimes.
I like how some Chrysler products handle this. You can buy a $50 fob online and program it to your car yourself. The catch is, you need two key fobs to do it. This is so the valet attendant (who only has 1 of your key fobs) can't make his own copy. So, you just have to plan ahead and do it asap when you get a vehicle and always keep 2 in storage in case you want to make another.
Extreme programming also came out of Chrysler (Kent Beck). They were the first to build and pilot EV pickup trucks and minivans. The 2020 RAM pickup beat BMW and Mercedes for "Luxury Vehicle of the Year". From consulting work I've done there in the past, they have many small groups that function like internal startups. They are surprisingly forward thinking despite many of the other products that actually make it into production, although that seems to be changing. The new infotainment system looks second to none.
My old coworker bought a 2019 RAM pickup. I was floored by the inside. It was closer to a spaceship than a truck. Glad to see they are turning things around (at least when it comes to infotainment electronics) but I wish I could trust the engine.
Wait, what are you advocating? Return to keys without an immobiliser??? You do realise that that's the feature that has single-handedly destroyed car theft that was so rampant by the 90s? That is what made cars so difficult to steal, but also what makes keys cost what they do and require an approved dealer to code the keys. Return to the old keys where you only had the key and nothing else would be......crazy, really.
I wouldn't be surprised to find car thieves also diminished since the nineties. Akin to why violent crime is down. Could be other confounding circumstances. Is almost certainly a combination of things.
For the curious or eagle-eyed, David Oswald, one of the co-authors of this paper is also one of the co-creators of the ChameleonMini [1], an open source RFID emulation device which has become the defacto tool for emulation in the penetrating community.
dang, can we get a ruling? These headlines might not violate the letter of the "If the title begins with a number or number + gratuitous adjective" guideline, but they do violate the spirit.
"Hackers Can Clone Toyota, Hyundai, and Kia Keys" gets the same point across without the sensationalism.
I'm bringing it up because I've seen many of these "millions of [thing that exists in the millions]" headlines recently, and I think it's more than just Baader-Meinhoff at work.
I'm not seeing the problem. Your suggested title makes it sound like they could clone all the keys from those manufacturers which isn't true. And if you inserted a word like "some", my first question would be, "Well, how many?" To me "millions" is useful in conveying it isn't just a niche issue, but it isn't everything, either.
Why not include a percent? Are we talking about 10% of cars, or more like 80%? Is it mostly recent cars, or are cars from several years ago also affected?
It's not a terrible headline, but it could also be improved.
It could be improved if that data were available. But it's not in the article, and it wouldn't be easy to gather. So I think we should stick with reasonably achievable choices.
He made the point in one amazing talk (that included references to centaurs and American exceptionalism and possibly ancient sumerian) that we've long used locks not for security, but as a social symbol of security.
Anyone can just put a cinder block through your window and steal your car. The barrier isn't technological, it's social. Locks are a great defense against the kid or confused person who is wandering around and forgets that we have social mores against making off with thousands of dollars of other people's property on a whim. They are not designed to defend against dedicated thieves.
We defend against dedicated theives by hiring detectives and prosecutors and making it in general more hazardous as a profession than other professions that one might take up. We defend against theft by just generally making it more lucrative to apply the same amount of ingenuity and dedication to other endeavors, like giving amazing talks about perfect security and American centaurs.
I'm probably butchering or overextending his point though, would love for the man himself to weigh in.
Indeed, most locks are societal items instead of actually being difficult to defeat. It doesn’t make a lot of sense to over engineer one part of a system that an OoB attack can easily defeat unless that other attack vector is much more often attacked. I doubt that’s the case here. People should avoid locations where their cars are likely targets.
The important point these days is one of responsibility.
Whether or not these locks are made to be appropriately 'secure' is the difference between the owner and the manufacturer being liable for the result of criminal action.
The essential problem is that static credentials are transmitted and can be copied. If they used a randomly generated code to unlock the cars (needs to be generated offline) then that would solve this issue.
There are plenty of offline hardware based solutions already on the market especially for unlocking computers with MFA. It needs to be offline generation for computers for NIST DFARS 800-171 compliance.
>The essential problem is that static credentials are transmitted and can be copied. If they used a randomly generated code to unlock the cars (needs to be generated offline) then that would solve this issue.
Not necessarily. Relay attacks are very hard to defeat, regardless of your crypto scheme:
Shouldn't relay attacks be preventable by having the car inspect the timing of the response? A signal that needs to be received, reprocessed, transmitted, reprocessed again and then retransmitted should have a noticeable difference in timing, shouldn't it?
Is there any reason a challenge/response protocol with proper timing filtering isn't safe against relay attacks?
Currently working in the Car industry, previously in the access control industry (and have developed active RFID systems which include timing information to prevent relay attacks)
Yes, you can do this. I have done this (restricted the negotiation to about 12 meters)--you're essentially racing the speed of light, see DE102012104955A1. Most of the reasonable approaches are patented by NXP.
The relay attack (which is not what this article is about) relies on an erroneous idea in the design of keyless entry and keyless ignition systems.
Signals from an RFID device don't travel very far. So, (here's the error) if the keys can receive and respond to a signal from the car they must be very close to the car.
But signals can be relayed. Crook A stands next to your car. Crook B walks up to your front door.
Crook B is relying on the fact that most people leave their car keys on a key hook, or in a bowl, or maybe even in their outside jacket, which they leave by the door because that's convenient. You have done this.
The car is sending radio pulses. "Hey, are you my key?". Crook A has a relay transceiver, it doesn't need to understand this pulse, just relay it to Crook B. Crook B has another transceiver, and when it says "Hey, are you my key?" the key, on the far side of a locked front door, says "Yes! I'm the right key, see! 023483109" and Crook B's transceiver sends that right back to Crook A. "Yes! I'm the right key, see! 023483109" the one-time code from the key matches, the car unlocks. Crook A gets into the car and starts it. Crook B walks over and gets into the passenger seat.
In a few seconds the car will discover that the key, which was apparently right there, has somehow vanished. But for safety reasons it is unsafe to suddenly lock everything and shut off. The thieves will ensure that by the time it decides it would be safe to lock itself, it's inside a chop shop and that's too late.
So no, the attacker doesn't "have" the key, they just need to be able to stand relatively close to it.
I think what I am unclear about is how the crook gets the signal. Is it as simple as recording it once and using it again later? Does they key change between uses?
Otherwise the attack seems arbitrary. If my key keeping bowl at home physical security is compromised I have someone in my house.
I generally dont leave my keys out anyway, but a nefarious plumber/home contractor could potentially gain access.
It should be a construction approximately: first DHE and then the car challenging the fob to MAC a unique message. Exponential backoff after every failed attempt for that token (fob).
I guess you could backoff based on an ID, but then spoofing IDs would need to be defended against. So that doesn't solve anything either. I think DoS is fine to deny attackers entry because most sensible fobs have a backup key with a chip so the driver could just unlock their car like an animal.
I live in the city and it's extremely common for cars to be broken into and/or stolen because of key fobs. It's a common topic on our FB neighborhood group. We store our keys in a Faraday box by the front door now, instead of leaving them out. Not surprised the attack vectors keep growing here.
Ceo's BMW X5 was stolen last year.He watched the CCTV later on.The guy came to the car with a laptop and drove away after a minute or so. Police found the car dumped somewhere on a road,as the car ran out of fuel and apparently it had some security feature that prevented the thieves from refiling it.
Sounds like you’re describing a range extender attack on the keyless start. Almost(I don’t know any that aren’t) all cars with the feature are vulnerable to this.
“Though the list also includes the Tesla S, the researchers reported the DST80 vulnerability to Tesla last year, and the company pushed out a firmware update that blocked the attack.”
First: Auto manufacturers ought to get together and agree on one common key + entry system standard. It can be a combination of physical key and remote key if necessary.
The problem: If you have multiple vehicles (and many families do) you end-up with a keychain full of horrendously large and unnecessarily inconvenient keys, key-fobs, whatever. Some manufacturers seem intent on making the larges and most inconvenient boxes they can possibly imagine. This is entirely unnecessary. In this day and age one ought to be able to have a universal programmable entry system that gets programmed for your vehicles and that's that. One device to rule them all.
Second: Auto manufacturers ought to get together and agree on placing the fuel tank port on the same side.
The problem: Today you have cars and trucks with fuel tank refill ports on the left and the right. It can be an absolute nightmare to go to a gas station where most of the cars have ports on the left and you show-up with one on the right. This is one of the reasons for which I hated driving our BMW. Going to the gas station was always a game of chicken with cars entering in the other direction.
As Dylan said, cars come in from any direction, which makes not having the port on the same side in every vehicle a complete mess.
From my experience most vehicles have it on the left side, in the US that would be the driver side.
If you show-up at a busy gas station with a BMW --which has the port on the right-- well, good luck, it can get ugly. Rather than lining-up behind the car currently fueling-up, you have to line-up in front of them. Which means that someone entering the station with a left fuel vehicle often ends-up behind them --even with you waiting patiently in front way before the third car showed-up. That's where the problems begin. This has happened to me many times.
Because the car that finished fueling drives forward to exit, the car behind it has a natural advantage and the one in front a disadvantage (at the very least you have to allow plenty of room for them to drive out). The car behind them, if they want to deny your rightful turn, just crawls forward as the first car exits. Before you can do anything at all they are in front of you, took control of the pump and you have to choose between waiting, moving or getting into an argument with someone you know isn't likely to be a nice person.
If all fueling ports are on the same side there are no problems.
The alternative is to require that hoses be longer. The problem with this is that it doesn't work at all for trucks.
>Second: Auto manufacturers ought to get together and agree on placing the fuel tank port on the same side.
The problem: Today you have cars and trucks with fuel tank refill ports on the left and the right. It can be an absolute nightmare to go to a gas station where most of the cars have ports on the left and you show-up with one on the right. This is one of the reasons for which I hated driving our BMW. Going to the gas station was always a game of chicken with cars entering in the other direction.
I would say that in EU (German, French, Italian) cars have it on the right (like the BMW), i.e. opposite the driver side, I have now an Opel and it is on the right, and my my previous car was also on the right.
I believe it being on the right is a traditional safety provision, though they are becoming very rare nowadays (and since several years) a number of fueling stations (at least in the cities) were not, like it is common nowadays, in a (large) court, the pumps were simply along the road, at the most in a 3-4 meters enlargement of the road itself.
So it made sense to have it on the right, the only moment where the driver is exposed to the trafic is when he/she gets out of the car, during the refueling he/she can stand on the right of the car, i.e. between the car and the sidewalk (and the same applies to - as it was once most common - to the gas station service personnel).
There are hoses on both sides of the line of pillars, but at the same time cars can approach the line from either end. No matter what side your port is on, you can use any spot.
That is rather alien to me. In my country, you have a system where the fuel station has one defined entrance and exit: everyone queues, uses either side of the pillar (the hoses are long enough) and then leaves.
I want to believe this is to be able to spread the use around both sides of the pump without pulling the pump hose over/around the car. In some gas stations there's no easy way to turn the car around the pump.
Phone as key is the future. I was skeptical at first given the general unreliability of Bluetooth but Tesla managed to do it. It's been flawless for me. Key card as backup makes perfect sense although I believe upcoming NFC standards will make even this unnecessary with the ability to have the phone act as a passive NFC tag even when the battery is dead.
The key fob is still available if you want it. Tesla even allows adding and removing keys at home. It's an underrated part of the Model 3. Phone key could have been a disaster but they nailed it.
That would be nice, but what is actually going to happen is that all the cars are going to support an Apple-proprietary standard (there are references to a "CarKey" framework in released iOS beta builds). Certainly Google are now working on their own equivalent for Android.
So there will be two standards, Apple and Google and all cars will support both. Kind of like with CarPlay and Android Auto.
Yeah, that’s why I would not be for the standard being based on phones.
As a side note, I stopped buying phone controlled devices a while ago. All of these things are going to end-up on a big pile of trash as technology evolves. I don’t need a phone controlled toaster oven or power drill.
Call me old but what is so great about the smart key? Not having to pull it out of your pocket? I know this is an old rant already but car have reached the crappyfication curve, when something cannot improve its main purpose anymore it starts adding unneeded features to be able to push a “new” product.
The keys this article is talking about aren't (necessarily) keys you don't have to "Pull out of your pocket". What's "smart" about them is that the car's immobilizer technology talks to them before agreeing to let the vehicle be driven.
Hence the article says thieves would be able to "hot wire" a car after using this attack. You can't (if manufacturer's did their job properly) "hot wire" modern cars like you see in a movies, the computer overseeing things doesn't let it be driven anywhere just because somebody jammed a screwdriver in a hole and taped some wires together.
Keyless entry and keyless ignition are entirely different technologies that have a different problem (relay attacks) which has been covered a long time ago and has numerous quite different solutions from this.
This article is about the all-to-common situation where somebody cut too many corners and left themselves open to a pretty easy cryptographic vulnerability. (Some) Car manufacturers did a crap job of making the "smart" key that disables the immobilizer actually secure, and bad guys can use that to clone such a key and drive off in your car. If they didn't also copy the mechanical shape of the key (which would be more effort) they can smash the lock just as they would have in the 1980s to steal a car. Some of them might even remember stealing cars in the 1980s and not need to learn a new technique.
Mechanical keys with transponders are even easier to clone but their range is very short (the transponder has to be literally inside the antenna) so a distant attack is almost impossible, smart keys on the other hand have the same range as the remote, its only limited by the range of the transmitter in the vehicle, if you touch the door and amplify that signal and the keys are close enough to pick it up, it will answer by unlocking the doors.
my favorite use case is when I've left my key in my bag that I've popped into the trunk and closed. my car beeps at me and my trunk pops right open. it's saved me more than once when I've been far away from home.
I disagree, when you’ve got 4 kids and both arms full of groceries, when the doors open automatically or even unlock on their own it’s a godsend. I’d even say it’s probably saved some lives as the kids race to get in and out of the parking lot instead of waiting on me to shuffle around for the keys, dropping bags in the process, and then chasing each other around in blind traffic.
I'm not saying dealing with the kids is at all easy. But the kids are there either way. So I think you have my argument exactly backwards. I'm not saying something is easy. I think kids plus carried bags sounds completely overwhelming. If you want to say I'm wrong, you're making the argument that kids plus carried bags is easier than I think. So please, elaborate on how that's easier than a cart.
You're basically saying "I cannot, in any way, imagine a situation where the parent's story is the sensible choice, and therefore I'm entitled to make a pedantic comment about a situation I wasn't in". Instead, you should give them the benefit of the doubt.
I didn't say it was wrong. I said a cart should make it easier. I'm legitimately confused by their partial explanation, not being pedantic. It's fair to want clarification about why a cart doesn't solve this.
Maybe there are no carts at this store for some awful reason. Maybe the story was so focused on how this type of key solved their problem that they didn't give a fair shake to other possible solutions. More information is needed.
There are multiple ways I can/do give benefit of the doubt, but doing so doesn't make the situation any clearer.
I find this behavior from parents very condescending - "You don't have children therefore your argument is invalid". Parenting isn't that hard - I have 2 kids (8 and 5 years age) and we're just doing fine. Just like 7 billion other people on this planet whose parents went through the same. Of all the hard things I've done in my 42 years of life, raising kids doesn't rank in the top 10.
I have 3 kids around the same ages. I wouldn't say they're the hardest thing in life but they're often a very difficult variable to manage along with life's other challenges. They have this compounding effect...
How much of an inconvenience would it be if your car gets stolen having 4 kids and both arms full of groceries in contrast to placing the bags on the floor for a second?
I have this smart key thingy too and I keep it in one of those RFID pouches. Since I don't have to use the key to start the engine, I feel the whole thing became more of a problem than it was before. You at least always knew where the key is and where to put it. Now it sometimes slids down the seat, or is in my jacket that I wanted to leave in the car or the engine/electric is not on/off because pushing the button does several things. It became an inconvenience and the few times I really used the automatic open feature after deliberately taking out the key out of the pouch to profit from it are negligible.
I'm with you and not a good representative of the target market for keyless fobs. slovette and aetherspawn give good use cases for some benefits. I still ask how much of a real-world problem to be solved was sticking a physical key into a steering column? What were the stated goals for developing NFC ignition fobs en re drivers, manufacturers, and the automotive industry?(1)
Apart from inevitable consequences like from this article, are benefits outweighing other intended, unintended, and inevitable consequences like these for most people?
- Forgetting car keys more often per new learned behaviors
- Fob batteries dying
- Replacing lost / broken fobs is more costly in time, money, and hassle
- Leaving fobs in the car more often
Now i find the opposite situation happening and more difficult/ expensive to solve, that is leaving the keys outside the car and driving away without them.
I doubt you have driven a car with these types of keys if you claim this happens.
If you have, I’d ask you to name it explicitly because I have yet to drive one (out of 10+ be driven) that does not visually and audibly scream at you that the key is not in the vehicle. That’s if it will even let you shift out of park (in a non-manual).
I locked my keys in the car a few times and had to call for help when I had a mechanical key. This has never happened to me with the fob. When I closed the fob in the car, the car refused to lock and made a very long annoying beep at me until I retrieved the fob.
Today’s it’s mostly smart keys. Tomorrow it will all be driven from your phone. I can’t wait when I never have to carry a key again. This is a stepping stone.
It doesn't work that way. iPhones NFC chips are still powered even if the phone battery dies. That's how transit cards work even when the battery is dead.
That's better than nothing, but that doesn't describe "NFC works with dead phone", that describes "phone reserves up to five hours of emergency battery power for only NFC use".
When my current car fob starts displaying a low battery warning I have at minimum weeks to replace the battery. (Not to mention my current car fob is resistant to being dropped, stepped on, etc.)
I've never had my phone die more than 5 hours before needing to drive. I have had my fob stop working without warning. So this would be a good improvement for me.
Not having the key scratch your smartphone, for one. For another, it just reduces the steps to get you from point A to point B. All these little things add up.
Yeah, that would have been a good call. Though as noted below, we don’t always know generally where they were lost. I’ll take a look at the peer-to-per discovery.
I assume this person must be losing their keys in public or somewhere unknown. Otherwise their house must have quite the bonanza of keys waiting for them.
I never lose or misplace my keys anymore now that I have keyless entry/keyless start, they go days without leaving my purse. It's really a massive improvement in my life, one I didn't know I needed until I had.
I had mine for on a 3 year policy for about £100, would cover up to 3 replacements in that time. Made sense as the key was about £400, but I never ended up using it.
Am I the only one still fuming about those two idiots who turned the engine off on the highway, and the hazard lights as well, with no shoulder to pull into? Then the idiots smugly claim they would never put anyone's life in danger. The author also gives them a wide pass. Why? This is such irresponsible behaviour. They couldn't demo it in some large unused lot?
Story time: Back in 2005/2006 when I worked for Siemens Automotive on Immobilizer feature (was involved in Mazda and Ford projects) I got my hands on the highly secret crypto source...and much to my surprise I've seen they implemented a Vigenere style of cipher. I was astounded by this. Having some crypto background as pet projects on previous years I knew this class of ciphers are at least 1.5 centuries obsolete and they are thought only from historical perspective. Therefore I prepared and called a panel of higher-ups (managers, group leaders and even including the hardware department chief) showing to them that the source code implementation is very dangerous and that for a criminal group to mass steal cars would be very easy. Including telling them exactly what the article is talking about - put an RF recorder under the handle door (how many car owners will check there?), record sessions of radio communications between key fob and the car, analyze that, extract the crypto key and steal the car with a duplicate no more then maximum a week after. Their reply? : "standard in industry call that we also allow mechanical keys to open doors/start the car, so a criminal group can do them as well much easier", and that was the end of that meeting.