Honda CR-V Owners Club Forums banner

1 - 10 of 10 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Dear Honda,

We just bought a brand new CRV Touring with the keyless remote ignition, and were upset and stunned when two weeks later someone literally just walked up our driveway, opened the car, started it, and drove away while we watched! Notable is the fact that we still have our two remotes - they did not obtain one. And we were watching, so for example they did not tow the car.

I was very concerned upon considering this vehicle that it did not have a physical key - that it was all electronic. I was assured by multiple sales people multiple times that these cars were "impossible" to steal if you do not have the remote. The codes used to program the key remotes were secure. It turned out the theft was child's play.

My question is: HOW is it possible the thieves are able to make their own key? Or how otherwise did they take this car so easily?? Honda: It really should be IMPOSSIBLE to program these without explicit authorization / codes from Honda and / or explicit owner permission.

And a broader question: Are these all electronic push start type cars REALLY secure?

To the broader group: We'll likely get a replacement, but how should we protect ourselves and /or prevent this from happening again?

Concerned CRV Owner Ed.
 

·
Registered
Joined
·
252 Posts
Call me old fashioned, but I don't like a lot of this high tech stuff either. Beyond that I felt compelled to purchase an extended warranty just to cover the electronic gizmos (because mechanically, Honda's run forever), I don't think that any automobile manufacturer "gets it" or has sufficient experience and foresight to design sufficient security to go along with it.

Anyway, to the OP - check out this recent NY Times article...
When I told him my story, he knew immediately what had happened. The teenagers, he said, likely got into the car using a relatively simple and inexpensive device called a “power amplifier.”

He explained it like this: In a normal scenario, when you walk up to a car with a keyless entry and try the door handle, the car wirelessly calls out for your key so you don’t have to press any buttons to get inside. If the key calls back, the door unlocks. But the keyless system is capable of searching for a key only within a couple of feet.

Mr. Danev said that when the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter. And just like that, open sesame.
Think about it, auto manufacturers can barely make a decent reliable and secure User Interface System, and now you want to add the physical security of the vehicle itself to that?
 

·
Registered
Joined
·
2 Posts
Discussion Starter #4
Call me old fashioned, but I don't like a lot of this high tech stuff either. Beyond that I felt compelled to purchase an extended warranty just to cover the electronic gizmos (because mechanically, Honda's run forever), I don't think that any automobile manufacturer "gets it" or has sufficient experience and foresight to design sufficient security to go along with it.

Think about it, auto manufacturers can barely make a decent reliable and secure User Interface System, and now you want to add the physical security of the vehicle itself to that?
Based on the sequence of events, I think you are exactly right TomKatt about that "wireless amplifier" device getting the callback from the remotes. And we thought we were clever moving the fobs to the bedroom! Thanks so much for your reply and the article links. We thought we won't be getting a Honda as a replacement, but it does not seem to matter what the car manufacturer - they would have as easily taken a new Nissan, for example.

Having spoken to the dealership and Honda Customer Service - they were both like "Really? We don't know how that might have happened. Sorry. <shrug>.". Of course they know all this stuff. I'm disappointed they are at least not more forthcoming or provide more disclosure or at least more information on how to protect yourself. Had we known, we'd still have our car today.

Our plan for the next vehicle, LMK what you think (any opinions or recommendations welcome).
- Put the keys in the freezer! Or other heavy metal box (prevent signals).
- Get a third party security system installed that also provides ignition disable (along the lines where you need "two parts" to successfully start the car)
- Get LoJack - so at least we can track the car if it goes away.

This is all in the intent to keep our Hondas safe!!

One other question - I thought the ignition would be disabled if it went out of range from the remote? Maybe the CRV system does not have that feature.
 

·
Registered
Joined
·
252 Posts
One other question - I thought the ignition would be disabled if it went out of range from the remote? Maybe the CRV system does not have that feature.
You're not going to like this article either - it focuses on VW but the part in question apparently applies to Honda as well...
Three researchers uncovered flaws in the RFID Megamos Crypto transponder found in keys and key fobs; it’s supposed to stop an engine from starting without the transponder being near the vehicle. They took their findings about the weaknesses in the cryptography and authentication protocol to the Swiss manufacturer of the chip in February 2012, giving them nine months to fix the flaw; then they took their research to Volkswagen in May 2013. They had planned to present their research at USENIX 2013, but Volkswagen argued its vehicles would be at risk of theft and filed a lawsuit to block the paper from being published.
“The Megamos,” according to Bloomberg, “is one of the most common immobilizer transponders, used in Volkswagen-owned luxury brands including Audi, Porsche, Bentley and Lamborghini, as well as Fiats, Hondas, Volvos and some Maserati models.”
I plan to open a Tinfoil Hat store. I think sales will be brisk.
 

·
Registered
Joined
·
497 Posts
Easy solution - add key to the start stop button - it the key is off the start stop button is useless. Better - put a hidden switch to disable the keyfobs when you park the car.

Honda security ( and most makes of Start/Stop buttons ) are as secure as a screen door guarding a submarine and just as useful.

They can also program the security to disable a vehicle if 3 start stops are attempted and fail the security for 30 minutes.

I have a friend with a new Corvette - he has 4 switches under the hood to disable the vehicle and if triggers a cell phone wired in to send an SMS message to his phone on any change of the switches. That gives 15 combinations of switches to get the vehicle to work and he has built a kill function if the bluetooth in his personal phone does not attempt not to connect to his device every minute or so. It has a maintenance mode signal that allows no-kill for 30 minutes to allow the Chevy Mechanics to service the unit. He hacked a old Samsung Galaxy II phone to do that with it. The vibrate motor signal turn on the kill relay. I spent 20 minutes looking for it and could not find it and I knew what I was looking for. IT security guys can make a pretty hard to hack system but most folks don't want another $1000 to add security to their vehicle.

All Android phones are nothing but a Linux Computer with CDMA or GSM Phone/Radio Software running on it. If you know Linux - you can program your phone (if rooted) to do a lot more than it does out of the box.
 

·
Registered
Joined
·
2,822 Posts
I'm sorry to hear that. Hopefully the police are able to get to the bottom of this.
 

·
Registered
Joined
·
693 Posts
Install a kill switch. To be honest if you have the right tools you can hack anything. Wireless keys have low grade security. Even my Bluetooth phone has a better chance of not getting hacked, which isn't saying much.

Just sorry that someone stole your car. Did you report it to the insurance agent? Just have them take care of it.
 
1 - 10 of 10 Posts
Top