Getting
@Perc's (or any other car that uses those silly proximity keys) requires nothing more than a $20 signal repeater.
This is incorrect for any car correctly implementing a 4-way rolling code system.
Using such a system, the following 4 codes must be captured:
- Car to key "wakeup" (you can capture this by walking nearby while the car is parked)
- Key to car "unlock" (you can capture this by broadcasting #1 near the key)
- Car to key "ready to start" (you can capture this by broadcasting #2 while physically sitting INSIDE the car)
- Car to key "start" (you can capture this by broadcasting #3 near the key)
Each code for each of those 4 actions is used exactly one time ever, and cannot be replayed if you actually use it live on the car.
That is, getting into and starting a car with a properly implemented keyless system requires 4 "keys", each of which will only ever work once.
Getting into and starting a car with a purely mechanical key system requires a maximum of 2 keys that never change (if your doors and ignition are separate like an 80's Chrysler - 1 key for everything else). Or, you know, a sufficiently large amount of force.
Getting into and starting a car with a hybrid key+transponder system requires a maximum of 3 keys that never change (again, up to 2 physical keys and 1 RFID-like tag)
Getting into a more modern smart key system requires a maximum of 1 physical key that never changes and 1 rolling transponder code that only works once.
Admittedly, I don't know what makes and models do it
right (car manufacturers are notoriously bad at electronics and HOPELESS at security), but that's what they SHOULD be doing from a security perspective. Physical keys are utterly useless if the attacker has unchallenged access to the thing they're attacking. Period, end of story. I have a very strong suspicion the Subaru-Toyota system the BRZ uses is one of these (some of the weird symptoms of having an FR-S door on the car line up with that approach) and the Subaru Ascent system is almost assuredly one of these by reading through the manuals.
Incidentally, if you look at the security footage from the high end Lambo drive-off theft a few weeks ago, it's pretty clear that the thieves are getting #3 above by skimming it off a key sitting near a door or window or something when they get into the car, then get out and fuck off for 20 minutes before coming back and starting the car.
Further, you can prevent the capture of #2 and #4 from your key by putting the key in "powersave" mode.
Finally, it's a few hundred bucks to about $2000 in equipment, not $20. Plus all the operational complexity and damn-near-burglary. You're WAY less exposed buying or stealing a tow truck or trailer with a winch. Or, you know, the relay attack. Which
is like $20 worth of gear but still requires getting right up in the key's face, and the key being active, which is just crappy opsec.
I can use astrophotography equipment to photograph your keys with sufficient resolution to duplicate them from 100 yards or more: