• Sign Up! To view all forums and unlock additional cool features

    Welcome to the #1 Fiesta ST Forum and Fiesta ST community dedicated to Fiesta ST owners and enthusiasts. Register for an account, it's free and it's easy, so don't hesitate to join the Fiesta ST Forum today!


Time To Don the Tin Foil...

Intuit

3000 Post Club
Messages
3,902
Likes
2,441
Location
South West Ohio
#1
https://www.popularmechanics.com/technology/security/a29835980/technology-theft-rfid-bluetooth/

Car sits closer to the house... and and the spare sits close to that same side of the house on the inside. So the spare and primary are shielded until I need to use them now.

Some comments on the above article:

1) Tin Foil or Faraday pouch is a good idea. (I originally thought the metal barrier had to be grounded, but it actually works; even standing right next to the car.) Putting it inside of a Refrigerator/Freezer or Microwave is a bad, bad, and horrid idea. The daily cycling of temperature extremes may subject any solder joints to premature failure. This is also not good for the Li-Ion button battery. Fire up the magnetron even for a second (because you haven't yet had that morning coffee and aren't quite awake yet) and that's a $400 ouch.

2) No comment.

3) Phones will keep their bluetooth radios on, but laptops don't. They're turned off when the lid is shut and the laptop is asleep. Some are however, configured to keep the WiFi active. This helps them reconnect faster (because they didn't disconnect) when resuming from standby mode. This also allows them to monitor for "Wake On LAN" signals via WLAN. WOL is typically off in default configurations. Then again I wouldn't be surprised if Intel's IME and AMT, black-box honeypot crap that can't be completely disabled, is keeping the radios active.

4) No comment.

5) Any chip reader machine I've inserted my cards into, seems to take forever; and don't work if without peeling back the "call 1-800 ... to activate the card" sticker. I don't think it can be used like an RFID "tap" card so it's not a concern for me. The phone has NFC capability but that has its own built in security measures and, Microsoft never got their NFC pay wallet off the ground anyway. For those with RFID tap to pay, bank cards might be a concern. But you can challenge transactions on credit cards and not have your bank account emptied.
 


Messages
468
Likes
543
Location
Metro Detroit
#2
With the One Start Fords the theft situation is even easier for thieves. All they need is a rock and a buddy in another car. Break in with that rock, climb into the car, and have that buddy push your car to a Chop Shop. As for the reason why a thief can do this, our wonderful forward thinking government gave the automakers an Exemption on the steering column and transmission lock requirement for One Start vehicles.

As for the key fob transmitting a constant signal, I do NOT think that any makers key fob does this. Because that would run the batteries down rather quickly. What is always active is the RFID interface but that particular signal is very limited in regards to distance. Typically you need to be within a few feet for RFID to function. It's why I don't use the unlock or lock buttons on my fob because they transmit a signal. I use the button on the door handle which is "released" to function by the RFID chip.
 


TyphoonFiST

9000 Post Club
Premium Account
Messages
11,678
Likes
8,187
Location
Rich-fizzield
#3
Our key Fobs are constantly "ON" and searching for the Vehicle....this is why the batteries don't last very long. I have had the same battery's for one of my vehicles Key fobs for 12 years and it still works great. I get the low battery message every 1 - 1 1/2 years.
 


Clint Beastwood

2000 Post Club
Messages
2,609
Likes
2,351
Location
Laguna beach
#4
Working in cybersecurity and infosec as I do, the average person does not want to know how vulnerable they are on a daily basis. Yes, everyone is vulnerable, no you can't really mitigate 100% of it. One reason we go to various hacker cons every year is to discover and share things we've learned. RFID capture, ibeacon-type bluetooth location tracking, etc. You can eventually sniff passwords by monitoring the amount of power a laptop's AC adapter is consuming - that's not just hyperbole, there's a precedent for it and it was demonstrated at def con a few years ago - It's not often you get *that* audience to shut up but it definitely made a difference.

The other thing that people *really* don't want to know is how good "big data" is getting at figuring out what people have done, currently do, and are going to do, and leverage that knowledge to manipulate them.

I'll just say - [gas station] doesn't give you a discount for using your [supermarket] card on the pump for no reason - it's to aggregate data on where vons customers are clustered to supplement existing rewards program data collection and analysis. Some of the AI tools we're playing with now are *scary* in how fast they mine, tabulate, and create speculative material - and thats when being done *legally*. People thought it was creepy years ago when a supermarket started sending maternity product marketing to a woman before she even knew she was pregnant, but that was *before* AI - we're doing that stuff 1000's of times faster now.

What I and others in-industry worry about recently (other than stupid employees + cryptoware) is the impact AI is going to have on cybersecurity. Yes, it is being leveraged by companies like Cylance to actively recognize malware-like and virus-like behavior to mitigate things that aren't yet in the virus definitions database... but what if an engineered AI malware infected the network of a financial institution and instead of working to crypto-lock data, steal money, etc. - they simply extracted and aggregated peoples spending patterns to use that information later? A priest pays for pornhub and has ordered sex toys, so they can be blackmailed into further misappropriating funds or revealing confidential information learned from high ranking politician's confession. A married politician paid for a prostitute with a credit card, now they can be blackmailed into nudging a few policies into/out of favor, etc.

Sorry for steering the thread slightly sideways - but the biggest concern shouldn't be unauthorized intrusions/hacks/etc. it should be the things people *invite* into their lives. Literally any service/product/etc. you give information to in exchange for using it for free is only a mechanism for aggregating actionable data on you. Use a free GPS navigation program? They don't invest money and time into infrastructure and engineering altruistically. Use a supermarket rewards program? At the surface it sounds like a customer loyalty scheme to encourage repeat business, but it's so much more.

...Also, RFID blocking mylar bags are legit - I won a $1000 bet that I could smuggle $10,000 in RFID chip using deflated mylar balloons from the gift shop. I think this was back in 2008 to 2010 or so? Totally worked :)
 


Clint Beastwood

2000 Post Club
Messages
2,609
Likes
2,351
Location
Laguna beach
#5
Our key Fobs are constantly "ON" and searching for the Vehicle....this is why the batteries don't last very long. I have had the same battery's for one of my vehicles Key fobs for 12 years and it still works great. I get the low battery message every 1 - 1 1/2 years.
ooh - where do you see/get the low battery warning? is it the eleventy billion dings when you get in the car? I thought that was just washer fluid.
 


Messages
468
Likes
543
Location
Metro Detroit
#7
On the bright side, at least our cars are stick shift. Cuts down dramatically the amount millennials who can drive them. Lol

Sent from my SM-G965U using Tapatalk
Most thieves are going to be taking the cars straight to the Chop Shop. When all you are doing is steering the car Stick or Manual don't matter because all they do with either is put it in neutral. Here in the "D" the local news had a video of a new Ford Fusion being stolen. Thief broke out a rear window, climbed in, put it in neutral and a buddy just pushed the car out of it's parking spot and they drove down the street.

So, think about how many times you've seen a car bing pushed by another car, nowadays odds are both those cars are stolen. The older car doing the pushing had the steering lock busted out so that the ignition could be manipulated by a screwdriver. That new car is destined to be chopped up for parts because the parts are worth more than the whole car and lot's easier to get rid of. Also think about how many times you've seen parts like complete engines for sale dirt cheap. Buy those engines and you are most likely supporting a car theft ring.
 


OP
Intuit

Intuit

3000 Post Club
Messages
3,902
Likes
2,441
Location
South West Ohio
Thread Starter #8
Previous car, as well as this one, have "soft" bumpers. Car-on-car or car-on-truck pushing them that way will likely do a LOT of damage. Those bumper parts hold a lot of value. The theft rings may fix up old tow trucks, or even steal legitimate tow trucks to do their bidding. One was reported stolen a few weeks ago.
 


TyphoonFiST

9000 Post Club
Premium Account
Messages
11,678
Likes
8,187
Location
Rich-fizzield
#9
ooh - where do you see/get the low battery warning? is it the eleventy billion dings when you get in the car? I thought that was just washer fluid.
I have Sync 2 but it just appears on the monitor and dings to notify me key fob battery power is getting low.

Sent from my SM-N950U1 using Tapatalk
 


Clint Beastwood

2000 Post Club
Messages
2,609
Likes
2,351
Location
Laguna beach
#10
I have Sync 2 but it just appears on the monitor and dings to notify me key fob battery power is getting low.

Sent from my SM-N950U1 using Tapatalk
Thanks. For all the digital displays, smart ECU stuff and canbus integration, it sure doesn't do a good job of informing you when it isn't feeling well. I see absolutely no reason why they can't do onboard obd diags and tell you on the screen what's up other than it preserves the dealer service model. I sure wish I could display the contents of the cobb AP on the built-in LCD :|
 


OP
Intuit

Intuit

3000 Post Club
Messages
3,902
Likes
2,441
Location
South West Ohio
Thread Starter #14
Thanks. For all the digital displays, smart ECU stuff and canbus integration, it sure doesn't do a good job of informing you when it isn't feeling well. I see absolutely no reason why they can't do onboard obd diags and tell you on the screen what's up other than it preserves the dealer service model. I sure wish I could display the contents of the cobb AP on the built-in LCD :|
Want to hear something funny? My 2008 motorcycle has a built in diagnostic system that doesn't require any external equipment, and uses the built in dash. No special buttons are changes were made to the dash to accommodate this function. (can't claim cost savings as a reason for not including) It allows you to individually and manually actuate individual components, parts, relays, as well as display sensor read-outs and codes. You could manually operate an individual injector, fire a specific plug, turn on a fan, read out an external atmospheric pressure sensor, coolant temp, see fuel pump voltage in real time, etc, etcetera. It is easy to access, easy to understand and interpret, easy to operate. It is near perfect.

But for the newer generation... all that was stripped. Now some special expensive tool and wire harness is required and probably even with that, still don't have the functionality that the old system had.
 




Top