Convenience , true! $10 worth for $200 plus to replace.
Exactly! I have full replacement value on both my truck and my house. If something happens it happens but at least I'm covered, it'll just be an inconvenience. I've had my CC ID stolen a few times and both times I received instant alerts from Capital One asking me to confirm the purchases. They froze my card, credited me back for the fraudulent purchases and overnighted me a new card.So if you guys are so worried about this, what are you all doing about your RFID credit cards?
You can choose to live paranoid, or you can just choose to live.
The last part doesn't make sense to me. How would touching the door handle trigger the fob to send a signal? The door handle is idle until touched, then it checks to see if the FOB's signal is in proximity, and then either unlocks or doesn't. At very least the radio in the door handle would need to wake the FOB with one signal so that the FOB could send another back.
I personally have no idea but wanted to throw it out there that 128bit is nothing. 1024bit is considered insecure on the internet, so 2048 is the gold standard now. It's a race against time in any case. The equipment used will keep evolving, getting faster and faster at trying or breaking codes.
That really depends on what the "bit" is measuring. Different encryption algorithms have keys with different properties, and a 128 bit symmetric key is considered roughly equivalent to a 3072 bit factorization key, a 256 bit elliptic curve key, etc.
The rest of that paragraph says exactly that. The fob isn't sending out a constant signal (otherwise battery life would be terrible.) It's only responding to the interrogation signal sent by the vehicle.
The insecurity isn't related to the length of the key, but of the type of encryption used for the key. Key meaning cipher, not keyfob. 1024bit RSA has been broken, but 128bit AES hasn't. RC4 and DES types of encryption are also insecure. This means that you don't have to cycle through every possible option before getting the right code. Instead, you just decrypt the original message.
I agree with everything you said. Without knowing the actual encryption used or anything it's hard to really judge how safe it really is, though. Hackers always seem to find some slip-up in the implementation or simply gain access to information that makes the task easier. I'm sure they'll always find some way to get a FOB's signal if they want it, be it bombarding the airwaves with random interrogation signals to wake up FOBs, or by discovering a pattern that allows them to more quickly target a certain brand or model of vehicle, or by finding out that the encryption key used by some manufacturer was as simple the VIN # or VIN + MY or something stupid and lazy like that. No matter how good the encryption, there's always some fault, and usually it lies within human error or it's just sitting on a server somewhere. That's also how most people get "hacked". Maybe they use the same password for everything, it gets leaked in some data breach (or simply guessed), someone finds that it works on gmail, and they're good to do whatever they want and it didn't really matter how good the encryption was. For all we know someone could gain access to Ford's particular implementation details through social engineering of a Ford employee (or one from the manufacturer Ford chose for this system). The possibilities are endless.
