When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
I have no idea why anybody would spec keyless access considering the ease of theft of cars with this system. All a thief needs is a relay box to capture the signal from the key, even when it is just sitting there, and then dupe the car into thinking the key is nearby and, presto, unlocks the car. See this video of how easy and quickly a car can be stolen.
Cars with standard remote fobs are not at risk. If you have to push a button on the fob to gain entry, it’s not a keyless system and your car is not vulnerable to relay theft.
I have never ordered a car with keyless access, and never will.
My service advisor talked to someone about this and he got word that some models have this ability but older builds do not.
There was an update run on one of the cars they had in stock, but it didn’t work. He’s trying to get info on the build date moving forward that allows for this functionality.
I have no idea why anybody would spec keyless access considering the ease of theft of cars with this system. All a thief needs is a relay box to capture the signal from the key, even when it is just sitting there, and then dupe the car into thinking the key is nearby and, presto, unlocks the car. See this video of how easy and quickly a car can be stolen.
Cars with standard remote fobs are not at risk. If you have to push a button on the fob to gain entry, it’s not a keyless system and your car is not vulnerable to relay theft.
I have never ordered a car with keyless access, and never will.
Since 991 Porsche keys ‘go to sleep’ until they sense a move into proximity with the car ie the key stops broadcasting the unlock signal so there is nothing to repeat. UK car security expert Thatcham give the 992 its highest ‘excellent’ rating.
Apparently it is also possible to temporarily switch off the key fob by pressing lock+unlock for a few seconds. It should show a red light and during that time the key does not emit a signal. It goes back to normal when you open the car again (using the unlock button). I also read/saw somewhere in one of the 100 videos I watched that using the lock button disables the proximity sensor. So for the proximity to work the car has to be locked using the door swipe? Don't know if that is true.
I added it to my build because I got it on my 991 and like that I can simply leave the house with key in my pocket and keep it there. Will share my experience when the car arrives in January...
And it is not right that standard fobs are not at risk. My CLS was broken into because a random dude was making a phone call pretty close to my parking spot. Didn't think about it, I walk around while speaking on the phone too.
Couple of minutes later my car was opened up, stuff taken out and closed again so I would not recognize. OK car was not stolen but it might be important to know that **** like this can happen.
Cars with standard remote fobs are not at risk. If you have to push a button on the fob to gain entry, it’s not a keyless system and your car is not vulnerable to relay theft.
I'm not sure you're correct on this point. Whether the car initiates the data exchange with the fob (comfort access) or you do by pressing a button, the comm signals are identical and could be captured and rebroadcasted with the right very specialized equipment. What is not clear to me is if the current encrypted bidirectional car-to-fob communication thwarts this type of hacking or not. And in order to actually drive away with the car, they also need to program the ecu to "add a new key" and accept the signals from their device (or another oem fob they have) before the car will start.
This video is a couple of years old and I wonder if this would even be possible with the latest Porsche fobs and technology - but then again, the hackers always seem to catch up fast!
Simplified communication exchange between Key & Car
Key is registered with car (=certificate of the key is stored in the car, private key is stored on the Key)
Key to Car: encrypt with private key: 'Hello'
Car: Decrypt 'Hello' with key certificate (this is only possible for the key that was registered - 'Hello' messages from other keys can not be read by the car and hence ignored)
Car: Issue Token encrypted with certificate of registered key (this token is valid for a short time and can only be read by the registered key)
Key: encrypt with private key: unlock command + decrypted token (the token is used to make sure that this can not be replayed. The next time the car will have issued a new token)
Car: decrypt 'unlock + token' (car only unlocks in case the message can be decrypted and the token is valid)
To break the security you would need:
1. Relay attack - essentially extending the range of the key and make it believe it is close to the car. This has been done and plenty of cars stolen
2. NSA level computing power to break the encryption
3. Access to the car to register an extra key
Further mitigations:
The new type of keys have a motion sensor and stop saying 'Hello' when not moving. Many of the relay hacks are done when the key in your home and car is on the driveway - not possible anymore. btw - storing the key in a lead container would also work.
Nothing is safe from extreme computing power - but applying that will likely cost more than your car (for now - in 10 or 20 years this may be different)
Simplified communication exchange between Key & Car
Key is registered with car (=certificate of the key is stored in the car, private key is stored on the Key)
Key to Car: encrypt with private key: 'Hello'
Car: Decrypt 'Hello' with key certificate (this is only possible for the key that was registered - 'Hello' messages from other keys can not be read by the car and hence ignored)
Car: Issue Token encrypted with certificate of registered key (this token is valid for a short time and can only be read by the registered key)
Key: encrypt with private key: unlock command + decrypted token (the token is used to make sure that this can not be replayed. The next time the car will have issued a new token)
Car: decrypt 'unlock + token' (car only unlocks in case the message can be decrypted and the token is valid)
To break the security you would need:
1. Relay attack - essentially extending the range of the key and make it believe it is close to the car. This has been done and plenty of cars stolen
2. NSA level computing power to break the encryption
3. Access to the car to register an extra key
Further mitigations:
The new type of keys have a motion sensor and stop saying 'Hello' when not moving. Many of the relay hacks are done when the key in your home and car is on the driveway - not possible anymore. btw - storing the key in a lead container would also work.
Nothing is safe from extreme computing power - but applying that will likely cost more than your car (for now - in 10 or 20 years this may be different)
Another feature that seems to be linked to the comfort access is the ability to lock the car using the Porsche Connect App. Not sure if this applies to 992 though - can anyone verify this?
Another feature that seems to be linked to the comfort access is the ability to lock the car using the Porsche Connect App. Not sure if this applies to 992 though - can anyone verify this?
So I've seen a lot of people complain about having to wait on the door handles to open for them when they approach the car. In my current car I personally don't mind taking my keys out and pressing unlock on my key even though I have comfort access. Would it be smarter to option my 992 without comfort access? If I take the key out of my pocket and press unlock will the door handle automatically come out so I can open the car?
Even if the door handle doesn't pop out fast enough for you the door can STILL be opened by grabbing the handle and pulling.
Anyone get any further on getting the door handles to present themselves without touching the undersides of the door handle like Pegg was able to in the video?
Anyone get any further on getting the door handles to present themselves without touching the undersides of the door handle like Pegg was able to in the video?
No, never happened here , handles pop out only when pressing the key or touching the the handle.
But - for whatever reason, while the first few days, touching the handle did only work in maybe 50%, now, it works 99% of all tries, sometimes a 2nd touch is needed.
Certainly not a perfect system, but ok for me, even considering the price of the car...
12-02-2019, 04:02 PM
that using the lock button disables the proximity sensor. So for the proximity to work the car has to be locked using the door swipe? Don't know if that is true.
