Key-Fob Security, Time to Buy an RFID Passport Wallet

[AndyInOz]

Hi people.

I've been reading about a very simple hack that applies to our cars.

When you unlock the car by pressing the button on the door handle, this is what happens.

1. The car sends a weak signal to the key-fob
2. The key-fob replies.
3. The car unlocks

The signal from the key-fob is much louder than the car, and this is why you can unlock the car by pressing the button on the key-fob, from a considerable distance away.

The thief's gimmick (a $20 signal amplifier) is very simple, all it does is make the car's request much louder, and therefore wakes up the key-fob from much further away.

This means that it is very easy to open your car when it's parked at home, or at any time that you're nearby.

The defence is very simple. When you're not using it, keep your key-fob in a Faraday cage, i.e. a metal box or an RFID proof passport wallet. Those things are also very cheap, and available online.

Here's an article that describes the hack. Note that the journalist only sees people opening cars with this method, but I can see no reason why the same method couldn't also be used to start the car.

http://www.nytimes.com/2015/04/16/style/keeping-your-car-safe-from-electronic-thieves.html?_r=0

I've gone for the RFID passport holder solution, because that's an easy habit to get into. Lock the car and put the key-fob away.

Andy.

 

[ChrisMiller]

Luckily, they'll then need to spend three hours with the manual learning how to drive it :lol:

Anyway, which teenager is going to nick my Outlander when they can use the same trick on next door's M3?

 

[AndyInOz]

Luckily, they'll then need to spend three hours with the manual learning how to drive it :lol:

I agree, we should make a new rule that we don't tell anyone how to start a PHEV.



I'm going to be watching for people saying: "I'm sure I locked my car, but it was open when I came back" because the hack is cheap and simple.

 

[Carnut]

I have the simplest solution..... Live in a nice area where cars don't get pinched......Or am I tempting fate?? :lol:
I don't think they would be able to start the car anyway as you have to be IN the car to start it and it does not rely on a radio signal (does it?)
The immobiliser on my Stag has no battery nor button, but if it is not in the car there is no way you can start it.

The Stag is for sale by the way If any one wants it!

 

[jaapv]

And it does not help if you keep nothing in the car to steal. They went through our neighbourhood and stole steering wheel airbags. I was told they get 100 Euro a piece. The explosives inside are the value. One car had the whole interior dismantled for parts. (BTW, it takes ten seconds to remove the steering wheel airbag).

 

[AndyInOz]

Possibly the first one since I posted:

http://www.myoutlanderphev.com/forum/viewtopic.php?f=10&t=2417

 

[user 816]

I have the simplest solution..... Live in a nice area where cars don't get pinched......Or am I tempting fate?? :lol:
I don't think they would be able to start the car anyway as you have to be IN the car to start it and it does not rely on a radio signal (does it?)
The immobiliser on my Stag has no battery nor button, but if it is not in the car there is no way you can start it.

The Stag is for sale by the way If any one wants it!

My understanding is you are correct, the ignition is from local loop RFID tag in the key, the RF field in the car both provides the minute amounts of power needed to run and communicates with the separate chip, trying to boost the signal externally would be in-effective.

It has to be like this so the car can be used even with a flat remote battery, since they took away ignition switches the emergency key would be a bit pointless otherwise!

As to Solarboys locking issue, I think it was probably just an odd 'fail to lock' event, it can happen sometimes in any car, looks like it locked, but due to one of the sensors, or a controller or comms fault or one of the doors a bit marginal on operating the sensor - the self check fails so even though you heard the motors clunk, it unclunked at virtually the same time so you didn't notice. I can't help myself from having a tug on the door handle before leaving the car.

 

[AndyInOz]

I think the car only "powers" the fob, if it is in the slot in the dash.

That is the mechanism that allows you to drive if the battery is flat in the key fob.

It's not necessary to do that if the battery is not flat.

Having said that, if there are separate challenge/response mechanisms in our keys for the PHEV, and both systems can't be fooled by boosting the car's signal, that would mean that we only have to put up with having the car unlocked via this hack.

I'm keeping my key fobs in a metal key cupboard at home anyway (lots of keys for lots of things), so this isn't an extra issue for me at home.

At work, the fob is now going into an RFID proof bag.

 

[jaapv]

Cobra immobilizer... Nobody will start it without the card.

 

[jamerg]

This is (we think) how my wife's Ford Kuga got nicked from our drive without any signs of forced entry whilst we slept soundly at the front of the house and didn't hear a thing

But we got to buy a PHEV with the insurance pay out