Keyless Entry … means Easy-to-Steal

August 9, 2019 
Gone in 30 seconds …
Love your ‘keyless entry’ modern car?
Know that they’re hacked more easily than US voting machines.

~      “… motor theft insurance claim payouts hit their highest level in seven years at the start of 2019. ”  ~

Gone in 30 seconds …

 ” … I believe people are being misled when manufacturers say vehicles are even more safe. According to my insurance there had been more than 10 cars stolen with keyless entry in my postcode … that month. “
 
All it takes is a pair of simple signal boosting RF-repeaters** … exactly the same as boosting your Wi-Fi signals around your house (with simple repeaters)  
.
Gone in 30 seconds

*    *    *    *    *    *    *

” How Keyless Theft Works “
” Thieves, normally working in pairs, will target a car parked outside a house. … One criminal will hold a device close to the car that boosts the signal meant for the key, while the other thief will stand close to the house with another device that relays that signal to the key, fooling the system.”
 
“Once the cars have been stolen, they will be stripped for parts, police say. ”

*    *    *    *    *    *    *
** US cars keyless remotes use 315 MHz  (UHF band)
…. 433.92 MHz for European, Japanese and Asian cars.

UHF band repeaters … can be bought on Mercado Libre & Ebay for about $100 US dollars.     😦

The best defense?
Install a lo-jack tracking system, to let the cops track the car when it’s been stolen.

Hopefully, the cops can get there before the car is too badly trashed ~ chopped … into parts. 😦

Old School … aka KEYS … (like paper ballots) do have some advantages.
😉

http://www.lojack.com.mx/

* * * *
Feel free to copy while giving proper attribution: YucaLandia/Surviving Yucatan.
© Steven M. Fry

Read on, MacDuff.

This entry was posted in Uncategorized. Bookmark the permalink.

12 Responses to Keyless Entry … means Easy-to-Steal

  1. dean devolpi says:

    Please remove this article and vet it. I am an engineer and it eludes to having one near your house and one at the car. That just does not pass the stink test. I have been VP of engineering of a remote control company and the method they infer that is just not how a remote control works. So the rest of their claims are suspect.

    • yucalandia says:

      Dean,
      As an “Engineer” … How much hands-on work have you done with 400 Mhz UHF ? …

      How much hands-on work have you done with 400 Mhz UHF with low power keyless entry systems? …

      There is no need to remove the BBC & Police reports.

      Engineering Realities:
      1. The signals from keyless entry fobs~remotes are very weak, which means the key-fob has to be near the car for the car’s electronics to detect it.

      2. Think 1/r^2 (reciprocal squared) dependency, especially with weak signals. … Tripling the distance cuts the signal strength by 90% …

      3. It takes the first repeater near the house wall to pickup up the vey weak signal from the key-fob inside the house … It takes a SECOND repeater to pick up the signal from the first repeater – and broadcast it to the car’s keyless entry receiver.

      This is all basic fundamental Antenna Theory 99.

      As the “VP of engineering for a remote control company” you are oddly ignoring the basics of very weak 400 Mhz UHF signal transmission … or maybe you’ve been behind a desk for a while … and are not current with auto keyless-entry UHF systems ??

      Maybe, hesitate before telling others to
      … “Remove this article

      Enjoy your day,
      Steve

      • dean devolpi says:

        OK, maybe you are not aware of the differences in remote control technologies and how we can move from one to another. In general, we use off the shelf components for these things, RF modules.

        Since you asked, Interestingly I began the design of a close-range RF project about 16 years ago. Some similar are just starting to hit the market in the last year, it was a very very close rf device that for example, you would wear as a ring. Transmission distance about 1/2 inch max and you would grab your mouse and it would log in and I was going to use rolling codes. Could also be used on your door handle to home or car it identifies you. Or you tap the credit card reader and press a button on the ring and it sends a secondary code, or you triple tap, kinda like double click is seen a different entry code completely. I was all set to apply for the patent for it, but could not raise the bizzalion dollars to get it going. Note even today the ones coming out do not have all those features. (YET)

        Now as far as what we do in engineering for the differences of various frequencies is basically different antenna and a driver/module for those frequencies, the logic in the microcontroller is basically the same and for a specific high volume, it would be a dedicated chip to minimize power consumption and cost. My ring one would have required much more work because the modules are huge so very high R&D or development cost.

        First, if you are concerned about this theft method much cheaper to just move your keys away from the exterior walls, windows and doors, OR just put them in a cute metal can/bucket at those locations and if your car is in a garage well even better and that method is done. There I saved you from paranoia over what has not been proven to be a significant problem. In Engineering, we call this a faraday cage , But other methods are more likely the issue, but for buying a cute metal bucket why not for 2 bucks.

        1, My car has a longer range RF of about 20 meters for the alarm and door unlock buttons and a near range rf ID of about 1 inch for the starting/running application. When I rent cars that have the no key remotes they too have two separate methodologies for unlocking the car via a remote with the button of similar range, but then after that they do have a in the car range which i have never tested for the car to operate/start.

        Again I have read 1% of all cars are of the type that have possible no buttons and keyless. And many companies have secondary systems within those keys to prevent that now.

        My issue is they did not give us data specific to the thefts just that theft is rising. They did not break it down to the ones that all you do is when a person pushes the button and you are near you can steal the codes. Or just a towed away vehicle. They did not break it down the ones that you break into the car and attach a device that allows you to override a car and reprogram a new key in reported 23 seconds. The numbers they gave were for all car thefts including ones that may not even have an alarm of any kind or even a wireless but included just old school key only no security, and just towed away by thieves.

        I have read of people running into stores leaving their cars running getting them stolen, is that the ones that are causing the uptick? They have not shown even a handfull a year were stollen that relay way ever with their data provided. In general, I would venture to guess most newer and expensive cars are parked in a garage. And the top theft ones are the expensive cars from one article I read in the UK.

        Here is one that I can verify can be done with a car programmer, no relay or second person needed and took 23 seconds. https://www.autoblog.com/2015/09/18/keyless-ignitions-car%20theft/ Do the thieves in Mexico have such expensive equipment, and the one listed here is a bit technical where it takes a very competent tech person to operate such equipment?

        2, in physics we call that inverse square law.

        3, elementary school operation for an engineer to understand how these systems work. FYI this issue has from a real-world or engineering specific application very little to do with antenna design 99 as you noted.

        So please give me the specifics on how many cars in the world, UK, USA, or Mexico have been stollen with repeaters vs any other method for the past 5 years. Once I see that data I will know if people should be concerned or this is a paranoia brought by a company trying to sell its technology as this article appears, they would certainly have posted more exact info if it was on target. The evidence certainly was not presented in that article or by your reply.

      • yucalandia says:

        You asked for factual technical descriptions about how the last 10 yrs of keyless entry systems work:

        Notice you talk about systems that require you to push a button on the fob, to unlock the door … Those are roughly 10 years out of date. … AND … The thieves using the combination of 2 repeaters defeat your proposed button-push issue, as they also defeat the other kinds of keyless entry systems.

        Then you talk about your company’s systems with: “transmission distance about 1/2 inch max”
        … Notice that I report above that the CURRENT AUTOMOBILE real world signals can function – with NO BUTTON PUSHES … at least 2 meters away … and some work to open the doors, even 3 meters away from the car. … Your explanations of just ~½ inch ranges~

        simply do not fit current automotive technology

        You’re proposing old inappropriate technology & theory that broadcasts just 1 cm away… while real-world keyless entry systems work over 200 times further than what you propose.

        Then rather than quoting reality & facts, you describe “could” and “maybe”.

        When describing the current realities of cars being stolen, it’s not about “could” or “maybe”.

        Finally … You demanded that we
        ~ “Remove this article” ~

        because you’re a “VP of Engineering”.

        … yet, you still do not seem to understand how modern keyless remote systems actually work,
        😉

        Context: … We drive 3 different brands of cars with keyless remotes … and push NO buttons on them to open the door.

        We simply have the key-less entry fob, deep in a pocket or purse … within 2 – 3 meters of the car … and pull open the door handle.

        The only button that is pushed, is the START button …. as we then drive away … driving away sometimes without the remote present in the car.

        so the key-fob remote is NOT even required to drive the car (once started).

        Happy Trails.
        Steve

    • dean devolpi says:

      Steve you last reply,

      You are dead wrong on I certainly understand how the ones with no buttons work, so put that to rest. My gosh I installed a rf ID system on my front gate here in baja 10 yar ago. I gave out waterproof tags to friends visiting and they did have to move it within a cm and my gate unlocked. I programmed the entire system.

      I did not ask for factual technical on how these work, these are childsplay issue for me. I asked for proper data on the theft by using the means implied. Sorry, you did not understand where I was questioning. again my beef is if not one car in Mexcio has ever been stolen that way, well why worry. Be happy not having to pay $$$ for a system that can be defeated by driving into a tin room warehouse that the signal can not escape. Agin just put your keys in a metal container or away from a wall if thousands are being stollen that way or put it in the garage. But it has not been established this is something people need to worry about.

      You are confusing many things in technology. being able to transmit 60 feet is more difficult than 1 cm. If RF there is nothing that is new about sending a signal 2-3 meters vs 60 feet vs 1cm. That really is such a lacking technical understanding.

      The units where you push buttons and have the starter 2-3 meters are still in production, I rent a car about 3 times a year in general if you are not aware those cars are newer issue, the last one I rented had less than 10,000 miles on it. Every car I have rented in the past3 years has had a remote with buttons on it but no key. And as I noted mine actually has two completely different RF outputs to stop theft, one that requires the key to be about 1 inch away from the key sensor/ignition and one that transmits moderate range to disarm the alarm and open the doors. This actually prevents any copying of the shorter range by someone standing near you when you press the button too. The ones in the cars I rent have the button activation which is 30-60 feet and a second RF that is the 1-2 meters that allows me to just push a button vs the put a key in. As I outlined the link from the other one where they enter the car and hook up a programming device and make a coded fob, hey still can not steal my car because it does have a key too.

      I am not proposing what you claim, you are in deep unconstructive lala land on what you think I was proposing… If you are confusing my ring system I was merely confronting your allegation that I was not familiar with coded RF signal system. Which I think I demonstrated I was very familiar with it. I proposed that system with NFC chips of 1 cm or less, i am sorry you did not understand it was not the final solution for cars but was for computer security. Home security too, because the natuaral human factors are not interupted. Nothing but a 15 year ago old school invention of mine. Now please note that new credit cards released in the last few years do have exactly what I was talking about, these are state of the art coded RF very short-range NFC which stops hackers from being in line next to you to copy your rf code. The cost to develop such a small coded device would have been 10s of millions which i could not fund for my ring 15 years ago. It will replace the chip reading credit cards systems in time because of human factors..

      Now this technology for credit cards would be the solution for cars except for what we call in the industry human factors. That is why I never said the ring you wear is the answer for cars, the ring would solve the problem of all types of rf hackers but humans want to be feet away when the door unlocks where you confuse that with sort of big technology breakthrough, again I assure you 2-3 meters is not a big technology breakthrough in cars that basic technology has been around for 30 years plus. The human factors issue of making a person push a button to start where the ring is close enough is not acceptable at this time. We just are not there in technology to have duel RF in a ring where one is a longer range and one 1cm. It is a matter of the inverse square law with battery drain cannot fit in a ring at the present time. So we still need a larger FOB that has a decent-sized battery like a cr2032.

      Next round of utterly repulsive BS is stating without vetting that repeaters are sold for $100.00 inferring you buy them and they operate to steal/repeat codes. Again because I was VP of engineering for remote controls I would call this plain and simple BS that would need to be vetted. Definitely give me the link to those devices. Voice transmission repeaters are way different than pulse or carrier frequency modulated codes. If you are talking of buying RF receiver and transmitters modulators my gosh the level of engineering to write the firmware for those is beyond the tech ability any low-level technician would ever have and they would sell them for thousands one made. So again this needs vetting as it appears to be a huge lie. You should vet it. Get me the link to this device specs so I can tell you. This entire write up does not pass the initial stink test, it needs vetting as I said.

      again vet the story, give us the real numbers of hacking by repeaters and this buy them in Mexico for $100.00 and they work out of the box, I even read somewhere that only 1% of the market is of that nature and also from the bbc link newer non-button fobs are not vulnerable, something that was conveniently left out that was in the bbc article. So again telling/inferring all people that their wireless keyless FOBs are a risk of $100.00 repeaters, well again right away the ones with buttons which are the majority just are not. In closing from the bbc link “Jaguar Land Rover said: “The Discovery Sport model tested is no longer in production. The current Discovery Sport produced today features technology which prevents relay attack.”

      Now since you ask what I would propose, I would do three different RF codes. But first I would add a movement sensor to the remote, if the remote is stagnent/at rest it does not send a code to open a door. Hense I just defeated all repeaters. Then I would still have a button on the remote for 30-60 feet(i do not know how people remember where they park their car, especially when I have rental car) , I would have a 1-2 meter RF chip for being able to open the door, and I would have a third chip, 1 foot one that is read only when the you sit in the car seat, so the fob would have to be within 12 inches of the seat.. And I would use three completely different code patterns systems, one with a carrier frequency, one pulse code, and one that is so short and fast that it would require really high end equipment to read. All three of these are used for typical remote control for TVs. I would also look into narrow band frequency hopping. And the third one, in general, no universal remote made by any company can simulate because we use general microcontrollers that are too slow. It has been a long time but I think it was a company named Telefunken that used such a code.

  2. Dean DeVolpi says:

    Note I am referring to the remotes that you press a button for to open the door. If you press a button a repeater will not work for thieves that would use this method so the article is very deceptive.

    • yucalandia says:

      Dean,
      You do not seem to be familiar with common modern keyless-entry systems on cars.

      We do NOT push the button on the remote … We just bring the remote close to the car (1m – 2m proximity)…

      and PUSH THE BUTTON ON THE CAR DOOR HANDLE
      or
      Simply PULL on the door handle (with no button push)
      … and the car door opens.

      1. Thief #1 stands close to the house with UHF repeater-relay #1 …
      2. Thief #2 stands close to the care with UHF repeater #2.
      3. Thief #2 pushes the button on the car door, (or simply pulls on the car door handle) … to unlock the doors
      … & then STARTS THE CAR

      … because the car’s electronics sense the presence of coded-encrypted key-fob nearby, as broadcast by UHF repeater #2… and allow the thieves to open the doors and start the car w/o a remote nearby.

      4. Thieves drive away … keeping the motor running
      because if they shut OFF the car, it won’t re-start, because they are then too far from the key-fob remote.

      Happy Trails,
      Steve

      • dean devolpi says:

        well the ones I have used when renting cars do require you to push buttons to unlock the doors. Once inside the car a key is not inserted.

        MY car has three, the push button remote for opening and disarming the alarm, A physical key that is keyed in that you can not turn to on position, and a RF chip that will not allow the car to be started for more than 5 seconds, if not within 3 inches of the receiver.

      • Emilie says:

        My. Ar has keyless entry. It unlocks when I stand next to the car. It’s a Prius. My sister’s Highlander and my a friend’s Corvette do the same.

      • dean devolpi says:

        emilie, I was not inferring they are not out there, but the numbers are very low, i think 1% of all cars is one source I found. Also, have read that at least some have added to their system a way to defeat these repeaters. many ways I could do it, just adding a secondary RF-ID chip bidirectional rolling codes, frequency hopping all would be effective. all very inexpensive in high volume.

  3. sdibaja says:

    does lojack actually work? Looking for referrals from someone who actually uses it.

    I am a bit skeptical… actually a lot skeptical
    I bought a new Chevrolet a few years ago, and it came with OnStar (General Motors exclusive)… free for the first year. Salesman set me up.
    It did Not work, ever. Even when I went to the US. Lots of interaction with OnStar, they were unable to help. While I was struggling with it I spoke with a Federal highway cop about it, he had a good laugh. Said that they do get reports, but not rapidly, and with vague data that would never get them close enough to actually find the car.

    Steve, no offence but this reads like a paid advertisement.

  4. norm says:

    I’m seeing reports about people leaving their, push button start, cars running in their garage because the cars are so quiet and there is no key to remove. The result is an untimely death from exhaust fumes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.