keyless fob vulnerability

Tamadrummer88 · Jun 4, 2015

73MachI said:
Remote start is a different (active) function of the key fob than keyless entry. The manual states that the range is much greater on remote start. Keyless entry, I believe, relies upon passive RFI but the auto manufacturers implementation of it seems to have a massive security hole as has been noted.

I came back from LA last week and was staying in a two story walkup in Santa Monica, on the 2nd story. I was driving a 2015 F150 Lariat with remote start. next door to me was a 2 bedroom apartment. I was able to start the truck from inside my apartment, and the signal had to go through a whole lot of concrete and rebar.

Is the signal that strong? If so, thats a huge issue to me.

jbailer · Jun 4, 2015

This security vulnerability has nothing to do with remote start. It is amplifying the signal between the key fob and the car so the thief can unlock the door and then start the car like the key was in the car.

113 · Jun 4, 2015

I dunno, maybe lojack is worth it? What's the reputation of that?

Crais · Jun 4, 2015

A simple on/off switch on the keyfob seems like a good solution until something better comes along.

I'd trust that a lot more than the faraday cage fabric pouches. I'd be worried that they would wear enough for some signal leakage without me knowing.

73MachI · Jun 4, 2015

Tamadrummer88 said:
I came back from LA last week and was staying in a two story walkup in Santa Monica, on the 2nd story. I was driving a 2015 F150 Lariat with remote start. next door to me was a 2 bedroom apartment. I was able to start the truck from inside my apartment, and the signal had to go through a whole lot of concrete and rebar.

Is the signal that strong? If so, thats a huge issue to me.

I wouldn't worry about that, mate. In fact, I'd be happy that the "active" range is so great. Of course, thieves could leverage this to hack and steal your vehicle, but there's a much greater concern...

The part that you (and I) need to be concerned about is that the passive RFID antennae in your key fob can be sensed and spoofed with $20 worth of electronics from eBay. And as far as I have seen (and I did major in telecommunications) the only solution is the "stash your key fob in a Faraday Cage" solution. e.g. store your key fob in a metallic pouch or other such construct, like a microwave oven, freezer, or tin foil. Which all kind of winds up defeating the purpose of the convenience of a keyless entry fob.

Great work, auto manufacturers... I sense a class action law suit.

73MachI · Jun 4, 2015

Crais said:
A simple on/off switch on the keyfob seems like a good solution until something better comes along.

I'd trust that a lot more than the faraday cage fabric pouches. I'd be worried that they would wear enough for some signal leakage without me knowing.

I believe that there are two different "systems" in the 2015 Mustang key fob. One is an active transmitter that I really wouldn't worry too much about being leveraged for hack or theft. Not much has changed there in 20-30 years. The other is the passive RFID for "keyless entry and start" that is causing all the debate.

Unless you can defeat the passive RFID antennae in the key fob in some manner (e.g. with a 'Faraday Cage'), I don't think that there's a simple way around this yet. I mean, there is no way for an on/off switch to defeat the passive antennae in the key fob. It works just the same as the RFID antennae hidden in your pass card for work or other secure access scenario. It resonates with an active transmitter in your car and the car transmitter senses this and opens the door/starts the car.

In all seriousness, I'm wondering if this is the makings of a class action lawsuit against all the automobile manufacturers utilizing this technology. It seems like a gaping security hole.

WeinerDog · Jun 4, 2015

What is the range? My car is several hundred feet and a building between when at work and at night it's in the garage.

Todd15Fastback · Jun 4, 2015

I'll leave this here.

IvanCRF · Jun 4, 2015

Too bad I can't pull the ignition rotor like on my '69.
I might have to dust off the ol 'club'. :lol:

jbailer · Jun 4, 2015

WeinerDog said:
What is the range? My car is several hundred feet and a building between when at work and at night it's in the garage.

The report I read said at least 50 meters but as much as 100. Pretty damned far,,,

Cars_1959 · Jun 4, 2015

5.0 435 said:
Could you imagine the number of people that will be stealing the high end cars with all this keyless entry crap. Why do these car companies have to always go for the latest and greatest things only to cause more problems. Are we so lazy we can't get a key out of our pocket. What's next no driver required , oh wait that is around the Corner.

In one article on the Fob problem I saw that in London, the insurers would not insure the Range Rovers unless they were locked in a garage at night.

Seems this has been happening in Europe for a long time and Scotland Yard has a web page up on the problem.

K R A Z Y

batz1917 · Jun 5, 2015

Turn off keyless entry?

Crais · Jun 5, 2015

73MachI said:
I believe that there are two different "systems" in the 2015 Mustang key fob. One is an active transmitter that I really wouldn't worry too much about being leveraged for hack or theft. Not much has changed there in 20-30 years. The other is the passive RFID for "keyless entry and start" that is causing all the debate.

Unless you can defeat the passive RFID antennae in the key fob in some manner (e.g. with a 'Faraday Cage'), I don't think that there's a simple way around this yet. I mean, there is no way for an on/off switch to defeat the passive antennae in the key fob. It works just the same as the RFID antennae hidden in your pass card for work or other secure access scenario. It resonates with an active transmitter in your car and the car transmitter senses this and opens the door/starts the car.

In all seriousness, I'm wondering if this is the makings of a class action lawsuit against all the automobile manufacturers utilizing this technology. It seems like a gaping security hole.

Are you certain? I was under the impression that it was a rf handshake relationship between the fob and the car.
LF and UHF being the two methods for passive and active, respectively.

drbrian722 · Jun 5, 2015

The fob (key) utilizes a battery and it does talk to the car as shown below.

If the battery dies in the fob than the physical key is required to gain entry into the car. The slot under the cup holder has an emitter to ping the RFID with enough power to enable it to be seen and start the car.

If the battery is removed from the fob none of these hacks work. Likewise a small switch worked into the fob for disabling the battery would work as well.

SteveTheStang · Jun 5, 2015

KeyFob Faraday Pouch KeyFob size to fit in your pocket

Amazon.com has this KeyFob pouch available for $16
http://www.amazon.com/gp/product/B00Y3FLYWG

Here is the Sellers website info:
http://www.select-fabricators.com/r.../rf-isolation-key-fob-pouch/for-consumer-use/

keyless fob vulnerability

Tamadrummer88

Finicky

jbailer

Well-Known Member

113

Well-Known Member

Crais

I call it Vera

73MachI

Well-Known Member

73MachI

Well-Known Member

WeinerDog

Well-Known Member

Todd15Fastback

Well-Known Member

IvanCRF

Well-Known Member

jbailer

Well-Known Member

Cars_1959

Well-Known Member

batz1917

Well-Known Member

Crais

I call it Vera

drbrian722

Well-Known Member

SteveTheStang

Well-Known Member