Even though it has around for some time relay hacking key-less entry vehicles is on the rise again . When I purchased my new car , which is key -less entry and start I religiously put the key fob in a cake tin at night along with the spare fob . The radio frequency from the fob cannot penetrate the tin .
Hacking is easily done . Takes 2 people with cheap radios easily purchased on Ebay . They are then frequency modified . One person watches the car to be stolen pull into , we’ll say for the this post , a shopping centre car park . You follow the person in as your accomplice stands by the car . When you get close to the victim you turn the small radio to scan . It picks up the frequency from the Fob in the victims pocket . You transmit that frequency to the accomplice by the car . He transmits it near the car , doors unlock , he hops in , hits start button and steals car . /
The radio to do this are as low as $20 each on Ebay . Programming them is a breeze . /
Read the link below to find out how to prevent this . One night I backed my car in and left my key fob on a coffee table near a window behind the car . I went out next morning and noticed something I had left on the front passenger seat . I pressed the handle button and the door opened . I realised the fob was not on my person . Anyone could have stolen the car that night . Read link for preventative measures . I used to be in ham radio and for some years we held some very large security contracts . To beat a thief you must think like one .
I didn’t realise the fobs were continually transmitting.
Does this use the same scanner that is used to find garage door frequencies? Apparently this was used to gain access to houses as most people don’t lock the door between the garage and home.
That’s what I thought about the fob battery @ScottOKeefe.
But according to the UK article Mike posted, the scanners were attempting to get close to the key fob looking for the frequency. Otherwise they could just stand next to any vehicle to get the frequency, and open it.
That’s right @ScottOKeefe . The person following you around has the transceiver set to scan transmit . When it hits your frequency the fob reacts and he transmits the frequency to the other person near the car . He punches the frequency in and puts into receive mode . The car is duped into thinking the fob is close by .
I should have been more clear on that point . Some fobs do transmit continuously . Either way it pays to isolate the fob in a Faraday pouch or whatever . I store both of my fobs in a cake tin at night .
Interesting read Mike, and I agree with the ‘she’ll be right’ mindset.
I note that the range suggested for the key by Robert McDonald, Manager of NRMA Insurance Research Centre, is 1 meter, in the research paper @ScottOKeefe linked us to they were talking about a range of 8 meters.
This is a quantum of difference. If the research is correct then storing the keys near the front door is problematic for scanning the frequency, and not just for burglary as the NRMA think.
I wonder if the NRMA would pay out if the car was stolen with this technique, as there would be no indication of forced entry etc? Or, would they say that the key was not secured properly etc?
Until the liability is sorted it seems to me that your suggestion of a tin can, or even a faraday cage of some sort (these pouches are available on line) would be a sensible precaution.
I have a (Nissan) car with keyless entry & ignition. It is not the fully passive type. If I approach the car with the fob, the doors do not unlock automatically. I have to press the button on one of the front door handles or the boot lid for unlocking to occur. Of course, I can alternately press the unlock button on the fob. Locking is passive: if the fob leaves the car and goes out of range, the doors will lock. I do not avail myself of this feature; I always lock the car as soon as I close the door or boot, but I suppose it offers a backup for forgetfulness.
Before coming to work for CHOICE, I was employed by IAG ( parent of NRMA Insurance ).
My car is insured by NRMA Insurance.
If someone were to employ relay hacking to steal my car, I firmly believe that NRMA Insurance would not deny a theft claim, even though I’m not storing my fob in a faraday cage.
If I see shady characters hanging around, I’ll not want to park my car. Bashing me over the head and stealing my fob is far more likely than a relay hack.
If I see someone fooling around in my driveway with a length of coaxial cable, I’ll be calling the police ( our NBN coaxial is going to be installed on the opposite side of the property ).
Scott my car also has key less entry and ignition . It is a 2017 Suzuki Baleno GLX Turbo .Unlike yours it does not lock the doors when you park and leave it . /
Last month my local Suzuki dealer , I have purchased all my Suzukis from them , phoned to see if I would like to update to the new Swift Sport . We booked a time for a test drive . I’m happy with my car but the Swift has AEB which is something they still do not offer on the Baleno in Australia yet in Europe I believe it is compulsory in some countries . /
To cut a long story short the night after the cancelled test drive I was passing the dealer at about 8.00pm the following day.I thought I would pull in and check the Swift Sport out . They had one parked at the side of the show room building . I circled around the back to check out the exhaust diffuses at the rear . As I straightened up from checking the muffler and pipes out I fell forward and pushed the back of the car /
To my surprise it started to roll . I instinctively ran to the drivers door and it opened , this car has key less entry and ignition fitted , I put the handbrake on to stop it before it rolled into the back of a new Vitara Turbo . The Swift Sport was a manual so I depressed the clutch and hit the start button . I did this to see if the fob was anywhere inside the car . A message came up that the Key was not in the vicinity of the vehicle . It did not start . I flipped the hood to check all was ok under the bonnet . Got back in the vehicle , engaged the central locking system with the drivers door ajar for my exit and left ./
Next day I phoned the dealer and told them what had happened . They thanked me naturally . They know me quite well , I’ve purchased 7 new vehicles from them , The point is if I had wanted to and had a cheap tablet or laptop with me I could have stolen that car if I was of that type of character. . To me it is a glaring fault in the system Suzuki uses . I much prefer the way the Nissan takes this scenario out of your hands ./
I’m still interested in the Swift Sport by the by.The Baleno 105 BHP 170 NM Swift Sport 138BHP and 240NM and weighs 80KG less . I think I might lock up my car keys for awhile
I’m a big fan of Suzuki - but mine doesn’t have key-less anything - but at 197 BHP and 138 Nm and 700 Kg lighter than a Swift Sport I’m never looking for car keys or fobs
Just found some old documentation for my bike . I believe it was a Suzuki GT 380 or similar as it was called various names depending on country of release . I think in the States it was called a Serbring . My brother had a Honda 750 four pot . I did not like it as I’m only 5’ 6" (169cm ) and it was too big a bike for me I much prefered my Suzie . Arghhh memories …
I did some testing on a Mazda 3 and a Mazda 6. The key fob had to be within a meter of the start button for it to start. It would not start with the fob on the outside of the driver’s window or down at the door handle.
In practical terms this means the fob has to be inside the vehicle to start it.
This does NOT contradict Mike’s video of two people working in concert with the right equipment. The car door could be opened from outside with a repeater/transmitter, and then once inside the vehicle, may be it could be started.
Sorry Mike. Lift you head back up I have edited what I wrote. The word NOT disappeared from what I typed. My apologies
I am allowing for the possibility it might work.
The door could be opened from a distance, but the under one meter proximity to the starter seems to be critical. Therefore, the transmitter needs to be inside the vehicle to start it.
Thus, the initial receiver/transmitter to receiver/transmitter at the car process could work. I am not clear yet on the range of the key fob. This range might be a critical limiter on the initial detection of the frequency. Therefore, if not Faraday caged, keep the fob away from the accessible part of your home.
I much prefered my Suzie . Arghhh memories …
