Do you have a car with keyless entry? more specifically can you leave your key fob in your pocket and gain entry into the car and start the engine by pushing a button on the dashboard?
Then you have a problem!
Anyone with a £13 device from eBay will be able to unlock your car, start the engine and drive away. This is NOT a hack of the cryptography used between the car and the keyfob.
How does it work? Its a clever yet simple form of trickery!
Lets say you arrive home, lock the car, walk through your door into your home and if your like me put your key fob onto a cabinet in the hallway or kitchen etc. The key will be far enough away that the car will not receive a response from the key fob to the beacons emitted from the car. Meaning the car will not unlock as the key is too far away from the car.
Radio equipment can be purchased from eBay for as little as £13. If this device is close enough to the key fob, for example placed right up against your front door or window, the car will be fooled into believing the key is close enough and will allow the doors to open. The radio device is basically acting as a proxy and boosting the signal from the key to the car.
Once the receiver is inside the car the cars proximity sensor will be tricked into believing the key fob is actually inside the car and will permit the engine to start!
Ok, you have my attention! what can I do?
I learnt all this by listening to my favorite security podcast, Security Now with Steve Gibson and Leo Laporte. One option is to remove the battery from your key fob. This disables the passive keyless entry requiring you to actually touch the key fob against a part of the car like the door handle for example. Most key fobs fall back to using RF ID which does not require battery power but needs to be extremely close to the receiver. Much like your ID card for work that lets you in and out of the building. If you think about it they don’t have battery’s and you need to virtualy touch the sensor on the door for the card to register.
I’m far to lazy to have to do that, I like the fact I can leave my keyfob in my pocket or ruck sack and simply walk up to the car, get in and start the engine with out even having to touch the key fob at all.
Use a Faraday bag / box!
Some people suggest putting your keys into the fridge or microwave as they make effective Faraday cages. This will block the radio signals from the key. I’m going to by a Faraday bag or box of some kind from eBay and store my key fob in that. I’ll probably buy this one:
You can read further onto this issue from the links below.
Show notes from the Security now podcast:
Network world news article: