So tell me on your keyless go mechanisms

Schizophonic

Schizophonic

Schizophonic

Soldato
Joined
27 Dec 2006
Posts
2,896
Location
Northampton
We've all seen the videos online how thieves are using the relay tactics to get entry into people's car on their drive and do this all under 90 seconds.

I want to know specific mechanisms because I have performed this test that my fiance is in the car with me and she has the key in her bag. She gets out to go to the shops while I wait in the car, the car complains and doesn't allow me to do anything but switch off.
If there was such a relay attack to my car, I can see how they would mimic my key using the relay attack to get into the car and start it up but when they are out of range aka drive off down the street, would my car no detect there is no key present and then become unusable?

Do other keyless cars behave the same or once the car starts it will continue running and operate regardless if key is present or not? Just curious to know if manufactures have done much to counter the theft problem.
 
Last edited:
Schizophonic said:
If there was such a relay attack to my car, I can see how they would mimic my key using the relay attack to get into the car and start it up but when they are out of range aka drive off down the street, would my car no detect there is no key present and then become unusable?
Click to expand...
I think the relay tactic is purely to get into the car - once you've physical access to the car, then you've got physical access to the OBD port, or even the ignition wiring, so can likely bypass any ongoing key detection
 
Schizophonic said:
We've all seen the videos online how thieves are using the relay tactics to get entry into people's car on their drive and do this all under 90 seconds.

I want to know specific mechanisms because I have performed this test that my fiance is in the car with me and she has the key in her bag. She gets out to go to the shops while I wait in the car, the car complains and doesn't allow me to do anything but switch off.
If there was such a relay attack to my car, I can see how they would mimic my key using the relay attack to get into the car and start it up but when they are out of range aka drive off down the street, would my car no detect there is no key present and then become unusable?

Do other keyless cars behave the same or once the car starts it will continue running and operate regardless if key is present or not? Just curious to know if manufactures have done much to counter the theft problem.
Click to expand...

The main thing manufacturers have done is introduce "sleepy keys". So they stop broadcasting a signal when they haven't moved for 30s.

The idea being that you get home put your keys down and then the signal stops because they are not moving. There is then nothing to relay.
 
alexp999 said:
The main thing manufacturers have done is introduce "sleepy keys". So they stop broadcasting a signal when they haven't moved for 30s.

The idea being that you get home put your keys down and then the signal stops because they are not moving. There is then nothing to relay.
Click to expand...
And yet that is ridiculously easy to get round as well.
 
On a Merc you just double tap the lock button to disable keyless go broadcasting.

To answer the OP, if you're driving along and throw the key out of the window the car will continue to drive as normal. You'll get all the notifications popping up to say 'key not present' etc, but nothing will prevent the car from functioning correctly until you turn the engine off. Then you'll be unable to restart it.
 
Relay attacks work to get in, start the car, and drive off. If they stall it they can become stranded yes. I would think they also disable stop/start tech if possible as well due to this? Some cars have a button to turn it off for the duration of that journey.
 
GravyMonster said:
On a Merc you just double tap the lock button to disable keyless go broadcasting.
Click to expand...

I didn't know this, thanks.

Will a single or double tap of the unlock button restart the broadcast, so I can walk up to the car and enter as I usually would?

I'll try it later when I go out.
 
Last edited:
GravyMonster said:
On a Merc you just double tap the lock button to disable keyless go broadcasting.

To answer the OP, if you're driving along and throw the key out of the window the car will continue to drive as normal. You'll get all the notifications popping up to say 'key not present' etc, but nothing will prevent the car from functioning correctly until you turn the engine off. Then you'll be unable to restart it.
Click to expand...
I think i saw a clip a youtube someone demonstrating what happens when they throw the key out while driving. Can't say i saw it but it appeared in my feed one day. Need to find it to know what exactly happens. If it doesn't do anything to stop the car from functioning and just a warning light then its pritty much pointless to the theives.
 
Mostly used to unlock the car and rob stuff inside it rather than steal the car itself. But many are vulnerable to OBD hacks which is the next step after getting in. They can program a new key with it too. On some cars you can just yank the data port fuse to stop that. Once you start the key you don't need the key until you need to start it again.

The problem is keys which are constantly pinging the car and cars which are always searching for a fob. It's a huge vulnerability.

Storing the key in a metal tin blocks the signal entirely (tested it). The wallets etc should work, but if there are any gaps the signal escapes, so it may not.
 
Last edited:
Last edited:
robj20 said:
The same as with keyfobs with buttons.
Either stay nearby and log the frequency when you press/open the door.
Or they leave something near your car that's constantly recording and come back for it later.
Click to expand...

That's different. He mentioned sleepy keys, where the keyless entry key goes to sleep after X time and will not send a signal until moved again. There is no specific hack to overcome that. You are talking about generic methods to capture signals, which all keys are vulnerable to. The whole point in the sleepy keys is that a thief would have to physically move the keys to allow a relay attack.

Even if the signal was captured earlier, there could be complexities with whether it was the signal to just unlock vs the proximity based key detection required so the car thinks the key is present to be able to start.

Sleepy keys is much, much better. Or, just disable keyless entry overnight. All cars should be required to have a mode to do this. If my 2015 middle range Clio can, others can too.
 
jpaul said:
haven't heard if relay attacks are now solved with UWB ... which jaguar, from earlier discourse here, and other cars now have , maybe premiums reflect it's effectiveness.

https://www.rfstariot.com/digital-car-keys-step-into-era-of-uwb_n205#:~:text=UWB Protect Against Relay Attacks,a key to the vehicle.
Click to expand...
Yes it monitors the reponse time on TX/Rx against the expect delays, any corruption to the signal will flag a longer return times so it knows its not a key then doesnt allow unlock/car wake. Basically.
 
If you want to scare yourself read this :p

https://kentindell.github.io/2023/04/03/can-injection/

You don't even need a key for that, just 60 seconds prying at an easy to get at place on the car and a re-purposed Bluetooth speaker :o

I guess the big problem is that generally security in cars is static once its left the production line as they never receive updates to software or hardware but tech in the rest of the world moves forward relentlessly. Add to that the security that was baked into the cars in the first place is very often severely lacking compared to what you'd expect in the IT industry so no wonder people can just walk up to a huge number of cars and essentially drive them away as if its a GTA game.

Only way to ward against it for the most part is to use a proper key in a lock and have no push button start etc, so that if they do get into the car they'll have made such a mess of the door and interior to get it going it effects the resale but even then im sure they'd do it anyway.
 
Last edited:
I've turned keyless off on my car but external cambus access is the new problem and much harder to defend against, so bought a steering wheel lock to slow them down.
 
Last edited:
sovietspybob said:
If you want to scare yourself read this :p

https://kentindell.github.io/2023/04/03/can-injection/

You don't even need a key for that, just 60 seconds prying at an easy to get at place on the car and a re-purposed Bluetooth speaker :o

I guess the big problem is that generally security in cars is static once its left the production line as they never receive updates to software or hardware but tech in the rest of the world moves forward relentlessly. Add to that the security that was baked into the cars in the first place is very often severely lacking compared to what you'd expect in the IT industry so no wonder people can just walk up to a huge number of cars and essentially drive them away as if its a GTA game.

Only way to ward against it for the most part is to use a proper key in a lock and have no push button start etc, so that if they do get into the car they'll have made such a mess of the door and interior to get it going it effects the resale but even then im sure they'd do it anyway.
Click to expand...
Crazy. This would explain how a colleague had her RAV4 stolen a few years ago.
 
You must log in or register to reply here.
Back
Top Bottom