July 8, 2018

"Why you might want to wrap your car key fob in foil."

"Although it's not ideal, it is the most inexpensive way... The cyber threat is so dynamic and ever changing, it’s hard for consumers to keep up."

64 comments:

Bob Boyd said...

I keep mine in my hat.

Ray - SoCal said...

The real issue is bad security design for fobs.

Garage door openers is an excellent example to explain the issues.

Traditional garage door openers have dip switches, so a fixed code you enter. Each switch can be in or off.

Newer garage door openers keep on changing the code each time.

Auto engineers just went cheap on key fob security, easily fixed for future cars,

Narayanan said...

I don't have car. Wrapping my head in foil.

tcrosse said...

The other alternative is to drive a car nobody wants to steal. Fiat-Chrysler offer many from which to choose.

Fernandinande said...

Study on the effect of tinfoil hats on blocking mind control satellites

"They measured the attenuation of radio signals as a function of frequency and determined that certain frequencies which are reserved for government use are actually amplified by the tinfoil hats."

The link has "mit.edu", so it's real.

Ron Winkleheimer said...

Auto engineers just went cheap on key fob security, easily fixed for future cars

My guess is that they probably didn't even give security much consideration at all. Security costs money and time. If the customers aren't demanding it, then its not going to be a part of the solution. Newer cars have several different wireless networks. Sensors aren't hard wired to a CPU, they communicate their state using wireless protocols. Brakes and acceleration are controlled via wireless signals now too.

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Bob Boyd said...

"certain frequencies which are reserved for government use are actually amplified by the tinfoil hats."

Goddammit.

Wince said...

Does this explain why presidents since Obama have kept illegal immigrant children in Faraday cages and cover them in those silvery thermal blankets?

Coincidence? I think not.

Bob Boyd said...

What about...like, an army helmet?

Bob Boyd said...

@ EDH

They're afraid Putin will hack into our illegals and change their votes to Republican.

Left Bank of the Charles said...

I get that the car is always listening for a signal. But doesn’t the key fob only send a signal when you push one of the buttons? How do thieves capture that when the key fob isn’t being used?

Ron Winkleheimer said...

Chrysler is actually lucky that those two hackers just want notoriety and respect in the hacking community. Hackers in the organized crime community would have been demanding money from Chrysler to keep quite while using the technology as a kill for hire technique. But hackers with that kind of talent are targeting banks, quietly.

Rule of thumb is that there are roughly 50 bugs per 3000 lines of code. Not all have security implications or are accessible remotely, but some will be and are discoverable even without the source code via debuggers, disasemblers, and decompilers.

https://en.wikipedia.org/wiki/Decompiler

MadisonMan said...

I have more important things to worry about. Maybe if I drove something other than a scraped-up 6-yo car I'd wonder.

Ron Winkleheimer said...

@Left Bank

Some cars don't require you to push a button on the fob. My wife's SUV just requires you to push a button on the door handle while the fob is in her pocket or purse. So you capture the signal which the fob is putting out, constantly, and either amplify it or record it and replay it later and you can get into the car and start it up.

Ralph L said...

People who store their fobs in Faraday cages aren't paranoid, experts say.

What experts?

With some cars, you just have to walk near them with the fob and they'll unlock. But if you walk away, they'll lock back up.

Achilles said...

The point is building a society where you don’t need to stop people from trying to take your shit.

There are always going to be ways to steal things and rob people. Nobody likes it when I tell them the government and the large corporations are listening to every single word you say on your phone and reading every text. Every email is scanned for marketing and “security “ purposes.

Telling people to put your fob in a faraday bag? Yay.

Working just as well as making drugs illegal.

Ron Winkleheimer said...

With some cars, you just have to walk near them with the fob and they'll unlock. But if you walk away, they'll lock back up.

Which, from a security perspective, is a horrible design. It trusts that the signal cannot be duplicated or otherwise manipulated. A signal that is constantly being broadcast.

Ralph L said...

My EZPass transponder came with a metalized plastic pouch. I'll have to see if that works for the fob.

Fernandinande said...

Ralph L said...
"People who store their fobs in Faraday cages aren't paranoid, experts say."
What experts?


Crazy exerts:

"Treatment of paranoid schizophrenia involves a lifelong commitment to the Faraday cage. Treatment, essentially the same for all types of the disorder, varies based on radio signal intensity, patient medical history, age, car year and model, and other individually relevant factors."

Nicholas said...

Ron Winkelheimer puts his finger on the problem, which is that you don't have to have your finger on the fob: the idiot car manufacturers have it broadcasting continuously, although they say you can adjust the fob settings to stop this. There have been numerous reports in the British press of thieves buying signal amplifiers, so they can pick up the signal from the key fob on your entrance hall table and amplify it to a gizmo next to your car, and presto, they are away.

Michael K said...

I'm more concerned with garage door openers.

We have a Mormon temple at the end of our street so thieves probably wouldn't dare.

jimbino said...

A Faraday cage will keep an exterior electromagnetic radiation from penetrating to the interior, but is highly ineffective in stopping a signal originating in the interior from continuing to the exterior unless the cage is grounded--something impractical for a car remote wrapped in foil and carried in your pocket.

buwaya said...

Hmm,
You can still get high security all-mechanical locks as an option or retrofit.
Electronic locks are high tech for no good reason.

bagoh20 said...

Propaganda from the aluminum cartel.

Although I know it's possible, I never heard of this happening to anyone anywhere other than in "stories". Nobody seems to know of any occurrence first hand. I ignore fears in that category, except for the anal probing by aliens. That shit is real as a heart attack, so I sleep with my ass covered in foil.

bagoh20 said...

They have wifi controls for everything now. You can get lawn sprinklers controlled by an app. Evildoers could roam the neighborhood over-watering lawns with impunity. Scary times.

Rosalyn C. said...

Is this car key fob "convenience" so much better than using a key and keeping a spare key? People never lose their key fobs?

rhhardin said...

It doesn't make any sense. The fob should be inert unless you're pressing a button on it. Otherwise the battery wouldn't last long.

So I call bullshit.

rhhardin said...

I put my keys in a small drawstring muslin bag. It wears the bag out instead of the pocket.

FullMoon said...

The story is incomplete. A British newspaper published the complete story a month ago. It listed the device legitimately bought through Amazon that can be used to duplicate your fob from yards away.

Story reminded me of the newsflash for parents "Beware of latest teen age way of getting high etc". Adventurous teens gonna rush right out and try the new way they were not aware of until newsreader informed them..

Speaking of car theft, some Honda models are stolen by the thief using a filed down Honda key. Simply use the key to open the door and start the car. That is what the police told my friend when he met them to recover his Honda.

bagoh20 said...
This comment has been removed by the author.
tcrosse said...

A good car thief with a Slim Jim can open your locked car toot sweet.

Michael K said...

"Electronic locks are high tech for no good reason."

One reason. My daughter lost her VW key fob and the replacement was $400.

chuckR said...

The take rate for manual transmission cars is 5%. A manual is a theft deterrent. Plus they are more engaging - you must stay on task - unlike a car with some half-assed AI that is plotting how to run you into a bridge abutment while you are messing with your stupid phone.

Bob Boyd said...

"I sleep with my ass covered in foil."

An alien probe will punch through aluminum foil like it isn't even there...um...from what I hear.

Yancey Ward said...

I have patented the titanium-alloy reinforced with carbon nanotubes ass coverer. It prevents anal probing by all probes non-diamond tipped.

Bob Boyd said...

An aquaintance, who for some reason had attracted the attention of an alien probing team- I dunno- seemed like a regular guy- anyway he started sleeping in lederhosen. He said it worked with the second pair he tried and not to get the cheap ones.

Bob Boyd said...

"all probes non-diamond tipped."

Alien probes are made of this stuff from their home planet that's harder than diamond, but squishy...is what I'm told.

rhhardin said...

Alien probe memories are supposed to be unhooked memories of being changed as a baby.

Bob Boyd said...

That's what they want you to think.

Ron Winkleheimer said...

Is this car key fob "convenience" so much better than using a key and keeping a spare key? People never lose their key fobs?

When we bought a used Lexus a few years ago it only came with one key. It was the kind were you actually had to put the key in the ignition, but it broadcast a signal and if the car didn't recognize the signal then the car wouldn't start. We were advised to get a new key made at the dealer. They could make a duplicate as long as they had one key. That cost $240. If we lost the only key they said they would have to replace the "computer" in the car (which is going to be a chip) and that would cost $1000 and they would also need to still charge us for the replacement keys.

n.n said...

Who's laughing now?

Bob Boyd said...

@ Ron

Sounds like you were probed by earthlings.

Ron Winkleheimer said...

This is in the wikipedia article on "remote keyless system."

News media have reported cases where it is suspected that criminals managed to open cars by using signal boosters to trick vehicles into thinking that their keyless entry fobs were close by even when they were far away, though they have not reported that any such devices have been found. The articles speculate that keeping fobs in aluminum foil or a freezer when not in use can prevent criminals from exploiting this vulnerability.[7]

https://en.wikipedia.org/wiki/Remote_keyless_system

Notice it states "news media have reported." A few years ago the news media was reporting that hackers had produced "EMP Guns" that could disable cars and destroy electronic records in data centers and banks even if they were used from outside the security perimeter of the building housing the computers. This is simply bullshit since the power needed to generate such an effect requires the use of high explosives and lots of them. The article goes on to state that the police have not found any devices that could be used to amplify your fobs signal and thus unlock your car. Which, on reflection, makes me think rhhardin is correct, its bullshit.

Michael The Magnificent said...

The other alternative is to drive a car nobody wants to steal. Fiat-Chrysler offer many from which to choose.

My rusty and dented 2003 Dodge Caravan Sport, with over 250k miles, was stolen. Not because it's a car anyone would want, but because it's easy to steal.

CWJ said...

Ron,

Sounds like a second key would be an obvious negotiating point. Assuming dealer cost not anywhere near the quoted $240 dealer price, it's a no brainer for them offer one to close the deal. They pretend to make a $240 concession, and you pretend to believe them.

Kinda like when the Jaguar dealership tried to charge me $40 for a new battery in my key fob. When I informed them that I knew the battery was a common wafer style and that duracell 2 packs could be had for less than $10, the charge disappeared.

Ralph L said...

My rusty and dented 2003 Dodge Caravan Sport, with over 250k miles, was stolen

My brother's rusty, no-optioned 1977 Chevy van was stolen but they brought it back.

It would be easier to lube up before bed and enjoy the ride.

Original Mike said...

”With some cars, you just have to walk near them with the fob and they'll unlock. But if you walk away, they'll lock back up.”

My last rental car had that and I hated it. If you wanted to test if the door was locked, you had to put your key down on the pavement some distance from the car. What a dumb ass design.

Shopping for new car now. Mental note to self to try and avoid it.

gadfly said...

I think the article is designed to create a market for an unneeded product. The key fob for my 2018 GMC is designed to carry in your pocket or purse. So when you park your vehicle and click the fob or the button on the door handle - the car is locked and when you leave the unlocking device goes with you. Should you be so stupid as to leave the fob inside the car, you are thrilled that you have not locked yourself out of the car, while at the same time, have kept honest people honest.

Old timey key + fob combinations allowed the car to only be opened from the outside, so a hidden key or awaiting the arrival of a really ticked-off spouse are the best unlocking choices. A return to unlocking the vehicle only with a mechanical key is not only cheap but is easy to engineer.

Bad Lieutenant said...

Yancey Ward said...
I have patented the titanium-alloy reinforced with carbon nanotubes ass coverer. It prevents anal probing by all probes non-diamond tipped.

7/8/18, 12:21 PM


Like the entrance fee to Heaven, that just keeps the rabble out, so your rectum is fresh and tight for the diamond-equipped.

Mountain Maven said...

If authorities arrested these electronic thieves and held some high profile trials, criminals would be deterred. Like the IRS does with nonfilers in April.

Ralph L said...

Should you be so stupid as to leave the fob inside the car,

The idea is that with push-button start, the fob need never leave your pocket. If you don't have pockets, carry a small kangaroo or you're SOL.

Achilles said...

rhhardin said...

It doesn't make any sense. The fob should be inert unless you're pressing a button on it. Otherwise the battery wouldn't last long.

So I call bullshit.


It is the car that puts out the signal. The FOB catches the signal and responds. Shit should be encrypted.

It isn't.

Wouldn't matter much in the long run unless they both connected to a third party anyway to get any real benefit.

Then you have to trust a third party to hold the encryption keys.

Next step block chains! =(

In the end if you want to stop people from stealing cars you make the risk of stealing a car greater than the benefits of stealing a car.

For everyone involved.

The Godfather said...

Etiquette question: When you hand your key fob to the valet parker, should you take the aluminum foil wrapping off first?

DavidD said...

An acquaintance on Facebook was warning recently of crooks who would sit near a parking lot and steal cars after their owners had locked them with a fob and then walked away.

Supposedly, the crooks even were audaciously pressing a button themselves to unlock someone’s car door immediately after the owner had locked it, the act of the owner unlocking the car having given the crooks the code.

That sounded like bullshit to me. Even if the crooks could pull the lock code out of the air from such a distance, the unlock code would have to be different; otherwise, the receiver in the car would not be able to tell the difference.

Try pressing the lock code twice and see what happens.

Also, the key fobs have very limited range. The lights on my car flash when I have pressed a button while I am in range; if I’m out of range, nothing happens.

Some people need to have something to get them worried, I guess, and will latch onto just about anything regardless of how far-fetched it is.

wildswan said...

"Blogger jimbino said...
A Faraday cage will keep an exterior electromagnetic radiation from penetrating to the interior, but is highly ineffective in stopping a signal originating in the interior from continuing to the exterior unless the cage is grounded--something impractical for a car remote wrapped in foil and carried in your pocket."

Now I know why the caged fob sings.

Achilles said...

The Godfather said...

Etiquette question: When you hand your key fob to the valet parker, should you take the aluminum foil wrapping off first?

That is kinda funny.

Just another reason why security theater is destined to fail.

Henry said...

I have an old SUV that requires key entry.

It changes the etiquette. Nowadays you demonstrate courtesy to your passenger by clicking a clicker that unlocks all the doors at once. In the old days -- the now for my car -- you can't unlock the passenger door first unless you actually walk to the passenger door and turn the key in the passenger door lock. As long as you're there you might as well open the door for your passenger as well. And bow.

n.n said...

It's not property theft. It's an unsolicited service, with a free car wash.

Legal disclosure: Property taken fills a shared need that may or may not be returned in your lifetime.

Henry said...

"Blogger jimbino said...
A Faraday cage will keep an exterior electromagnetic radiation from penetrating to the interior, but is highly ineffective in stopping a signal originating in the interior from continuing to the exterior unless the cage is grounded--something impractical for a car remote wrapped in foil and carried in your pocket."

How about a Skinner box? What if you kept your fob in one of those? Then your car would be stolen, but the thief's motivation would be revealed.

Or maybe you deposit your fob in a Schrodinger paradox. Your car could be safe and stolen at the exact same time. Depending on interpretation, once the thief observes the signal of your fob from a chamber whose viability is controlled by the decay of a single atom, it entangle the poor sod in a separate many-world of the fob being stolen. Take that, felon!

tcrosse said...

It might be possible to disable the fob feature by pulling the fuse. Then one would need to open the car door with the key, as God intended.

Achilles said...

This is a much better car security system.

It is much cheaper and more effective to reduce the number of thieves in society than it is to secure vehicles.

Freeman Hunt said...

I don't think my area has this caliber of criminal. For ours, you'd need to wrap the windows with sheet metal. Hard to tear off the roll.

Chris N said...

Lady in the condo complex next door had a likely thief calibrate to her frequency from outside her unit then break into her car. About a week ago.

Ralph L said...

For over a decade, I used the door switch to lock up as I left the car. I didn't realize until someone broke into my car in my carport that you had to use the fob to activate the alarm. He tried again a week later, the alarm went off, and I ran out swearing at him in stocking feet. Now I have a hatchet by the back door.