Keyless repeaters and signal amplifiers scramble the signal from remote key fobs inside people’s homes, enabling criminals to unlock cars.
No, they don’t. The situation described is a relay attack on keyless entry/start. Jamming is used in a two stage attack, where the device intercepts the first signal and stores it without allowing the car to ‘see’ it by jamming. The user then tries a second time.
This time the signal is intercepted the same way, and the first signal is played back to the car from the device. The second signal is stored and can be replayed later to bypass a rolling code setup.
It’s very niche and the stored signal quickly becomes obsolete anyway.
Sophisticated electronic devices used by criminals to steal cars are set to be banned
Making or selling a signal jammer could lead to up to five years
Jenny Simms said the possession, manufacture, sale and supply of signal jammers had provided an “easily accessible tool for criminals… for far too long”.
These devices have no legitimate purpose
Basically, fuck you if you happen to have or build a Software Defined Radio (SDR). Again with the UK ‘clamping down’ on something that does have plenty of legitimate use.
I use an F0 for toying with my own equipment, as an interface for my smart devices and as a general purpose keyfob. I may be arrested just for possessing it.
The crims will not care a jot and this only serves to restrict/annoy legitimate users.
The fault and solution lies with the manufacturers who implement insecure tech, and with the users who blindly sacrifice pounds of security for ounces of convenience.
An SDR can be made to jam, even if that is not the normal purpose. Just like a kitchen knife can be used to murder people, instead of its normal culinary purpose.
Of course an F0 can’t clone a rolling code as-is. I never said it could. But it can harvest and replay a single or multiple consecutive codes just fine, providing the original key is not used in the meantime. Only need physical access to the key while it is out of range of the vehicle.
This alone puts the F0 on dangerous ground as an “electronic device (such as a signal jammer) for use in theft of a vehicle or theft of anything in a vehicle”
People have locked out their original keys by messing with this before.
The point is that our laws are reactionary, vague, and open to too much interpretation.
If someone gets shit stolen out their car and I happen to be nearby, then I will become suspect merely through possession. Even without intent.
To add to this, I used to work at a physical security company, and we needed to alert the guards of someone attempted to jam signals. How do you properly test that? By jamming signals!
I guess this scenario could be resolved through licensing, but that’s a ridiculous solution since criminals could still get it.
It should be illegal to use a jammer maliciously or negligently. It shouldn’t be illegal to posses one. Car manufacturers should also be held liable for losses due to lack of protection against jamming.
I meant they should have failsafes in place so jamming isn’t an effective attack.
A simple analogy is locks. Instead of making lock picking kits illegal, design better locks to increase the time and knowledge needed to defeat a lock.
Car remote unlock design is lazy: you push the button and it generates a key, which is invalidated when used. There’s nothing more complex here than a defined order. To protect against that, add a time element (like TOTP in Google Authenticator). Your fob and car would keep time independently, so an attacker would have a very narrow window (i.e. under a second) to attack the car, if that. Resync the fob with the car after a successful challenge/response process so they don’t drift too much, and allow resyncing with physical entry.
Car companies should pay when their laziness leads to compromise.
Totps only works when both source and recipient are synced pretty much identically in time. Meaning the car and fob would need to receive their time from an external source.
Not that hard in many places, just grab the time from a radio broadcast. But what happens when that broadcast isn’t available? You fall back on a known inaccurate time. I’ve seen cars with a bum RTC chip, which lost about a minute a day. That would be enough to kill off this kind of system.
Not to mention that an external time source would be larger, cost more, require more power, and would be vulnerable to brand new attacks.
There is no perfect system. Take your physical lock for instance, there is no unpickable lock. They just plum don’t exist.
I’ve seen cars with a bum RTC chip, which lost about a minute a day.
Not the customer’s problem. If car manufacturers want to cheap out on components, they can pay the price when cars get stolen.
Even cheap watches keep the time really well, as in less than a second drift in a given month. I have a physical TOTP device that works for years, and that needs to be accurate to <30 seconds (realistically, <10 seconds drift). How much do those cost? $10-20, and they have way more features than a basic time crystal.
You don’t need an external time source, you just need non-crappy parts for your cars and fobs. That’s totally reasonable given the cost of those devices, so spending $1 more or whatever for a reliable time crystal isn’t an issue. Sync them periodically, such as when starting the car, and it won’t be an issue.
If you rely on an external time source, you have the same problem, but a little higher tech (e.g. blast your own network time), and you introduce privacy concerns (tracking).
My suggestion requires no privacy violations, prevents replay attacks, shield your time crystal in a Faraday cage), and keeping time synced with the car can be entirely done without the user noticing. It might fail in some crazy scenarios, like not driving the car for a year (possible if you never use one of your fobs), and it’ll need to be resynced after a battery swap, but you have the easy fallback of resyncing when you insert it into the car. The time doesn’t even need to be accurate, it just needs to tick the same way on both ends.
Yes, there is no perfect system, but there are real world systems that are way better than what we have. Car manufacturers just don’t care enough to implement them, the same way banks don’t care enough to use proper security (why is my email more secure than my bank??). Hold them accountable and they’ll fix it, create regulations and they’ll do the bare minimum.
Typical BBC reporting of anything technical.
No, they don’t. The situation described is a relay attack on keyless entry/start. Jamming is used in a two stage attack, where the device intercepts the first signal and stores it without allowing the car to ‘see’ it by jamming. The user then tries a second time.
This time the signal is intercepted the same way, and the first signal is played back to the car from the device. The second signal is stored and can be replayed later to bypass a rolling code setup.
It’s very niche and the stored signal quickly becomes obsolete anyway.
Basically, fuck you if you happen to have or build a Software Defined Radio (SDR). Again with the UK ‘clamping down’ on something that does have plenty of legitimate use.
I use an F0 for toying with my own equipment, as an interface for my smart devices and as a general purpose keyfob. I may be arrested just for possessing it.
The crims will not care a jot and this only serves to restrict/annoy legitimate users.
The fault and solution lies with the manufacturers who implement insecure tech, and with the users who blindly sacrifice pounds of security for ounces of convenience.
An SDR is not a signal jammer and the flipper zero can’t clone a rolling code remote.
An SDR can be made to jam, even if that is not the normal purpose. Just like a kitchen knife can be used to murder people, instead of its normal culinary purpose.
Of course an F0 can’t clone a rolling code as-is. I never said it could. But it can harvest and replay a single or multiple consecutive codes just fine, providing the original key is not used in the meantime. Only need physical access to the key while it is out of range of the vehicle.
This alone puts the F0 on dangerous ground as an “electronic device (such as a signal jammer) for use in theft of a vehicle or theft of anything in a vehicle”
People have locked out their original keys by messing with this before.
The point is that our laws are reactionary, vague, and open to too much interpretation.
If someone gets shit stolen out their car and I happen to be nearby, then I will become suspect merely through possession. Even without intent.
Exactly!
To add to this, I used to work at a physical security company, and we needed to alert the guards of someone attempted to jam signals. How do you properly test that? By jamming signals!
I guess this scenario could be resolved through licensing, but that’s a ridiculous solution since criminals could still get it.
It should be illegal to use a jammer maliciously or negligently. It shouldn’t be illegal to posses one. Car manufacturers should also be held liable for losses due to lack of protection against jamming.
Did you mean something else here? You can’t “protect” against jamming. That’s like protecting from too much noise in a conversation.
I meant they should have failsafes in place so jamming isn’t an effective attack.
A simple analogy is locks. Instead of making lock picking kits illegal, design better locks to increase the time and knowledge needed to defeat a lock.
Car remote unlock design is lazy: you push the button and it generates a key, which is invalidated when used. There’s nothing more complex here than a defined order. To protect against that, add a time element (like TOTP in Google Authenticator). Your fob and car would keep time independently, so an attacker would have a very narrow window (i.e. under a second) to attack the car, if that. Resync the fob with the car after a successful challenge/response process so they don’t drift too much, and allow resyncing with physical entry.
Car companies should pay when their laziness leads to compromise.
Totps only works when both source and recipient are synced pretty much identically in time. Meaning the car and fob would need to receive their time from an external source.
Not that hard in many places, just grab the time from a radio broadcast. But what happens when that broadcast isn’t available? You fall back on a known inaccurate time. I’ve seen cars with a bum RTC chip, which lost about a minute a day. That would be enough to kill off this kind of system.
Not to mention that an external time source would be larger, cost more, require more power, and would be vulnerable to brand new attacks.
There is no perfect system. Take your physical lock for instance, there is no unpickable lock. They just plum don’t exist.
Not the customer’s problem. If car manufacturers want to cheap out on components, they can pay the price when cars get stolen.
Even cheap watches keep the time really well, as in less than a second drift in a given month. I have a physical TOTP device that works for years, and that needs to be accurate to <30 seconds (realistically, <10 seconds drift). How much do those cost? $10-20, and they have way more features than a basic time crystal.
You don’t need an external time source, you just need non-crappy parts for your cars and fobs. That’s totally reasonable given the cost of those devices, so spending $1 more or whatever for a reliable time crystal isn’t an issue. Sync them periodically, such as when starting the car, and it won’t be an issue.
If you rely on an external time source, you have the same problem, but a little higher tech (e.g. blast your own network time), and you introduce privacy concerns (tracking).
My suggestion requires no privacy violations, prevents replay attacks, shield your time crystal in a Faraday cage), and keeping time synced with the car can be entirely done without the user noticing. It might fail in some crazy scenarios, like not driving the car for a year (possible if you never use one of your fobs), and it’ll need to be resynced after a battery swap, but you have the easy fallback of resyncing when you insert it into the car. The time doesn’t even need to be accurate, it just needs to tick the same way on both ends.
Yes, there is no perfect system, but there are real world systems that are way better than what we have. Car manufacturers just don’t care enough to implement them, the same way banks don’t care enough to use proper security (why is my email more secure than my bank??). Hold them accountable and they’ll fix it, create regulations and they’ll do the bare minimum.