Although some improvements have been made with the latest keyless systems, there are still plenty of older systems or keys kept in coat pockets, pretend faraday pouches or simply in the hand that an opportunist might relay with his hundred pound ebay kit and drive away in a nice car.

 

My next door neighbour had a nice BMW X1. He is an intelligent chappie being a doctor and at the time travelled a lot around the country doing locum work. One night in Birminghan, he parked up in a hotel car park. Next morning he went out and couldn't find his car. CCTV revealed a hooded figure approach his car shortly after him walking away and after his lights flashing indicating opening, they jumped on and drove off.

 

Even with CCTV evidence the police were just not interested in pursuing it further saying the CCTV could not identify the culprit and the car was probably in a container being loaded on a ship by then. They also said the crime was extremely common and they had far too many to be able to follow them all up.

 

 

https://www.fleetnews.co.uk/news/car-industry-news/2021/03/03/uk-car-theft-hotspots-revealed-as-keyless-crime-reaches-record-high

On 15/01/2022 at 22:28, SoupDragon said:

Original poster, my car is not kessy, just remote open/lock control by remote fob buttons . There is no option to to turn it off. 

Did you have any issues locking the car the night before, for example did you have to press the button twice? The fore runner of the relay attack (simulating the keyless element using a repeater at the car and an amplification at the key end) was the replay. I cant remember the specifics but it works by intercepting the first button push and recording it, then when the button is pressed again it intercepts it and stores the new signal, using the old stored signal to lock the car means that button press 2 is the next unlock code. 

 

The above is fairly unsophisticated in that it can be bought online. There may be other ways but this one was common. 

I use several of these in the house and have spares incase they get damaged from use and stop working. Has blocked every key signal I’ve ever tried and is piece of mind at night.  
 

13 hours ago, UndertheRadar said:

I use several of these in the house and have spares in case they get damaged from use and stop working. Has blocked every key signal I’ve ever tried and is piece of mind at night. 

Got a link please?

I have kessy on the swift but my keys go in a faraday bag when at home that's been tested standing next to the car.

 

Unfortunately the only flying the ointment is my wife - who never seems to remember to put the keys back in it, so I always have to go hunting through her handbag and pockets to find the key and sort it!

4 minutes ago, PetrolDave said:

Got a link please?

https://www.ebay.co.uk/itm/CigaMaTe-Car-Key-Signal-Blocker-Box-Faraday-Box-for-Car-Keys-Keyless-Entry-Fob-/255329366723?mkcid=16&mkevt=1&_trksid=p2349624.m46890.l6249&mkrid=710-127635-2958-0

i bought them for not much over £20 each and £16 or £17 for the smaller single key version, so I’d shop around on price. They do work very well, but only time will tell how long they last from being opened and closed. 

Just a thought - I wonder if that 'faraday' material is readily available via well known shopping sites...   if so it might be useful for lining drawers that people keep keys in etc. to provide an additional layer of protection...

19 minutes ago, skomaz said:

Just a thought - I wonder if that 'faraday' material is readily available via well known shopping sites...   if so it might be useful for lining drawers that people keep keys in etc. to provide an additional layer of protection...

It’s bound to be available from somewhere. These ones are just a wooden box covered in a suede type material. The inside of the lid has the signal blocker material as does an inner removable box that’s also wrapped in it. They just close together to make a contact seal as such. 
A wee note inside stated it was hand made by some bloke and his family in china, who then wished me a pleasant day. 
so if you could get your hands on some, you could probably glue it inside an old Tupperware box or the like as well. 

I am the original poster. I now wrap my key in kitchen foil when at home which completely blocks the signal. Luckily I remembered that I have a spare key that I have never used and wrapped that as well.  My car does not have full Kessy, just a fob to open and lock the doors with two buttons and gives keyless ignition. From what one of the posters have said, my key could not have been scanned so I probably left the car unlocked, but I am sure I didn't. Many cars were raided in the street the night it happened to me.

ExSeat, I thought that's how these fobs work, with a different code each time they are used. But, when I dug out the spare key fob which I had never used since the car was new a year ago, it immediately unlocked the car: it seems to be  just a signal with an unchanging ID embedded. If that's the case, when you press the start button, something must search for the matching fob and if it is in range, the matching ID would be revealed. 

Does anyone know how these fobs work?

UTR that key box is the neatest I have seen.

Modern fobs use a rolling code, which changes every time the user presses the button, according to a cryptographic sequence which was uniquely set up (seeded) when the key was syncronised and linked to the car. The spare(s) are also set up though the seed and therefore sequence will be different for each key. So the car knows the next codes in the sequences to expect from all valid keys. The car will accept several codes in the sequence after the last one that was validated, just in case the key was out of range. Once accepted the sequence is resynchronised so old codes are no longer valid

 

Replay attacks work by recording the code transmitted by the key when the owner presses the button on their fob. At the same time, the attacker jams the signal near the car preventing the car from receiving it. The owner may even try several times, the attacker recording the codes but blocking them from being received by the car.

 

The attacker is then free to use these still valid codes to unlock or lock the car at their leisure or until the owner successfully uses the fob to open/lock the car, when all previous codes become invalid.

 

Too many unsuccessful button presses will eventually lead to a key needing to be resynchronised using a special procedure.

 

Do not confuse replay attacks with relay attacks which is a different technique to spoof keyless systems, which on the OP's would be needed to start his car, but not open it.

Edited 19 January, 20224 yr by xman