I highly doubt it's actually jamming the the 433MHz signal from the fob. Command signals are most likely properly decoded by the vehicle, but rather the RSSI measurements are getting disturbances. Those signals are LF (25kHz or 125kHz)sent from the vehicle (multiple antennas) to the fob for localization. Fob performs the measurements and returns values to the vehicle. If the fob is not localized in the expected area, passive unlock or start would not work, and could even start the alarm.
Some gate/card readers going crazy maybe...
Wireless chargers that now come inbuilt as standard can also create enough disturbances to mess up the LF RSSI (but limited to single vehicle). Manufacturers are slowly moving to UWB and BLE for localization, as ToF is more robust (especially for relay attacks) than a simple signal strength measurement, plus it provides a common mechanism for both phones and fobs on the vehicle side.
I think this is a statement about the poor state of education.
I had a 40 year old oscilloscope open (Tek 465) on my desk a few years back when the in laws came round and it was like watching the monkeys around the monolith in 2001.
A Tesco spokesperson said its garages had a system which allowed disabled drivers to contact a member of staff in the kiosk using a special key fob to call for assistance.
This used a short signal which came on briefly to alert staff that someone needed help. But at Clifton Moor this had become jammed on and had blocked the remote central locking and ignition frequencies used by some cars.
There is nothing 'mysterious' about this, this is just how radios work. Neither does it have to be malicious.
Most car key fobs work in the 433MHz range, if there is something in the area transmitting at said frequency, it will cause the relatively weak signals from keys fobs to be blocked. This it why we have electromechanical compatibility (EMC) certification for any electrical devices being sold.
With the market being flood with cheap electronics from foreign manufacturers who do not care about getting certified, a single misbehaving weather station, 'smart' door bell, or baby monitor can cause disruptions to other wireless devices.
Still sounds pretty mysterious to me. This kind of event is rare, and the source of the interference is (currently) a mystery. I’d love to pop by with a HackRF and directional antenna if I lived anywhere near-by!
Even at my car dealership this is a common problem. A couple hundred cars with the same keyless entry system parked in the same lot. All those cars are actively scanning for their key fob, which causes all sorts of RF collisions. I've gotten used to having to use my physical key when picking up my car at the dealership.
I guess that's the opposite failure case from 30 years ago, where there was a decent chance that your physical key would unlock another car of the same make/model.
For keyless entry, cars are always transmitting. They look for a response of a key. In case of my car, if a keys comes close enough, it lights up the doors and doorhandles.
Some older fobs do recharge when in the car’s ignition. My old bmw did this and it was recommended to swap the keys from time to time to make sure they didn’t run out off battery. I guess this can’t be the case with the “keyless” keys though
Not that rare for me or the people next door.. key fobs dont work frequently at my home.. have to use the physical key and operate the fob from within the car to disable the immobiliser
I bought a couple capacitive touch 433Mhz light switches to use for a home automation system on AliExpress. Turns out they were very prone to detecting “ghost” touches and would sometimes end up stuck in the “touched” position forever, which would cause the same issue. Ended up binning them and going back to “push button” switches which are more reliable and are more likely to fail into the “off” position should they fail.
> In 2008, a logo very similar to CE marking was reported to exist and alleged to stand for China Export because some Chinese manufacturers apply it to their products.[14] However, the European Commission says that this is a misconception [... ...] despite the Commission's assurance that it is without foundation, this urban myth continues to be available on many websites.
The wikipedia article is contradicting it's own sources and links to the incorrect mark, the China Compulsory Certificate mark. The European Commission hasn't confirmed the existence of the China Export mark, but claims that it is illegitimate if it does exist. The EC is "...in constant discussion with Chinese authorities..." and intends for Member States to potentially "impose sanctions".
>The Commission ... considers that the mark [China Export (CE)] ... constitute the CE marking as foreseen in the European legislation without, however, respecting the dimensions and proportions prescribed therein.
>...the Commission deems it necessary to establish a comprehensive Community legislative framework in order to ensure coherent market surveillance ...
>...It also provides for the legal basis for Member States to impose sanctions in the case of misuse which should serve as a deterrent.
I once found out that that the reason why people parked next to my car can't unlock their cars is because I had my rear parking sensor switched on. As soon as I switched them off, their car fobs would start working again. I had some custom Chinese-made rear parking sensor installed. So nothing "mysterious", just radio frequency interference.
I mean, it's not a mystery to you, but it's certainly a mystery to most of the general public. You can't see radio waves and most people have no idea that their car remote is operating in the same space as dozens of radio stations, GPS, Wi-fi etc. The vast majority of the population is quite happy to accept technology as magic.
I didn't mean "mystery" as "unexplained", I meant "mystery" as "magic, conspiracy, aliens..." type of interpretation which general public seem to take on lately.
In some cars, if you lock the car with the fob it primes the alarm. If you subsequently unlock it with the physical key the alarm will activate when you enter the car. You can only disable it in with the fob. Source: had a 7th gen Honda Civic.
Many cars hide their keyholes making them essentially inaccessible. Many drivers probably don't know they have one. Volkswagen has been doing this on some models since 2009. Source: had a Mk6 Golf.
My car has only has a mechanical lock on the driver's door. And the manual strongly advises against regular use of that lock for some reason. Supposedly, it is just a backup. A quick search of other brands comes up with similar stories and anecdotes of these locks breaking quickly if someone was relying on then too much.
Are you 100% sure? My car (12yo Toyota) has keyless entry and start, and the fob has an RFID chip inside. If the car can't detect the fob (e.g. the battery is dead) you can hold it against the "Start" button which has a RFID reader. I ask, because this feature is not advertised other than a few sentences in the manual, and it seems a pretty badly designed feature to not have a backup.
The fob also has a physical key hidden inside - although that's a bit more obvious as there is a key hole on the drivers door.
From the link:
> Once inside your vehicle, insert your remote key fob in the ignition slot or, if your car doesn't have one, hold it against the key markings on the side of the steering column. You'll then be able to start your BMW with the start/stop button on your vehicle's dashboard, even if your key fob is dead.
Other cars probably have other solution. It was possible in my case as well (not BMW) but do not remember the process.
Because besides personal experience, googling the proximity keys of all of those brands shows the expected pop-out keys.
Also photos of various models from all those brands in 2020 show key holes on the driver's door, which would suggest there is in fact a key somewhere that fits it.
Having just had to spend £380 to replace the receiver on my Ford I thought it did not have a physical key at all, then the nice dealership assistant lady told me on the phone "you need to open you keyless fob, there is a key inside"... I never knew!
The ham radio folk, of which I am one, are probably down there with scanners now and could tell you the problem ;-)
Before I was a licensed ham I put together a little AM transmitter with a 9v battery connected to a portable cd player. I was shocked that I could pick up the signal several miles away (and yes I know hams, very bad behaviour, I was ignorant).
I'll put my money on a new antenna having gone up nearby.
> ask to speak to the on-duty manager to make them aware you are having difficulties getting into your vehicle as they are aware of the process to follow.
Wonder what the "process" to solve this is if they don't even know the cause?
If you build a structure out of supermarket trolleys around the car, would that be sufficient? I love the idea of a car size foldable Faraday cage btw.
Serious answer? Maybe. It would depend on the frequency the keyfob is using, and the spacing of the grid, and the metal they're made of.
There's a good chance a cage made out of shopping carts would block HF and below quite effectively. UHF and microwave will go straight through it though. Any holes need to be significantly smaller than the wavelength.
I would bet a small amount of money that the process is (1) put the fob very close to the car's receiver and try again, followed by (2) disassemble the fob and look for a mechanical key.
I wonder if a cone of tinfoil (handily available at Tesco) would work, shielding key and lock during unlock? Or are the receivers elsewhere in the car?
It'll be someone using a 'jam, listen, and replay' device to unlock and start keyless cars so they can drive them to a port and steal them.
Pretty much every week a car is stolen this way from my street. I now always take the engine management fuse out of the fusebox when parking my car so at least the car can't start when a thief pulls this... They tried anyway though!
Curious as to how such a device would recover the original signal while it’s broadcasting a stronger signal to jam the frequency.
Also, if you don’t mind, which city/country are you in? It seems insane that this is a regular problem happening in the same location and law enforcement doesn’t catch on.
You jam at a slightly different frequency - different enough that you can tell the signals apart with your hackrf, but close enough that the receiver chip can't [1]
Of course, the strategy I've heard outlined is to jam and record one rolling code, then a second one, then to replay the first code so the fob holder sees the system respond to their button press but the attacker has a ready-to-use code. If people are seeing their cars failing to unlock, it's not that specific attack.
I can share that from living in a Northern UK city, between 2 or 3 "notorious" streets there would be multiple car break-ins each week. The University's student Facebook page became a constant feed of people reporting cars with smashed windows.
I lived in Leeds (Northern UK City) for a while about 15 years ago and, yeah, cars were stolen routinely (mine included). I would expect it is less common now though?
Police just don't care about stolen cars. It's the same people who do it each week. They live at the end of the road at number 110. None of the stolen cars have ever been recovered, but they're all insured against theft so most people don't care and just buy another car till they get a model that's harder to steal.
Does that actually work? I thought the fob would contain some kind of private key that's used in a challenge/response scheme with the car, precisely to avoid the replay attack?
It's odd that no one has analyzed the 433 MHz band to find out what is interfering with all these signals. It's most likely to be a bit of misbehaving equipment permanently on a channel.
Presumably they've given Ofcom a call and they'll go look whenever they get around to it, but some noise on ISM is probably not treated as an emergency.
If you look at the Ofcom schedule it says that 433Mhz ISM devices must accept harmful interference. So you’re probably right. They aren’t safety critical systems.
I had an experience like this in a parking lot in Belarus: our van wouldn't react to the keyfob. A man soon came by offering to help for some money, but some others warned us he was using some kind of jammer to make this happen on purpose.
In fact I think it wasn't specifically made to be a jammer, he was just trolling with an accidentally-discovered device causing interference
There is a place in Doncaster where remote keys just don't work! It is fortunate I still could unlock manually. Of course this was over a decade ago so it may not exist now.
I wondered if it might be linked to one of the nearby military bases (e.g. radar), but I misremembered where they are; RAF Alconbury is to the north of Cambridge instead.
It's yet another large Tesco Extra on the edge of a town, in this particular case just off the Royston Bypass, with the intended large catchment area of such hypermarkets. The "local shop" on the other hand would be the Tesco Express in the town centre.
http://www.arrl.org/news/view/amateur-radio-sleuthing-pins-d...
And “an inventor” who's make shift doorbell was causing problems on 355MHz:
https://hackaday.com/2019/05/15/the-great-ohio-key-fob-myste...
Trouble with these devices is they rely on all applications just transmitting data very briefly. If someone doesn't it can block everything