Member Since: 07 Sep 2015
Location: Oxford
Posts: 1122
Keyless opening and pushstart - Fobguard pouch for 'key'
In the spirit of sharing things which maybe of interest to others...
I have been investigating how to make my MY2016 D4 more secure as the keyless opening and push start present a pretty severe security weakness. I know this is well documented now and even with a tracker I'd rather not have the car taken in first place.
The (medium size) Disklock I am pleased with, I am sure it isn't totally unbeatable but it visually makes a difference and with the keyless opening issues I feel it adds to the security package.
I did some research into the keyless vulnerability and a contact in the US recommended Fobguard for the keys (www.fobguard.com). I wasn't aware that even whilst safely tucked away in the bedroom with me the keys are still emitting a signal which is what is 'grabbed' by these devices that are then used to drive the vehicle away.
They arrived today and they work. A smart pouch the key fob goes into and even when right next to the car the key is invisible. That's that side of things taken care of then as that's where the keys live from now when not in actual use to open or drive the vehicle.
Tempted to go for an aftermarket alarm but have been bitten badly by those before and how they interfere with the LR one.
Hope it's of interest.
(About £40 for two delivered from the US).
Even the wife thinks they aren't 'too bad' for her to use in her handbag..... That's a bonus!
6th Feb 2016 2:17 pm
DerbyshireDisco
Member Since: 12 Mar 2012
Location: Derbyshire
Posts: 1397
Think I may have to invest in a couple of those.Displaced Yorkshireman.
=^:^=
SDV6 Auto obviously, Loire blue/Ebony, ugly kid glass, RLD wheel protector, private plate and maybe side steps.
6th Feb 2016 3:47 pm
Robbie
Member Since: 05 Feb 2006
Location: ¯\_(ツ)_/¯
Posts: 17932
The key does not work that way, so saving the Yorkshire wallet.
Land Rover - Turning Drivers into Mechanics Since 1948
Member Since: 07 Sep 2015
Location: Oxford
Posts: 1122
I'm with that. I thought an earlier post was saying that grabbing and amplifying the signal the key fob is constantly emitting, even when inside my house wasn't how the key worked.
The fobguard (of which I am not involved with I might add..) totally masks the key. There maybe other ways to clone or fool the car but at least this little pouch prevents the key fob signal being grabbed...
Always like to know from those with more knowledge than I so please feel free to enlighten me..
6th Feb 2016 4:11 pm
Robbie
Member Since: 05 Feb 2006
Location: ¯\_(ツ)_/¯
Posts: 17932
If the key constantly transmitted the little battery would be flat in no time.
Absolutely nothing happens until you grasp the door handle.
Land Rover - Turning Drivers into Mechanics Since 1948
Member Since: 07 Sep 2015
Location: Oxford
Posts: 1122
Yes indeed that would be so. Is not the response signal from the fob that opens the car?
The good old Faraday cage for key fobs works though. Simple but effective and stylish in a key fob
I've tried it again just now and it definitely does.
Another part of the armoury....
6th Feb 2016 5:01 pm
Robbie
Member Since: 05 Feb 2006
Location: ¯\_(ツ)_/¯
Posts: 17932
Bloke walks up to car.
Nothing happens.
Bloke grabs door handle.
The low frequency antenna in that handle broadcasts a weak signal saying who and what it is.
If the fob is very close (within a metre) to that particular door handle it will decide if it is the correct car; if so it will transmit a high frequency signal with its own unique ID and authorisation code back to the vehicle.
Vehicle receives this new signal and the KVM decides if it is valid or not. If so it tells the appropriate handle that it may be unlocked and the lock mechanism is semi-prepared.
Bloke pulls on same handle and as it passes through around 80% of its travel it sends a signal back to the KVM. If the KVM is still happy that all the parameters remain valid it directs the lock to operate the fast latch release.
Door opens for the bloke, probably unaware of all the stuff going on in the background.
This system, to the best of my knowledge, has not been compromised.
Land Rover - Turning Drivers into Mechanics Since 1948
Member Since: 07 Sep 2015
Location: Oxford
Posts: 1122
Thank you for that, it's helpful for me to understand how the car security works a little better but I am still concerned about signal relaying (which is very similar to having your contactless cards cloned).
My understanding (from when I had the Tracker installed) is that Tracker are saying the incidence of vehicles being stolen when the thieves are seemingly both getting into them and driving them away with no keys is increasing. This is their piece:
'Stuart Chapman, the police relationship manager at Tracker, a company that fits systems that allow police to trace stolen cars, says the number of thefts where cars are mysteriously stolen while the owners still have the fobs and without any sign of entry is on the increase. “Sometimes you just don’t know which method they are using unless you catch them in the act,” says Chapman, a former police officer. “We have had customers whose cars were stolen being suspected of fraud because that seemed like the only logical explanation.”
I was led to believe that signal relaying works like this. The theft requires two (or more) people. Each is equipped with a wire antenna — not unlike those used on many radios and available off the shelf from 'all good electrical stores'. When a car and potential victim/fob is spotted, perhaps in a supermarket car park, one thief makes his way to where the car is parked. The other follows the driver or goes to the location where he believes the key fob to be close by.
When the driver is a safe distance from the car (such as tucked up in bed), the thief that has shadowed him or her moves to within a couple of yards of them or simply where they can either see the keyfob through a window or suspects it is. His accomplice then transmits the car’s electronic fingerprint message (which is constantly being sent but as you say is limited to a very small radius of about around the car). The message is then received by the thief shadowing the owner/with sight of the fob and relayed to the fob in the owner’s pocket/bag/kitchen side unit/bedside table.
When it receives the car’s signal, the fob assumes it is next to it and activates its own transmitter, sending a message instructing the car to unlock its doors. Unlike the car’s signal, the fob’s signal can travel much further (which is different from how close it needs to be to the car), deactivating the locking system on the car and priming the engine to start.
All the thief now has to do is get behind the wheel and press the starter button. The whole process can take less than a minute and — unless they are watching their car from a distance — the owner is unaware anything is wrong until they discover their car is missing. The fob does not need to remain close to the car once started as this is a safety mechanism. It is the fob's presence that is needed to start the car.
Signal relaying is a threat and I suppose (and it is good to hear you know of no cases) that until it is confirmed the cases that Tracker are talking about are the grey area that fobguard can reassure one over.
£60K worth of car is an awful tempting target for professional thieves and the Tracker was £400 and key fob is £40 (Disklock £80).
I bloody well better not become the first case you know of Robbie!
6th Feb 2016 5:56 pm
DerbyshireDisco
Member Since: 12 Mar 2012
Location: Derbyshire
Posts: 1397
The Yorkshire wallet is most grateful.Displaced Yorkshireman.
=^:^=
SDV6 Auto obviously, Loire blue/Ebony, ugly kid glass, RLD wheel protector, private plate and maybe side steps.
6th Feb 2016 6:01 pm
Robbie
Member Since: 05 Feb 2006
Location: ¯\_(ツ)_/¯
Posts: 17932
Contactless cards is a good example, in that it shares no similarity with the JLR keyless system.
I did not say the car continually broadcast its signal and it does not do so. The handshaking goes in both directions, using rolling codes and requires a physical presence at the vehicle and a mechanical action. If any part of this too and fro chain is missing, mistimed or mismatched the vehicle stays locked.
Land Rover - Turning Drivers into Mechanics Since 1948
Member Since: 07 Sep 2015
Location: Oxford
Posts: 1122
Good! That's how I want it.
6th Feb 2016 7:22 pm
Oxford-boy
Member Since: 07 Sep 2015
Location: Oxford
Posts: 1122
Just to be clear, I'm not suggesting the contactless card security shares anything to do with the JLR keyless system but I AM suggesting that the security around your contactless cards should be considered similarly to your car key fobs.
That's just sensible. Faraday cage principle applies to any device that utilises remote wireless technology.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
