It never ceases to amaze me that vehicle companies put so much time and expense creating such technologically advanced cars, but with a key entry system that is about as secure as a wet paper bag.
@TechTinkerWorks Жыл бұрын
Good for the market. The (ex)owner will buy a new one.
@BillAnt Жыл бұрын
It could be mitigated to a degree by reducing the range of both the car's and key fob's to say 20 feet. There's really no good reason to be longer than that.
@timlc Жыл бұрын
Or better still, simply just open the car door with the physical key. You have to walk to the car anyway so no time is lost! I guess it’s because even that is too much effort these days!
@TechTinkerWorks Жыл бұрын
@@timlc its kind of a big deal if you have kids and hands full all the time
@ThomasConover Жыл бұрын
Well, as a software engineer with security as my main field; there are ZERO education in proper secure design of digital locks when you educate yourself as a software engineer at tech universities. Zero! But the entire world expect you to be a security genius as an engineer. So all these security-illiterate engineers end up being “creative” and make up their own horrendously bad security solutions that only keep themselves out. 😂 fun fact to scare you even more: 100% of all digital safe locks in the entire world can be opened with a factory master code. I know this particularly well, because I developed the world’s first tempest-certified timelock-system for civilian safe-locks to prevent illegal covert governmental level Abusive break-ins done by corrupt cops and corrupt intelligence agents targeting innocent civilian wealthy people. This project has been a big eye opener for me in many fields. The world you live in is not as secure as you might think it is. 😂👍❤️
@mikeselectricstuff Жыл бұрын
It's criminal that car makers don't put motion sensors in the keyfobs to disable them when sitting idle - would cost peanuts and eliminate relay attacks. Some makers ( VW I think) do some fancy time-of-flight stuff to check response time to prevent relay attacks.
@andykirby Жыл бұрын
That would be a good solution.
@andrewnorris5415 Жыл бұрын
@@andykirby Stolen cars go to Africa etc. Insurance pays for a new one to go to the UK. Helps the car industry.
@johnharrison373 Жыл бұрын
@@andykirbyFord do!
@C...G... Жыл бұрын
good points, well presented! 👍
@lowfinger Жыл бұрын
Later BMW and Mini fobs have the motion sensor in the key, articles reference this around 2019.
@Hutchy1981 Жыл бұрын
I highly recommend a good quality Faraday pouch. I'm a mechanic and use them when working especially on hybrid or electric vehicles as you don't want an engine to start when you've drained down the oil or your fingers are in there. And you really don't want a 900 volt EV coming online. I always check the ignition switch with the key in pouch within the vehicle to insure it can't be detected.
@Noksus11 ай бұрын
You should disconnect high voltage lines before working on EVs.... as a mechanic you should know this.
@RTMunroe11 ай бұрын
No reason to do a master disconnect to change the oil tho
@mjh543711 ай бұрын
The word is actually "Ensure"...not "Insure" in this context...You`re welcome.
@Bond202510 ай бұрын
For anti-theft - Take the fuse out that provides power to the diagnostics socket, not many people carry a 12v battery about to power up their controllers and programmers. MOVE the diagnostics socket to a different location by extending the wires. Or you could replace the OBD2 socket for a completely different type, like an old parallel port connector off a computer (providing you have plug and socket) and make an adaptor with a plug and short lead going to the original socket. People trying to pinch the car would be going WTF! They would find some random connector and not have a clue which wire was which. You could also use a multi pin circular type. You can give the garage the small adaptor for services etc, then they can plug it in and put the OBD2 plug in the other part of it. Then I would fit a hidden switch connected up to one or more electrical circuits like the fuel pump and starter circuit. Anything to slow people down. Modern cars can be taken within minutes, even without keys. Sites sell everything people need apparently.
@gowerdave6 ай бұрын
@@mjh5437 *you're welcome. You used a 'grave' accent instead of an apostrophe.
@RonanCantwell Жыл бұрын
Nice one Sir. I'm writing this from the inside of -your- my Audi while listening to 20m on my new 7100 😉
@luckyguy6008 ай бұрын
Crime does pay.
@andrewh.840311 ай бұрын
I always say, if something is made more convenient for the punter, then it's even more convenient for the crook. Great vid. Love the kit.
@tonymagnier9846 Жыл бұрын
your videos are getting more and more informative and interesting as time goes on. I really look forward to your next videos especially these radio related ones. You've got great knowledge and know-how and you're teaching us all. Absolutely superb stuff!
@DavidW-nx2zs8 ай бұрын
Pity that the right- wing sometime mis-use it to push their agenda?
@mikeh8416 Жыл бұрын
Easy (and effective) cure, hide a kill switch in the car to disable the starter. The only way the start button will work even with a relay attack is if they 1. KNOW about the kill switch, and 2. Know where it's hidden. They might still be able to GET IN your car, but it will still BE THERE when you go out the next morning. You COULD get even fancier and ad an alarm relay to the start button, that's active when the kill switch is on that will let you know someone is attempting to take it. Then you let your friends Smith and Wesson take care of the rest.
@88Danio Жыл бұрын
Previous owner of my old audi installed a kill switch, that allows engine to start, and kills it after about 30-60 seconds with alarm, if you don't push a hidden button. It honks before to remind you. It starts working each time after closing any door, even if engine is already running. In case of carjacking it allows supposedly armed criminal to drive off, leaving you safe. I think it was banned some time ago, because of stopping engine while riding. One can still park with momentum though, it doesn't brake.
@laulaja-7186 Жыл бұрын
Haha! The loose damaged battery connector in my old car used to serve exactly that purpose. Stealthy secret smart high tech kill switch.
@NightshiftCustom8 ай бұрын
so like a 2 way switch that sends the power to the horn every time they hit the start button instead of the starter :)
@RWBHere13 күн бұрын
I used to work for a small company which made kill switches that also required a 4 digit code which you could input via any designated switch in the car, or optionally by a hidden switch. If the car was entered and the code not input within 2 minutes, a sequence of events would start which was designed to disable and then draw attention to the vehicle in some very public ways.
@m1geo Жыл бұрын
Our local ham repeater was moved frequency to avoid jamming cars! We've now got a new 9 MHz split, and we added a notch filter on the TX for 433.920 MHz (ISM band centre) to help.
@andykirby Жыл бұрын
Haha that's interesting 😁
@Bond202510 ай бұрын
There were some MOD buildings blamed for blocking entire roads of garage door openers!
@mikeselectricstuff Жыл бұрын
You got the relay attack details slightly wrong. The car transmits on 125kHz, and it is this signal that is relayed to the portable antenna, The keyfob receives this and then replies on 433MHz, which has plenty of range to get to the car as it's also used for the keyfob pushbutton modes. The reasons for using 125kHz are that the range is limited and very predictable ( limited to area around doors and driver seat), and it can be received with near-zero quiescent power draw in the fob.
@andykirby Жыл бұрын
I don't think that's correct as why would there be a challenge & response visible on the keyfob UHF frequency when you press the start/stop button? I do know my car also has a method to start it using RFID but you have to hold the keyfob very close to a section on the steering column in order for it to energise. Passive 125khz RFID has a super localised range of maybe 10cm, that's not what's being used here. I find it hard to beleive its possible to do a long range passive RFID scam because the transmission distance of the fob is so short, it could be possible thiugh, I have seen videos of thieves with a very large wire antenna. In my car though it is active RFID which is in the UHF range. Passive RFID I think is used in cars that have a physical key inserted into the ignition,, then that key by nature can be very close to a reader all the time as it remains in the ignition.
@mikeselectricstuff Жыл бұрын
@@andykirby What you are seeing when you press start/stop is the keyfob's 433MHz response ( possibly duplicated) Yes, normal car immobiliser keys are passive RFID but keyless entry systems are not - they use the same frequency but a larger antenna than the coil round the ignition key, and active receiver in the fob, which returns a signal via 433MHz UHF. 125kHz with a moderately high transmit power available from the car battery plus an active receiver in the fob can easily do a metre or so - cars typically have at least one antenna at each door & boot, and at least one around the drivers seat. The fob uses an inductive antenna (often 3 coils at right-angles to each other) tuned to resonate at 125khz, which can produce enough voltage directly from the received signal to wake the fob's control chip without any active receive power draw when idle. It is not practical to make a continuously-listening 433MHz UHF receiver running off a fob's coin cell - it would draw too much power for sensible battery life. The backup starting method does use conventional RFID - the chip in the fob can act as a passive RFID transponder if the battery is flat.
@andykirby Жыл бұрын
Understood, useful information thank you.👍🏼
@honestlocksmith542810 ай бұрын
@andykirby It's important to note that information on this topic can vary by manufacturer and by the function being performed. IE, opening the door using the fob vs starting the vehicle. There are some interesting vulnerabilities in fobs and the replay and relay attacks require zero understanding of the vehicles security system and only operational knowledge to carry out the attacks. Having said that, the popularity of the topic of car hacking is growing due to flipper zero videos. Once they know what people in my profession know, vehicle theft will be a lot worse.
@m1cxf Жыл бұрын
I was always told that locks only stop honest people and if they really want it, they will take it. The only thing you can realistically do is to make it very obvious that it will be more difficult to take, these people don't like wasting time.
@JamesWilliam70 Жыл бұрын
yep i also use a steering lock as a visual deterrant even though i have an immobiliser and tracker.
@W8RIT111 ай бұрын
@@JamesWilliam70 sometimes a solution could be free, effortless, and relatively quick...pull the fuse for the fuel pump. Car won't go without any gas supply.
@Noksus11 ай бұрын
Most often crimes are opportunistic. If your door is unlocked then there's a much higher chance of something being stolen versus them breaking a window to get in.
@andrew_koala29745 ай бұрын
That is exactly right: locks are only there to stop honest people When and IF some'one' wants to get in - a LOCK will not stop them. Locks did not work on chastity belts either. One reason why DNA testing fro family connections is totally invalid and useless One does not know who had s-ex with whom and when. Just be thankful for being alive - Leave the past behind.
@iconofsin10435 ай бұрын
The same applies to hacking, everything is hack-able, you just make it as hard as possible so it's not worth the effort
@Man-go-Everywhere Жыл бұрын
This criminal jamming action is absolutely off the scale in South Africa. There is actually warning notices on all the walls of all the shop car parks . The crims are always looking to remove the car from your possession day or night.
@GapRecordingsNamibia Жыл бұрын
Yup, just said that to another person here who said Andy just taught the theives something new.... Some people are very ignorant in their little bubbles.
@theowink Жыл бұрын
Banana 🍌 people
@georgeclaase2898 Жыл бұрын
Car companies could use South Africa as a testing ground.
@callmetony1319 Жыл бұрын
The assailants from the 2021 "CIT video" from Pretoria were using cellphone jammers, that's why when Leo Prinsloo told his partner Lloyd Mthombeni to "phone Robbie, phone Josh", he couldn't get through.
@jimbotron7011 ай бұрын
I bet especially some demographic group in particular does that...
@SimonBlandford Жыл бұрын
Many years ago I was at a rave and wanted to get my coat because I was getting a bit cold. In in the state I was in, I managed to open three other Mini Metros before I got the right one. I still had the ultimate deterrent though: a car that no one would ever want to nick.
@ghostdog4330 Жыл бұрын
Hey, it was good enough for Diana Spencer. :D
@juliogonzo2718 Жыл бұрын
There are only so many key cuts used. Probably with worn key or tumbler ones that are close might even work. They make "tryout keys" for automotive applications which are just a bunch of different key cut patterns. Sooner or later one of them will probably open the lock.
@laulaja-7186 Жыл бұрын
… priceless! Taking that idea one step further, my old jalopy used to have a damaged battery connection. Not being familiar with the car, a thief would be unlikely to know that this “dead” car just needed to open the engine compartment and shove that battery connector back on to start.
@Bond202510 ай бұрын
Jesus, I had the ultimate anti-theft one, beige with rusty red fabric interior, HLS trim with a massive 1300cc engine. It was a good car in it's day as a first car, 155/65 SR12 tyres!!! ( I think). I had to replace the head gasket, went through numerous sets of front brakes, all 4 gas suspension units and connecting pipe at the rear, then the two radius arms "fell off" at the back and the rear bearings fell apart - it was a fun car, but also cheap to fix. The slimline 12band graphic EQ and 4x40Watt booster from Dixons and the Matsui 3 way shelf speakers were pinched and they left the car!!! I had even fitted a centre console with a radio, EQ and booster and tape holder in! They left my Ham International Multimode 2 that was under the switches on the right hand side, but broke the steering lock, surround and ignition switch as I think I disturbed them. The door lock had been "removed" or punched through in to the inside of the door.
@juliogonzo271810 ай бұрын
@@Bond2025 well at least if you got a puncture you could likely find a new tire in the lawn and garden section of a store
@Badboy365 Жыл бұрын
Another great video. I have just purchased a brand new car today and will be having another Pandora alarm fitted asap. They are brilliant alarms but my installation can't be done straight away due to no free appointments. I purchased two Faraday cases from Amazon and they do work even standing next to the car. They are worth the £6 they cost for 2. But you can't beat the alarms.
@Bond202510 ай бұрын
The type of alarm you need is the one with the immobiliser that is programmed using switches in the car, so when you get in, to start it you pick a combination such as - left indicator, rear demister, right indicator twice and A/C button BEFORE it will then start the car! No one can guess the combination or start using OBD2 to get the info etc.
@arthurtwoshedsjackson6266 Жыл бұрын
Had a faraday pouch. It worked for a bit but then it started to let the key fob signals through. So had an old tin , lined it with tin foil and that works 100%
@heatshield Жыл бұрын
What brand was that? I would hate to get one, test it, be confident it worked then find out it degraded and wasn’t blocking.
@BitsofSkin Жыл бұрын
Your faraday pouch story is BS.
@DecentralEyes Жыл бұрын
But that won’t stop the transceiver attack !?
@MrToymod Жыл бұрын
@@BitsofSkinI keep my car keys under my foil hat!!.
@timesquare5473 Жыл бұрын
@@BitsofSkin No it's not mate, get up to speed.
@paulukjames7799 Жыл бұрын
Security has come along way since a half inch vanity case key could open and start my Cortina from long ago
@LordGryllwotth Жыл бұрын
I had a Peugeot 405 with a chinese lock, since previous owner lost the key. It had no steeringlock anymore, I could start the car with a coin.... I learned that when suddenly my keys fell to the floor when I was driving. I hadn't seated it far in enough to let some pin to hold the key in.
@ianmangham4570 Жыл бұрын
A penny will open most old fords 😅
@bascomnextion56398 ай бұрын
Any Cortina key seemed to open most other Cortina's
@jimmyjames23039 ай бұрын
A pad with a few thousand volts on the door handle is also an effective deterrent. Don't do it though - it's illegal (or make sure you have an effective way of disposing of the smouldering trash afterwards!). Thanks, Andy. Good tips.
@JaykPuten Жыл бұрын
I miss the days of a slide hammer and screw driver
@Pyjamarama11 Жыл бұрын
I miss the days of the pillory
@C...G... Жыл бұрын
a straightened out wire coat hanger! 👍
@k1ortia Жыл бұрын
@@C...G...With the top corner of the door slightly bent... Apparently 😉
@journeybrook9357 Жыл бұрын
Dang! 😂😂😂
@C...G... Жыл бұрын
@@k1ortia yrs yes, bent out using a small plastic wedge... apparently! 👍
@lyfandeth10 ай бұрын
Andy, this was news ten years ago. The car makers all denied it. Then they formed a 17 manufacturer group to investigate solutions. That was over six years ago, and they've done nothing yet. Rolling code technology was in widespread use ten years before these hacks--but never used by the auto makers. Mercedes used to make at least one model where the key fob had to be inserted in the dash to start it, because that was a separate infrared coded system, like a tv remote.
@drewm7071 Жыл бұрын
Everything that exists that was designed to be accessible in any way at all, is hackable. There are no exceptions.
@Area51-t5n7 ай бұрын
Greetings from the US , I have tested the faraday pouches and they do work. they make them with pocketbooks , purses and wallets as well to protect credit card chip readers as well. One thing I did is installed a aftermarket remote relay and put it on my fuel pump module b+ and hid it the the car so I can cut power to the fuel pump. so they might get in and start my car but its not going to drive anywhere and now the are sitting there with a disabled car and most likely want to flee very quickly . Next up , I think I will in addition cut power to the receiver if possible while leaving the alarm active ,so the car will not talk at all . One night my car was parked away from the cars in the supermarket parking lot and a couple of guys parked next to it . I remote started it which change the code on them and they seen me coming and drove off , that's what started this project for me . another min and my Corvette might have been gone.
@melvynburchell Жыл бұрын
Andy - you need to beg, steal or borrow and review a HackRF + Portapack! What the Flipper gains in portability the HackRF surpasses in flexibility. I just know that this beast would be right up your street! Of course I would never condone illegal use of these but it is scary that a modern day "coat hanger" could be as effective if not more so - education is the key here as it empowers owners to become more aware and take precautions where possible. P.S Yes Faraday cages do work at medium range.
@Bond202510 ай бұрын
You still can't do much with the HackRF and Portapack, it's just a Flipper on steroids.
@zeshooting_studio_coАй бұрын
@@Bond2025 Le PortaPack H2 est principalement conçu pour travailler avec le HackRF One, qui est un logiciel défini radio (SDR) polyvalent
@hamshackleton Жыл бұрын
A nice locking steel bar through the steering wheel helps, too, if they get in, they cannot steer it!
@flyingdoctor99 Жыл бұрын
or they cut the wheel and replace it for selling the car, or they just sell the parts. A steel rod on your steering is lost after at least 5 seconds
@timmack2415 Жыл бұрын
A hacksaw and 20 seconds to cut the steering wheel takes care those. There is a hollow metal tube inside the steering wheel that is simple and easy to cut and the device slips right off. Your best bet is a hidden kill switch. It only costs a few dollars and 20 minutes to install. Cutting power to the ignition or the fuel pump won't allow them to start the car.
@dougtaylor7724 Жыл бұрын
When I leave my truck in a forest and backpack for a few days, the fuel pump relay is in the pouch with the keys. Takes 20 seconds to pull out.
@sw6188 Жыл бұрын
That was a good idea before the development of battery operated angle grinders with cut-off wheels. Those locks can be removed in a matter of seconds.
@wreckinball115 ай бұрын
@@flyingdoctor99 some people let advertisements and media give them a warm and fuzzy feelings without using common sense.
@spr00sem00se Жыл бұрын
I moved to spain 15 years ago. First thing i did was put an alarm in my car. Now i find it amusing you need one. I ocassionally forget to lock the doors at night here and dont bother to get out of bed if i remember. I leave the shed door open most nights. Frequently go out for the day with the shed door wide open. There are some advantages to not living in a country full of hooligans
@dougtaylor7724 Жыл бұрын
I once visited a country town out in the middle of nowhere. We rode around with some girls. It was 1979. I forgot to lock my car. I said if we are going to be gone long, I need to lock my car. One of the girls said if you go back and somebody sees you walk over and lock the car and walk away the locals will take great offense. I should have moved there now that I think about it.
@spr00sem00se Жыл бұрын
@@dougtaylor7724 yeh i live in a small village, probably more like a hamlet, everyone know who everyone is, like there are literally 40 or 50 houses. I have padlocks on the shed doors etc, but I literally never shut them, theyre just there to give the appearance of being locked. I dont htink it would enjoy living in a city again .
@Choober65 Жыл бұрын
It is possible to swap someones car too. You get a rental the same, swap the number plates and all contents with the target after getting a second set of keys made, and stuff the key under the dash. Any key will now start the car, and you report the car stolen. After a while the police will pull the person over and check the VIN which wont match so now the target has a LOT of explaining to do. Revenge.
@davidjowett8195 Жыл бұрын
When these key fobs were first introduced there were many incident where car parks that house a 70cm repeaters had reports of cars being un-lockable because of the repeater. Silly frequency to choose for key fobs.
@andykirby Жыл бұрын
I can see that totally.
@Ayrshore Жыл бұрын
When Lothian and Borders police first went to Airwave, there was a spate of cars (Rovers and Metrocabs) that if switched off near the police HQ, wouldn't restart unless you towed them a mile or so away. Those used to use the alarm to immobilise the car, rather than the LF/RFID stuff that's the norm now.
@davidjowett8195 Жыл бұрын
@@Ayrshore I can see that happening if there was an AW base station on the roof. Although in a different part of the spectrum, there would be enough power to swamp the basic receiver for the immobiliser.
@Ayrshore Жыл бұрын
@@davidjowett8195 Exactly. The receiver in the Lucas stuff Rover Group used was garbage.
@Bond202510 ай бұрын
I used to get locked in and out of a Land Rover going to one PMR site in Wales, the RF was so strong on UHF it swamped the car!
@DonzLockz Жыл бұрын
Brilliant info. I think I'll go out street shopping for a new car tonight.😂 I didnt know of this antenna gain attack. My keys are far away from the car but I recently bought those pouches, I must try them out.👍🍻🤠
@merlin1346 Жыл бұрын
This does not only apply to cars. I was fitting CCTV to my house and using a Baofeng uv-5r to call to the wife who was at the monitor to ask if it was aligned correctly, the radio knocked out the the recording box and had to be restarted each time...
@W8RIT111 ай бұрын
I suspect that was from a different issue, like RFI, just good ole plain interference....doesn't have to be on frequency, like lightning. That coax cable for the CCTV cameras acted like an antenna, especially for a "dirty" modulated radio like a Baofeng.
@CM-mo7mv11 ай бұрын
maybe some interference, however you have to be also wary of deauthing on wifi CCTV.
@glasslinger Жыл бұрын
Ah, my old 1988 Town Car with its old fashioned metal key!
@juliogonzo2718 Жыл бұрын
My work has a scrap yard. One day about a 92 towncar came in. Wasn't too rusty and had really nice condition leather interior. Person scrapped it after buying it due to the quote for the work required to pass a safety. They put the forks of the loader through the windshield before I saw it. Man I was pissed
@denisohbrien Жыл бұрын
my 2003 bmw still has a metal key, but was the last, one year newer and they changed to the fob. p.s. love your channel.
@glasslinger Жыл бұрын
@@juliogonzo2718 If it wasn't wrecked and was complete that was a terrible mistake! Easily worth several thousand bucks!
@greymann1384 Жыл бұрын
Thats why i installed Trunk Monkey in my vehicle the only sure fire way to deter thieves from taking your vehicle. From the makers of Suburban Auto Group.
@rickysmith92846 ай бұрын
Growing up I used to love trunk monkey!!!
@andrew_koala29745 ай бұрын
I ask the logical question after reading what you wrote: And I quote : "" i installed Trunk Monkey in my vehicle the only sure fire way to deter thieves from taking your vehicle. "" So the question is : How is installing ' Trunk Monkey ' in YOUR vehicle going to deter thieves from taking MY vehicle ? RIDDLE ME THAT greymann1384 - I would suggest that you undertake an extensive reading program to better educate yourself - study English and LEARN HOW TO ACCURATELY DESCRIBE what it is you are thinking about - AVOID AMBIGUITY AT ALL COSTS. Learn to write accurately. It is not that difficult for the educated people - but not so easy for peasants ( commonly known these days as Citi-Zens )
@greymann13845 ай бұрын
@@andrew_koala2974 Thank You Ken For replying, can I call you Ken you seem to be a person who would be called a Ken and may I suggest Ken that you research What levity is. Also my writing skills may not be on par with your Superb Standards of the English Language I commend you for reminding the rest of us lower classes of your Superiority and Intellectual Prowess that you possess, I hope you have a wonderful day and also lest I forget say hello to KAREN for me.
@garychap8384 Жыл бұрын
Presumably they could send a 'wake up' from the car to the fob to get the fob into an active mode thats ready to phase-lock the challenge signal, then issue a challenge and get a response with very predictable latency... the car could then use phase discriminator to ensure there's a direct path with no repeaters. Perhaps that's not reliable in the ISM, but it's surely possible at higher frequencies. Perhaps in the 23cm band and above. Demodulating and remodulating does take a little time and introduces phase shifts - so I'm sure this could be a valid thwart for relay attacks.
@russellhltn1396 Жыл бұрын
For my car, I use the old fashioned "press the lock" when exiting. No fob necessary for locking. (The car will check for a fob inside the car and unlock to prevent an accidental lockout.)
@dougtaylor7724 Жыл бұрын
I’ve never owned a fob. I use the key method.
@GapRecordingsNamibia Жыл бұрын
There is a specific auto gate manufacturer out here who's fobs are also able to block vehicle fobs from operating. I always, always stand at my car to check that it's locked, not only that, but, most modern vehicles are able to unlock only the driver side door without the others, a double tap opens the rest, I've had to educte people here as to why they should rather enable and that feature, if not, you may find yourself at gun point inside your car from an uninvited passanger...
@DirtyPlumbus Жыл бұрын
Interesting to see someone do this with an HT. There are a number of products on the market that people can use for this beyond the Flipper. It is fairly well known that most devices work on the same frequencies and often use the same modulations. Simply put, radio, wifi or BLE security is a farce. Awesome video. 👍
@Bond202510 ай бұрын
The Flipper is an over-rated expensive toy, no one that buys them ever knows what to do with them when they get delivered. They copy their own office access cards/fobs, read a credit card which they can't use from the flipper, maybe clone a garage door opener, that's it. I have never seen anyone use one for anything remotely interesting. They are handy for testing, that's it. Definitely not used in car thefts.
@DirtyPlumbus10 ай бұрын
@@Bond2025 people have created a panic around the Flipper. Between ignorance and fake videos people drastically overestimate the threat it poses. It's actually been a fantastic tool for bringing awareness to our lack of security. The latest claims are that BLE spam can interfere with critical medical devices like pacemakers and insulin pumps, things that shouldn't even be possible with approved medical devices. With coding knowledge and add on boards it's capable of alot but the worst I've seen is temporarily disabling iPhones due to their poor protocols. A flaw which I believe they've claimed to have fixed.
@dannypaulread1023 Жыл бұрын
It does not matter when electronics always have the small bits to hack. Awesome video
@johnharrison373 Жыл бұрын
Ford developed a key that goes to sleep if there is no movement of the key. Simple ideas are the best.
@gtretroworld11 ай бұрын
2:02 This gave me a giggle especially as you tickle your hood 😂…excellent video and very helpful to make folk aware..73’s
@jakep5121 Жыл бұрын
This felt like a behind the scenes of a real life Gone in 60 seconds.
@W8RIT111 ай бұрын
Try 30 seconds. Watch this YT video of 2 car thieves stealing a Mercedes with a SDR. kzbin.info/www/bejne/gZ2pgXyke92drLssi=QYjSkM72TpCtfuoK
@crazyham10 ай бұрын
Fantastic Info Mate. Just found ur channel thanks to Ringway Manchester 🙏 Cheerz from Down Under⚡🙏⚡
@mikesey1 Жыл бұрын
You should always have the old fashioned KEY & LOCK as an alternative to this radio stuff.
@juliogonzo2718 Жыл бұрын
Yeah that's why I drive a 2004. Doesn't even have power windows. It had a chip key but I epoxied the chip in the column so I can use a $2.50 key
@spot007 Жыл бұрын
@@juliogonzo2718 They probably don't really want your 2004...
@redbaron6805 Жыл бұрын
Old fashioned Key and Lock cars get stolen all the time genius. What is your point...???
@HamRadioDX Жыл бұрын
Great video Andy and a nice demo again of the TinySA
@laughing_gnome Жыл бұрын
If my key and mobile phone are close together, IE in the same pocket, and then the car will not start, so I always keep them close to each other when I am not using the car
@JehuMcSpooran11 ай бұрын
Very interesting. Seems to me like older cars that have rolling codes but the keyfobs don't receive a signal from the car are more secure. I always felt uncomfortable with cars that auto unlock when you approach them. My OCD makes me check the door handle multiple times so I know it's locked.
@rylanbrowne565811 ай бұрын
Same
@brazoon1 Жыл бұрын
Which firmware is that? I appear to have the same one but under the frequency number (when in scan mode) I don't have those three series of 4 digits. And it doesn't reliably lock in to my key fob signal. Either I have a slightly different firmware or I need more info on how to operate that particular firmware properly. lol
@railfanphill Жыл бұрын
I believe he's using the firmware labeled uv-k5-firmware-fagci-mod-v1.1.2-SSB-lite-test.bin
@brazoon1 Жыл бұрын
Someone replied to my comment but you seem to be sh@dow banned or something as your reply isn't visible.
@fongy2008 ай бұрын
Empty Smash tubs are good for sheilding the signal of the fob. Although some foil under the lid as it's replaced gives total sheilding. I know it's messy but it works. My little lad made me one and decorated it. It's pretty cool really.
@JohnBaxendale11 ай бұрын
Great video, but I think you missed one of the attack scenarios - they will typically use something to block the signal, as per the start of your explanation. When doing that, they can then sniff the alarm fob when the person tries to unlock the car and store it for later (multiple unlock codes are valid at the same time). They will then follow the target vehicle and wait for it to be parked up and locked, then use the saved code to open the car. They then don't have to damage it and just need to get the car started.
@mjh543711 ай бұрын
Criminals will be delighted to hear your advice......You think they don`t watch this stuff or what?
@JohnBaxendale11 ай бұрын
@@mjh5437 I know about it because the criminals have been doing it for decades, I'm not teaching them something new 😂
@luckyguy6008 ай бұрын
Where I live if you had your Audi stolen you would probably be happy! lol Yes, faraday pouches work very well. My key is never out of it if I am not driving. How about a 'very large one' and you could put your entire vehicle in it? Just a thought.
@Wenlocktvdx Жыл бұрын
Probably due to 70cm hams, we’ve had an intermittent and infrequent issue where the car will not respond to the fob. This can last from a minute to best part of an hour. It dates back almost 20 years, starting with a Kia Carnival and continuing with a Micra. At one time we thought the receiver had failed only to have it start working again several hours later.
@SIGINT007 Жыл бұрын
There is a lot of RF junk in the 433 MHz area…fobs, door openers, tire pressure sensors, military, etc. the sporadic transmission of hams isn’t going to be a 20 year long cause.
@ehsnils Жыл бұрын
More modern cars have a higher frequency band solution outside the ham radio band to avoid that specific problem.
@Wenlocktvdx Жыл бұрын
Apparently the US and Japan use 315Mhz and Europe has started using 868mhz.
@JohnSmith-wl8cv Жыл бұрын
Pesky radio Hams
@boshaveit9 ай бұрын
Im thankful my 2012 Audi doesn't have keyless ignition or keyless entry at this point, the key has to be in its hole in the dash for the car to start. Great video, very insightful.
@supermaster20125 ай бұрын
You just didn't pay for the "Comfort Key" extra, all Audi models since 2009 have this feature built in and can actually be unlocked through VAGCOM.
@funkyduckproductions.8844 Жыл бұрын
I think you should always have some sort of physical security as well Such as a disklok. Also trackers are cheap these days so have a few fitted. But usually if the scum want something they'll find a way of having it. All you can hope to do is slow them down
@funkyduckproductions.884411 ай бұрын
@@owenwilliams857 Every village has one........
@Bond202510 ай бұрын
Make your own using an old mobile phone, very effective, live tracking...hide it anywhere. Commercial ones fitted by lazy installers always go in the same locations, so get ripped out after being blocked.
@onlinebills91698 ай бұрын
All the possibilities messing with cops vehicles, as they are trying to get back in their vehicle to chase you, while your buddy, "transmits" from his radio
@m1geo Жыл бұрын
In my experience, the car communicates to the key on a low frequency. Usually 125kHz. The key fob to car is on ~433.920 MHz Inside your car example, what you're seeing on the TinySA is the key fob answer the challenge back on UHF. Run a sweep on 125kHz and you'll see the car call the key. 125kHz is used because it's easier to receive by the key than 432 MHz. The 125kHz is received by a passive diode envelope detector. Important given the key fob is on a tiny battery. 👍
@andykirby Жыл бұрын
Interesting info George thanks. I did wonder after posting this and thinking on it a bit because like you say you only see one pulse on UHF when you press the start stop button. I will run a sweep at 125khz to see for myself. This seems to make sense because I have seen other videos of these attacks where one thief has a large wire antenna, presumably that's connected to a RFID transmitter with a bit of power behind it! Love your videos by way. I particularly liked your 23cms experimentation I saw somewhere. Very cool!
@m1geo Жыл бұрын
@@andykirby Cheers mate! My videos are junk compared to yours! Keep it up! 73 for now!
@nateitkin82799 ай бұрын
The car should transmit a random code that's encrypted so that the keyfob can decode it. The keyfob then sends the same code back to the car re-encrypted so that only the car can decode. Problem solved. The car and the keyfob would require one time programming at the dealer to share each other's encryption keys. It's amazing how little the manufacturers will do to thwart auto theft. Shaking my head. Thanks for bringing this to our attention Andy. People should keep their fobs in Faraday bag at home as a mitigation measure until the manufacturers can figure this rocket science out.
@Equiluxe1 Жыл бұрын
The faraday pouches do work or at least the ones I have from amazon, that I got four years ago when I got my vehicle. I also got a good quality steering wheel lock so any potential thief has to get past that in order to drive off. Just a few days ago I found that bluetooth can reach over 50 meters, I was at one of these parcel boxes at the local super market and had trouble with the QR code so rang the number, my wife was in the car and had the radio on and when I dialled the contact number I heard the phone ring from the car as my phone was still linked to the car even at 50 odd meters, so any car that uses a blue tooth app is really vulnerable.
@Dave64track Жыл бұрын
A good video with some really good tips on how to help secure your car for those who didn't know about this.
@seanyem Жыл бұрын
Andy, Are you a Paul Van Dyk fan ? Guessing by that ending song you've made, Yes... Love it... I want more 🙏👍👍👍👌
@noname-jr9bk Жыл бұрын
Many modern car key fobs use rolling code technology, which generates a different code each time the fob is used to unlock the car. This enhances security by making it more challenging for potential intruders to intercept and replicate the signal.
@laulaja-7186 Жыл бұрын
A rolling code blocks sophisticated replay attacks yes. But the simpler idea is for the attacker to jam all remote locking and watch for those car owners who don’t check to notice that their remote locking attempt has failed. A rolling code doesn’t help in a simple jamming scenario.
@noname-jr9bk Жыл бұрын
@@laulaja-7186 To prevent attackers from blocking car fob signals, manufacturers often implement anti-jamming technology in their keyless entry systems. This technology detects interference and adjusts the frequency or signal to avoid potential disruptions.
@JohnBaxendale11 ай бұрын
@@laulaja-7186It doesn't really block them. The car has to have multiple codes active at once (else an accidental press of the button would mean the car and fob were out of sync and you'd no longer be able to unlock the car). Thieves know this and will jam the car so they can capture a working code (as you press the button multiple times to unlock it). They then let you open and drive away the car, follow you and wait for it to be parked - then replay the earlier saved code (which is still active in the car) and drive your vehicle off.
@onlyeyeno11 ай бұрын
Thanks for an interesting and enjoyable video... Yet again we see "another" example of the eternal struggle between convenience and security... And as is almost always the case security looses out...... How much extra do I have to pay to make my car only open lock and start using the physical key ?? (and Yes I know that "key locks" can be easily picked, but I'd still prefer and trust it more in today's "climate") Best regards. :)
@gadjetsvideo11 ай бұрын
I think that the challenge from the car to the key is on a different frequency (150khz?) much lower and low power to limit the range to inside the car, the signal on the tinysa is the response from the key to the car. Also my Tiguan disables keyless unlocking by pressing lock on the key followed by a touch on the lock point on the door handle. VW have introduced a movement sensor in latest keys that put them to sleep when stationary for a period of time so they cannot respond to this type of attack.
@twiz148 Жыл бұрын
I have a 2023 Kia Telluride and "I think" its beaten the odds. Yes, it has all of the vulnerabilities of the key fob you outlined...but only IF you use the keys...which I don't (they are stored in my home in a faraday box that I have tested and it works). . I put the digital key on my cell phone, which works just like a contactless credit card/RFID communication. So ultra short range and its only active when the key is displayed on the screen...which is even safer than credit cards which can be activated at any time if someone got close enough to you. The car unlocks when you have he key displayed on your screen and touch your phone to the door handle. To start the car, you have to place the phone in a certain position while the key is displayed and voila the car starts. Short of hotwiring the car (if thats still a thing) or breaking into my home and taking the actual keys that I never use, I don't see a way they could steal my new Kia Telluride...though I guess this is my chllenge to Andy to see if I am being overly bold in my positivity. :-)
@plmsdevelopments Жыл бұрын
LOL, as an RF tech I was interested in the content, but the highlight was your ending track :)
@AndrewNeilBaird Жыл бұрын
Fit an ignition switch from an old model on the steering column from an earlier audi , the steering shaft , and column assembly is the same , since you are only using the mechanical lock it is fairly easy .
@digitaldreamer5481 Жыл бұрын
As a security specialist, I get calls from high end clients such as major hotels who seem to manage to lose 20 customer vehicles at a time and the fix is actually cheap and easy. I always recommend Mylar Ziplock baggies to put customers car keys and key fobs into once the vehicle is parked but getting their employees and business to use this effect tool is another story in itself, meaning, trying to get their valet parking attendants to use these Mylar baggies and tagging the outside of these baggies with the vehicle info is time consuming and I understand. So a real simple fix is rather ingenuous, just simply cut off the AC plug in cable from a discarded microwave oven seems to do the trick for most vehicle alarm systems so the vehicle and the key fob can no longer communicate with each other and can’t be triggered by pulling on the vehicles door handles either. Sometimes the solutions to big problems are rather simple. 👍
@honestlocksmith542810 ай бұрын
Just disable PKE in the infotainment system.
@digitaldreamer548110 ай бұрын
@@honestlocksmith5428 Would be good if it was on topic. I’m retired from government work and mostly do easy stuff in the private sector that makes a few more bucks. Nice try…
@TheDivergentDrummer11 ай бұрын
its worth noting that some cars with rolling codes are vulnerable to replay attacks so long as a valid code has been captured' and that code has NOT been seen by the vehicle. this is why jamming is so effective. By jamming the fob, and capturing the code, then letting the next code hit the car, the previous code is not marked invalid. so now, all that is left is to replay it. I personally lookup the fccid of a device first because that will tell you what frequency it works on.
@citizendc918 күн бұрын
To pull that off one would need to jam and capture at the same time which produces a new problem for the would be thief.
@utube18187 ай бұрын
Putting your keys in a metal box works really well, just don’t forget about the spare key. If you don’t want to keep it in the same place then wrapping it in a couple of layers of tinfoil works just as well.
@W8RIT111 ай бұрын
I've also seen a video of a guy hacking his own car...to learn and figure out the operation he was intending. He was able to control certain functions on his car remotely. He was using a SDR transmitting to his car's computer as if it were the car's TPMS Tire Pressure Monitor Sensor since it then communicated by wire to the car's computer. He had a friend drive his car slowly, like 10-15 MPH, while another friend drove another car pacing his car while he was a passenger using his laptop and SDR. He was able to do things like turn on the windshield wipers, turn the headlights on and off, etc. (not steering or braking)
@Bond202510 ай бұрын
This was all possible via the OnSTAR system in GM cars, once in to that you could do anything, so could the control room, law enforcement used to listen in on criminals cars and get GPS data. Cars could also be speed limited, have faults introduced and were ready for the Pay Per Mile system we are getting this year. The engine could also be shut off if the car was stolen and emergency services called if it crashed. Other makes have similar systems and it means law enforcement can bug you without going near the car. It used to only be done when the car was taken in for a service.
@citizendc918 күн бұрын
The best defense that I know of is multiple immobilizer buttons, that need to be pressed in a certain order or together. These buttons can also be hidden or visible in plain sight as regular car buttons.
@sondrayork6317 Жыл бұрын
On our dodge caravan, you have to actually be pressing the button to get it to unlock. But this is scary though because even my baofeng uv5r could theoretically be used to jam the key fob.
@AntonioClaudioMichael10 ай бұрын
Very good informative and entertaining video as always 4:30
@darrenpash50779 ай бұрын
Hi ya Andy...what model is the radio you have an is it standard...?...is the spectrum display in the factory menu?.. P.s love the videos
@colmreilly8779 Жыл бұрын
I've jammed the frequency as a prank on occasion. Like my friend cant get the keyfob to work but her boyfriend had no problem. Confusion and hilarity ensues.
@andrewnorris5415 Жыл бұрын
Reminds me of the pranks Apple's Woz did and I must admit to doing a few hacking the school computers. Making the teacher think the monitor was broke, I sent rand values to the BEEB's video control memory over the ethernet (network). The screen went haywire. A shame he left the network manual lying around lol Another mate wrote a program to guess his password after we noticed it only seemed to be 4 chars long. We got it, "FROG". We used it to make ourselves priviledged. I then wrote a program on the server to go through all the server code to search for the ChangePrvi command. I then changed it to a new secret command name. Next time it booted it loaded up the new command. And only myself and my mates could make people priv or unpriv them lol
@vanhoteen11 ай бұрын
"If you are truly afraid, I recommend installing a switch on a data power cable for OBS. To prevent radio theft, use a disconnect switch on a starter fuse with a system that requires activation with a separate remote control or has a timer to deactivate that starter fuse during hours when you are at home or asleep."
@laulaja-7186 Жыл бұрын
Standard practice in South Africa! ALWAYS check that your car has locked before you step away from it.
@AudioFileZ7 ай бұрын
My 2007 RS4 as well as my 2004 S4 both keep me out...radio keyfob wise. I have to use the actual key in the keyhole and open the door on both. Local shops haven't been able to make me replacement keys and program these for my car. Yet, the theifs have little trouble it appears by your video. Of course I can go to the nearest Audi dealer and get raped money-wise and get new replacement keys that will auto lock and unlock my car - which I'm stubborn enough to resist. You have pretty much shown the in-effective nature of most anti-theft systems for sophisticated car thiefs to me. I'm a testimony to the fact these systems end up causing owners like me grief, either because the owner can no longer use the electronic lock/unlock keyfob feature, or simply because the car can be stolen regardless. With all of the tech today you'd think there'd be a better system that is both owner-friendly and robust enough that the car theifs have to go back to other means of criminal activity?
@jamesmoore6424 Жыл бұрын
I had a car that you could remove the key from the door with the lock barrel not fully returned home, meaning it would Unlock with an ice block stick. But with our sort of gear could we not block multiple vehicles over a wide area? Then we can go into business selling car alarms that work😂!
@montgomeryrichard8 ай бұрын
Always watch to see your indicators flash when leaving the car after setting the alarm. Fit an independent "Thatcham grade 3 alarm system" to the car your insurance will be lower and the car will not be able to be driven away. The alarm will also sound depending on how set up if the door is opened after a short delay if not disarmed separately. Even in a workshop very difficult to remove the alarm system even for an auto electrician talking hours!
@PKhanz9 ай бұрын
MBs newer key fobs deactivate after a few minutes and wake up with motion to help mitigate this. Also, MB fobs since the introduction of keyless entry have been bale to be "deactivated" by double tapping the lock button on the key fob. This puts the remote to sleep and will only strat to transmit once a button is pressed on the remote to activate it again. Unfortunately most owners dont know or utilize this second feature.
@maclura11 ай бұрын
i don't even have a car, or know how to drive, but if i ever got one this is just another reason i'd get one from the early 80s.
@Radagast492303 ай бұрын
simple way to prevent this. Drive a car with no remote entry or start features and no CAN bus. Basically drive something at least 20 years old, if your car has nothing to BE hacked it can't be.
@jamesward5721 Жыл бұрын
Like a radio is needed. Nothing is needed. The thief watches you get out - filling station, blah blah - people seldom hit the "lock" button - they walk off with the "key" in their pocket. Thief sits into car & just waits. Owner walks back, coffee in hand & is shocked to see someone sitting in their car. Taps on window.. Key is within range. Thief presses start button, drives off. Bye now. No tech required - the tech crap can be leisurely done in some hidden garage before the vehicle heads off abroad. The "key" can be reproduced easily using readily available kit. The solution is to get someone like me to wire in a hidden kill switch that you hit religiously every time you leave your vehicle. One lo-tech button. Unless they have a tow-truck, they're going nowhere when that switch is off. EVERYTHING else including fancy immoblilisers is just kidding yourself as the thieves have figured them all out ages ago. Looking for a hidden kill-switch is a ball-ache - so they go take easier prey.
@jamesward5721 Жыл бұрын
That ^ is just one version - the rest use signal boosters blah blah - same same. If a crucial system is not getting power, the cars not moving - which is the power of old-skool kill switches. "Keyless" has a safety feature that prevents the car stopping if key communication is lost - if the key is present it will start & not stop till the "stop" button is pressed. That's an invitation to thieves - if they leave it running as they refuel, they can run that car without a key for ages. Fit a kill-switch & hide it real well - but make it easy to press so you use it. Thank me later./
@andykirby Жыл бұрын
Hmm.... I'm not really talking about glorified car jacking, car jackers wont get far in this country at least with cameras everywhere and ANPR... the majority of serious car theft is done at night when the owner is unaware, container waiting at a nearby port and the car is shipped to another country before its even noticed. This is very stealthy organised crime.
@thebugg333 Жыл бұрын
Capturing a signal from a fob and replaying it may de authorize / unsynced you fob that may have a rolling key. You will need to take your key and get it reprogrammed...may need to get the car towed at a dealer also. Most of these attacks are for high valued cars.
@robgibbsofficial Жыл бұрын
Fantastic video mate - you should have your own TV show as well
@UpcomingJedi8 ай бұрын
Its amazing how Lursa and Baytor thought of finding your cars sheild frequency in star trek using a cheap visor that was also probably made in China
@sailorgerard10 ай бұрын
My recommendation would be to keep the key fob in a lead container when not in use. But you have covered that with the metal box mentioned in your vid.
@Cqdx1111 ай бұрын
Andy great you have a TT in your garage to test this. Our TTRS 8J 2010 may be more secure as it does not recognise and unlock if close outside with keyfob. Also its a 6 Speed MANUAL! ;-) Not sure many crims here know how to drive a manual I recon! Anyway will get out the trusty V3 SDR on the laptop and see what we can find out. Maybe a Steering Lock for Xmas!??
@la7yka Жыл бұрын
I guess the center frequency is 433.92MHz, as it is the ISM-frequency in EU for this band. Which however in fact is a ham band, where ISM is secondary users. I tried to listen to 433.92MHz in AM, and could hear all the weird signals in the morning when people went to work :)
@metahertzuk7 ай бұрын
Porsche keyfobs (at least newer ones) allow you to press lock and unlock together and a red light will flash. This will disable the transmitter on the key until next time one of the buttons is physically pressed, which is great for overnight at home etc.
@ALL_OUT_OF_BUBBLEGUM Жыл бұрын
This is such crucial, interesting and easy to understand information, you tube will probably take it down.
@joshbeckett8 ай бұрын
If I were you, my primary concern would have been dropping my keys through that drain grate below your driver door… …until you taught us all how to nick it… 😂 Thank you - very interesting and informative!
@andykirby8 ай бұрын
That damn drain grate 😂
@JamesWilliam70 Жыл бұрын
Thats why i have a dedicated secondary fob style immobiliser and a tracker + subscription and a few other visual items. In the driveway video, a faraday pouch would help.
@threeMetreJim Жыл бұрын
Moving the fob away from hanging behind the door would help too. The fob to car range is very short for automatic unlocking when you are by the vehicle. If you hang it behind the door (a common place) then forget to lock your door, that is just another way to have the car stolen; if you see videos of people police are looking for, trying doors on a street, it is likely that they are going for car keys rather than burgling while the occupants are home - more gain, less risk.
@DinsDale-tx4br11 ай бұрын
Excellent video, My paranoia has just gone off the scale! :-)
@PaulMc-qn7iv Жыл бұрын
Love the vids and tunes lad...is there anything you cant do?? Where can u buy this for 20 quid ??
@perkulant4629 Жыл бұрын
Faraday pouches work very well. The two I tried off Amazon at least.
@kurtisuk Жыл бұрын
Ford’s new key fobs on 2019+ cars sleep after the keys are not moved for a certain amount of time
@billyhatcher64311 ай бұрын
ive always been interested in short wave radios and other signals but it blows me away how any car can be easily hacked with these things
@blsboom-ff1fq11 ай бұрын
Well thank you for telling the last criminals who didn’t know yet…
@demon3310 ай бұрын
On VW with keyless entry, if you lock the car with the key-fob lock button, then touch the dimple on the door handle within 5 seconds, it disables keyless entry until the next time you unlock the car (using the unlock button on the key fob)
@petermainwaringsx Жыл бұрын
Andy, does the radio come with the spectrum screen or is a hack? Nice video, thanks for the upload.
@andykirby Жыл бұрын
Thanks 👍🏼 It's a feature of Fagci firmware.
@rustledjammies876911 ай бұрын
If the frequencies are located within the 70cm Amateur Radio band, and you have a licence, it's technically not illegal to jam them, so long as you stay within your power limits and overlay a Morse signal of your callsign or an audio recording announcing it. Such devices will not be listed on the official band plan, so you could easily claim innocence, especially since not many people, including HAMs, know about this!
@jasonwalsh9211 Жыл бұрын
Great video mate and quite an eye opener.... didn't know about the Bluetooth though 😮
@neilsawdon575611 ай бұрын
My old (06) Lexus fob has a inbuilt feature so that the transmitter signal can be turned off completely. initially designed to save battery power when not in use and nowadays makes a nice little security feature.