An ignorant question on keyless security

[Chickin]

So I've read about the increase in car theft from "cloning" key signals from in the house then relaying the signal to someone closer to the car, and that the way to stop this is to keep your keys in a faraday box.

My question is if the signal can be cloned, why can't it be stored to be used at a later time? ie you'll have to use your fob at some point to unlock the car. If the thief is nearby, can they clone the signal, store it then use it to steal the car at night even if your keys are in the faraday box?

[old man]

Perfectly normal question.
First of all, what year is your car ?
If it's the latest model, the key fob has a sleep feature, which means it stops emitting a signal when it has been left undisturbed for a few minutes.
Thieves don't clone the signal from a fob, what they do is boost the signal, so two people with two devices come to your house, one stands near your house with a device that reads your signal and then sends it to his mate, who is next to your car with a device that reads that signal, which in turn makes the car think that the fob is nearby.
If your fob has the sleep feature, then a thief won't be able to read it once it's asleep. I do also keep my fob in a Faraday box as an extra precaution in case the sleep feature stops working. If you decide you want a Faraday box or pouch, make sure you get a good one, as the signal from the Tucson fob is quite a strong one and some Faraday products won't block it.
Cloning a key is a different thing to reading a signal from the fob. For cloning, a thief needs to gain entry to your car, after which he plugs a computerised device into the OBD port and clones a key i.e. it makes the car think a key is present, so they can then start the car and drive away.

Another thing to be aware of, is signal blocking e.g. you park your car somewhere (could be anywhere, even at home), get out and as you walk away you press the lock button on your fob. There's a person sitting in a car nearby with a signal blocker which blocks the signal you just sent from your fob, which actually prevents the car from locking, so once you've walked away they get in your car, clone a key (hotwire in the old days) and drive off, or just steal your belongings.
So my advice is, when you exit and lock your car, take the time to make sure it is actually locked e.g. listen for the locks activating, watch the door mirrors fold in and physically try to open a door before walking away. It might seem like a faff, but I prefer to do that than have my car stolen or personal items stolen from it.

[Chickin]

Thanks for the comprehensive answer old man!

I'm planning on getting a faraday box for the house (it'll just be a box that all the keys go into) and a steering lock (like going back to the 90s!).

Is a Faraday pouch overkill given the faff of having to pull the key out everyone you want to use the car?(especially if I follow your method of getting into the habit of checking the door every time)?

[old man]

Is a Faraday pouch overkill given the faff of having to pull the key out everyone you want to use the car?(especially if I follow your method of getting into the habit of checking the door every time)?

You have to do what makes you happy and gives you peace of mind. Because I try to ensure that my car is locked when I walk away from it, I don't put my fob in a Faraday pouch when I'm away from home. I do take a pouch with me when I take the car abroad to keep my fob in overnight.
I have a Stoplock on the steering wheel as a visual deterrent. I have disabled entry to the OBD port and I have stickers from E Bay on the two front windows stating that both Keyless entry and the OBD port are blocked.
Some may cry overkill, but I'd rather thieves stole someone elses car rather than mine .

I did research on Canbus immobilisers and very nearly bought one, but they are at least £400 and I think the measures I've taken will stop all but the most determined thief and cost me approx £60, of which £45 was the Stoplock.

I was going to provide a link to the Faraday box I bought, but I see it's currently unavailable. Read reviews and choose wisely. When you have one, put your fob in it, close the lid and the latch securely (important !), then go stand beside your car with the box and try to open the door using the little button on the handle. If the car unlocks, the box is no good.
Also, store the box at the furthest point in your house from where you park your car.

In case anyone is wondering how I've managed to disable the OBD port, I will not state that on a public forum.

[Chickin]

Amazingly helpful old man and thanks again!

If the obd-blocking is readily reversible, would you mind telling me in a pm?

[old man]

Amazingly helpful old man and thanks again!

If the obd-blocking is readily reversible, would you mind telling me in a pm?

It is reversible and takes less than 5 mins each way once you know what you're doing. I've just had to reverse it for a service, but is now once again thief proof (ish). Whether you'd want to buy and adapt the parts I bought in the way that I have is another matter. You will need a small disc cutter or a hacksaw and some small files.
I will PM you, just not right now. I've had a busy day, my back is hurting and I'm just sipping a G & T. I'll get to it this week though.

[Chickin]

I love hacks like this! Thank you very much again - no rush on my part, don't get the car for another 2 weeks!

[old man]

I love hacks(aws) like this!

There's a pun in there somewhere

[PhilHornby]

If it's the latest model, the key fob has a sleep feature, which means it stops emitting a signal when it has been left undisturbed for a few minutes.

If your fob has the sleep feature, then a thief won't be able to read it once it's asleep.

I'd read that on some forum or other before picking up the car, so I asked the salesman about it. Of course, he'd never heard of it ...

I tried to test it out, but without success. Of course, maybe if I'd just waited 5 seconds longer - who knows ...

What I did was put the fob on a kitchen stool, next to the driver's door handle - so at the same height. I then pressed the door button to lock the car and waited. The longest time I waited was ten minutes and the car unlocked on the door handle button (the key having being motionless all that time).

I also tried listening to the key fob signals, using RTL-SDR. I could detect the buttons on the fob (very short bursts of data), but I never heard any sort of 'beacon' from the fob that the car might be listening for. Again, maybe I was looking on the wrong frequency (there's no saying it's the same as used for the buttons). Equally, the fob might be listening for the car and only reply to it. Perhaps the fob has to go out of range before it triggers the timeout? (There's an interesting discussion on this same topic in a Polestar forum). Also, I just spotted a proof-of-concept paper here, for how such a timeout would be implemented. Somewhere, I came across an add-on for existing key fobs, but it was quite bulky.

I can say that I failed to prove that this fob has a timeout. But that's not the same as proving it hasn't. Absence of evidence isn't the same as evidence of absence

On the subject of programming new keys via the EOBD port: at least one manufacturer (Toyota) seems to have had this vulnerability, at some point - you can buy equipment on eBay to perform the operation. However, that's not to say that it applied to any other manufacturers (or that it still applies to Toyota). I do seem to recall that for VAG cars, the procedure required the presence of 'secret' information, obtained from a central database. See http://wiki.ross-tech.com/wiki/index.php/Immobilizer

[PhilHornby]

Perhaps the fob has to go out of range before it triggers the timeout? ... (There's an interesting discussion on this same topic in a Polestar forum).

I just finished reading that thread, and that is indeed what Polestar owners found (and they had to wait 30 minutes). I need to do another test