In order for a Faraday cage to actually work there can’t be any gaps that are half a wavelength or longer of the frequencies they are being blocked. That means having an overlapping conductive ‘seal’ across any opening. A lot of the lined fabric pouches for fobs work fine but you actually have to get the fob down in them and close them properly.
Most remote car fobs can actually be deactivated by pressing some combination of keys in a particular sequence. Check the owners manual or online forums. This is far more reliable than ‘Faraday’ boxes or pouches of uncertain provenance and reliability.
You seem like a guy who has generally made good life decisions but I guess everybody has a blind spot.
This one has a tightly fitting top with an overlap, hinged on one side and a latch on the other. It’s also likely a cheap import from China I bought off of Amazon and who knows what’s under the fabric without cutting it open.
My cars over the last decade - Lexus, BMWs, Audi, and Volvos - have never had this feature.
We are having a serious problem with car thefts in Memphis right now. I had never known anyone who had their car stolen until this summer when a friend had hers stolen while she was at the eye doctor. Then a friend had hers stolen from her driveway on New Year’s Eve. A few days after that another friend was in a bad accident when a kid in a stolen car hit her almost head on. Her foot was broken and her car was a total loss.
These cars for the most part aren’t being stolen for profit. It’s being done by teenagers stealing them for joyrides. On Nextdoor someone reports their car stolen almost every day. Usually a Kia, Hyundai or Infiniti, which kids learn how to hack from the internet. The cars are generally found within a few days, wrecked or otherwise damaged. Last week eight teenagers (13-17) were arrested after crashing two stolen Hyundais while racing down a major thoroughfare. It’s proving hard to combat when the perpetrators are kids who can steal the cars in just a few seconds and ditch them when the fun is over.
The cars I hear about are higher-end luxury cars being stolen to either chop for parts or driven into shipping containers and shipped overseas for resale.
Some cars are susceptible to a piggy-back high jack. A receiver/transmitter gets close enough to the fob on your front hall table or in your jacket pocket and boosts the signal to your car in the driveway which allows the thief to unlock, start the car, and drive off. The faraday bag/box is supposed to prevent this.
I haven’t looked for other makes but I’d be surprised if there isn’t a way to turn off the fob.
The keyless fob is essentially an RFID device that emits a signal to let the receiver on the vehicle know that it is within range to unlock the vehicle, or actually inside the vehicle so it will enable ignition. Although modern systems use a rotating keycode algorithm to provide some security, it is possible for someone with access to the algorithm to replicate it. It is also possible to do what is called a “rolljam” attack where the fob signal is blocked but recorded and then can be repeated by the attacker to unlock the vehicle. In general, vehicle ignition systems are really not very secure and a knowledgable, well-equipped thief can actually steal your new car with electronic security features faster than one could hotwire a vehicle from the pre-electronic ignition era.
Definitely not the case with Volvo. In fact our current gen Volvos each came with 2 standard keys and a sport key. The sport key looks like a USB stick and has neither buttons or a replaceable battery. No spare metal key inside or remote lock/unlock/trunk release.
Most keyfobs are at 315 MHz. If you can’t build a box that fits a set of keys without a half-meter gap, you’ve got some issues.
I expect the real reason many of the boxes don’t work is because they’re just fraudulent; i.e., they don’t actually contain a metal mesh at all (or just on the lid, or some other useless configuration).
So the attacker uses his device (smartphone) to first interrogate the fob while the car can’t hear, then approaches the car and uses the data gained from eavesdropping on the fob to generate, if not an exact replay, at least a spoofed code that the fob might have generated. Which spoofed code the car duly accepts and the thief has your car.
And the defense is to simply isolate your fob in a faraday bag so the initial attacker probing the fob will fail. Logical, if kludgy.
Way past time to upgrade the security protocols throughout.
Another physical measure–one that requires hardware on the fob side–is to disable unlocking when the fob is not moving. The idea is that when you’re sleeping and the fob is on your bedstand or wherever, the fob becomes inactive and impossible to relay. That at least stops the type of attack where thieves steal a car right from the owner’s driveway, using a high-gain directional antenna to pick up the fob’s signal and relaying it to the car.
Man, if you think that the fob security is bad, look at automotive software security in general:
If any enemy really wanted to bring the US to a halt, a broad attack against weakly secured consumer automotive systems—especially those capable of ‘over-the-air’ updates—would be a great way to do it because it is an extreme vulnerability with almost no measures for defense.
I’ve read a couple of these experiments invading the CANBus over Bluetooth or whatever. Not pretty.
I’ve claimed for years that I know for certain Al Qaeda doesn’t have nukes. How do I know? Because NYC hasn’t been blown up. IOW … The moment they have the capability, they’ll use it. Since they haven’t used it, that proves they don’t have the capability. QED.
I’m wondering now why somebody someplace hasn’t decided it’d be fun or profitable to perform a mass ransomware hack on cars. I almost am forced to apply the same logic as the nuke case. The fact it hasn’t happened yet strongly suggests it isn’t quite as possible at scale as the experiments indicate.
No. The bolt actually didn’t penetrate very far - it’s not a particularly powerful crossbow, it was a target point which isn’t as damaging as some others, and the miscreant was wearing a heavy overcoat. He was able to run off down the street with a bright red bolt sticking out of him, and most like a friend with a bottle of Jack and a pair of pliers could take care of the problem for him. It did discourage him from both theft and assaulting my spouse, which is what we wanted. No one has tried to steal our truck (or car, for that matter) since. For some reason.
Ford Festivas were known for this. We discovered it one day outside a laundromat with a stranger’s Festiva of the same make and color as ours. His key would open ours, too. Fortunately everyone concerned was a good sport about it, but it was damn creepy.
Once had a homeless guy in our neighborhood with a Festiva key. He’d sleep in them. Was neat and clean about it, too - most people never knew he’d been in their car. It’s just that my spouse would leave for work very early and surprised him in the car one morning. Another one of those city things that can be frightening at the time but somewhat humorous in retrospect. They guy was polite, clean, and apologized for causing distress. But… yeah, creepy.
I unerstand that the OP has a vehicle that doesn’t fit in the garage, and is mostly concerned with the vehicle getting stolen while traveling.
But I’ll echo my dad’s complaint that many people park their vehicles, worth $50,000, outside the garage, while the garage is full of junk worth far less than the vehicle.
This seems to be the best bet, if possible. When my parents buy their next car, I’ll advise them to ask the dealer to do this before they take the car off the lot.
For me? I live in a Faraday cage, and my car’s parked in an underground Faraday cage. I can’t even get a cell signal in the middle of my home (without Wi-Fi boosting) or in the garage.
I understand what you’re saying, but my vehicles are well protected at home. They’re parked inside a gated, wraparound driveway that (due to geography) is difficult to access without some serious climbing or ladders. The gate itself is mounted on 4" aluminum posts sunk 6-7 feet into concrete, with the lock side post (opposite hinge) attached to a structural member of the house. It’s locked via the screw-actuator, a 1000 lb. electromagnet, and two 1/2" locking pins which slide into place when closed. My wife’s car is just beyond the truck inside the garage, which has its own extra locks/etc. At home, my vehicles are probably secure from everything but a Seal team with a skycrane helicopter. As you said, my real concern is disabling the truck from any electronic wizardry when we’re a long way from home with a heavy camper. I can easily keep the keys in a faraday container when inside the camper, but I’m still uncertain about its safety when leaving it in parking lots or (mostly) deserted areas while we are gone sightseeing. We don’t worry as much over the car, since it’s used locally, and although a PITA, it wouldn’t cause as much upheaval if it disappeared while we were in Walgreen’s.
The truck’s predecessor was frequently left for entire days (like on the street in Key West while we went boating, or a dirt road while hiking somewhere), but I simply pulled some vital fuses and took them with me. I’m looking for a simpler way to disable the new one while out and about, as the spoofing attacks seem much quicker and easier, so I’ll need to do this each time I stop somewhere. It’s my understanding that full-sized trucks are near the top of the thieves’ to-do lists, and if a few hundred bucks of extra security defeats them, it’s worth it in our particular case.
When I take delivery, I will find out if there are locking, or motion-enabled features of the fobs.
I have also wondered whether somebody with the capacity to do that has decided that the blowback wouldn’t be worth it. Ransomware attacks, even on places like hospitals, seem to be met with a collective shrug. But mess with the nation’s cars, and the whole country will be baying for your blood.
