It never ceases to amaze me that vehicle companies put so much time and expense creating such technologically advanced cars, but with a key entry system that is about as secure as a wet paper bag.
It could be mitigated to a degree by reducing the range of both the car's and key fob's to say 20 feet. There's really no good reason to be longer than that.
Or better still, simply just open the car door with the physical key. You have to walk to the car anyway so no time is lost! I guess it’s because even that is too much effort these days!
Well, as a software engineer with security as my main field; there are ZERO education in proper secure design of digital locks when you educate yourself as a software engineer at tech universities. Zero! But the entire world expect you to be a security genius as an engineer. So all these security-illiterate engineers end up being “creative” and make up their own horrendously bad security solutions that only keep themselves out. 😂 fun fact to scare you even more: 100% of all digital safe locks in the entire world can be opened with a factory master code. I know this particularly well, because I developed the world’s first tempest-certified timelock-system for civilian safe-locks to prevent illegal covert governmental level Abusive break-ins done by corrupt cops and corrupt intelligence agents targeting innocent civilian wealthy people. This project has been a big eye opener for me in many fields. The world you live in is not as secure as you might think it is. 😂👍❤️
It's criminal that car makers don't put motion sensors in the keyfobs to disable them when sitting idle - would cost peanuts and eliminate relay attacks. Some makers ( VW I think) do some fancy time-of-flight stuff to check response time to prevent relay attacks.
your videos are getting more and more informative and interesting as time goes on. I really look forward to your next videos especially these radio related ones. You've got great knowledge and know-how and you're teaching us all. Absolutely superb stuff!
I highly recommend a good quality Faraday pouch. I'm a mechanic and use them when working especially on hybrid or electric vehicles as you don't want an engine to start when you've drained down the oil or your fingers are in there. And you really don't want a 900 volt EV coming online. I always check the ignition switch with the key in pouch within the vehicle to insure it can't be detected.
For anti-theft - Take the fuse out that provides power to the diagnostics socket, not many people carry a 12v battery about to power up their controllers and programmers. MOVE the diagnostics socket to a different location by extending the wires. Or you could replace the OBD2 socket for a completely different type, like an old parallel port connector off a computer (providing you have plug and socket) and make an adaptor with a plug and short lead going to the original socket. People trying to pinch the car would be going WTF! They would find some random connector and not have a clue which wire was which. You could also use a multi pin circular type. You can give the garage the small adaptor for services etc, then they can plug it in and put the OBD2 plug in the other part of it. Then I would fit a hidden switch connected up to one or more electrical circuits like the fuel pump and starter circuit. Anything to slow people down. Modern cars can be taken within minutes, even without keys. Sites sell everything people need apparently.
Easy (and effective) cure, hide a kill switch in the car to disable the starter. The only way the start button will work even with a relay attack is if they 1. KNOW about the kill switch, and 2. Know where it's hidden. They might still be able to GET IN your car, but it will still BE THERE when you go out the next morning. You COULD get even fancier and ad an alarm relay to the start button, that's active when the kill switch is on that will let you know someone is attempting to take it. Then you let your friends Smith and Wesson take care of the rest.
Previous owner of my old audi installed a kill switch, that allows engine to start, and kills it after about 30-60 seconds with alarm, if you don't push a hidden button. It honks before to remind you. It starts working each time after closing any door, even if engine is already running. In case of carjacking it allows supposedly armed criminal to drive off, leaving you safe. I think it was banned some time ago, because of stopping engine while riding. One can still park with momentum though, it doesn't brake.
I used to work for a small company which made kill switches that also required a 4 digit code which you could input via any designated switch in the car, or optionally by a hidden switch. If the car was entered and the code not input within 2 minutes, a sequence of events would start which was designed to disable and then draw attention to the vehicle in some very public ways.
I was always told that locks only stop honest people and if they really want it, they will take it. The only thing you can realistically do is to make it very obvious that it will be more difficult to take, these people don't like wasting time.
@@JamesWilliam70 sometimes a solution could be free, effortless, and relatively quick...pull the fuse for the fuel pump. Car won't go without any gas supply.
Most often crimes are opportunistic. If your door is unlocked then there's a much higher chance of something being stolen versus them breaking a window to get in.
That is exactly right: locks are only there to stop honest people When and IF some'one' wants to get in - a LOCK will not stop them. Locks did not work on chastity belts either. One reason why DNA testing fro family connections is totally invalid and useless One does not know who had s-ex with whom and when. Just be thankful for being alive - Leave the past behind.
Our local ham repeater was moved frequency to avoid jamming cars! We've now got a new 9 MHz split, and we added a notch filter on the TX for 433.920 MHz (ISM band centre) to help.
You got the relay attack details slightly wrong. The car transmits on 125kHz, and it is this signal that is relayed to the portable antenna, The keyfob receives this and then replies on 433MHz, which has plenty of range to get to the car as it's also used for the keyfob pushbutton modes. The reasons for using 125kHz are that the range is limited and very predictable ( limited to area around doors and driver seat), and it can be received with near-zero quiescent power draw in the fob.
I don't think that's correct as why would there be a challenge & response visible on the keyfob UHF frequency when you press the start/stop button? I do know my car also has a method to start it using RFID but you have to hold the keyfob very close to a section on the steering column in order for it to energise. Passive 125khz RFID has a super localised range of maybe 10cm, that's not what's being used here. I find it hard to beleive its possible to do a long range passive RFID scam because the transmission distance of the fob is so short, it could be possible thiugh, I have seen videos of thieves with a very large wire antenna. In my car though it is active RFID which is in the UHF range. Passive RFID I think is used in cars that have a physical key inserted into the ignition,, then that key by nature can be very close to a reader all the time as it remains in the ignition.
@@andykirby What you are seeing when you press start/stop is the keyfob's 433MHz response ( possibly duplicated) Yes, normal car immobiliser keys are passive RFID but keyless entry systems are not - they use the same frequency but a larger antenna than the coil round the ignition key, and active receiver in the fob, which returns a signal via 433MHz UHF. 125kHz with a moderately high transmit power available from the car battery plus an active receiver in the fob can easily do a metre or so - cars typically have at least one antenna at each door & boot, and at least one around the drivers seat. The fob uses an inductive antenna (often 3 coils at right-angles to each other) tuned to resonate at 125khz, which can produce enough voltage directly from the received signal to wake the fob's control chip without any active receive power draw when idle. It is not practical to make a continuously-listening 433MHz UHF receiver running off a fob's coin cell - it would draw too much power for sensible battery life. The backup starting method does use conventional RFID - the chip in the fob can act as a passive RFID transponder if the battery is flat.
@andykirby It's important to note that information on this topic can vary by manufacturer and by the function being performed. IE, opening the door using the fob vs starting the vehicle. There are some interesting vulnerabilities in fobs and the replay and relay attacks require zero understanding of the vehicles security system and only operational knowledge to carry out the attacks. Having said that, the popularity of the topic of car hacking is growing due to flipper zero videos. Once they know what people in my profession know, vehicle theft will be a lot worse.
Had a faraday pouch. It worked for a bit but then it started to let the key fob signals through. So had an old tin , lined it with tin foil and that works 100%
Many years ago I was at a rave and wanted to get my coat because I was getting a bit cold. In in the state I was in, I managed to open three other Mini Metros before I got the right one. I still had the ultimate deterrent though: a car that no one would ever want to nick.
There are only so many key cuts used. Probably with worn key or tumbler ones that are close might even work. They make "tryout keys" for automotive applications which are just a bunch of different key cut patterns. Sooner or later one of them will probably open the lock.
… priceless! Taking that idea one step further, my old jalopy used to have a damaged battery connection. Not being familiar with the car, a thief would be unlikely to know that this “dead” car just needed to open the engine compartment and shove that battery connector back on to start.
Jesus, I had the ultimate anti-theft one, beige with rusty red fabric interior, HLS trim with a massive 1300cc engine. It was a good car in it's day as a first car, 155/65 SR12 tyres!!! ( I think). I had to replace the head gasket, went through numerous sets of front brakes, all 4 gas suspension units and connecting pipe at the rear, then the two radius arms "fell off" at the back and the rear bearings fell apart - it was a fun car, but also cheap to fix. The slimline 12band graphic EQ and 4x40Watt booster from Dixons and the Matsui 3 way shelf speakers were pinched and they left the car!!! I had even fitted a centre console with a radio, EQ and booster and tape holder in! They left my Ham International Multimode 2 that was under the switches on the right hand side, but broke the steering lock, surround and ignition switch as I think I disturbed them. The door lock had been "removed" or punched through in to the inside of the door.
This criminal jamming action is absolutely off the scale in South Africa. There is actually warning notices on all the walls of all the shop car parks . The crims are always looking to remove the car from your possession day or night.
Yup, just said that to another person here who said Andy just taught the theives something new.... Some people are very ignorant in their little bubbles.
The assailants from the 2021 "CIT video" from Pretoria were using cellphone jammers, that's why when Leo Prinsloo told his partner Lloyd Mthombeni to "phone Robbie, phone Josh", he couldn't get through.
A pad with a few thousand volts on the door handle is also an effective deterrent. Don't do it though - it's illegal (or make sure you have an effective way of disposing of the smouldering trash afterwards!). Thanks, Andy. Good tips.
Another great video. I have just purchased a brand new car today and will be having another Pandora alarm fitted asap. They are brilliant alarms but my installation can't be done straight away due to no free appointments. I purchased two Faraday cases from Amazon and they do work even standing next to the car. They are worth the £6 they cost for 2. But you can't beat the alarms.
The type of alarm you need is the one with the immobiliser that is programmed using switches in the car, so when you get in, to start it you pick a combination such as - left indicator, rear demister, right indicator twice and A/C button BEFORE it will then start the car! No one can guess the combination or start using OBD2 to get the info etc.
I had a Peugeot 405 with a chinese lock, since previous owner lost the key. It had no steeringlock anymore, I could start the car with a coin.... I learned that when suddenly my keys fell to the floor when I was driving. I hadn't seated it far in enough to let some pin to hold the key in.
This does not only apply to cars. I was fitting CCTV to my house and using a Baofeng uv-5r to call to the wife who was at the monitor to ask if it was aligned correctly, the radio knocked out the the recording box and had to be restarted each time...
I suspect that was from a different issue, like RFI, just good ole plain interference....doesn't have to be on frequency, like lightning. That coax cable for the CCTV cameras acted like an antenna, especially for a "dirty" modulated radio like a Baofeng.
When these key fobs were first introduced there were many incident where car parks that house a 70cm repeaters had reports of cars being un-lockable because of the repeater. Silly frequency to choose for key fobs.
When Lothian and Borders police first went to Airwave, there was a spate of cars (Rovers and Metrocabs) that if switched off near the police HQ, wouldn't restart unless you towed them a mile or so away. Those used to use the alarm to immobilise the car, rather than the LF/RFID stuff that's the norm now.
@@Ayrshore I can see that happening if there was an AW base station on the roof. Although in a different part of the spectrum, there would be enough power to swamp the basic receiver for the immobiliser.
Greetings from the US , I have tested the faraday pouches and they do work. they make them with pocketbooks , purses and wallets as well to protect credit card chip readers as well. One thing I did is installed a aftermarket remote relay and put it on my fuel pump module b+ and hid it the the car so I can cut power to the fuel pump. so they might get in and start my car but its not going to drive anywhere and now the are sitting there with a disabled car and most likely want to flee very quickly . Next up , I think I will in addition cut power to the receiver if possible while leaving the alarm active ,so the car will not talk at all . One night my car was parked away from the cars in the supermarket parking lot and a couple of guys parked next to it . I remote started it which change the code on them and they seen me coming and drove off , that's what started this project for me . another min and my Corvette might have been gone.
Andy, this was news ten years ago. The car makers all denied it. Then they formed a 17 manufacturer group to investigate solutions. That was over six years ago, and they've done nothing yet. Rolling code technology was in widespread use ten years before these hacks--but never used by the auto makers. Mercedes used to make at least one model where the key fob had to be inserted in the dash to start it, because that was a separate infrared coded system, like a tv remote.
Andy - you need to beg, steal or borrow and review a HackRF + Portapack! What the Flipper gains in portability the HackRF surpasses in flexibility. I just know that this beast would be right up your street! Of course I would never condone illegal use of these but it is scary that a modern day "coat hanger" could be as effective if not more so - education is the key here as it empowers owners to become more aware and take precautions where possible. P.S Yes Faraday cages do work at medium range.
Where I live if you had your Audi stolen you would probably be happy! lol Yes, faraday pouches work very well. My key is never out of it if I am not driving. How about a 'very large one' and you could put your entire vehicle in it? Just a thought.
It is possible to swap someones car too. You get a rental the same, swap the number plates and all contents with the target after getting a second set of keys made, and stuff the key under the dash. Any key will now start the car, and you report the car stolen. After a while the police will pull the person over and check the VIN which wont match so now the target has a LOT of explaining to do. Revenge.
Presumably they could send a 'wake up' from the car to the fob to get the fob into an active mode thats ready to phase-lock the challenge signal, then issue a challenge and get a response with very predictable latency... the car could then use phase discriminator to ensure there's a direct path with no repeaters. Perhaps that's not reliable in the ISM, but it's surely possible at higher frequencies. Perhaps in the 23cm band and above. Demodulating and remodulating does take a little time and introduces phase shifts - so I'm sure this could be a valid thwart for relay attacks.
I moved to spain 15 years ago. First thing i did was put an alarm in my car. Now i find it amusing you need one. I ocassionally forget to lock the doors at night here and dont bother to get out of bed if i remember. I leave the shed door open most nights. Frequently go out for the day with the shed door wide open. There are some advantages to not living in a country full of hooligans
I once visited a country town out in the middle of nowhere. We rode around with some girls. It was 1979. I forgot to lock my car. I said if we are going to be gone long, I need to lock my car. One of the girls said if you go back and somebody sees you walk over and lock the car and walk away the locals will take great offense. I should have moved there now that I think about it.
@@dougtaylor7724 yeh i live in a small village, probably more like a hamlet, everyone know who everyone is, like there are literally 40 or 50 houses. I have padlocks on the shed doors etc, but I literally never shut them, theyre just there to give the appearance of being locked. I dont htink it would enjoy living in a city again .
Thats why i installed Trunk Monkey in my vehicle the only sure fire way to deter thieves from taking your vehicle. From the makers of Suburban Auto Group.
I ask the logical question after reading what you wrote: And I quote : "" i installed Trunk Monkey in my vehicle the only sure fire way to deter thieves from taking your vehicle. "" So the question is : How is installing ' Trunk Monkey ' in YOUR vehicle going to deter thieves from taking MY vehicle ? RIDDLE ME THAT greymann1384 - I would suggest that you undertake an extensive reading program to better educate yourself - study English and LEARN HOW TO ACCURATELY DESCRIBE what it is you are thinking about - AVOID AMBIGUITY AT ALL COSTS. Learn to write accurately. It is not that difficult for the educated people - but not so easy for peasants ( commonly known these days as Citi-Zens )
@@andrew_koala2974 Thank You Ken For replying, can I call you Ken you seem to be a person who would be called a Ken and may I suggest Ken that you research What levity is. Also my writing skills may not be on par with your Superb Standards of the English Language I commend you for reminding the rest of us lower classes of your Superiority and Intellectual Prowess that you possess, I hope you have a wonderful day and also lest I forget say hello to KAREN for me.
A hacksaw and 20 seconds to cut the steering wheel takes care those. There is a hollow metal tube inside the steering wheel that is simple and easy to cut and the device slips right off. Your best bet is a hidden kill switch. It only costs a few dollars and 20 minutes to install. Cutting power to the ignition or the fuel pump won't allow them to start the car.
All the possibilities messing with cops vehicles, as they are trying to get back in their vehicle to chase you, while your buddy, "transmits" from his radio
My work has a scrap yard. One day about a 92 towncar came in. Wasn't too rusty and had really nice condition leather interior. Person scrapped it after buying it due to the quote for the work required to pass a safety. They put the forks of the loader through the windshield before I saw it. Man I was pissed
There is a specific auto gate manufacturer out here who's fobs are also able to block vehicle fobs from operating. I always, always stand at my car to check that it's locked, not only that, but, most modern vehicles are able to unlock only the driver side door without the others, a double tap opens the rest, I've had to educte people here as to why they should rather enable and that feature, if not, you may find yourself at gun point inside your car from an uninvited passanger...
For my car, I use the old fashioned "press the lock" when exiting. No fob necessary for locking. (The car will check for a fob inside the car and unlock to prevent an accidental lockout.)
The faraday pouches do work or at least the ones I have from amazon, that I got four years ago when I got my vehicle. I also got a good quality steering wheel lock so any potential thief has to get past that in order to drive off. Just a few days ago I found that bluetooth can reach over 50 meters, I was at one of these parcel boxes at the local super market and had trouble with the QR code so rang the number, my wife was in the car and had the radio on and when I dialled the contact number I heard the phone ring from the car as my phone was still linked to the car even at 50 odd meters, so any car that uses a blue tooth app is really vulnerable.
Very interesting. Seems to me like older cars that have rolling codes but the keyfobs don't receive a signal from the car are more secure. I always felt uncomfortable with cars that auto unlock when you approach them. My OCD makes me check the door handle multiple times so I know it's locked.
If my key and mobile phone are close together, IE in the same pocket, and then the car will not start, so I always keep them close to each other when I am not using the car
I think that the challenge from the car to the key is on a different frequency (150khz?) much lower and low power to limit the range to inside the car, the signal on the tinysa is the response from the key to the car. Also my Tiguan disables keyless unlocking by pressing lock on the key followed by a touch on the lock point on the door handle. VW have introduced a movement sensor in latest keys that put them to sleep when stationary for a period of time so they cannot respond to this type of attack.
Interesting to see someone do this with an HT. There are a number of products on the market that people can use for this beyond the Flipper. It is fairly well known that most devices work on the same frequencies and often use the same modulations. Simply put, radio, wifi or BLE security is a farce. Awesome video. 👍
The Flipper is an over-rated expensive toy, no one that buys them ever knows what to do with them when they get delivered. They copy their own office access cards/fobs, read a credit card which they can't use from the flipper, maybe clone a garage door opener, that's it. I have never seen anyone use one for anything remotely interesting. They are handy for testing, that's it. Definitely not used in car thefts.
@@Bond2025 people have created a panic around the Flipper. Between ignorance and fake videos people drastically overestimate the threat it poses. It's actually been a fantastic tool for bringing awareness to our lack of security. The latest claims are that BLE spam can interfere with critical medical devices like pacemakers and insulin pumps, things that shouldn't even be possible with approved medical devices. With coding knowledge and add on boards it's capable of alot but the worst I've seen is temporarily disabling iPhones due to their poor protocols. A flaw which I believe they've claimed to have fixed.
Capturing a signal from a fob and replaying it may de authorize / unsynced you fob that may have a rolling key. You will need to take your key and get it reprogrammed...may need to get the car towed at a dealer also. Most of these attacks are for high valued cars.
Brilliant info. I think I'll go out street shopping for a new car tonight.😂 I didnt know of this antenna gain attack. My keys are far away from the car but I recently bought those pouches, I must try them out.👍🍻🤠
Probably due to 70cm hams, we’ve had an intermittent and infrequent issue where the car will not respond to the fob. This can last from a minute to best part of an hour. It dates back almost 20 years, starting with a Kia Carnival and continuing with a Micra. At one time we thought the receiver had failed only to have it start working again several hours later.
There is a lot of RF junk in the 433 MHz area…fobs, door openers, tire pressure sensors, military, etc. the sporadic transmission of hams isn’t going to be a 20 year long cause.
I had a car that you could remove the key from the door with the lock barrel not fully returned home, meaning it would Unlock with an ice block stick. But with our sort of gear could we not block multiple vehicles over a wide area? Then we can go into business selling car alarms that work😂!
MBs newer key fobs deactivate after a few minutes and wake up with motion to help mitigate this. Also, MB fobs since the introduction of keyless entry have been bale to be "deactivated" by double tapping the lock button on the key fob. This puts the remote to sleep and will only strat to transmit once a button is pressed on the remote to activate it again. Unfortunately most owners dont know or utilize this second feature.
Which firmware is that? I appear to have the same one but under the frequency number (when in scan mode) I don't have those three series of 4 digits. And it doesn't reliably lock in to my key fob signal. Either I have a slightly different firmware or I need more info on how to operate that particular firmware properly. lol
Fit an ignition switch from an old model on the steering column from an earlier audi , the steering shaft , and column assembly is the same , since you are only using the mechanical lock it is fairly easy .
I think you should always have some sort of physical security as well Such as a disklok. Also trackers are cheap these days so have a few fitted. But usually if the scum want something they'll find a way of having it. All you can hope to do is slow them down
Make your own using an old mobile phone, very effective, live tracking...hide it anywhere. Commercial ones fitted by lazy installers always go in the same locations, so get ripped out after being blocked.
Great video, but I think you missed one of the attack scenarios - they will typically use something to block the signal, as per the start of your explanation. When doing that, they can then sniff the alarm fob when the person tries to unlock the car and store it for later (multiple unlock codes are valid at the same time). They will then follow the target vehicle and wait for it to be parked up and locked, then use the saved code to open the car. They then don't have to damage it and just need to get the car started.
The best defense that I know of is multiple immobilizer buttons, that need to be pressed in a certain order or together. These buttons can also be hidden or visible in plain sight as regular car buttons.
In my experience, the car communicates to the key on a low frequency. Usually 125kHz. The key fob to car is on ~433.920 MHz Inside your car example, what you're seeing on the TinySA is the key fob answer the challenge back on UHF. Run a sweep on 125kHz and you'll see the car call the key. 125kHz is used because it's easier to receive by the key than 432 MHz. The 125kHz is received by a passive diode envelope detector. Important given the key fob is on a tiny battery. 👍
Interesting info George thanks. I did wonder after posting this and thinking on it a bit because like you say you only see one pulse on UHF when you press the start stop button. I will run a sweep at 125khz to see for myself. This seems to make sense because I have seen other videos of these attacks where one thief has a large wire antenna, presumably that's connected to a RFID transmitter with a bit of power behind it! Love your videos by way. I particularly liked your 23cms experimentation I saw somewhere. Very cool!
I have a 2023 Kia Telluride and "I think" its beaten the odds. Yes, it has all of the vulnerabilities of the key fob you outlined...but only IF you use the keys...which I don't (they are stored in my home in a faraday box that I have tested and it works). . I put the digital key on my cell phone, which works just like a contactless credit card/RFID communication. So ultra short range and its only active when the key is displayed on the screen...which is even safer than credit cards which can be activated at any time if someone got close enough to you. The car unlocks when you have he key displayed on your screen and touch your phone to the door handle. To start the car, you have to place the phone in a certain position while the key is displayed and voila the car starts. Short of hotwiring the car (if thats still a thing) or breaking into my home and taking the actual keys that I never use, I don't see a way they could steal my new Kia Telluride...though I guess this is my chllenge to Andy to see if I am being overly bold in my positivity. :-)
Just hit my mind... 400mhz? Like a LoRa board would use (LOngRAnge low bandwidth radio trancievers) Not to give anyone ideas on what to use Arduinos or esp32s n LoRa boards for.. Just... Está es muy interesante ¡Habla con un abogado!
Always watch to see your indicators flash when leaving the car after setting the alarm. Fit an independent "Thatcham grade 3 alarm system" to the car your insurance will be lower and the car will not be able to be driven away. The alarm will also sound depending on how set up if the door is opened after a short delay if not disarmed separately. Even in a workshop very difficult to remove the alarm system even for an auto electrician talking hours!
Empty Smash tubs are good for sheilding the signal of the fob. Although some foil under the lid as it's replaced gives total sheilding. I know it's messy but it works. My little lad made me one and decorated it. It's pretty cool really.
The car should transmit a random code that's encrypted so that the keyfob can decode it. The keyfob then sends the same code back to the car re-encrypted so that only the car can decode. Problem solved. The car and the keyfob would require one time programming at the dealer to share each other's encryption keys. It's amazing how little the manufacturers will do to thwart auto theft. Shaking my head. Thanks for bringing this to our attention Andy. People should keep their fobs in Faraday bag at home as a mitigation measure until the manufacturers can figure this rocket science out.
Like a radio is needed. Nothing is needed. The thief watches you get out - filling station, blah blah - people seldom hit the "lock" button - they walk off with the "key" in their pocket. Thief sits into car & just waits. Owner walks back, coffee in hand & is shocked to see someone sitting in their car. Taps on window.. Key is within range. Thief presses start button, drives off. Bye now. No tech required - the tech crap can be leisurely done in some hidden garage before the vehicle heads off abroad. The "key" can be reproduced easily using readily available kit. The solution is to get someone like me to wire in a hidden kill switch that you hit religiously every time you leave your vehicle. One lo-tech button. Unless they have a tow-truck, they're going nowhere when that switch is off. EVERYTHING else including fancy immoblilisers is just kidding yourself as the thieves have figured them all out ages ago. Looking for a hidden kill-switch is a ball-ache - so they go take easier prey.
That ^ is just one version - the rest use signal boosters blah blah - same same. If a crucial system is not getting power, the cars not moving - which is the power of old-skool kill switches. "Keyless" has a safety feature that prevents the car stopping if key communication is lost - if the key is present it will start & not stop till the "stop" button is pressed. That's an invitation to thieves - if they leave it running as they refuel, they can run that car without a key for ages. Fit a kill-switch & hide it real well - but make it easy to press so you use it. Thank me later./
Hmm.... I'm not really talking about glorified car jacking, car jackers wont get far in this country at least with cameras everywhere and ANPR... the majority of serious car theft is done at night when the owner is unaware, container waiting at a nearby port and the car is shipped to another country before its even noticed. This is very stealthy organised crime.
Thanks for an interesting and enjoyable video... Yet again we see "another" example of the eternal struggle between convenience and security... And as is almost always the case security looses out...... How much extra do I have to pay to make my car only open lock and start using the physical key ?? (and Yes I know that "key locks" can be easily picked, but I'd still prefer and trust it more in today's "climate") Best regards. :)
its worth noting that some cars with rolling codes are vulnerable to replay attacks so long as a valid code has been captured' and that code has NOT been seen by the vehicle. this is why jamming is so effective. By jamming the fob, and capturing the code, then letting the next code hit the car, the previous code is not marked invalid. so now, all that is left is to replay it. I personally lookup the fccid of a device first because that will tell you what frequency it works on.
Many modern car key fobs use rolling code technology, which generates a different code each time the fob is used to unlock the car. This enhances security by making it more challenging for potential intruders to intercept and replicate the signal.
A rolling code blocks sophisticated replay attacks yes. But the simpler idea is for the attacker to jam all remote locking and watch for those car owners who don’t check to notice that their remote locking attempt has failed. A rolling code doesn’t help in a simple jamming scenario.
@@laulaja-7186 To prevent attackers from blocking car fob signals, manufacturers often implement anti-jamming technology in their keyless entry systems. This technology detects interference and adjusts the frequency or signal to avoid potential disruptions.
@@laulaja-7186It doesn't really block them. The car has to have multiple codes active at once (else an accidental press of the button would mean the car and fob were out of sync and you'd no longer be able to unlock the car). Thieves know this and will jam the car so they can capture a working code (as you press the button multiple times to unlock it). They then let you open and drive away the car, follow you and wait for it to be parked - then replay the earlier saved code (which is still active in the car) and drive your vehicle off.
simple way to prevent this. Drive a car with no remote entry or start features and no CAN bus. Basically drive something at least 20 years old, if your car has nothing to BE hacked it can't be.
My recommendation would be to keep the key fob in a lead container when not in use. But you have covered that with the metal box mentioned in your vid.
On our dodge caravan, you have to actually be pressing the button to get it to unlock. But this is scary though because even my baofeng uv5r could theoretically be used to jam the key fob.
I guess the center frequency is 433.92MHz, as it is the ISM-frequency in EU for this band. Which however in fact is a ham band, where ISM is secondary users. I tried to listen to 433.92MHz in AM, and could hear all the weird signals in the morning when people went to work :)
They can't complete the 2nd half of the attack if the key fob has FobBlocker installed. It wraps around the coin battery of the fob and shuts off the fob when no movement is detected (on the onboard accelerometer). And when you shake or move the key, it "wakes" up and allows the battery to power the fob. It stops thieves from copying the signal when the key is at rest. So you don't need to use a Faraday pouch.
On VW with keyless entry, if you lock the car with the key-fob lock button, then touch the dimple on the door handle within 5 seconds, it disables keyless entry until the next time you unlock the car (using the unlock button on the key fob)
Porsche keyfobs (at least newer ones) allow you to press lock and unlock together and a red light will flash. This will disable the transmitter on the key until next time one of the buttons is physically pressed, which is great for overnight at home etc.
Leyton should have a sleep mode. It’s quite easy to implement. If you can have gyros on a drone FC & game pad then why not in a key fob!? Basically a few mins of inactivity and it’ll shut down its ‘request packet’ what do you think?
As a security specialist, I get calls from high end clients such as major hotels who seem to manage to lose 20 customer vehicles at a time and the fix is actually cheap and easy. I always recommend Mylar Ziplock baggies to put customers car keys and key fobs into once the vehicle is parked but getting their employees and business to use this effect tool is another story in itself, meaning, trying to get their valet parking attendants to use these Mylar baggies and tagging the outside of these baggies with the vehicle info is time consuming and I understand. So a real simple fix is rather ingenuous, just simply cut off the AC plug in cable from a discarded microwave oven seems to do the trick for most vehicle alarm systems so the vehicle and the key fob can no longer communicate with each other and can’t be triggered by pulling on the vehicles door handles either. Sometimes the solutions to big problems are rather simple. 👍
@@honestlocksmith5428 Would be good if it was on topic. I’m retired from government work and mostly do easy stuff in the private sector that makes a few more bucks. Nice try…
Faraday pouches don't work, the fabric wears and the pouch ceases to prevent radio communication. Best bet is simply a metal box that closes fully. I'm not sure, but wrapping the key in metal foil may also work as long as the key is completely wrapped.
My 2007 RS4 as well as my 2004 S4 both keep me out...radio keyfob wise. I have to use the actual key in the keyhole and open the door on both. Local shops haven't been able to make me replacement keys and program these for my car. Yet, the theifs have little trouble it appears by your video. Of course I can go to the nearest Audi dealer and get raped money-wise and get new replacement keys that will auto lock and unlock my car - which I'm stubborn enough to resist. You have pretty much shown the in-effective nature of most anti-theft systems for sophisticated car thiefs to me. I'm a testimony to the fact these systems end up causing owners like me grief, either because the owner can no longer use the electronic lock/unlock keyfob feature, or simply because the car can be stolen regardless. With all of the tech today you'd think there'd be a better system that is both owner-friendly and robust enough that the car theifs have to go back to other means of criminal activity?
Thank you for this informative video. My car, with keyless entry and push button start, was stolen at night even though both of the keys are always far from the front of the house and in Faraday pouches. Could the signal to my key have been scanned by someone (or a team) whilst I was out, for example at a supermarket or even in traffic? What then happens to these stolen cars if they are not able to be restarted after the thieves have turned off the engine?
I have tested a pouch, cant verify all on ebay wirk but the one i got does. Fairly low tech so youve been proper scammed if it doesnt work. Same with rfid blocking sleavea for cards, they work too. Rolling codes wise, Subaru's (used to, been a while since we i was researching this) incremened the code by one. You you could convert the transmission to binary then denary and workout the next cide easily.. or brute force from the code you caught very quickly.
Andy great you have a TT in your garage to test this. Our TTRS 8J 2010 may be more secure as it does not recognise and unlock if close outside with keyfob. Also its a 6 Speed MANUAL! ;-) Not sure many crims here know how to drive a manual I recon! Anyway will get out the trusty V3 SDR on the laptop and see what we can find out. Maybe a Steering Lock for Xmas!??
I've also seen a video of a guy hacking his own car...to learn and figure out the operation he was intending. He was able to control certain functions on his car remotely. He was using a SDR transmitting to his car's computer as if it were the car's TPMS Tire Pressure Monitor Sensor since it then communicated by wire to the car's computer. He had a friend drive his car slowly, like 10-15 MPH, while another friend drove another car pacing his car while he was a passenger using his laptop and SDR. He was able to do things like turn on the windshield wipers, turn the headlights on and off, etc. (not steering or braking)
This was all possible via the OnSTAR system in GM cars, once in to that you could do anything, so could the control room, law enforcement used to listen in on criminals cars and get GPS data. Cars could also be speed limited, have faults introduced and were ready for the Pay Per Mile system we are getting this year. The engine could also be shut off if the car was stolen and emergency services called if it crashed. Other makes have similar systems and it means law enforcement can bug you without going near the car. It used to only be done when the car was taken in for a service.
My old (06) Lexus fob has a inbuilt feature so that the transmitter signal can be turned off completely. initially designed to save battery power when not in use and nowadays makes a nice little security feature.
My Audi uses keyless entry and also has folding mirrors. Why are the mirrors important? Good sign it’s locked if you see them fold and the indicators flash … and I have a faraday pouch and it’s extremely effective. Even with the key only partially in the pouch, the car won’t unlock or start. In contrast, using a metal tin didn’t work, so my key goes in the pouch and the pouch is kept well away from the door and front of the house
Im thankful my 2012 Audi doesn't have keyless ignition or keyless entry at this point, the key has to be in its hole in the dash for the car to start. Great video, very insightful.
You can use a faraday box to avoid all this misery. They do work. You can test this by putting your phone in there and watching the bars go down progressively. When you open the box, it should have a very weak / no signal
Putting your keys in a metal box works really well, just don’t forget about the spare key. If you don’t want to keep it in the same place then wrapping it in a couple of layers of tinfoil works just as well.
It never ceases to amaze me that vehicle companies put so much time and expense creating such technologically advanced cars, but with a key entry system that is about as secure as a wet paper bag.
Good for the market. The (ex)owner will buy a new one.
It could be mitigated to a degree by reducing the range of both the car's and key fob's to say 20 feet. There's really no good reason to be longer than that.
Or better still, simply just open the car door with the physical key. You have to walk to the car anyway so no time is lost! I guess it’s because even that is too much effort these days!
@@timlc its kind of a big deal if you have kids and hands full all the time
Well, as a software engineer with security as my main field; there are ZERO education in proper secure design of digital locks when you educate yourself as a software engineer at tech universities. Zero! But the entire world expect you to be a security genius as an engineer. So all these security-illiterate engineers end up being “creative” and make up their own horrendously bad security solutions that only keep themselves out. 😂 fun fact to scare you even more: 100% of all digital safe locks in the entire world can be opened with a factory master code. I know this particularly well, because I developed the world’s first tempest-certified timelock-system for civilian safe-locks to prevent illegal covert governmental level
Abusive break-ins done by corrupt cops and corrupt intelligence agents targeting innocent civilian wealthy people. This project has been a big eye opener for me in many fields.
The world you live in is not as secure as you might think it is. 😂👍❤️
It's criminal that car makers don't put motion sensors in the keyfobs to disable them when sitting idle - would cost peanuts and eliminate relay attacks. Some makers ( VW I think) do some fancy time-of-flight stuff to check response time to prevent relay attacks.
That would be a good solution.
@@andykirby Stolen cars go to Africa etc. Insurance pays for a new one to go to the UK. Helps the car industry.
@@andykirbyFord do!
good points, well presented! 👍
Later BMW and Mini fobs have the motion sensor in the key, articles reference this around 2019.
your videos are getting more and more informative and interesting as time goes on. I really look forward to your next videos especially these radio related ones. You've got great knowledge and know-how and you're teaching us all. Absolutely superb stuff!
Pity that the right- wing sometime mis-use it to push their agenda?
I highly recommend a good quality Faraday pouch. I'm a mechanic and use them when working especially on hybrid or electric vehicles as you don't want an engine to start when you've drained down the oil or your fingers are in there. And you really don't want a 900 volt EV coming online. I always check the ignition switch with the key in pouch within the vehicle to insure it can't be detected.
You should disconnect high voltage lines before working on EVs.... as a mechanic you should know this.
No reason to do a master disconnect to change the oil tho
The word is actually "Ensure"...not "Insure" in this context...You`re welcome.
For anti-theft - Take the fuse out that provides power to the diagnostics socket, not many people carry a 12v battery about to power up their controllers and programmers. MOVE the diagnostics socket to a different location by extending the wires.
Or you could replace the OBD2 socket for a completely different type, like an old parallel port connector off a computer (providing you have plug and socket) and make an adaptor with a plug and short lead going to the original socket. People trying to pinch the car would be going WTF! They would find some random connector and not have a clue which wire was which. You could also use a multi pin circular type.
You can give the garage the small adaptor for services etc, then they can plug it in and put the OBD2 plug in the other part of it.
Then I would fit a hidden switch connected up to one or more electrical circuits like the fuel pump and starter circuit.
Anything to slow people down. Modern cars can be taken within minutes, even without keys. Sites sell everything people need apparently.
@@mjh5437 *you're welcome. You used a 'grave' accent instead of an apostrophe.
I always say, if something is made more convenient for the punter, then it's even more convenient for the crook. Great vid. Love the kit.
Easy (and effective) cure, hide a kill switch in the car to disable the starter. The only way the start button will work even with a relay attack is if they 1. KNOW about the kill switch, and 2. Know where it's hidden.
They might still be able to GET IN your car, but it will still BE THERE when you go out the next morning.
You COULD get even fancier and ad an alarm relay to the start button, that's active when the kill switch is on that will let you know someone is attempting to take it. Then you let your friends Smith and Wesson take care of the rest.
Previous owner of my old audi installed a kill switch, that allows engine to start, and kills it after about 30-60 seconds with alarm, if you don't push a hidden button. It honks before to remind you. It starts working each time after closing any door, even if engine is already running. In case of carjacking it allows supposedly armed criminal to drive off, leaving you safe. I think it was banned some time ago, because of stopping engine while riding. One can still park with momentum though, it doesn't brake.
Haha! The loose damaged battery connector in my old car used to serve exactly that purpose. Stealthy secret smart high tech kill switch.
so like a 2 way switch that sends the power to the horn every time they hit the start button instead of the starter :)
I used to work for a small company which made kill switches that also required a 4 digit code which you could input via any designated switch in the car, or optionally by a hidden switch. If the car was entered and the code not input within 2 minutes, a sequence of events would start which was designed to disable and then draw attention to the vehicle in some very public ways.
Nice one Sir. I'm writing this from the inside of -your- my Audi while listening to 20m on my new 7100 😉
Crime does pay.
I was always told that locks only stop honest people and if they really want it, they will take it.
The only thing you can realistically do is to make it very obvious that it will be more difficult to take, these people don't like wasting time.
yep i also use a steering lock as a visual deterrant even though i have an immobiliser and tracker.
@@JamesWilliam70 sometimes a solution could be free, effortless, and relatively quick...pull the fuse for the fuel pump. Car won't go without any gas supply.
Most often crimes are opportunistic. If your door is unlocked then there's a much higher chance of something being stolen versus them breaking a window to get in.
That is exactly right:
locks are only there to stop honest people
When and IF some'one' wants to get in - a LOCK will not stop them.
Locks did not work on chastity belts either.
One reason why DNA testing fro family connections is totally invalid and useless
One does not know who had s-ex with whom and when.
Just be thankful for being alive - Leave the past behind.
The same applies to hacking, everything is hack-able, you just make it as hard as possible so it's not worth the effort
Our local ham repeater was moved frequency to avoid jamming cars! We've now got a new 9 MHz split, and we added a notch filter on the TX for 433.920 MHz (ISM band centre) to help.
Haha that's interesting 😁
There were some MOD buildings blamed for blocking entire roads of garage door openers!
You got the relay attack details slightly wrong. The car transmits on 125kHz, and it is this signal that is relayed to the portable antenna, The keyfob receives this and then replies on 433MHz, which has plenty of range to get to the car as it's also used for the keyfob pushbutton modes. The reasons for using 125kHz are that the range is limited and very predictable ( limited to area around doors and driver seat), and it can be received with near-zero quiescent power draw in the fob.
I don't think that's correct as why would there be a challenge & response visible on the keyfob UHF frequency when you press the start/stop button? I do know my car also has a method to start it using RFID but you have to hold the keyfob very close to a section on the steering column in order for it to energise.
Passive 125khz RFID has a super localised range of maybe 10cm, that's not what's being used here. I find it hard to beleive its possible to do a long range passive RFID scam because the transmission distance of the fob is so short, it could be possible thiugh, I have seen videos of thieves with a very large wire antenna. In my car though it is active RFID which is in the UHF range.
Passive RFID I think is used in cars that have a physical key inserted into the ignition,, then that key by nature can be very close to a reader all the time as it remains in the ignition.
@@andykirby What you are seeing when you press start/stop is the keyfob's 433MHz response ( possibly duplicated)
Yes, normal car immobiliser keys are passive RFID but keyless entry systems are not - they use the same frequency but a larger antenna than the coil round the ignition key, and active receiver in the fob, which returns a signal via 433MHz UHF.
125kHz with a moderately high transmit power available from the car battery plus an active receiver in the fob can easily do a metre or so - cars typically have at least one antenna at each door & boot, and at least one around the drivers seat.
The fob uses an inductive antenna (often 3 coils at right-angles to each other) tuned to resonate at 125khz, which can produce enough voltage directly from the received signal to wake the fob's control chip without any active receive power draw when idle. It is not practical to make a continuously-listening 433MHz UHF receiver running off a fob's coin cell - it would draw too much power for sensible battery life.
The backup starting method does use conventional RFID - the chip in the fob can act as a passive RFID transponder if the battery is flat.
Understood, useful information thank you.👍🏼
@andykirby It's important to note that information on this topic can vary by manufacturer and by the function being performed. IE, opening the door using the fob vs starting the vehicle.
There are some interesting vulnerabilities in fobs and the replay and relay attacks require zero understanding of the vehicles security system and only operational knowledge to carry out the attacks.
Having said that, the popularity of the topic of car hacking is growing due to flipper zero videos. Once they know what people in my profession know, vehicle theft will be a lot worse.
Had a faraday pouch. It worked for a bit but then it started to let the key fob signals through. So had an old tin , lined it with tin foil and that works 100%
What brand was that? I would hate to get one, test it, be confident it worked then find out it degraded and wasn’t blocking.
Your faraday pouch story is BS.
But that won’t stop the transceiver attack !?
@@BitsofSkinI keep my car keys under my foil hat!!.
@@BitsofSkin No it's not mate, get up to speed.
Many years ago I was at a rave and wanted to get my coat because I was getting a bit cold. In in the state I was in, I managed to open three other Mini Metros before I got the right one. I still had the ultimate deterrent though: a car that no one would ever want to nick.
Hey, it was good enough for Diana Spencer. :D
There are only so many key cuts used. Probably with worn key or tumbler ones that are close might even work. They make "tryout keys" for automotive applications which are just a bunch of different key cut patterns. Sooner or later one of them will probably open the lock.
… priceless! Taking that idea one step further, my old jalopy used to have a damaged battery connection. Not being familiar with the car, a thief would be unlikely to know that this “dead” car just needed to open the engine compartment and shove that battery connector back on to start.
Jesus, I had the ultimate anti-theft one, beige with rusty red fabric interior, HLS trim with a massive 1300cc engine. It was a good car in it's day as a first car, 155/65 SR12 tyres!!! ( I think). I had to replace the head gasket, went through numerous sets of front brakes, all 4 gas suspension units and connecting pipe at the rear, then the two radius arms "fell off" at the back and the rear bearings fell apart - it was a fun car, but also cheap to fix. The slimline 12band graphic EQ and 4x40Watt booster from Dixons and the Matsui 3 way shelf speakers were pinched and they left the car!!! I had even fitted a centre console with a radio, EQ and booster and tape holder in! They left my Ham International Multimode 2 that was under the switches on the right hand side, but broke the steering lock, surround and ignition switch as I think I disturbed them. The door lock had been "removed" or punched through in to the inside of the door.
@@Bond2025 well at least if you got a puncture you could likely find a new tire in the lawn and garden section of a store
This criminal jamming action is absolutely off the scale in South Africa. There is actually warning notices on all the walls of all the shop car parks .
The crims are always looking to remove the car from your possession day or night.
Yup, just said that to another person here who said Andy just taught the theives something new.... Some people are very ignorant in their little bubbles.
Banana 🍌 people
Car companies could use South Africa as a testing ground.
The assailants from the 2021 "CIT video" from Pretoria were using cellphone jammers, that's why when Leo Prinsloo told his partner Lloyd Mthombeni to "phone Robbie, phone Josh", he couldn't get through.
I bet especially some demographic group in particular does that...
A pad with a few thousand volts on the door handle is also an effective deterrent. Don't do it though - it's illegal (or make sure you have an effective way of disposing of the smouldering trash afterwards!).
Thanks, Andy. Good tips.
Another great video. I have just purchased a brand new car today and will be having another Pandora alarm fitted asap. They are brilliant alarms but my installation can't be done straight away due to no free appointments. I purchased two Faraday cases from Amazon and they do work even standing next to the car. They are worth the £6 they cost for 2. But you can't beat the alarms.
The type of alarm you need is the one with the immobiliser that is programmed using switches in the car, so when you get in, to start it you pick a combination such as - left indicator, rear demister, right indicator twice and A/C button BEFORE it will then start the car! No one can guess the combination or start using OBD2 to get the info etc.
I miss the days of a slide hammer and screw driver
I miss the days of the pillory
a straightened out wire coat hanger! 👍
@@C...G...With the top corner of the door slightly bent... Apparently 😉
Dang! 😂😂😂
@@k1ortia yrs yes, bent out using a small plastic wedge... apparently! 👍
Security has come along way since a half inch vanity case key could open and start my Cortina from long ago
I had a Peugeot 405 with a chinese lock, since previous owner lost the key. It had no steeringlock anymore, I could start the car with a coin....
I learned that when suddenly my keys fell to the floor when I was driving. I hadn't seated it far in enough to let some pin to hold the key in.
A penny will open most old fords 😅
Any Cortina key seemed to open most other Cortina's
This does not only apply to cars. I was fitting CCTV to my house and using a Baofeng uv-5r to call to the wife who was at the monitor to ask if it was aligned correctly, the radio knocked out the the recording box and had to be restarted each time...
I suspect that was from a different issue, like RFI, just good ole plain interference....doesn't have to be on frequency, like lightning. That coax cable for the CCTV cameras acted like an antenna, especially for a "dirty" modulated radio like a Baofeng.
maybe some interference, however you have to be also wary of deauthing on wifi CCTV.
When these key fobs were first introduced there were many incident where car parks that house a 70cm repeaters had reports of cars being un-lockable because of the repeater. Silly frequency to choose for key fobs.
I can see that totally.
When Lothian and Borders police first went to Airwave, there was a spate of cars (Rovers and Metrocabs) that if switched off near the police HQ, wouldn't restart unless you towed them a mile or so away. Those used to use the alarm to immobilise the car, rather than the LF/RFID stuff that's the norm now.
@@Ayrshore I can see that happening if there was an AW base station on the roof. Although in a different part of the spectrum, there would be enough power to swamp the basic receiver for the immobiliser.
@@davidjowett8195 Exactly. The receiver in the Lucas stuff Rover Group used was garbage.
I used to get locked in and out of a Land Rover going to one PMR site in Wales, the RF was so strong on UHF it swamped the car!
Greetings from the US , I have tested the faraday pouches and they do work. they make them with pocketbooks , purses and wallets as well to protect credit card chip readers as well.
One thing I did is installed a aftermarket remote relay and put it on my fuel pump module b+ and hid it the the car so I can cut power to the fuel pump. so they might get in and start my car but its not going to drive anywhere and now the are sitting there with a disabled car and most likely want to flee very quickly . Next up , I think I will in addition cut power to the receiver if possible while leaving the alarm active ,so the car will not talk at all .
One night my car was parked away from the cars in the supermarket parking lot and a couple of guys parked next to it . I remote started it which change the code on them and they seen me coming and drove off , that's what started this project for me . another min and my Corvette might have been gone.
Everything that exists that was designed to be accessible in any way at all, is hackable. There are no exceptions.
Andy, this was news ten years ago. The car makers all denied it. Then they formed a 17 manufacturer group to investigate solutions. That was over six years ago, and they've done nothing yet.
Rolling code technology was in widespread use ten years before these hacks--but never used by the auto makers.
Mercedes used to make at least one model where the key fob had to be inserted in the dash to start it, because that was a separate infrared coded system, like a tv remote.
Andy - you need to beg, steal or borrow and review a HackRF + Portapack! What the Flipper gains in portability the HackRF surpasses in flexibility. I just know that this beast would be right up your street! Of course I would never condone illegal use of these but it is scary that a modern day "coat hanger" could be as effective if not more so - education is the key here as it empowers owners to become more aware and take precautions where possible. P.S Yes Faraday cages do work at medium range.
You still can't do much with the HackRF and Portapack, it's just a Flipper on steroids.
@@Bond2025 Le PortaPack H2 est principalement conçu pour travailler avec le HackRF One, qui est un logiciel défini radio (SDR) polyvalent
Where I live if you had your Audi stolen you would probably be happy!
lol
Yes, faraday pouches work very well.
My key is never out of it if I am not driving.
How about a 'very large one' and you could put your entire vehicle in it?
Just a thought.
It is possible to swap someones car too. You get a rental the same, swap the number plates and all contents with the target after getting a second set of keys made, and stuff the key under the dash. Any key will now start the car, and you report the car stolen. After a while the police will pull the person over and check the VIN which wont match so now the target has a LOT of explaining to do. Revenge.
Presumably they could send a 'wake up' from the car to the fob to get the fob into an active mode thats ready to phase-lock the challenge signal, then issue a challenge and get a response with very predictable latency... the car could then use phase discriminator to ensure there's a direct path with no repeaters. Perhaps that's not reliable in the ISM, but it's surely possible at higher frequencies. Perhaps in the 23cm band and above. Demodulating and remodulating does take a little time and introduces phase shifts - so I'm sure this could be a valid thwart for relay attacks.
I moved to spain 15 years ago. First thing i did was put an alarm in my car. Now i find it amusing you need one. I ocassionally forget to lock the doors at night here and dont bother to get out of bed if i remember.
I leave the shed door open most nights. Frequently go out for the day with the shed door wide open.
There are some advantages to not living in a country full of hooligans
I once visited a country town out in the middle of nowhere. We rode around with some girls. It was 1979. I forgot to lock my car. I said if we are going to be gone long, I need to lock my car. One of the girls said if you go back and somebody sees you walk over and lock the car and walk away the locals will take great offense.
I should have moved there now that I think about it.
@@dougtaylor7724 yeh i live in a small village, probably more like a hamlet, everyone know who everyone is, like there are literally 40 or 50 houses.
I have padlocks on the shed doors etc, but I literally never shut them, theyre just there to give the appearance of being locked.
I dont htink it would enjoy living in a city again .
Thats why i installed Trunk Monkey in my vehicle the only sure fire way to deter thieves from taking your vehicle. From the makers of Suburban Auto Group.
Growing up I used to love trunk monkey!!!
I ask the logical question after reading what you wrote:
And I quote : "" i installed Trunk Monkey in my vehicle the only sure fire way to deter thieves from taking your vehicle. ""
So the question is :
How is installing ' Trunk Monkey ' in YOUR vehicle
going to deter thieves from taking MY vehicle ?
RIDDLE ME THAT greymann1384
- I would suggest that you undertake an extensive reading
program to better educate yourself - study English and
LEARN HOW TO ACCURATELY DESCRIBE what it is you are
thinking about - AVOID AMBIGUITY AT ALL COSTS.
Learn to write accurately.
It is not that difficult for the educated people - but not so easy for peasants
( commonly known these days as Citi-Zens )
@@andrew_koala2974 Thank You Ken For replying, can I call you Ken you seem to be a person who would be called a Ken and may I suggest Ken that you research What levity is.
Also my writing skills may not be on par with your Superb Standards of the English Language I commend you for reminding the rest of us lower classes of your Superiority and Intellectual Prowess that you possess, I hope you have a wonderful day and also lest I forget say hello to KAREN for me.
A nice locking steel bar through the steering wheel helps, too, if they get in, they cannot steer it!
or they cut the wheel and replace it for selling the car, or they just sell the parts. A steel rod on your steering is lost after at least 5
seconds
A hacksaw and 20 seconds to cut the steering wheel takes care those. There is a hollow metal tube inside the steering wheel that is simple and easy to cut and the device slips right off.
Your best bet is a hidden kill switch. It only costs a few dollars and 20 minutes to install.
Cutting power to the ignition or the fuel pump won't allow them to start the car.
When I leave my truck in a forest and backpack for a few days, the fuel pump relay is in the pouch with the keys. Takes 20 seconds to pull out.
That was a good idea before the development of battery operated angle grinders with cut-off wheels. Those locks can be removed in a matter of seconds.
@@flyingdoctor99 some people let advertisements and media give them a warm and fuzzy feelings without using common sense.
All the possibilities messing with cops vehicles, as they are trying to get back in their vehicle to chase you, while your buddy, "transmits" from his radio
Ah, my old 1988 Town Car with its old fashioned metal key!
My work has a scrap yard. One day about a 92 towncar came in. Wasn't too rusty and had really nice condition leather interior. Person scrapped it after buying it due to the quote for the work required to pass a safety. They put the forks of the loader through the windshield before I saw it. Man I was pissed
my 2003 bmw still has a metal key, but was the last, one year newer and they changed to the fob. p.s. love your channel.
@@juliogonzo2718 If it wasn't wrecked and was complete that was a terrible mistake! Easily worth several thousand bucks!
There is a specific auto gate manufacturer out here who's fobs are also able to block vehicle fobs from operating. I always, always stand at my car to check that it's locked, not only that, but, most modern vehicles are able to unlock only the driver side door without the others, a double tap opens the rest, I've had to educte people here as to why they should rather enable and that feature, if not, you may find yourself at gun point inside your car from an uninvited passanger...
For my car, I use the old fashioned "press the lock" when exiting. No fob necessary for locking. (The car will check for a fob inside the car and unlock to prevent an accidental lockout.)
I’ve never owned a fob.
I use the key method.
The faraday pouches do work or at least the ones I have from amazon, that I got four years ago when I got my vehicle. I also got a good quality steering wheel lock so any potential thief has to get past that in order to drive off. Just a few days ago I found that bluetooth can reach over 50 meters, I was at one of these parcel boxes at the local super market and had trouble with the QR code so rang the number, my wife was in the car and had the radio on and when I dialled the contact number I heard the phone ring from the car as my phone was still linked to the car even at 50 odd meters, so any car that uses a blue tooth app is really vulnerable.
Ford developed a key that goes to sleep if there is no movement of the key. Simple ideas are the best.
Very interesting. Seems to me like older cars that have rolling codes but the keyfobs don't receive a signal from the car are more secure. I always felt uncomfortable with cars that auto unlock when you approach them. My OCD makes me check the door handle multiple times so I know it's locked.
Same
If my key and mobile phone are close together, IE in the same pocket, and then the car will not start, so I always keep them close to each other when I am not using the car
I think that the challenge from the car to the key is on a different frequency (150khz?) much lower and low power to limit the range to inside the car, the signal on the tinysa is the response from the key to the car. Also my Tiguan disables keyless unlocking by pressing lock on the key followed by a touch on the lock point on the door handle.
VW have introduced a movement sensor in latest keys that put them to sleep when stationary for a period of time so they cannot respond to this type of attack.
Interesting to see someone do this with an HT. There are a number of products on the market that people can use for this beyond the Flipper. It is fairly well known that most devices work on the same frequencies and often use the same modulations. Simply put, radio, wifi or BLE security is a farce.
Awesome video. 👍
The Flipper is an over-rated expensive toy, no one that buys them ever knows what to do with them when they get delivered. They copy their own office access cards/fobs, read a credit card which they can't use from the flipper, maybe clone a garage door opener, that's it. I have never seen anyone use one for anything remotely interesting. They are handy for testing, that's it.
Definitely not used in car thefts.
@@Bond2025 people have created a panic around the Flipper. Between ignorance and fake videos people drastically overestimate the threat it poses. It's actually been a fantastic tool for bringing awareness to our lack of security. The latest claims are that BLE spam can interfere with critical medical devices like pacemakers and insulin pumps, things that shouldn't even be possible with approved medical devices. With coding knowledge and add on boards it's capable of alot but the worst I've seen is temporarily disabling iPhones due to their poor protocols. A flaw which I believe they've claimed to have fixed.
Capturing a signal from a fob and replaying it may de authorize / unsynced you fob that may have a rolling key. You will need to take your key and get it reprogrammed...may need to get the car towed at a dealer also. Most of these attacks are for high valued cars.
This felt like a behind the scenes of a real life Gone in 60 seconds.
Try 30 seconds. Watch this YT video of 2 car thieves stealing a Mercedes with a SDR. ruclips.net/video/KlFPInFxjvY/видео.htmlsi=QYjSkM72TpCtfuoK
Brilliant info. I think I'll go out street shopping for a new car tonight.😂
I didnt know of this antenna gain attack. My keys are far away from the car but I recently bought those pouches, I must try them out.👍🍻🤠
Probably due to 70cm hams, we’ve had an intermittent and infrequent issue where the car will not respond to the fob. This can last from a minute to best part of an hour. It dates back almost 20 years, starting with a Kia Carnival and continuing with a Micra. At one time we thought the receiver had failed only to have it start working again several hours later.
There is a lot of RF junk in the 433 MHz area…fobs, door openers, tire pressure sensors, military, etc. the sporadic transmission of hams isn’t going to be a 20 year long cause.
More modern cars have a higher frequency band solution outside the ham radio band to avoid that specific problem.
Apparently the US and Japan use 315Mhz and Europe has started using 868mhz.
Pesky radio Hams
I had a car that you could remove the key from the door with the lock barrel not fully returned home, meaning it would Unlock with an ice block stick.
But with our sort of gear could we not block multiple vehicles over a wide area?
Then we can go into business selling car alarms that work😂!
You should always have the old fashioned KEY & LOCK as an alternative to this radio stuff.
Yeah that's why I drive a 2004. Doesn't even have power windows. It had a chip key but I epoxied the chip in the column so I can use a $2.50 key
@@juliogonzo2718 They probably don't really want your 2004...
Old fashioned Key and Lock cars get stolen all the time genius. What is your point...???
MBs newer key fobs deactivate after a few minutes and wake up with motion to help mitigate this. Also, MB fobs since the introduction of keyless entry have been bale to be "deactivated" by double tapping the lock button on the key fob.
This puts the remote to sleep and will only strat to transmit once a button is pressed on the remote to activate it again.
Unfortunately most owners dont know or utilize this second feature.
Which firmware is that? I appear to have the same one but under the frequency number (when in scan mode) I don't have those three series of 4 digits. And it doesn't reliably lock in to my key fob signal. Either I have a slightly different firmware or I need more info on how to operate that particular firmware properly. lol
I believe he's using the firmware labeled uv-k5-firmware-fagci-mod-v1.1.2-SSB-lite-test.bin
Someone replied to my comment but you seem to be sh@dow banned or something as your reply isn't visible.
Fit an ignition switch from an old model on the steering column from an earlier audi , the steering shaft , and column assembly is the same , since you are only using the mechanical lock it is fairly easy .
I think you should always have some sort of physical security as well Such as a disklok. Also trackers are cheap these days so have a few fitted. But usually if the scum want something they'll find a way of having it. All you can hope to do is slow them down
@@owenwilliams857 Every village has one........
Make your own using an old mobile phone, very effective, live tracking...hide it anywhere. Commercial ones fitted by lazy installers always go in the same locations, so get ripped out after being blocked.
Great video Andy and a nice demo again of the TinySA
Great video, but I think you missed one of the attack scenarios - they will typically use something to block the signal, as per the start of your explanation. When doing that, they can then sniff the alarm fob when the person tries to unlock the car and store it for later (multiple unlock codes are valid at the same time). They will then follow the target vehicle and wait for it to be parked up and locked, then use the saved code to open the car. They then don't have to damage it and just need to get the car started.
Criminals will be delighted to hear your advice......You think they don`t watch this stuff or what?
@@mjh5437 I know about it because the criminals have been doing it for decades, I'm not teaching them something new 😂
The best defense that I know of is multiple immobilizer buttons, that need to be pressed in a certain order or together. These buttons can also be hidden or visible in plain sight as regular car buttons.
In my experience, the car communicates to the key on a low frequency. Usually 125kHz. The key fob to car is on ~433.920 MHz
Inside your car example, what you're seeing on the TinySA is the key fob answer the challenge back on UHF. Run a sweep on 125kHz and you'll see the car call the key.
125kHz is used because it's easier to receive by the key than 432 MHz. The 125kHz is received by a passive diode envelope detector. Important given the key fob is on a tiny battery. 👍
Interesting info George thanks. I did wonder after posting this and thinking on it a bit because like you say you only see one pulse on UHF when you press the start stop button. I will run a sweep at 125khz to see for myself. This seems to make sense because I have seen other videos of these attacks where one thief has a large wire antenna, presumably that's connected to a RFID transmitter with a bit of power behind it!
Love your videos by way. I particularly liked your 23cms experimentation I saw somewhere. Very cool!
@@andykirby Cheers mate! My videos are junk compared to yours! Keep it up! 73 for now!
I have a 2023 Kia Telluride and "I think" its beaten the odds. Yes, it has all of the vulnerabilities of the key fob you outlined...but only IF you use the keys...which I don't (they are stored in my home in a faraday box that I have tested and it works). . I put the digital key on my cell phone, which works just like a contactless credit card/RFID communication. So ultra short range and its only active when the key is displayed on the screen...which is even safer than credit cards which can be activated at any time if someone got close enough to you. The car unlocks when you have he key displayed on your screen and touch your phone to the door handle. To start the car, you have to place the phone in a certain position while the key is displayed and voila the car starts. Short of hotwiring the car (if thats still a thing) or breaking into my home and taking the actual keys that I never use, I don't see a way they could steal my new Kia Telluride...though I guess this is my chllenge to Andy to see if I am being overly bold in my positivity. :-)
Just hit my mind... 400mhz? Like a LoRa board would use (LOngRAnge low bandwidth radio trancievers)
Not to give anyone ideas on what to use Arduinos or esp32s n LoRa boards for..
Just...
Está es muy interesante
¡Habla con un abogado!
It does not matter when electronics always have the small bits to hack. Awesome video
Always watch to see your indicators flash when leaving the car after setting the alarm.
Fit an independent "Thatcham grade 3 alarm system" to the car your insurance will be lower and the car will not be able to be driven away. The alarm will also sound depending on how set up if the door is opened after a short delay if not disarmed separately. Even in a workshop very difficult to remove the alarm system even for an auto electrician talking hours!
Empty Smash tubs are good for sheilding the signal of the fob. Although some foil under the lid as it's replaced gives total sheilding. I know it's messy but it works. My little lad made me one and decorated it. It's pretty cool really.
need key to turn off power to key or a disingage battery switch. like you need power on all night . when burgs most likely happen
A good video with some really good tips on how to help secure your car for those who didn't know about this.
The car should transmit a random code that's encrypted so that the keyfob can decode it. The keyfob then sends the same code back to the car re-encrypted so that only the car can decode. Problem solved. The car and the keyfob would require one time programming at the dealer to share each other's encryption keys. It's amazing how little the manufacturers will do to thwart auto theft. Shaking my head.
Thanks for bringing this to our attention Andy. People should keep their fobs in Faraday bag at home as a mitigation measure until the manufacturers can figure this rocket science out.
Ford’s new key fobs on 2019+ cars sleep after the keys are not moved for a certain amount of time
Standard practice in South Africa! ALWAYS check that your car has locked before you step away from it.
Like a radio is needed. Nothing is needed. The thief watches you get out - filling station, blah blah - people seldom hit the "lock" button - they walk off with the "key" in their pocket. Thief sits into car & just waits. Owner walks back, coffee in hand & is shocked to see someone sitting in their car. Taps on window.. Key is within range. Thief presses start button, drives off. Bye now. No tech required - the tech crap can be leisurely done in some hidden garage before the vehicle heads off abroad. The "key" can be reproduced easily using readily available kit.
The solution is to get someone like me to wire in a hidden kill switch that you hit religiously every time you leave your vehicle. One lo-tech button. Unless they have a tow-truck, they're going nowhere when that switch is off. EVERYTHING else including fancy immoblilisers is just kidding yourself as the thieves have figured them all out ages ago. Looking for a hidden kill-switch is a ball-ache - so they go take easier prey.
That ^ is just one version - the rest use signal boosters blah blah - same same. If a crucial system is not getting power, the cars not moving - which is the power of old-skool kill switches. "Keyless" has a safety feature that prevents the car stopping if key communication is lost - if the key is present it will start & not stop till the "stop" button is pressed. That's an invitation to thieves - if they leave it running as they refuel, they can run that car without a key for ages. Fit a kill-switch & hide it real well - but make it easy to press so you use it. Thank me later./
Hmm.... I'm not really talking about glorified car jacking, car jackers wont get far in this country at least with cameras everywhere and ANPR... the majority of serious car theft is done at night when the owner is unaware, container waiting at a nearby port and the car is shipped to another country before its even noticed. This is very stealthy organised crime.
Thanks for an interesting and enjoyable video...
Yet again we see "another" example of the eternal struggle between convenience and security... And as is almost always the case security looses out...... How much extra do I have to pay to make my car only open lock and start using the physical key ?? (and Yes I know that "key locks" can be easily picked, but I'd still prefer and trust it more in today's "climate")
Best regards. :)
its worth noting that some cars with rolling codes are vulnerable to replay attacks so long as a valid code has been captured' and that code has NOT been seen by the vehicle. this is why jamming is so effective. By jamming the fob, and capturing the code, then letting the next code hit the car, the previous code is not marked invalid. so now, all that is left is to replay it.
I personally lookup the fccid of a device first because that will tell you what frequency it works on.
To pull that off one would need to jam and capture at the same time which produces a new problem for the would be thief.
Many modern car key fobs use rolling code technology, which generates a different code each time the fob is used to unlock the car. This enhances security by making it more challenging for potential intruders to intercept and replicate the signal.
A rolling code blocks sophisticated replay attacks yes. But the simpler idea is for the attacker to jam all remote locking and watch for those car owners who don’t check to notice that their remote locking attempt has failed. A rolling code doesn’t help in a simple jamming scenario.
@@laulaja-7186 To prevent attackers from blocking car fob signals, manufacturers often implement anti-jamming technology in their keyless entry systems. This technology detects interference and adjusts the frequency or signal to avoid potential disruptions.
@@laulaja-7186It doesn't really block them. The car has to have multiple codes active at once (else an accidental press of the button would mean the car and fob were out of sync and you'd no longer be able to unlock the car).
Thieves know this and will jam the car so they can capture a working code (as you press the button multiple times to unlock it). They then let you open and drive away the car, follow you and wait for it to be parked - then replay the earlier saved code (which is still active in the car) and drive your vehicle off.
simple way to prevent this. Drive a car with no remote entry or start features and no CAN bus. Basically drive something at least 20 years old, if your car has nothing to BE hacked it can't be.
My recommendation would be to keep the key fob in a lead container when not in use.
But you have covered that with the metal box mentioned in your vid.
Fantastic Info Mate.
Just found ur channel thanks to Ringway Manchester 🙏
Cheerz from Down Under⚡🙏⚡
On our dodge caravan, you have to actually be pressing the button to get it to unlock. But this is scary though because even my baofeng uv5r could theoretically be used to jam the key fob.
I guess the center frequency is 433.92MHz, as it is the ISM-frequency in EU for this band. Which however in fact is a ham band, where ISM is secondary users. I tried to listen to 433.92MHz in AM, and could hear all the weird signals in the morning when people went to work :)
They can't complete the 2nd half of the attack if the key fob has FobBlocker installed. It wraps around the coin battery of the fob and shuts off the fob when no movement is detected (on the onboard accelerometer). And when you shake or move the key, it "wakes" up and allows the battery to power the fob. It stops thieves from copying the signal when the key is at rest. So you don't need to use a Faraday pouch.
On VW with keyless entry, if you lock the car with the key-fob lock button, then touch the dimple on the door handle within 5 seconds, it disables keyless entry until the next time you unlock the car (using the unlock button on the key fob)
Porsche keyfobs (at least newer ones) allow you to press lock and unlock together and a red light will flash. This will disable the transmitter on the key until next time one of the buttons is physically pressed, which is great for overnight at home etc.
Leyton should have a sleep mode. It’s quite easy to implement. If you can have gyros on a drone FC & game pad then why not in a key fob!? Basically a few mins of inactivity and it’ll shut down its ‘request packet’ what do you think?
As a security specialist, I get calls from high end clients such as major hotels who seem to manage to lose 20 customer vehicles at a time and the fix is actually cheap and easy.
I always recommend Mylar Ziplock baggies to put customers car keys and key fobs into once the vehicle is parked but getting their employees and business to use this effect tool is another story in itself, meaning, trying to get their valet parking attendants to use these Mylar baggies and tagging the outside of these baggies with the vehicle info is time consuming and I understand.
So a real simple fix is rather ingenuous, just simply cut off the AC plug in cable from a discarded microwave oven seems to do the trick for most vehicle alarm systems so the vehicle and the key fob can no longer communicate with each other and can’t be triggered by pulling on the vehicles door handles either. Sometimes the solutions to big problems are rather simple. 👍
Just disable PKE in the infotainment system.
@@honestlocksmith5428 Would be good if it was on topic. I’m retired from government work and mostly do easy stuff in the private sector that makes a few more bucks. Nice try…
Faraday pouches don't work, the fabric wears and the pouch ceases to prevent radio communication. Best bet is simply a metal box that closes fully. I'm not sure, but wrapping the key in metal foil may also work as long as the key is completely wrapped.
i read that they plug a device into the OBD port and create a new key there and then after using the relay attack to unlock the door.
LOL, as an RF tech I was interested in the content, but the highlight was your ending track :)
2:02 This gave me a giggle especially as you tickle your hood 😂…excellent video and very helpful to make folk aware..73’s
Andy, Are you a Paul Van Dyk fan ? Guessing by that ending song you've made, Yes... Love it... I want more 🙏👍👍👍👌
My 2007 RS4 as well as my 2004 S4 both keep me out...radio keyfob wise. I have to use the actual key in the keyhole and open the door on both. Local shops haven't been able to make me replacement keys and program these for my car. Yet, the theifs have little trouble it appears by your video. Of course I can go to the nearest Audi dealer and get raped money-wise and get new replacement keys that will auto lock and unlock my car - which I'm stubborn enough to resist. You have pretty much shown the in-effective nature of most anti-theft systems for sophisticated car thiefs to me. I'm a testimony to the fact these systems end up causing owners like me grief, either because the owner can no longer use the electronic lock/unlock keyfob feature, or simply because the car can be stolen regardless. With all of the tech today you'd think there'd be a better system that is both owner-friendly and robust enough that the car theifs have to go back to other means of criminal activity?
Very good informative and entertaining video as always 4:30
Also have you done what I did when I got my first transponder key fob. It detects the fob when you test the locked door and promptly unlocks 🤣🤣🤣
Thank you for this informative video.
My car, with keyless entry and push button start, was stolen at night even though both of the keys are always far from the front of the house and in Faraday pouches.
Could the signal to my key have been scanned by someone (or a team) whilst I was out, for example at a supermarket or even in traffic?
What then happens to these stolen cars if they are not able to be restarted after the thieves have turned off the engine?
I have tested a pouch, cant verify all on ebay wirk but the one i got does. Fairly low tech so youve been proper scammed if it doesnt work. Same with rfid blocking sleavea for cards, they work too.
Rolling codes wise, Subaru's (used to, been a while since we i was researching this) incremened the code by one. You you could convert the transmission to binary then denary and workout the next cide easily.. or brute force from the code you caught very quickly.
Andy great you have a TT in your garage to test this. Our TTRS 8J 2010 may be more secure as it does not recognise and unlock if close outside with keyfob. Also its a 6 Speed MANUAL! ;-) Not sure many crims here know how to drive a manual I recon! Anyway will get out the trusty V3 SDR on the laptop and see what we can find out. Maybe a Steering Lock for Xmas!??
I've also seen a video of a guy hacking his own car...to learn and figure out the operation he was intending. He was able to control certain functions on his car remotely. He was using a SDR transmitting to his car's computer as if it were the car's TPMS Tire Pressure Monitor Sensor since it then communicated by wire to the car's computer. He had a friend drive his car slowly, like 10-15 MPH, while another friend drove another car pacing his car while he was a passenger using his laptop and SDR. He was able to do things like turn on the windshield wipers, turn the headlights on and off, etc. (not steering or braking)
This was all possible via the OnSTAR system in GM cars, once in to that you could do anything, so could the control room, law enforcement used to listen in on criminals cars and get GPS data. Cars could also be speed limited, have faults introduced and were ready for the Pay Per Mile system we are getting this year. The engine could also be shut off if the car was stolen and emergency services called if it crashed. Other makes have similar systems and it means law enforcement can bug you without going near the car. It used to only be done when the car was taken in for a service.
My old (06) Lexus fob has a inbuilt feature so that the transmitter signal can be turned off completely. initially designed to save battery power when not in use and nowadays makes a nice little security feature.
My Audi uses keyless entry and also has folding mirrors. Why are the mirrors important? Good sign it’s locked if you see them fold and the indicators flash … and I have a faraday pouch and it’s extremely effective. Even with the key only partially in the pouch, the car won’t unlock or start. In contrast, using a metal tin didn’t work, so my key goes in the pouch and the pouch is kept well away from the door and front of the house
Im thankful my 2012 Audi doesn't have keyless ignition or keyless entry at this point, the key has to be in its hole in the dash for the car to start. Great video, very insightful.
You just didn't pay for the "Comfort Key" extra, all Audi models since 2009 have this feature built in and can actually be unlocked through VAGCOM.
You can use a faraday box to avoid all this misery. They do work. You can test this by putting your phone in there and watching the bars go down progressively. When you open the box, it should have a very weak / no signal
What is the device between the handheld radio and antenna? A small HT antenna tuner?
I'm here looking for this answer too
Fantastic video mate - you should have your own TV show as well
i don't even have a car, or know how to drive, but if i ever got one this is just another reason i'd get one from the early 80s.
Good info for any budding car thief. What I want you to tell me is how to ham the car in a locked status from inside my house
Putting your keys in a metal box works really well, just don’t forget about the spare key. If you don’t want to keep it in the same place then wrapping it in a couple of layers of tinfoil works just as well.
Is there a device I can use to switch channel on my neighbour’s tv, as a prank? That would be hilarious : )
Just get a universal tv remote.
This is such crucial, interesting and easy to understand information, you tube will probably take it down.