NYTimes writer gets his Prius broken into by keyfob amplifier

I assume as technology advances, so does crime and finding ways to defeat that technology to illegal ends.

The outline speculated about in the article sounds reasonable to me.

What would bother me most is the relative youth of the perpetrators. When they are riding away on "bicycles" after an attempt to steal your car, or at least get at things in your car...that's sad.

And I would not feel good about putting my fob in my Freezer or even Refrigerator. Humidity, moisture and long term freezing temperatures couldn't possibly be good for the fob or battery in the fob. There's GOT to be a better way.

Many people here when wanting to limit or "cut off" communication between Fob and Automobile simply use a metal tin. If crime like this becomes too prevalent I might take to keeping my fob in one when not in use.

And as is hinted in the article, if crime like this becomes too common, technology will advance to keep ahead of the criminals.
There "almost" is no perfect system from mechanical locks to electronic fobs. There's always a way or there always will become a way if thieves try hard enough.

My greatest concern would be if an "relatively easy" way of defeating the SKS system becomes widely known, that would make Prius easy targets. Up to now? I've considered my Prius an "unpopular" target BECAUSE of the SKS and technology. If that article is right? That might be changing.

 

Code grabbers and scanners existed for a long time now....nothing new here. Not sure if this technology would work for Prius (does it have a dynamically changing code?)

What possible is to use a couple of devices connected via cell phone to extend the range of your keyfob. For this thing to work, one device must be put in close proximity to your fob, and another one close to your car. Not really just amplifier as in the article (that would not work as described for sensitivity/noise reasons), but more of a 2-way range extender. So if you are at work with your key fob, and your car is at home, somebody with such a device can open and start your car, but he need an accomplice next to you. Would anybody bother to use this technology to steal your Prius? Unlikely.

- Alex

 

There is a thing called "RF ID blocking wallet or pouch" or something similar. Just put your fob in one when not in use. No need for foil.

 

Will that work?
Up to now, I have used "nothing" but the actual distance between the fob and the vehicle. "IF" crimes like this become more and more common I might have to consider changing this practice.

I don't really care if it's an Altoids Tin or an "official" RF ID blocking pouch"...whatever works.

 

If you read the article the premise is that they are using a device to obtain and amplify the "actual" signal between your real fob, and the vehicle. So it fools the vehicle into thinking the fob is within 3 ft. So no need to defeat the actual code. It's using the actual signals only amplified.

 

My greatest concern is all the moisture that will condense on the electronics every time the cold fob is exposed to room temperature air, especially in humid climates.

A metal box at room temperature would be far better.

It appears that this device would work as a 1-way range extender, from the car to the fob. This suggests that the fob-to-car direction is fairly strong, and not controlling range in ordinary use.

 

I'm skeptical about somebody using a code grabber in this application.

I'm thinking that this is less about a keyfob sitting in a freezer next to a tub of Ben and Jerry's, and more about a bottle of vodka in the freezer causing a feature writer to have to fumble for a Monday deadline.

Teenagers on bikes?
REALLY???

 

guy needs to move uptown.

 

Scattered reports of this general sort of attack have been coming in for several years, with some of them even recorded on home security cameras.

No, it isn't a code grabber. More discussion about the amplifier / one-way-range-extender concept is necessary before I could come to the same judgement you have.

 

With the NYT?

I'll stick to the vodka theory, thanks.

 

I would think its the other way. The transmitter in the car fed by large 12V battery and with larger antenna would provide much further coverage than tiny fob with tiny 3v battery.
Alex ( ex EE)

 

If someone wants the car, there is NO way to keep him or her from stealing it. A flat bed wrecker, an they've got it.

If they want anything inside, there is the brutal method of breaking the window. There are widely available emergency window breaking tools that fit on your key chain.

If you park a Prius for long term in the lot, disconnecting the battery or pulling the start-run relay and taking it with you can help.

Removing and taking the start-stop button requires no tools. Snap off the panel, unplug the connector bock and squeeze the two tabs on the switch, and pull the switch out from the front. Who carries a relay or a start-stop button with them?

In the old days, all you would need to do to steal and drive off with the original Mustang was two short pieces of copper wire.

 

Yeah, this would work. You need an amplifier that relays the car-to-keyfob signal that ordinarily has a range of only 3 feet. Then the keyfob has to reply. The keyfob-to-car signal range is about 30 feet, but another amplifier could increase that. With the Prius, such a device would get you into the car, and started. Then the car could be driven off without a keyfob. The next problem would be dealing with an all-keys-lost situation.

Note that none of this requires understanding or bypassing encryption. The car and keyfob just do their normal encoding/decoding.

 

We know the remote lock / unlock buttons on the fob have a significant range, able to reach from much of the interior of typical houses to cars parked outside. These buttons also work on a one-way system only.

The SKS system, which must have a 2-way link, intentionally has a much shorter range of just a few feet. Ideally, both link directions would be similarly short, but nothing forces that to be true. Making a single direction short accomplishes the same function. And because we already know the button functions are not short range, I won't presume without evidence that the fob-to-car link of SKS is short. Toyota could have chosen to limit only something unique to SKS, such as either the ERP of the car transmitter, or the sensitivity of the fob receiver. In either case, if the return link is strong, a one-way amplifier could boost the range of the short link and enable this crime.

Low transmit ERP would be consistent with the thieves holding the amplifier very close to a transmitter in the car. Anything else would allow them to hold the amplifier anywhere along or near the path from car to fob, not even removing it from their backpack.

BTW, I am also a retired EE.

If this was the first or second case, I'd be more inclined to accept that. But this is at least the third outbreak I've heard, and the others were not through the NYT.

It is, though, the first I've heard specifically targeting Prius.

 

You can be right. I did not think of Toyota cunningly severely limiting in-car transmitter power
Alex

 

Here is a prior thread, from 2013, where I linked three contemporary news articles about it. Unfortunately, two items have already cycled off their sites.
05' Prius burglarized/no forced entry | PriusChat

Another thread, with news links still active:
New $5 device easily unlocks car doors - is Prius immune? | PriusChat

 

If I'm reading the article correctly while "Code Grabbers" are mentioned, his speculation is that a "Power Amplifier" is being used. How prevalent or possible this is? I have no idea. But the signal that is opening your door, isn't a "stolen" or grabbed code, it's the actual signal, just picked up from distance and amplified to fool the receiver.

 

[Emphasis added]

My shared driveway is 250 feet to the street. For a quick test of the remote lock button function range, I opened the garage door and walked to the street. No response. Walking closer, it did respond at very roughly 200 feet. This was to the rear of the car, I haven't tried other directions.

If the SKS system simply borrows the same RF hardware for the fob-to-car link, with no power control adjustments, then this would explain how the thieves could use a single power amplifier for the car-to-fob link and achieve a useful success rate in residential neighborhoods. Large commercial sites, where parking is likely to be much farther away from customers and employees, would produce much lower success rate.

 

The user manual says that with respect to the automatic entry system
=====================================================

1) If the entry function has not been used for over 5 days the automatic entry function is deactivated and the fob open button needs to be pressed to open the Prius door (user manual. p.49)

2) if the fob is within 2 meters for over 10 minutes - the automatic entry function is deactivated and the fob open button needs to be pressed to open the Prius' door (user manual. p.49)

3) if the fob battery is depleted or missing - the automatic entry function will not work because the fob will not respond and provide the encrypted entry code needed (user manual p. 41,65)

4) if the fob is covered by metal it may not work it will not be able to link to the the Prius (user manual p.65 )

5) A Toyota dealership can turn off the Prius' smart key system (user manual p. 587)



The fob signal extender scheme is foiled by
==================================

1) the Prius has not been driven for over five days - the automatic entry function will not work - a fob repeater/extender will not work.

2) if the fob is within 2 meter of the Prius for over 10 minutes and then taken away - the Prius cannot be opened without the fob open button being pressed.- so a fob repeater/extender won't work.

3) if the fob battery is removed or is dead - a fob repeater/extender won't work

4) if the fob is shielded withing a Faraday cage - a fob repeater/extender will not work.

5) if a dealer has turns off the smart key system - a fob repeater/extender will not work.

6) if the fob is outside the range of a fob repeater/ extended range gadget.