I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-11 16:49 (#8TZY) Ok, the car sends constantly some kind of 'hello' signal. Usually it has a reach of 30cm. Fine. The amplifier increases signal tremendously... understood. But now the key has to 'answer'. And its signal is not amplifies. So how far away its signal can be detected by the car? And where is the problem to limit this reach to perhaps 1m? Then the thieves you need two amplifier... And a way to get close to the key without the owner noticing it. Re: I can't say I understand this 100% (Score: 1) by evilviper@pipedot.org on 2015-05-11 19:00 (#8V64) No doubt the signal boosters/amplifiers in question are bi-directional.There is no way for a radio signal to be limited to any specific range. The typical working distance is based on the common antenna configuration(s). Using a highly directional (high gain) antenna, you can reach a signal from many times further away than it was ever designed for. For example, how many people are stealing distant neighbor's WiFi, thanks to a Pringles cantenna, or similar? Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-11 20:38 (#8VC1) Sure, the amplifiers are bi-directional, but even such amplifiers have limits. If the normals distance is 30cm, you go within the 30cm range of the car and maybe amplify it to 100m. No problem. This I understood. But an amplifier can only boost what is receives. How far are key/car usually apart. when the car is parked and the owner at home? 20m? 40m? You say there is no way to limit a radio signal to a specific range. Of course not. But when the strength of the key signal is too weak to be detected by the amplifier in 1m distance, it effectively is limited. So, why is the signal strength of the key so strong, that the amplifier can receive and amplify its answer over such a large distance? Re: I can't say I understand this 100% (Score: 1) by kerrany@pipedot.org on 2015-05-11 20:59 (#8VD2) The idea that the key is constantly generating a signal is a little difficult to believe - receiving signals is cheap, battery-wise, but sending would surely wear that sucker out in a year or less. More likely it only 'wakes' when it detects a ping from the car that passes whatever authentication it has built in, probably with some form of RFID passive receiver. Thus the car is doing the generating, and the thieves have access to the car because it's parked on the street or in a driveway.The scenario goes something like this. The thief pulls up to the sidewalk in getaway car and hits the button. The amplifier amplifies the signal the car is constantly sending to the key. The key responds to the amplified "Key where are you?" signal with its usual "Itsa me, the key!" signal, et voila, the car is unlocked.Surely it wouldn't be that easy, but the evidence seems to suggest it is. There seems to be no validation beyond sign and countersign. Maybe they'll patch that up by adding more tests to the car's routine, but the key is probably always going to be a dumb device (unless they make it a smartphone app) due to battery life. Re: I can't say I understand this 100% (Score: 3, Informative) by zocalo@pipedot.org on 2015-05-12 07:46 (#8W7M) There's an assumption here that the key fob only has a range of 30cm - are we sure that's the case? I don't have one of these specific systems, but I do have a remote fob for my car and it's good for tens of meters (I've not tried to establish the max range), which is mostly intended for stuff like turning on the AC to start to cool a hot car. Perhaps the system works by having the same type of fob with the added functionality of a receiver - when it receives the weak signal from the car, perhaps it just sends the regular high powered "open door" signal in response. You might still need a high powered receiver to pick up and boost the fob signal if it's far away, but it does resolve the 30cm:30cm problem. Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-12 08:37 (#8WAJ) I don't assume. I ask. I would like to know more about the specifics... but not in the article. Yes, I can believe that the added functionality sends with the same power than all the other signals. In hindsight this is stupid, but as it is said: Hindsight is 20:20. At least it should be easy to fix... just limit the damn key to 30cm, too.Btw... one of the reasons why I always refused security related projects. :-D
Re: I can't say I understand this 100% (Score: 1) by evilviper@pipedot.org on 2015-05-11 19:00 (#8V64) No doubt the signal boosters/amplifiers in question are bi-directional.There is no way for a radio signal to be limited to any specific range. The typical working distance is based on the common antenna configuration(s). Using a highly directional (high gain) antenna, you can reach a signal from many times further away than it was ever designed for. For example, how many people are stealing distant neighbor's WiFi, thanks to a Pringles cantenna, or similar? Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-11 20:38 (#8VC1) Sure, the amplifiers are bi-directional, but even such amplifiers have limits. If the normals distance is 30cm, you go within the 30cm range of the car and maybe amplify it to 100m. No problem. This I understood. But an amplifier can only boost what is receives. How far are key/car usually apart. when the car is parked and the owner at home? 20m? 40m? You say there is no way to limit a radio signal to a specific range. Of course not. But when the strength of the key signal is too weak to be detected by the amplifier in 1m distance, it effectively is limited. So, why is the signal strength of the key so strong, that the amplifier can receive and amplify its answer over such a large distance? Re: I can't say I understand this 100% (Score: 1) by kerrany@pipedot.org on 2015-05-11 20:59 (#8VD2) The idea that the key is constantly generating a signal is a little difficult to believe - receiving signals is cheap, battery-wise, but sending would surely wear that sucker out in a year or less. More likely it only 'wakes' when it detects a ping from the car that passes whatever authentication it has built in, probably with some form of RFID passive receiver. Thus the car is doing the generating, and the thieves have access to the car because it's parked on the street or in a driveway.The scenario goes something like this. The thief pulls up to the sidewalk in getaway car and hits the button. The amplifier amplifies the signal the car is constantly sending to the key. The key responds to the amplified "Key where are you?" signal with its usual "Itsa me, the key!" signal, et voila, the car is unlocked.Surely it wouldn't be that easy, but the evidence seems to suggest it is. There seems to be no validation beyond sign and countersign. Maybe they'll patch that up by adding more tests to the car's routine, but the key is probably always going to be a dumb device (unless they make it a smartphone app) due to battery life. Re: I can't say I understand this 100% (Score: 3, Informative) by zocalo@pipedot.org on 2015-05-12 07:46 (#8W7M) There's an assumption here that the key fob only has a range of 30cm - are we sure that's the case? I don't have one of these specific systems, but I do have a remote fob for my car and it's good for tens of meters (I've not tried to establish the max range), which is mostly intended for stuff like turning on the AC to start to cool a hot car. Perhaps the system works by having the same type of fob with the added functionality of a receiver - when it receives the weak signal from the car, perhaps it just sends the regular high powered "open door" signal in response. You might still need a high powered receiver to pick up and boost the fob signal if it's far away, but it does resolve the 30cm:30cm problem. Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-12 08:37 (#8WAJ) I don't assume. I ask. I would like to know more about the specifics... but not in the article. Yes, I can believe that the added functionality sends with the same power than all the other signals. In hindsight this is stupid, but as it is said: Hindsight is 20:20. At least it should be easy to fix... just limit the damn key to 30cm, too.Btw... one of the reasons why I always refused security related projects. :-D
Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-11 20:38 (#8VC1) Sure, the amplifiers are bi-directional, but even such amplifiers have limits. If the normals distance is 30cm, you go within the 30cm range of the car and maybe amplify it to 100m. No problem. This I understood. But an amplifier can only boost what is receives. How far are key/car usually apart. when the car is parked and the owner at home? 20m? 40m? You say there is no way to limit a radio signal to a specific range. Of course not. But when the strength of the key signal is too weak to be detected by the amplifier in 1m distance, it effectively is limited. So, why is the signal strength of the key so strong, that the amplifier can receive and amplify its answer over such a large distance? Re: I can't say I understand this 100% (Score: 1) by kerrany@pipedot.org on 2015-05-11 20:59 (#8VD2) The idea that the key is constantly generating a signal is a little difficult to believe - receiving signals is cheap, battery-wise, but sending would surely wear that sucker out in a year or less. More likely it only 'wakes' when it detects a ping from the car that passes whatever authentication it has built in, probably with some form of RFID passive receiver. Thus the car is doing the generating, and the thieves have access to the car because it's parked on the street or in a driveway.The scenario goes something like this. The thief pulls up to the sidewalk in getaway car and hits the button. The amplifier amplifies the signal the car is constantly sending to the key. The key responds to the amplified "Key where are you?" signal with its usual "Itsa me, the key!" signal, et voila, the car is unlocked.Surely it wouldn't be that easy, but the evidence seems to suggest it is. There seems to be no validation beyond sign and countersign. Maybe they'll patch that up by adding more tests to the car's routine, but the key is probably always going to be a dumb device (unless they make it a smartphone app) due to battery life. Re: I can't say I understand this 100% (Score: 3, Informative) by zocalo@pipedot.org on 2015-05-12 07:46 (#8W7M) There's an assumption here that the key fob only has a range of 30cm - are we sure that's the case? I don't have one of these specific systems, but I do have a remote fob for my car and it's good for tens of meters (I've not tried to establish the max range), which is mostly intended for stuff like turning on the AC to start to cool a hot car. Perhaps the system works by having the same type of fob with the added functionality of a receiver - when it receives the weak signal from the car, perhaps it just sends the regular high powered "open door" signal in response. You might still need a high powered receiver to pick up and boost the fob signal if it's far away, but it does resolve the 30cm:30cm problem. Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-12 08:37 (#8WAJ) I don't assume. I ask. I would like to know more about the specifics... but not in the article. Yes, I can believe that the added functionality sends with the same power than all the other signals. In hindsight this is stupid, but as it is said: Hindsight is 20:20. At least it should be easy to fix... just limit the damn key to 30cm, too.Btw... one of the reasons why I always refused security related projects. :-D
Re: I can't say I understand this 100% (Score: 1) by kerrany@pipedot.org on 2015-05-11 20:59 (#8VD2) The idea that the key is constantly generating a signal is a little difficult to believe - receiving signals is cheap, battery-wise, but sending would surely wear that sucker out in a year or less. More likely it only 'wakes' when it detects a ping from the car that passes whatever authentication it has built in, probably with some form of RFID passive receiver. Thus the car is doing the generating, and the thieves have access to the car because it's parked on the street or in a driveway.The scenario goes something like this. The thief pulls up to the sidewalk in getaway car and hits the button. The amplifier amplifies the signal the car is constantly sending to the key. The key responds to the amplified "Key where are you?" signal with its usual "Itsa me, the key!" signal, et voila, the car is unlocked.Surely it wouldn't be that easy, but the evidence seems to suggest it is. There seems to be no validation beyond sign and countersign. Maybe they'll patch that up by adding more tests to the car's routine, but the key is probably always going to be a dumb device (unless they make it a smartphone app) due to battery life. Re: I can't say I understand this 100% (Score: 3, Informative) by zocalo@pipedot.org on 2015-05-12 07:46 (#8W7M) There's an assumption here that the key fob only has a range of 30cm - are we sure that's the case? I don't have one of these specific systems, but I do have a remote fob for my car and it's good for tens of meters (I've not tried to establish the max range), which is mostly intended for stuff like turning on the AC to start to cool a hot car. Perhaps the system works by having the same type of fob with the added functionality of a receiver - when it receives the weak signal from the car, perhaps it just sends the regular high powered "open door" signal in response. You might still need a high powered receiver to pick up and boost the fob signal if it's far away, but it does resolve the 30cm:30cm problem. Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-12 08:37 (#8WAJ) I don't assume. I ask. I would like to know more about the specifics... but not in the article. Yes, I can believe that the added functionality sends with the same power than all the other signals. In hindsight this is stupid, but as it is said: Hindsight is 20:20. At least it should be easy to fix... just limit the damn key to 30cm, too.Btw... one of the reasons why I always refused security related projects. :-D
Re: I can't say I understand this 100% (Score: 3, Informative) by zocalo@pipedot.org on 2015-05-12 07:46 (#8W7M) There's an assumption here that the key fob only has a range of 30cm - are we sure that's the case? I don't have one of these specific systems, but I do have a remote fob for my car and it's good for tens of meters (I've not tried to establish the max range), which is mostly intended for stuff like turning on the AC to start to cool a hot car. Perhaps the system works by having the same type of fob with the added functionality of a receiver - when it receives the weak signal from the car, perhaps it just sends the regular high powered "open door" signal in response. You might still need a high powered receiver to pick up and boost the fob signal if it's far away, but it does resolve the 30cm:30cm problem. Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-12 08:37 (#8WAJ) I don't assume. I ask. I would like to know more about the specifics... but not in the article. Yes, I can believe that the added functionality sends with the same power than all the other signals. In hindsight this is stupid, but as it is said: Hindsight is 20:20. At least it should be easy to fix... just limit the damn key to 30cm, too.Btw... one of the reasons why I always refused security related projects. :-D
Re: I can't say I understand this 100% (Score: 1) by tanuki64@pipedot.org on 2015-05-12 08:37 (#8WAJ) I don't assume. I ask. I would like to know more about the specifics... but not in the article. Yes, I can believe that the added functionality sends with the same power than all the other signals. In hindsight this is stupid, but as it is said: Hindsight is 20:20. At least it should be easy to fix... just limit the damn key to 30cm, too.Btw... one of the reasons why I always refused security related projects. :-D