Key fob signals and break-ins

S

SeattleBruce

Member
:
CX-5 GT
I have a question about the signals emitted by my key fob.

My 2013 CX-5 has recently been broken into twice, with no sign of forcible entry, despite being locked. Neighbors with other cars have had similar problems.

I have a the basic keyless entry system where you have to press a button on the fob to unlock the car. So it seems like the thief(thieves) has a way of counterfeiting the signal.

I have read about thieves who have amplifiers that can detect the signal from a fob in your house, amplify it, and open your car. But that only works if the fob constantly emits a signal that unlocks the car when the car senses it, right? I don't see how it could work with my car, because I have to actively press a button to send the unlock signal. I'm asking because storing a fob in a Faraday bag or other metal container can protect a constantly-emitting fob, but I don't see how it could protect me when it's not emitting anything.

On the other hand, the keyless ignition system is a passive RFID system that responds to the car's request to start by sending a signal when I'm near, right? So my question: Is the "ignition" signal (which my fob emits on request from the car or conceivably a thief) the same as the "unlock" signal (which my fob emits only when I press the button)? Because if they're the same, or closely related, then the thief may be using the ignition signal to unlock my car.

I'd also welcome any other suggestions on how to foil this thief.

Thanks!
 
Last edited:
My very rudimentary and no doubt incomplete understanding of this is that the door unlock and the ignition signals from the fob are different so that although a thief can unlock, they cannot start the vehicle because they don't have the fob for the car to "sense" and allow starting.I've been told (told---there's that word) that the thieves capture the code when you lock the car with the fob and then use that code to unlock it.I just lock mine manually with the door lock switch when parking so no code emitted.
Trying to lock it manually (which it wouldn't do) alerted me and kept me from walking away with the engine still running when in a hurry.In cold weather I lock and unlock it with the key when warming it up.
 
here's how they do it and it works even on new mercedes. you could wrap your keyfob in foil or something at night but that's a pain in the ass
https://gizmodo.com/watch-thieves-hack-keyless-entry-to-steal-a-mercedes-in-1820767189
(they use the signal from keyfob in your house to relay it to a device that acts as a keyfob but has all the correct information to allow access from your actual keyfob as you stated)

regarding how the key works, i can't say for sure. i know if your battery is completely dead in your keyfob, you can press the mazda logo up to the "start/stop" button to start it so that must be the RFID part, but otherwise when your keyfob is present and you press the ignition, no RFID appears to be going on since you could technically start your car with the keys in the back seat. I'm guessing it constantly emits a signal which seems more likely given how often the batteries have to be changed in these.
 
Last edited:
Carfo said:
here's how they do it and it works even on new mercedes. you could wrap your keyfob in foil or something at night but that's a pain in the ass
https://gizmodo.com/watch-thieves-hack-keyless-entry-to-steal-a-mercedes-in-1820767189
(they use the signal from keyfob in your house to relay it to a device that acts as a keyfob but has all the correct information to allow access from your actual keyfob as you stated)

regarding how the key works, i can't say for sure. i know if your battery is completely dead in your keyfob, you can press the mazda logo up to the "start/stop" button to start it so that must be the RFID part, but otherwise when your keyfob is present and you press the ignition, no RFID appears to be going on since you could technically start your car with the keys in the back seat. I'm guessing it constantly emits a signal which seems more likely given how often the batteries have to be changed in these.
Click to expand...

Holy crap that's scary! Fortunately my car is always parked in the locked garage at night. But my wife often leaves her mini van out. Yikes!
 
Best thing to do especially if you don't keep your car in a locked garage is to get a Faraday cage and keep your fobs in there when they're in the house.
 
I doubt its the fob. One can just do what a locksmith does - use an inflatable locksmith bag (available on amazon) to lift the door off its seal and sneak a tool in to press the unlock button. If a lot of people are having the issue I think this simple technique is more likely than techno-hacker.
 
To the people suggesting a Faraday cage or foil, aren't you missing the point of my question? How would that help, since my fob doesn't emit the "unlock" signal when it's just sitting there? My understanding is that my fob transmits only when I press the "unlock" button, so a thief can't steal the signal at any other time, regardless of whether it's in a Faraday cage. A cage protects fobs that constantly transmit (so the car unlocks automatically when you get near) or transmits in response to a signal from the car. My fob does that with the "ignition" signal -- so I was asking whether that's the same as the "unlock" signal which is the concern here.

Jmaz, yes, it's possible that the thief stole my signal by sitting nearby when I unlocked or locked it. If so, it's too late to stop this thief by locking it manually because they've already stolen the code, though of course it would prevent other thieves from doing the same.
 
SeattleBruce said:
To the people suggesting a Faraday cage or foil, aren't you missing the point of my question? How would that help, since my fob doesn't emit the "unlock" signal when it's just sitting there? My understanding is that my fob transmits only when I press the "unlock" button, so a thief can't steal the signal at any other time, regardless of whether it's in a Faraday cage. A cage protects fobs that constantly transmit (so the car unlocks automatically when you get near) or transmits in response to a signal from the car. My fob does that with the "ignition" signal -- so I was asking whether that's the same as the "unlock" signal which is the concern here.

Jmaz, yes, it's possible that the thief stole my signal by sitting nearby when I unlocked or locked it. If so, it's too late to stop this thief by locking it manually because they've already stolen the code, though of course it would prevent other thieves from doing the same.
Click to expand...

The fobs use random rolling codes. The steal-the-code technique only works one time and even then it's a "maybe" and solidly depends on several implementation details. At best I've seen this as a proof-of-concept and maybe some intelligence types who are tailing someone could use it... but for general car burglary? nah.

One old technique was with older systems that only had 256 codes, so a specially built box would just scroll through them until it found the right one. Today they have more and use lockout timers after enough bad attempts.

The simplest answer, usually the right one, is standard, inexpensive locksmith tools.
 
Last edited:
Craigo, thanks; that makes sense. I thought my car had an OEM alarm that would sound if the car was unlocked without a fob, but apparently my model (2013 GT without tech package) does not have an alarm. I have always disliked alarms but maybe it's time to get one.
 
SeattleBruce said:
Craigo, thanks; that makes sense. I thought my car had an OEM alarm that would sound if the car was unlocked without a fob, but apparently my model (2013 GT without tech package) does not have an alarm. I have always disliked alarms but maybe it's time to get one.
Click to expand...

As much as it sucks at least he didn't break your windows!
 
SeattleBruce said:
To the people suggesting a Faraday cage or foil, aren't you missing the point of my question? How would that help, since my fob doesn't emit the "unlock" signal when it's just sitting there? My understanding is that my fob transmits only when I press the "unlock" button, so a thief can't steal the signal at any other time, regardless of whether it's in a Faraday cage. A cage protects fobs that constantly transmit (so the car unlocks automatically when you get near) or transmits in response to a signal from the car. My fob does that with the "ignition" signal -- so I was asking whether that's the same as the "unlock" signal which is the concern here.

Jmaz, yes, it's possible that the thief stole my signal by sitting nearby when I unlocked or locked it. If so, it's too late to stop this thief by locking it manually because they've already stolen the code, though of course it would prevent other thieves from doing the same.
Click to expand...

Craigo is thinking about ways it used to be done and they certainly aren't using locksmith tools. They are using an amplifier to boost your key's signal. They aren't stealing the unlock code from you pressing the button, but rather boosting the RFID proximity broadcast to trick the car into thinking the key is next to the door allowing them to unlock the car like is seen in this video:


Once they boost the signal they can unlock the car to steal what is inside, and to answer your original question, yes, they can trick the car into thinking the key is inside and even steal the car itself. Putting the key inside a box as others have suggested is the only way to stop the signal from being boosted.
 
But Seminole, my fob does not send any signal when it's just sitting in my house, so there is nothing to boost, right?

Proximity fobs send signals constantly, so the car unlocks when you approach it. I assume the link you posted, and every other scare story I've read about this technique, involves proximity fobs. I understand how you could boost that signal so the car thinks you're approaching it.

But regular fobs send signals only when you press "unlock". So what good would a Faraday box possibly do at other times?

Am I missing something?
 
Last edited:
SeattleBruce said:
But Seminole, my fob does not send any signal when it's just sitting in my house, so there is nothing to boost, right?

Proximity fobs send signals constantly, so the car unlocks when you approach it. I assume the link you posted, and every other scare story I've read about this technique, involves proximity fobs. I understand how you could boost that signal so the car thinks you're approaching it.

But regular fobs send signals only when you press "unlock". So what good would a Faraday box possibly do at other times?

Am I missing something?
Click to expand...

Don't you have a Grand Touring? I know in 2014+ (not sure about 2013) GT's came standard with the proximity entry. Does your car have the little black rubber button on the door? If so you have a proximity key.
 
I don't have proximity entry. I think that, on the 2013 GT, that required the tech package -- which I don't have.
 
Last edited:
Seminole said:
Don't you have a Grand Touring? I know in 2014+ (not sure about 2013) GT's came standard with the proximity entry. Does your car have the little black rubber button on the door? If so you have a proximity key.
Click to expand...

More accurately, tech package. Some GT's, including mine, don't have that.
 
Seminole said:
Craigo is thinking about ways it used to be done and they certainly aren't using locksmith tools. They are using an amplifier to boost your key's signal. They aren't stealing the unlock code from you pressing the button, but rather boosting the RFID proximity broadcast to trick the car into thinking the key is next to the door allowing them to unlock the car like is seen in this video:


Once they boost the signal they can unlock the car to steal what is inside, and to answer your original question, yes, they can trick the car into thinking the key is inside and even steal the car itself. Putting the key inside a box as others have suggested is the only way to stop the signal from being boosted.
Click to expand...

The real solution is monitoring timing. If the signal coming to the car is strong but the timing is unusually long for a strong signal, it's a good hint that it's not a legit fob.
 
My mistake, I missed the part about you not having the advanced system.

Do you have a window that faces your car? You could by a cheapo Yi cam from Amazon to put in the window to catch how they are getting in if they come back.
 
My 2014 touring doesn't have the tech package or advanced keyless entry so I guess I'm safe.
On another note here about locking--- I swear the car has, a few times, auto-locked the doors after I got out (engine off) but I don't remember enabling any settings (walkaway auto lock or some such)for it to do so.If it does, I'd like to disable it.Anybody have this happen to them.Appreciate replies. Thanks, Jmaz
 
Please log in or register to reply here.

Similar threads

P
Backup key fob won’t lock/unlock doors but starts car (CX-5 2020)
Replies
1
Views
601
ceric
ceric
S
How I fixed my problems with key fobs
Replies
14
Views
2K
chickdr
C
T
2021 CX-5 Sport Key Fob battery shows low after changing batteries
Replies
5
Views
761
Conrad 16.5
Conrad 16.5

Latest posts

Back