-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
New $5 device easily unlocks car doors
- Thread starter mknox
- Start date
-
- Tags
- Model S User Interface
Ahhh maybe that's what this is. The CBC article seemed to present it as something different than a code grabber.
Most fob based system use rolling codes. KeeLoq being one of the most popular (Rolling code - Wikipedia, the free encyclopedia)
A rolling code would not work in this type of system, in a rolling code system uses a pseudo random number generator to create a unique code for every press of the fob button, the fob only has a transmitter and after sending one code it assumes that code was accepted and goes on to the next code in the series for the next fob press. Therefore, if the fob is pressed when not near the reciever the fob is out of sync with the car. To solve this problem the car will accept the next couple hundred codes in the series. However, If my two year old gets a hold of my fob and presses the button three hundred times away from my car, it will no longer unlock my car.
The MS could not use such a system, the car has to sense the fob's presence both to unlock the doors and to allow the car to start, therefore I assume the MS fob has both a transmitter and a reciever (which somewhat justifies it's expense). I just don't know what system it uses to authenticate.
Back to the OP's topic, I watched the video in the link and I have a different theory. I think the thieves may have bought a $5 device off the internet, but they were swindled. The reason they were able to get into the car in this instance is probably much simpler, the owner left it unlocked.
First, an EMP generator would fry electronics, not trick them and anything that would have any effect on a car would cost much more than 5 dollars. Second, there is no reson to put an EMP generator near the lock, the EMP pluse would need to effect the CPU, which is nowhere near the lock. Finally, while they interview some guy about this, a true expert would be able to explain how this works, this guy cannot. I think this is just a scare tactic by the news organization along the lines of "5 things in your kitchen right now that are killing you... story at 11"
I don't think it is a scare tactic. There have been numerous documented cases (caught on cameras) where such a device has been used, not just in AK, but also in CA. If you watch some of the video, you will see that the light in the car turns on before they open the car door. Also, you will see that it does not work on every car.
If it is the same "documentation" as this video, then nothing in the video proved that the car was locked initially. If it does work, then they should be able to explain the mechanism. Otherwise, it makes no sense.
Rolling codes could still be used (the request for the next code could come from the car, instead of the user pressing a button), though they are probably replaced with something more sophisticated given the Tesla Keyfobs contain RFID chips, etc.
Do they? I was given to understand the exterior location by the windshield and the interior location in the cupholder simply allowed a fob with a weak battery to communicate by placing it close to the receiver. I suppose I'll have to pull the fob's battery and see if I can open and run the car with the fob in these spots.
Basic 1 way keyless entry systems you find on less expensive cars (fob to unlock the doors, no key less start and no touch to unlock) allow for the code to "roll" up to 256 times beyond where it was last at to account for pocket pressing the button... So it will accept the next 1-256 "rolls" of the code... But they are not using a fixed code system on any car made past the 90s... Even garage door openers and the like have rolling codes now.
More advanced 2-way systems (touch to unlock, push to start, turn to start, etc) the car has antennas generally at each entry door that can keylessly unlock and one that's tuned to very precisely monitor the inside of the car. When you push, turn or touch (whatever the user does to initiate the unlock or start) the car immediately transmits a signal to the fob and then the fob sends back a signal to the car. This is generally both a rolling code and encrypted signal and may involve a 2 way cryptographic handshake process to identify the fob and the car know each other. Each manufacturer has their own secret method of doing this and each one is different and this generally is never reverse engineered due to there being many easier ways to skin a cat.
Now I can't find any detailed info on this "box" they are using but based on some reading I have been doing and the news reports I saw it seems like some kind of electromagnetic wave type device... something that induces a current (one demo I saw on the news showed a fluorescent light flickering like when you put it in the microwave) and what I have heard is they are inducing a small current in the unlock wire in the door switch which is causing the system to think a user is pressing the unlock button and therefore unlocking the door. This isn't possible on all cars which is why it doesn't always work... I have not heard of a single case of a car being actually taken with this method and all the reading I have done has been theories.
Seeing as how most criminals can unlock a car door with nothing more than a little plastic wedge I think this is more of a news scare story than something to be actually worried about..
I think if this was that big it would be all over the internet exactly what it was and how you could get one rather than just people asking questions.
More advanced 2-way systems (touch to unlock, push to start, turn to start, etc) the car has antennas generally at each entry door that can keylessly unlock and one that's tuned to very precisely monitor the inside of the car. When you push, turn or touch (whatever the user does to initiate the unlock or start) the car immediately transmits a signal to the fob and then the fob sends back a signal to the car. This is generally both a rolling code and encrypted signal and may involve a 2 way cryptographic handshake process to identify the fob and the car know each other. Each manufacturer has their own secret method of doing this and each one is different and this generally is never reverse engineered due to there being many easier ways to skin a cat.
Now I can't find any detailed info on this "box" they are using but based on some reading I have been doing and the news reports I saw it seems like some kind of electromagnetic wave type device... something that induces a current (one demo I saw on the news showed a fluorescent light flickering like when you put it in the microwave) and what I have heard is they are inducing a small current in the unlock wire in the door switch which is causing the system to think a user is pressing the unlock button and therefore unlocking the door. This isn't possible on all cars which is why it doesn't always work... I have not heard of a single case of a car being actually taken with this method and all the reading I have done has been theories.
Seeing as how most criminals can unlock a car door with nothing more than a little plastic wedge I think this is more of a news scare story than something to be actually worried about..
I think if this was that big it would be all over the internet exactly what it was and how you could get one rather than just people asking questions.
Has it been confirmed the Model S fob has RFID capability? I was given to understand that with a "weak" battery it can communicate when placed close to the car's receiver, but nothing more. Has anyone yanked the fob's battery and tested this?
That is consistent with my understanding. I keep a spare battery in the glove box figuring I could unlock the car with the mobile app and replace the fob battery once inside.
bareyb
Active Member
bareyb
Active Member
This would be one of the few then... I don't know much about the Tesla S I was actually just looking for info on the topic and figured I would share what I found...
I hope your system warns you when your fob battery is low... I just got one of these on my car and it was nice to know it was looking out for me.
Most cars have an actual passive RFID system as a backup to the active system... If you break your fob or drop it in the toilet or something you'd need a spare set of keys or a tow truck to get it going...
Similar threads
