Toyota Forum banner
Cancel
Create thread New Garage Forums

Key Fob Signal Security

1 reading
Jump to Latest
23K views 44 replies 16 participants last post by  1HawkFan88  
H
#1 ·
driving.ca

Driving

Read latest breaking news, updates, and headlines. Driving offers information on latest national and international events & more.
driving.ca driving.ca

Unless I am unaware...why does Toyota solve this issue? Garage doors have more security correct? Anyone know if they are working on this problem for 2020 and 2021 Highlanders or will future Highlander owners get this security and not us because it's not a software issue; rather both a hardware/software issue?

I love how I can walk up to my car and just open it...super cool. Now the only way to protect myself is buy a clunky faraday bag or use my phone to open the car...take out of my pocket on a cold day and fumble around opening an app. Lame...

There is some debate in other threads that if I do not click the lock/unlock button the signal will be weak (which is a great solution) but not everyone agrees.
 
#2 · (Edited)
We beat this topic to death in another thread not long ago.

www.toyotanation.com

Security and anti theft

Hello, I am considering buying the new HL 2020 to replace my Venza. I do have a major concern with the presence of the famous push button start. I have read about this feature and I understand that it is a weak point in terms of security. My brother in law had bought a Lexus last year and 3...
www.toyotanation.com www.toyotanation.com

The issue is not the security of the data being transmitted in the signal. The issue is that the thieves have found a way to extend the range of your authentic key fob with that "relay" system. Any car using the fobs is susceptible to this, not just Toyota. There is enough security in the data stream so that your fob is not being copied. Instead, the thieves latch on to the signal coming from your fob and trick the car into thinking the fob is nearby.

It's mentioned in that thread and the Owners Manual how you can put the fob to "sleep" so that it stops generating a signal. That or a faraday bag is the only way to keep the fob's signal out of the air so it can't be repeated.
 
P
#40 ·
I often leave my fob in my vehicle when I go fly fishing so as not to get it wet - I pull the physical, laser cut key out of the fob, and leave the fob in this setup. In my experience, the Altoid tin wasn't enough to disable the signal, so I added another faraday element (bottom portion of a mylar & foil coffee beans bag. Works like a charm!
 

Attachments

H
#4 ·
Toto, thanks for summarizing the thread. I did read the thread but now I get it...putting the fob to sleep is a great solution! A little annoying but not the end of the World. So when I lock my car in a parking lot I will disable fob and when I get back to my car I will turn the fob back on (this is the easy step since I only need to press one button). Then put my hand in the door.

Ruby Red, I was thinking of a vegetable can...altoids tin sounds like a more elegant choice :)
 
#8 · (Edited)
Haven't tried manually turning off the key yet but seems like a good habit to start.
315350


Not sure but think after 2 minutes it shuts off.

â– Battery-saving function The battery-saving function will be activated in order to prevent the electronic key battery and the vehicle battery from being discharged while the vehicle is not operated for a long time.
●In the following situations, the smart key system may take some time to unlock the doors. • The electronic key has been left within approximately 11 ft. (3.5 m) of the outside of the vehicle for 2 minutes or longer. • The smart key system has not been used for 5 days or longer.
 
H
#11 · (Edited)
Wait a second. All a thief has to do is sit in a parking lot and look for a 4th generation Highlander (or other cars that have the same security problem) that is entering the lot to park. Pull up along side of the victim before they even get out of the car. Then do their thing to intercept while victim is still in car (the thief could stay in their own car or if not close enough their accomplice could jump out to get closer). After the owner leaves the car and walks into Home Depot or whatever the thief then takes the car. Easy...

All that being said, assuming I am right, I now know what to look out for when in public. Then again the range on these fobs is pretty big...maybe 4 or 5 cars away so it may be hard to detect the bad guys. The good news for now since my car is new I try to park farther out so no one scratches my car. In 3 years I won't care as much and will park with the other cars.

If I feel paranoid I could turn off my fob before I even enter the parking lot
 
#15 ·
highlander2021 said:
Wait a second. All a thief has to do is sit in a parking lot and look for a 4th generation Highlander (or other cars that have the same security problem) that is entering the lot to park. Pull up along side of the victim before they even get out of the car. Then do their thing to intercept while victim is still in car (the thief could stay in their own car or if not close enough their accomplice could jump out to get closer). After the owner leaves the car and walks into Home Depot or whatever the thief then takes the car. Easy...
Click to expand...
No, not quite.

The thieves are not copying your fob, or capturing any information to be used at a later point in time. They are finding a way to extend the radio range of the fob so that at the moment they want to get into the car, they can trick the car into thinking the fob is right there next to the car.

So the fob has to be within range of the thieves' device at the time they want to get in. If you walk away, you're no longer in range. The most common situation where this method of entry is being applied is when the car is parked on the street or in the driveway outside the bedroom window where the keys are.
 
H
#13 ·
truckster said:
yeah, if someone wants your car bad enough they'll steal it whether it's by mimicking your key fob signal or other means.

I can't worry myself to death about every single thing that could possibly go wrong all day/every day
Click to expand...
Yes, I agree people should not be so paranoid that they cannot enjoy life but having a well defined procedure that you follow each day is helpful. Every night I walk around my house and double check doors are locked and garage door is closed. I check that the stove is locked so cats don't accidentally turn on, etc. Easy routine.

Same with network or code security...be sure updates are installed etc. personally or if you run a corporate network...so many EASY fixes to keep us secure...not enough people think about what could happen. Looking over your shoulder once in a while when walking in a crowded city. Wearing headphones? Perhaps don't play your music too loud so you are aware of what is going on around you. Checking your tires once in a while for wear, etc. Simple things in life make the World of difference when it comes to security, maintenance, etc.
 
H
#16 ·
Thank you toto. To summarize, the fob cannot be copied and the fob needs to be near the car in order to steal the car using this technique. In other words, it's quite hard to break into this car in a public parking lot.

I am not worried about someone stealing my car at home because it's in a garage in the exurbs.
 
R
#17 ·
In order to keep driving, they do need a clone of your info. You can not ODB in to the car and play key games with out a key signal. I was just playing with TechStream. Adding in Lexus keys seemed like a good idea..... I suppose they can store your info and create two clones so they have two keys for the car, but lose the individuality of unique keys. It is popular for key shops to clone keys which is a lot simpler than adding keys. The keys are a royal pita.
 
#18 ·
Again, no, they're not cloning the fob.

Once the car is running, you don't need the fob anymore. You can drive without the fob in the vehicle. It will complain about "key not detected", but it will let you keep going. Without a fob, you just can't start it again, nor can you program your own keys.

The thieves are aware of the limitations and don't care. They're looking to either break into the car for whatever is inside or to take it on a one-use trip somewhere.
 
#21 ·
News people don't always get into the real technical details of a story like this, and it's a pretty fine line between cloning - making a copy you can use later - and amplifying or repeating the signal from the real fob for immediate use.

I think if they really were cloning key fobs by walking around inside a store and randomly copying any fob they get near, the theft would be a much bigger problem.
 
#24 ·
Hi, this might be a repeat from a previous thread, but if you are concerned about theft, there is something else you must be aware.

As shown in the article in the beginning of the thread, there is the repeater attack that is used to unlock and start the car when the fob is near the door. In that scheme, it is the car that initiates the transaction to the fob (AFAIK). But there is ALSO the scheme where you lock or unlock the care using the buttons on the FOB. That has a really larger range. The FOB blasts the code. It has been reported that anybody can learn-and-replay...

So, when you get at the store/shopping mall, don't lock the car with the FOB buttons. Use the lock button on the door or use the two-tap method on the handle.

jf
 
#25 ·
Bottom line is any type of electronic ignition/locking mechanism can be hacked - sometimes easily, sometime not so much so. Nonetheless they are all better than the cylinder lock mechanisms of not too many years ago where the only tool needed to steal a car was a screwdriver.

The vast majority of car thefts, and thefts in general, are a matter of opportunity and ease. A security expert told me many years ago the easiest way to deter a thief from breaking into your house was to get a big doghouse, even if you don't have a dog. Casual thieves will see it and just move on to the next house down the road.

For cars a simple steering wheel lock bar will accomplish the same thing. It makes the car parked next to you an easier target.

www.thedrive.com

Best Steering Wheel Locks: The Club is Back

Looking for a steering wheel lock? Our team of experts narrowed down the best steering wheel locks on the market. Read this review and save yourself time and money.
www.thedrive.com www.thedrive.com
 
Save
Reply Quote Like Like
#27 ·
MI-HL said:
For cars a simple steering wheel lock bar will accomplish the same thing. It makes the car parked next to you an easier target.

www.thedrive.com

Best Steering Wheel Locks: The Club is Back

Looking for a steering wheel lock? Our team of experts narrowed down the best steering wheel locks on the market. Read this review and save yourself time and money.
www.thedrive.com www.thedrive.com
Click to expand...
Don't be silly. Those are stolen in less than a minute. They cut steering wheel and remove the piece. Drive away.
 
#29 · (Edited)
Any car thief come well prepared for his job. A good hacksaw or, now, cordless cutter, is part of such preparation as, vehicles are often cased for theft and action planned. There is only one on steering wheel device that, can possibly deter a theft longer but, CLUB is none of them. Those are joke for years.
freakonomics.com

What Car Thieves Think of the Club - Freakonomics

It can be a useful tool...for the thieves!
freakonomics.com

Back in the ’90s, I was working as a design engineer for Chrysler. I had responsibility for key cylinders and door latches. At that time auto theft rates in Europe were increasing and driving the insurers to put pressure on the Euro governments to require increased theft deterrence devices on all new cars. As part of our attempt to figure out where best to invest our design dollars, we hired some professional car thieves to provide a more hands-on perspective than us engineers had (well, maybe not all of us).
At some point, the Club was mentioned. The professional thieves laughed and exchanged knowing glances. What we knew was that the?Club is a hardened steel device that attaches to the steering wheel and the brake pedal to prevent steering and/or braking. What we found out was that a pro thief would carry a short piece of a hacksaw blade to cut through the plastic steering wheel in a couple seconds. They were then able to release The Club and use it to apply a huge amount of torque to the steering wheel and break the lock on the steering column (which most cars were already equipped with). The pro thieves actually sought out cars with The Club on them because they didn’t want to carry a long pry bar that was too hard to conceal.
Click to expand...
There is no such thing, as car, that can't be stolen. If someone really wants it, there's impounder truck. That will, simply, pick up your vehicle off the ground and drive it anywhere they want to. Clubs, brake locks, wheel locks, ignition disabling systems, you name it. Does not matter. Battery can be disabled from outside and then, all fancy alarms simply don't work.
 
R
#30 ·
FOB 101

There are two parts to the FOB. The near field RFID and the transmitter. The car must hear the RFID which has short range. That is why the repeater needs to be close to the FOB. It is a weak signal on purpose. Very basically the transmitter forwards enough information to do a few things. These transmissions have evolved to higher and higher levels if encryption. 48, 72 and now, I believe, 128 bits (for our cars.). These encryption levels are what the tech has to catch up to make FOBs. The forgoing is very general.
 
H
#32 · (Edited)
After reading jflarin long range unlock comment and Ruby Red's short range comment I did some more thinking. I would not use my estimate as accurate but I just ran an unscientific test and see that my fob transmitted enough to turn on my Highlander light at 4 feet. So assuming I won't lock my car from a distance (I won't) and knowing that "current technology" will most likely keep me safe from cloning then I just need to be aware of my surroundings (which I already am mostly) in public where there are a lot of people around.

It will be pretty obvious, I think, if there is someone trying to steal my car this way because 4 feet is quite close! Now if I am entering a parking garage or somewhere super crowded where I cannot understand who or what is around me easily I'll just turn off my key fob. Anyway, I am not super paranoid about my car being stolen but I think it's important to understand enough about security so I can make quick decisions to stay safe.

Remember my criminal gang theory where they sit in a parking lot and wait for Highlanders (or other manufacturers with fobs like ours) and then they see the target? Then the criminals quickly drive over to my car assuming the parking lot is empty enough to pull next to me. Then they get the code...this scenario seems unlikely because the criminals would be quite obvious because they would need to be within 4 feet of my fob. The criminals would have to follow me walking into store or whatever...then you get into cloning which is most likely not yet possible. I guess they could pull up next to me at a light before I get to the parking lot...haha
 
#33 ·
Does anyone really know for certain how this works? I'd like to know.

I do not believe that the keyfob is constantly transmitting a signal. Makes no sense because it takes a helluva lot more power to transmit than to receive. So if it was constantly transmitting an RF signal the coin battery would be dead in a few hours. Makes a lot more sense that with no buttons pressed the keyfob is a passive receiver and the primary transmitter is the vehicle powered by the car battery. When a keyfob button is pressed at a distance it transmits a long range signal to the vehicle to open or lock the doors and it is this signal that can be intercepted. If a button is not pressed the receiver in the keyfob will receive the car's transmitter signal and only then will transmit a signal to lock or unlock the doors. It is only at these times the keyfob will transmit and irrelevant when returning to the car because you are already there and ready to leave. Only way to steal a code would be when you use the keyfob button to unlock or unlock the door.

This car transmit - keyfob receive and transmit and - the car receives and unlocks or locks can be avoided when leaving the vehicle by not using the keyfob or front door door handles or hatch button to lock or unlock the the doors Instead use the inner lock button on the drivers door to lock all doors before leaving to avoid a transmit-receive handshake, i.e. the driver's button to lock will always operate if no keyfob is present. Done that way the only way to receive the transmit code would be to duplicate the car's transmitter and then get within two feet to direct the keyfob to transmit the recognition signal. Good luck to anyone stupid enough to follow me within 2-3 feet of me to attempt that.
 
R
#37 ·
Unless you do not notice your car gone for a few hours, "they" know where it is! While I can only guess how they can hide the car from the embedded tracking, thieves likely know they have a little time to disable "here I am" signal. In other words the real smart ones will make it vanish real fast. This is how I imagine it works and I can be wrong.

Sad thing, if the insurance does not recover (what ever is left of) your car, you will wait a month before it is declared dead and you can collect the death benefit.

It is a crappy deal, no matter what.
 
Toyota Forum
posts
6.4M
members
658K
Since
2001
ToyotaNation Forum is a community dedicated to all Toyota models. Come discuss the Camry, Tacoma, Highlander, 4Runner, Rav4, Corolla, Rav4 Prime and more!
Full Forum Listing
Explore Our Forums
Camry 3rd and 4th Gen '92-'01, Solara '99-'03 Camry 5th and 6th Gen '02-'11, Solara '04-'08 Tacoma 2nd Gen (2005-2015) Corolla 10th Gen/2nd Gen Matrix (2009-2013) Camry & Solara Lounge