[londons_explore]

It'll be someone using a 'jam, listen, and replay' device to unlock and start keyless cars so they can drive them to a port and steal them.

Pretty much every week a car is stolen this way from my street. I now always take the engine management fuse out of the fusebox when parking my car so at least the car can't start when a thief pulls this... They tried anyway though!

[Nextgrid]

Curious as to how such a device would recover the original signal while it’s broadcasting a stronger signal to jam the frequency.

Also, if you don’t mind, which city/country are you in? It seems insane that this is a regular problem happening in the same location and law enforcement doesn’t catch on.

[michaelt]

You jam at a slightly different frequency - different enough that you can tell the signals apart with your hackrf, but close enough that the receiver chip can't [1]

Of course, the strategy I've heard outlined is to jam and record one rolling code, then a second one, then to replay the first code so the fob holder sees the system respond to their button press but the attacker has a ready-to-use code. If people are seeing their cars failing to unlock, it's not that specific attack.

[1] Page 63 of https://samy.pl/defcon2015/2015-defcon.pdf

[05]

a) use a directional antenna for the jamming transmitter. Everyone except the car can receive the fob signal just fine

b) use a directional antenna pointed at the fob. You jam everyone but RSSI for the fob signal received through the antenna is still acceptable

c) jamming signal triggered by fob transmission, possible to jam specific packet bytes, like the CRC (recoverable later)

d) jamming signal uses a period that is a little shorter than packet length, repeated packets can be recovered by combining their intact parts

etc..

[mhh__]

Where do you live that a car gets stolen from your street every week?

[Jimjamb98]

I can share that from living in a Northern UK city, between 2 or 3 "notorious" streets there would be multiple car break-ins each week. The University's student Facebook page became a constant feed of people reporting cars with smashed windows.

[adaml_623]

There is a big difference between drug addicts breaking windows to steal change and cars being stolen,

[dazc]

I lived in Leeds (Northern UK City) for a while about 15 years ago and, yeah, cars were stolen routinely (mine included). I would expect it is less common now though?

[177tcca]

Damn. I figured the CCTV would at least knock crime down a little.

Afraid to ask what kind of crime happens in places without cameras - those that exist.

[londons_explore]

Police just don't care about stolen cars. It's the same people who do it each week. They live at the end of the road at number 110. None of the stolen cars have ever been recovered, but they're all insured against theft so most people don't care and just buy another car till they get a model that's harder to steal.

[lordnacho]

> jam, listen, and replay

Does that actually work? I thought the fob would contain some kind of private key that's used in a challenge/response scheme with the car, precisely to avoid the replay attack?

[g_p]

It's a real-time relaying, for precisely the reason you suggest, but yes it does work.