this post was submitted on 21 Jan 2025
18 points (87.5% liked)

No Stupid Questions

36706 readers
932 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.

Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.

Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here.

Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS
L3s
ja2
_MoveSwiftly
Rooki
Thekingoflorda
automodbeta
18
What security purpose a Faraday bag has when it contain a vehicle keyfob (self.nostupidquestions)
submitted 1 week ago* (last edited 1 week ago) by ReginaPhalange to c/nostupidquestions
15 comments fedilink hide all child comments
 

Here's how I understand the issue:
A keyfob is a radio Transmitter. To unlock your car you need the radio transmission to reach the car. The keyfob doesn't transmit a signal when at rest. Therefore putting a keyfob in a Faraday bag achieves nothing.

top 15 comments
sorted by: hot top controversial new old
[–] TootSweet 32 points 1 week ago

I don't know where you got the idea that the key fob doesn't transmit a signal when at rest. If you're talking about keyless ignition with the button on the car (not remote start via key fob) the key fob transmits a response when it gets a request from the car.

The bad guys have a clever trick, though. They put one guy in your car and one guy next to you. The guy at the car hits the ignition button transmits the signal to the other guy, who transmits it to your fob. The second guy then transmits the response from your fob back to the guy in the car, who then sends it to the car. As far as your car knows, the fob is in the car. So it starts. A Faraday cage can protect against this.

[–] gdog05 16 points 1 week ago

I have proximity unlock and my car is parked (at home) just close enough to my catch-all tray where I store my keys to constantly lock and unlock. It usually teeters on lock/unlock so closely that a person walking between the two will trigger it. So, to prevent a dead battery or stolen car, I keep my fob in a faraday bag.

[–] [email protected] 11 points 1 week ago (1 children)

Older fobs never turned off - so they are constantly broadcasting the signal for the car. Newer fobs do turn off when at rest so they’re less risky, but if say it’s in your pocket it’s constantly moving so someone could still relay it to steal your vehicle, assuming they get close enough to you.

The faraday bag is good for older fobs or if you think you’re at risk of a key relay attack.

[–] FuglyDuck 4 points 1 week ago* (last edited 1 week ago) (1 children)

fobs don't turn off. but the car sends a signal to the fob, the fob responds in kind. fobs don't constantly transmit

the farraday cage blocks the intial signal sent by the car. Or as already noted; by the guy standing near enough to get it. (frequently still outside the house.) who then relays it to a guy in/at the car.

[–] [email protected] 5 points 1 week ago (1 children)

Yes I simplified. Some(? I’d hope all but probably not) new fobs do turn off (ignore the car broadcast) if they are not moved for a time. I proved this to myself with my 2020 car by putting my keys down by my car door, I could only unlock the car for a minute or two after I put it down, after that keyless entry didn’t work until I disturbed the fob to wake it up.

This is to mitigate the relay attack at home (and I’m sure other times, like if the key is in a purse), one avenue was that attackers would count on people hanging their keys by the door, so accessible to selective standing on the stoop with a relay. By turning off at rest they can’t be exploited this way.

[–] regdog 1 points 1 week ago

That's clever. I did not know that some key fobs have motion detection as a security feature.

[–] robolemmy 8 points 1 week ago

They're using relay hacks to activate the fob while it's not near the car.

[–] [email protected] 8 points 1 week ago

To unlock your car you need the radio transmission to reach the car.

Correct. So, I build a receiver to pick up the signal from your fob, and then I re-transmit that same signal to your car.

It's slightly more complicated than that. But not by as much as you'd think.

[–] Death_Equity 7 points 1 week ago (1 children)

The fob doesn't turn off.

The car is always calling out for a response and the key "hears" the call and responds with their agreed upon codeword.

A faraday is like plugging the key's ears and putting a gag in its mouth. It can't hear or say anything.

[–] ReginaPhalange 2 points 1 week ago (4 children)

... Which means that if the hacker is near you when you park - there is a time period where the fob isn't masked by the bag, because it is coming out of the ignition, and voulaa - you can record the key's pong of the car's ping, retransmit, and get in. Correct?

[–] [email protected] 6 points 1 week ago

voulaa

voilà

[–] Death_Equity 4 points 1 week ago

That is a possibility if you aren't normally keeping it in the bag unless being needed in the moment.

It is far more common for the attempted theft to occur late at night because thieves avoid greater risk.

[–] tuck182 3 points 1 week ago

Modern fobs should be designed to prevent replay attacks (there should be something specific in the request that alters the response), so it shouldn't be possible to record a response and then use it later.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

This would be easily mitigated by the keyfob using a rolling code. The attacker can record the signal, so the car will also have received it. A replay of that specific code won't work again. That is a principle used in cheap garage door fobs for many years. So I guess keyless fobs would have at least that level of security.

Better would be a cryptographic encryption using public/private key (already done in chip cards, so common technology). Though - looking at the dumb things car manufacturers did - I wouldn't be surprised if they didn't use private/public keys for this.

[–] AresUII 2 points 1 week ago* (last edited 1 week ago)

Sounds like good practice--your next car might rely on SIKE or something else that requires a two-way transceiver