18

Am I missing something? The Engadget article Kia made a tiny Faraday cage to protect your wireless key from thieves says:

Many existing keyless entry systems aren't secure, but few people are likely to replace their cars just to reduce the chances of a determined thief making off with their ride. Kia UK has an official stopgap solution, though. It's taking a cue from third parties and releasing KiaSafe, a case that serves as a minuscule Faraday cage to block the key's wireless signals. There's nothing particularly special to it -- it's ultimately a metal-lined pouch -- but that's all might you need to prevent someone from swiping your car while you're asleep.

I'm confused in more than one way.

  1. I'd thought that the point of a Faraday cage for RF signals is to block RF inside from getting out and RF outside from getting in. So then you'd have to take it out of the Faraday cage to use it and then of course the usual intercept mechanisms can still take place.
  2. If your radiating source is positioned flat up against or even a fraction of a wavelength away from (at least a wire mesh) Faraday cage, don't you then get significant leakage anyway?
uhoh
  • 3,399
  • 2
  • 23
  • 63
  • 1
    1: I agree 2: probably but it might just be the case that the signal isn't strong enough even if the pouch doesn't block everything so the car doesn't respond (by unlocking the doors). I'd personally prefer to have a button to unlock the car. – Bimpelrekkie Jul 04 '19 at 08:30
  • @jsotola it all depends on the how the key works and there's a variety of different modes of operation, e.g. single-use code transmitters, passive RFID, active RFID, etc. The article doesn't make it clear, but [the current answer](https://electronics.stackexchange.com/a/446739/102305) and comments there shed more light on that. – uhoh Jul 04 '19 at 12:10
  • 1
    sorry, i was under the impression that you have knowledge about how the key works, since you did not ask about it. – jsotola Jul 04 '19 at 12:22
  • @jsotola the last car I owned had a carburetor, points, and a big coil that went zap! zap! zap! – uhoh Jul 04 '19 at 12:31
  • 1
    The car manufacturers could fix this by putting a time measurement circuit in the key that counts the nanoseconds a pulse takes to go from the car to the key and back. Fairly high speed electronics needed, but a GPS has basically that thing. – Rich Jul 05 '19 at 03:22
  • 1
    Or... don't transmit anything while the user isn't pressing the button... `` – Lundin Jul 05 '19 at 12:22

3 Answers3

32

The idea of that case is to protect the keys while you're sleeping. You need to take the keys out when you want to use them to drive the car.

The main problem is trying to cope with key-relay car theft. This tends to happen at night, with thieves making use of the fact most people keep their keys near the front door. So the key signal just needs to be relayed from just the other side of the wall (where the key's signal just about reaches), to the car. Then the car can then be unlocked, started and driven away. The idea of the case, is you put the key in the case, a lot less RF gets out, so the signal is so low that it cannot be relayed to steal your car.

Then you'll need to take the key out of the case in order to get in your car. So your key-less entry and start isn't quite as easy as it would otherwise be. So yes, the keys are out of the case then, but you are in a position to see/use the car, so that should stop anyone stealing your car.

Alternative solution to this is my prefer ed one: keep keys further away from the door.

Puffafish
  • 3,893
  • 14
  • 25
  • Maybe I don't understand the function of the key itself. It's not a button-activated transmitter? (I'm a public transportation junky, don't drive and haven't for quite a while) – uhoh Jul 04 '19 at 08:31
  • 2
    This key case is for the wireless keys, used in key-less entry and key-less start options. These features are getting quite common in cars, are standard on quite a few higher end vehicles. But security is poor. – Puffafish Jul 04 '19 at 08:33
  • 1
    Though not quite as worrying as some of the other hacks, such as putting the handbrake on via Bluetooth: https://www.makeuseof.com/tag/3-ways-car-can-hacked-cyber-criminals/ – Puffafish Jul 04 '19 at 08:34
  • 3
    I understand what it's for, but what is it? Is it a transmitter, or an active RFID, or a passive RFID? Does the thief broadcast some type of signal to read it while you sleep, or does it spontaneously transmit? Is it possible to clarify further in your answer how the key works? Thanks! – uhoh Jul 04 '19 at 08:36
  • 4
    I have a key-less start, the key sits in my pocket, I press the start button in the car, and the car starts. This kind of key can be RFID, or actively transmitting all the time. The key-less entry options tend to transmit constantly. So it's always blasting out the code to unlock the car, but only at low power, so short distances. So you are near the car when it's unlocked. Unless someone is relaying the unlock signal. – Puffafish Jul 04 '19 at 08:41
  • okay I get the idea now, thanks! – uhoh Jul 04 '19 at 08:43
  • 1
    @Puffafish Isn't that really hard on the batteries? Like my two-way remote starter dies in just a few months because it's always trying to check which is why I don't use two-way starters anymore. – DKNguyen Jul 04 '19 at 20:16
  • 1
    @DKNguyen yeah, it's harder on batteries than the "traditional" keys where you need to push a button for it to transmit. Some manufacturers put a slot in the car that charges the battery, others decide to add a key battery change to the car's maintenance schedule. – Aubreal Jul 04 '19 at 21:09
  • 6
    And all these problems are caused by the tendency of people being so lazy they don't even want to push a single button on their key to unlock the car. (or the manufacturer's assumption that people really want this - at least give us the option to set the key to only unlock the car with the press of a button, instead of automatically by proximity) – vsz Jul 05 '19 at 04:28
  • @Puffafish I thought the _car_ is transmitting continuously, trying to contact the key. The key would just be listening for a signal from the car and answering when it receives a valid request. – Dubu Jul 05 '19 at 09:10
  • 2
    @vsz the truly frustrating part is that they don't give us an option/setting to do something smarter-also why do cars continue to work if the key is not inside? Most have a special location where a battery-less key can sit and still work so there is no reason for this. it's like they are designing the cars to be hacked and stolen. Perhaps if we passed laws making the manufacture responsible for the replacement of cars stolen due to poor security things would be different--but without any motivation they will continue to make really stupid design choices that sell due to "Coolness" factors – Bill K Jul 05 '19 at 16:15
  • 1
    @BillK Having the engine shut down if the fob is no longer detected (such as when the battery dies) can present a safety hazard if it happens while underway. Trying to make the car smart enough to predict when doing so would be safe would be a huge legal liability if it guesses wrong and someone gets hurt. There are other factors than coolness that make this kind of system worth having and make several other types of attacks difficult or impossible. – Blrfl Jul 05 '19 at 20:11
  • 1
    You could easily say that once stopped the car will not move again until it can find the keys (then show where to insert the keys in case the battery has died). How about just as an option for those who understand how dangerous these new keys are and let everyone else trundle along in ignorance? There are a million solutions they could do if it was important to them. – Bill K Jul 05 '19 at 21:18
  • What I find particularly frustrating is that it is possible to defend against these relay attacks; I read papers ([example](https://dl.acm.org/citation.cfm?id=1128472), [example](https://link.springer.com/chapter/10.1007/978-3-642-10433-6_9)) on this very subject some 10 years ago! And yet, no one bothered to do this apparently. – marcelm Jul 06 '19 at 01:26
  • @BillK The bottom line is that you don't intentionally engineer something into a car that increases the risk of injury to or death of the occupants. The cost of that is much higher than the cost of a theft, and nobody would underwrite liability coverage for it. If you don't want the key to function without being in physical contact with the car, remove the battery. – Blrfl Jul 06 '19 at 15:07
22

Wouldn't putting an electronic key inside a small Faraday cage render it completely useless?

That is entirely the point of putting it in a small Faraday cage. You'd take it out of the cage to access your car or drive.

Some new-fangled keys chat with the car. The car asks 'are you there?', and the key replies 'yup!'. Which is all fine and dandy when you are near the car and want it to work.

Unfortunately, when you are asleep, and your keys are in your jacket pocket hanging in the hall, some well-equipped car thieves might put one end of an RF relay link near your car, and the other end next to your front door. When the car asks 'are you there?', thanks to the link the key can hear, and the car hear its answer. Next morning, there your car isn't. The Faraday cage blocks the unwanted RF access.

Neil_UK
  • 158,152
  • 3
  • 173
  • 387
  • 2
    Oh!! Yes I see now, thanks! I'm thinking that now since the key doesn't have a button, you put it in an RF-proof container, which seems to me to be just a different kind of button. – uhoh Jul 04 '19 at 14:19
3

Addressing the 2nd part of your question

  1. If your radiating source is positioned flat up against or even a fraction of a wavelength away from (at least a wire mesh) Faraday cage, don't you then get significant leakage anyway?

Richard Feynmann showed the attenuation of a parallel-metal-wires Faraday cage, with wire spacing of D distance, with L spacing between the wires and the circuit to be shielded, to be AT LEAST

$$2 \pi \frac{D}{L} $$

in NEPERS.

Thus 1mm wire spacing, and 1mm distance from wires to circuit, provides 6.28 nepers which with 8.6 dB/neper == 54 dB.

If the circuit is 2mm inside the wires, at least 108dB.

Why are many IR receivers in metal cages?

uhoh
  • 3,399
  • 2
  • 23
  • 63
analogsystemsrf
  • 33,703
  • 2
  • 18
  • 46
  • I see! I guess as long as the spacing is a fraction of a wavelength or smaller, the expression is independent of wavelength, which is probably true in this case. *Thanks!* And thanks for the interesting linked question and [excellent answer](https://electronics.stackexchange.com/a/295689/102305) there as well. – uhoh Jul 05 '19 at 23:05