Sponsored

Thieves Use Proximity Key Fob Relays to Gain Access.

OP
OP
Lunentucker

Lunentucker

Well-Known Member
Joined
Apr 24, 2022
Threads
184
Messages
4,715
Reaction score
11,648
Location
Virginia
Vehicle(s)
2021 Jeep Gladiator Mojave
Occupation
People Work?
I am SO glad I live where I do............. and that my wife is a stickler for "the garage doors shall always be closed unless you are actively driving out or in"
We live in a very rural place, the house is not visible from the public road, and the nearest neighbors are 1/4 mile, and I still am emphatic about keeping doors locked and secured when we're home.
A little bit of noise gives me enough warning to grab something (and there's at least one in every room).
Sponsored

 

DamonSD

Active Member
First Name
Damon
Joined
Mar 6, 2021
Threads
3
Messages
27
Reaction score
15
Location
San Diego
Vehicle(s)
Gladiator
No one has to press anything. The proximity fobs are always signaling and the vehicle is always listening. The repeaters simply fool the car into thinking that the fob is close by. If you have doors that automatically unlock on touch then they're in.


"Here's how it works: Each person carries a relay box, which can be purchased for as little as $20 online. The boxes can pick up the radio frequency from a car key fob that's sitting on a table inside, hung up on a key rack, or even resting in a purse. The relay boxes allow one person to stand near the home to pick up and amplify the key fob signal and then transmit it to the second box, which the other person holds outside the door of a car. Once the key fob signal reaches the second box, it unlocks the door, as the car thinks you're holding your key fob nearby. Now the criminals just have to drive away without getting caught and then change the locks."

https://www.popularmechanics.com/technology/security/a29835980/technology-theft-rfid-bluetooth/

https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/
This is spot on, my wife's CX-9 was stolen in February. We had kept our keys towards the front of our house. One night at 3:50 AM, they rolled up, unlocked the car and drove off. It took less than a minute and the car still has not been recovered. Really annoying but she did get a 2022 Bronco on 35s.
 

joeym7

Well-Known Member
First Name
Joe
Joined
Sep 12, 2021
Threads
27
Messages
652
Reaction score
513
Location
east coast
Vehicle(s)
2022 Mojave, 2003 Cadalac STS
Occupation
Retired
I am not at the point (yet) of always keeping the garage closed in broad daylight and not going to stop keeping it in the driveway either during the day, but I do tend to watch my Mojave intermittently on the video security cameras when she is not tucked away. Not a hardship because she is so "pretty" anyway. -LOL!

There is no guarantee obviously, but deterrents are a good thing, all other things equal.
 

Sponsored

joeym7

Well-Known Member
First Name
Joe
Joined
Sep 12, 2021
Threads
27
Messages
652
Reaction score
513
Location
east coast
Vehicle(s)
2022 Mojave, 2003 Cadalac STS
Occupation
Retired
I think it's important to understand that these thefts don't just occur at home.
Thieves could easily watch valets, hotels, restaurants, shopping centers.
Thief #1 follows you or stays close enough to get the signal while thief #2 stands by your car in the lot.
Do the dirtbags have the ability to store the fob signals for future use? If so what is your strategy when going out say to food shop or get something to eat at a joint? Does the gladiator even work if the Key Fob isn't detected on the "driver"?
 

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,091
Reaction score
34,572
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
Hackers gonna hack brah. Don’t matter what security is in place they will find a way. I use stuxnet as an example on what can be done if enough resources, and persistence. https://en.m.wikipedia.org/wiki/Stuxnet
I used to work with Symantec - tech support and alpha-testing corporate security products.
There's a lot more to stuxnet than what's in wiki pages.

But the real kicker is how it, and things like it, get in......... those control systems were not "on the internet", nor were they connected in any way to anything that was. They were air gapped. It was "invited in".
I've been through some security training in my former jobs...... and have seen videos detailing how things like this move. Even when I was IT security for the state, 90%, perhaps more, of all "malware" was not the result of a hack or hole in security at the gate, it was invited in by humans.
Studies show that if you place malware on a CD or thumb drive, mark it in a way to arouse curiosity - family pictures, vacation pics, free software, that someone WILL pick it up, and of those that do, 9 out of 10 insert said devices into a WORK computer. Yeah, they take it to work and plug it in. And that's how stuxnet happened to centrifuges where the control systems and computers were air gapped.
As I recall from training, a USB device was inserted by an employee.
So if you want to attack any business or company or government network, just leave a CD or USB stick laying around with malware, mark it to seem fun and harmless, and you might be in.
those who pick it up will almost certainly plug it in when they get to work.

One of the hits that took place while I worked at Principal happened because a HELP DESK person was messing around trying to figure out some viruses he had collected on a CD... yup, insert CD into work computer, idiot. Luckily it didn't get far but there were still enough people who messed with the rules there - especially in help desk and IT areas because they felt firewalls and anti-malware cramped their style and slowed their ability to play on the internet and do their shopping while at work (planning weddings, buying wedding dresses, buying supplies for home brewing)
The only things that got in were invited in, or in their worst case, Code Red because the dopes on the web team insisted they knew better and their servers were fine - after I warned them what was coming in the next hour or so.

Similar when I worked for the state - the only issues were brought in by IT staff - luckily it was mostly adware crap.
I caught the phishing email one of the financial department staff RESPONDED TO. I saw the alert - phishing email received and responded to.
OTherwise, the whole time I ran that agency IT security, we never had real malware. I blocked access to the USB ports except for approved devices by serial number, and no EXE or com or bat or cmd, etc. files could be run.

It's the human factor, not hacking, that gets intruders in the door.
 
Last edited:

Deleted member 47279

I used to work with Symantec - tech support and alpha-testing corporate security products.
There's a lot more to stuxnet than what's in wiki pages.

But the real kicker is how it, and things like it, get in......... those control systems were not "on the internet", nor were they connected in any way to anything that was. It was "invited in".
I've been through some security training in my former jobs...... and have seen videos detailing how things like this move. Even when I was IT security for the state, 90%, perhaps more, of all "malware" was not the result of a hack or hole in security at the gate, it was invited in by humans.
Studies show that if you place malware on a CD or thumb drive, mark it in a way to arouse curiosity - family pictures, vacation pics, free software, that someone WILL pick it up, and of those that do, 9 out of 10 insert said devices into a WORK computer. Yeah, they take it to work and plug it in. And that's how stuxnet happened to centrifuges where the control systems and computers were air gapped.
As I recall from training, a USB device was inserted by an employee.
So if you want to attack any business or company or government network, just leave a CD or USB stick laying around with malware, mark it to seem fun and harmless, and you might be in.
those who pick it up will almost certainly plug it in when they get to work.

One of the hits that took place while I worked at Principal happened because a HELP DESK person was messing around trying to figure out some viruses he had collected on a CD... yup, insert CD into work computer, idiot. Luckily it didn't get far but there were still enough people who messed with the rules there - especially in help desk and IT areas because they felt firewalls and anti-malware cramped their style and slowed their ability to play on the internet and do their shopping while at work (planning weddings, buying wedding dresses, buying supplies for home brewing)
The only things that got in were invited in, or in their worst case, Code Red because the dopes on the web team insisted they knew better and their servers were fine - after I warned them what was coming in the next hour or so.

Similar when I worked for the state - the only issues were brought in by IT staff - luckily it was mostly adware crap.
I caught the phishing email one of the financial department staff RESPONDED TO. I saw the alert - phishing email received and responded to.
OTherwise, the whole time I ran that agency IT security, we never had real malware. I blocked access to the USB ports except for approved devices by serial number, and no EXE or com or bat or cmd, etc. files could be run.

It's the human factor, not hacking, that gets intruders in the door.
I love humans. I mess with them all the time lol. Ima hacker. I break stuff professionally, but I can’t protect myself without exposure to life.
 

Lush

Well-Known Member
First Name
Robert
Joined
May 12, 2022
Threads
3
Messages
67
Reaction score
91
Location
Houston
Vehicle(s)
2021 Jeep Gladiator Overland, 2020 Expedition Max
Vehicle Showcase
1
As others have said in this thread, I have always welcomed someone to try and steal my vehicles; insurance is a beautiful thing and I will have my replacement nice and quick, if they asked I would just hand them the keys, why not? Not my problem anymore, they can deal with the consequences of a dangerous lifestyle, its not worth dirtying my hands trying to keep someone from taking my replaceable property.

That said, there are all kinds of doorbell camera videos of people going up to front doors with these large repeater devices, its certainly nothing new.
 

Artsifrtsi

Well-Known Member
First Name
Jude
Joined
Apr 28, 2020
Threads
35
Messages
1,354
Reaction score
2,154
Location
Huntsville, AL
Vehicle(s)
2020 Gladiator Overland, 2005 Wrangler X
Build Thread
Link
Occupation
Resident Pompous A-Hole
We live in a very rural place, the house is not visible from the public road, and the nearest neighbors are 1/4 mile, and I still am emphatic about keeping doors locked and secured when we're home.
A little bit of noise gives me enough warning to grab something (and there's at least one in every room).
Sounds like my house... but we also have driveway motion alarms just after the last neighbor's house, so we know if someone is coming up the driveway from about 1/4 mile away.
 

Sponsored

Deleted member 47279

As others have said in this thread, I have always welcomed someone to try and steal my vehicles; insurance is a beautiful thing and I will have my replacement nice and quick, if they asked I would just hand them the keys, why not? Not my problem anymore, they can deal with the consequences of a dangerous lifestyle, its not worth dirtying my hands trying to keep someone from taking my replaceable property.
Everything can be taken, but how you handle it makes the difference. I’ve had executives call me the worst kind of names because they didn’t have basic common sense. Not my fault you can’t lock a door.
 

ShadowsPapa

Well-Known Member
First Name
Bill
Joined
Oct 12, 2019
Threads
178
Messages
29,091
Reaction score
34,572
Location
Runnells, Iowa
Vehicle(s)
'22 JTO, '23 JLU, '82 SX4, '73 P. Cardin Javelin
Occupation
Retired auto mechanic, frmr gov't ntwrk security admin
Vehicle Showcase
3
Do the dirtbags have the ability to store the fob signals for future use? If so what is your strategy when going out say to food shop or get something to eat at a joint? Does the gladiator even work if the Key Fob isn't detected on the "driver"?
You can't shield it while in the vehicle - it won't start. If you shield it after starting, it will say fob has left the vehicle or fob not detected, whatever.

I love humans. I mess with them all the time lol. Ima hacker. I break stuff professionally, but I can’t protect myself without exposure to life.
If I was still working in the IT field, especially either with PFG or the state, I'd love a day's sit down with you.
When I did beta testing, people asked what I did - I'd say I try to break things, and usually do.
When I was asked "how did you know that" or "how did you know that would happen" or "how did you know where to look" - I had to admit - you have to have a bit of an evil mind and think like the bad guys. Of course I did get some looks....... especially from one of the co-workers who just didn't get that people can have a bad side at all. The network admin I worked with just smiled and nodded knowingly.

I used to love the "Scripts" I was sent when doing beta testing (and for Symantec, some alpha testing). I fire back at them - no one does it this way. And I'd say - you are telling us to remove prior versions first but you know that no consumer is actually going to do that. They finally relented and always included a process that would look for and remove any traces of prior versions and sometimes even competing products. You can't test this way - these are humans! If it can be done wrong, they'll do it. I think I found more flaws than 70% of the others.
I subscribe to the Red Green theory of life - it ain't broke, you're not trying.
 

Deleted member 47279

You can't shield it while in the vehicle - it won't start. If you shield it after starting, it will say fob has left the vehicle or fob not detected, whatever.



If I was still working in the IT field, especially either with PFG or the state, I'd love a day's sit down with you.
When I did beta testing, people asked what I did - I'd say I try to break things, and usually do.
When I was asked "how did you know that" or "how did you know that would happen" or "how did you know where to look" - I had to admit - you have to have a bit of an evil mind and think like the bad guys. Of course I did get some looks....... especially from one of the co-workers who just didn't get that people can have a bad side at all. The network admin I worked with just smiled and nodded knowingly.

I used to love the "Scripts" I was sent when doing beta testing (and for Symantec, some alpha testing). I fire back at them - no one does it this way. And I'd say - you are telling us to remove prior versions first but you know that no consumer is actually going to do that. They finally relented and always included a process that would look for and remove any traces of prior versions and sometimes even competing products. You can't test this way - these are humans! If it can be done wrong, they'll do it. I think I found more flaws than 70% of the others.
I subscribe to the Red Green theory of life - it ain't broke, you're not trying.
humans are lazy, and hardheaded. They assume they are right without sound empirical data to back it up. We have always done it this way, blah blah blah. Who do you think you are…no one thinks that way. Here’s a police file and after action report to say otherwise lol. By the way. Here’s my invoice. That’s due in receipt….
 

OngsterA

Well-Known Member
First Name
August
Joined
Mar 13, 2022
Threads
12
Messages
268
Reaction score
447
Location
So CA
Vehicle(s)
'22 Sarge Rubicon
Occupation
Software Security
No one has to press anything. The proximity fobs are always signaling and the vehicle is always listening. The repeaters simply fool the car into thinking that the fob is close by. If you have doors that automatically unlock on touch then they're in.


"Here's how it works: Each person carries a relay box, which can be purchased for as little as $20 online. The boxes can pick up the radio frequency from a car key fob that's sitting on a table inside, hung up on a key rack, or even resting in a purse. The relay boxes allow one person to stand near the home to pick up and amplify the key fob signal and then transmit it to the second box, which the other person holds outside the door of a car. Once the key fob signal reaches the second box, it unlocks the door, as the car thinks you're holding your key fob nearby. Now the criminals just have to drive away without getting caught and then change the locks."

https://www.popularmechanics.com/technology/security/a29835980/technology-theft-rfid-bluetooth/

https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/
Good info. But what about if the Passive Entry is unchecked/turned off on UConnect? Will that help at all?
 

NachoRuby

Well-Known Member
First Name
Chad
Joined
Apr 28, 2021
Threads
28
Messages
2,985
Reaction score
4,395
Location
Pennsylvania
Vehicle(s)
'21 JTR , '18 JLU, 73 VW Bug, 97 VW Jetta, all MTs
Good info. But what about if the Passive Entry is unchecked/turned off on UConnect? Will that help at all?
I don't think it really matters, because all gladiators have proximity keys. It's why it only starts when the key is in the vehicle. With or without passive entry installed, and with or without passive entry enabled, your key is a proximity key.
Sponsored

 
 



Top