HACKING VEHICLES WITH THIS $20 RADIO!!!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

waa no way have you ever tried to lock your car with your key fob and it wouldn't lock or maybe you're in a rush and you locked it and you didn't even look back to see if it had locked what if someone had intercepted your key fob signal preventing your car from locking they can go and open your car and steal the stuff from inside your car like that nice 7100 radio in there now this sort of attack is surprisingly easy to do with pretty rudimentary radio gear like this little Quan Shing radio here that costs about 15 to 20 quid now of course this is super illegal to do but if they're going to break into your car they don't really care about radio laws do they essentially what someone with ill intentions could do is transmit a signal from a little radio like this on a similar or the same frequency as your key fob thus completely blocking your car from receiving the key fob signal so let's try and grab the frequency from my Audi's key fob I've got the K Quon Shing in spectrum scan mode I'm just going to hold the key fob down here somewhere and basically just press it and let's grab the frequency there we go 434 425 that's the one we want so the K quaning set to that frequency and you can hear the key fob emitting its radio signal now if we go outside to my car and we transmit on the radio it's in Vox mode so it's picking up my voice and transmitting we can't do anything with the car because it is being jammed by this Quang now it's not transmitting I can lock and unlock the car normally and the reason that works is because little radios like this put out way more power than your key fob so it's just completely iterates the signal and stops it from working so what we're looking at here is the area of radio spectrum where all the key fubs live there's so many signals coming and going just completely churning and at this time of day sort of like in the in the kind of midm morning there's loads of activity people going to work school runs there's other stuff in this band as well like kind of um remote Gates and access systems but you can see how busy it is now I can see these signals really clearly because I've got a very directional antenna pointing towards my local town but these nefaria characters they could be in your local car park now if you've not been aware of this sort of stuff before this could be a bit of an eye opener but if you are aware of this sort of stuff you'll know about devices like this The Flipper zero it's not just a cute Tamagotchi these things can jam signals as well again highly illegal but not as effectively as an actual high power radio it can do other stuff though like replay attacks so essentially what a replay attack is basically storing or recording the signal from a key fob like that and then replaying it back on the same frequency to the car in the hopes that it will open so while simple replay attacks can work they usually work on the older cars where they don't have rolling codes so on more modern cars but not the newest cars they will have rolling codes so every time you hit the button on the key fob it will increment to the next code that makes it difficult to do replay attacks on those cars that's a good thing now there is another attack which You' probably heard about this is called a relay attack so what we're seeing here is a group basically turning up and they're going to try and Nick this car from the front of this house this driveway here and this is quite a common one it's been around quite a long time it's quite easy to do with the right equipment so you see this guy is basically just walking up with this box in his hand first thing he goes and does is is kind of pull the handles on the car so what he's trying to do here is trigger a Challenge from the car which is basically a signal from the car that he's looking for the key fob now of course the key fobs inside the house so there's no way the car's going to open but it does because if we skim the footage back a little bit and have a look the second guy here you see waving an antenna around outside the front of the house he's looking for a signal from the key fob and that signal will be a response from the key fob to the challenge that was originally sent from the car now the device that these guys are using is simply like a Wi-Fi repeater all it's doing is Bridging the Gap between the key fob inside the house and the car outside now our delightful character is sitting inside the poor person's car that he's about to steal he's not going to be able to start it because there's likely going to need to be a second challenge response from the key fob so that's what the second guy is standing at the window again trying to get a signal from the key fob then he finally manages to do it the cars started and unfortunately they were successful now that sort of thing is genuinely something you want to be worried about especially if you've got a car that automatically unlocks the doors when you come near to the car as in like it's detecting your key fob when you walk up to the car that's why it's unlocking so it's become pretty trivial for organized car thieves to actually carry out this attack very very quickly and steal your pride and joy so let's test this Theory out on my own car my Audi TT and see how vulnerable that is now because my car doesn't unlock automatically when I walk up to it there's no way you can trigger any communication with a key fob so normally with some cars you can trigger an authentication by pulling the handle in like this and then it will try and communicate with the key but you can see here absolutely nothing happens there's no signal on this tiny sa at all so that's at least one refreshing thing about my car there's no way they can do that first challenge response thing by pulling the handles and basically opening the door they'd have to find another way to get into the car maybe smash the window the alarm's going to go off but what if they could get around all of that with the Second Challenge response to actually start the car work let's find out right so I'm sitting in my car right now I've got my tiny sa Spectrum analyzer here scanning from 400 MHz to 500 MHz which is going to be the range of this key fob I've previously tested it so I do know that it is um so we're going to lock the car CU it's already unlocked at the moment lock the car you can see the signal from the key fob there that's the signal there car is locked um I better not move too much cuz the alarm will probably go off so now I will unlock the car so there's your signal there again so the car is now unlocked now to start this car this key has to be in the car somewhere so there's a communication between the car and the key when you hit the start stop button so if we hit the start stop button here you should see something on this spectrum analyzer but we don't because I think this is actually running a bit too slow to catch it but we can keep trying and see if we can actually catch it there you go so I didn't press anything on this key fob the car is communicating with the key fob when I push the stop start button and we can actually confirm that because if we look at the key fob here when you press the start stop button did you see the LED light up on the key fob so that's your communication between the key and the car which of course is to confirm that the key fob is in the car so my car is vulnerable to the second part of the attack but they'd have to get in it first and get around the alarm system and everything else there has also been advances in Rolling code technology you know for the replay attack so I wouldn't rule out that this car could not be stolen at all and of course if someone was to employ the same tactic that we used right at the beginning of the video to just Jam the signal so the car couldn't be locked then that's half of their job done all they'd have to do is sniff around outside the house with their repeater system and conduct the second part of the attack which of course would allow the car to be started and driven away and most of these cars would just carry on going until they're actually turned off then they won't start again obviously cuz you know there's no key and if you think you're safe from this because you got a new car that uses Bluetooth and an app to open the car think again because there's now Bluetooth repeaters that do basically the same thing as this same principle but it just uses Bluetooth I don't think you're ever going to be completely safe so what can you do well firstly I'd be making sure that my key fob isn't anywhere near the outside of the house ideally store it in a metal box inside the house so it can't be penetrated from signals coming in there are Faraday pouches as well out there I don't know if the effectiveness of these because I haven't tested them in theory they should work the best way to test this would be to sit in the car with the key fob in the pouch and see if it actually does anything some of these might just be marketed as Faraday patties to to be able to command the extra premium the other thing of course to do if your car does allow you to turn off um you know automatic entry that sort of thing you can turn that feature off that will help a lot also you could go to the extreme of removing the battery from the key fob that's going to you know stop that problem from happening straight away um but I have heard that there are some cars where you can actually disable the key fob as well so temporarily disabling the key fob I think it's like a factory setting to stop the batteries from flattening um whilst it's in storage and lastly I suppose just be mindful when you actually push the button on your car has your car actually locked hope you enjoyed this one guys catch you next time [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music]

Info

Channel: andy kirby

Views: 397,392

Rating: undefined out of 5

Keywords:

Id: zCHpCb-FQqs

Channel Id: undefined

Length: 10min 25sec (625 seconds)

Published: Thu Nov 23 2023