Brave man. Kiestering your Fob.
Sponsored
Finally! Someone explaining this in a language I can understand.Ford key fobs have some serious rolling codes. Nobody in the locksport/pen testing communities that I'm a part of have been able to duplicate the code more than once, even with vehicles that are over a decade old or more at this point. They could get a signal to replicate your key long enough to open the door, but if they ask the vehicle to do anything beyond that like starting it, they need another code generated for that operation. When you unlock the door, the vehicle tells the fob to roll to the next code, and that last code is no longer valid. When you hit the start button, the vehicle tells the fob to roll to the next code with its own rolling code, then listens to the fob for that next code that should match the same encryption, and until it does, it'll give you the no key detected message. It's a two-way encrypted signal. What that means is they would have to replicate the first code that the key fob announces to unlock the door, not terribly difficult if the fob is in your pocket and you're walking away, I've personally done it with my own stuff. In order to start the vehicle, they would have to spoof your vehicle's query signal (an encrypted rolling signal itself) to make the key fob generate another encrypted code to start it, out of range of the vehicle itself (if the vehicle hears it, then the code they swiped is useless to them). Once they have that code, they would need another one to take it out of park and drive it...you see where this is going.
Someone would not only require the hardware to intercept your fob but also the ability to start two-way encrypted communication with the fob without you or your vehicle knowing, and then some rather high end software in order to crack the encryption from only two intercepted codes. It would be a little easier if there were more than two codes to work with, but getting those extra codes is its own challenge. That's a nearly insurmountable task, but somewhere, someone out there may be working on a way to do it or find some other exploit to use. The odds really are in your favor though, especially given the fact that the fob is not constantly transmitting (Ford does this to save battery life, but it just so happens that it also aids in security). There are far more exotic and expensive vehicles to steal than yours if they're going through that kind of trouble. Honestly it's probably a lot easier to gain physical access to your cell phone and get your FordPass credentials installed on their phone, compared to cracking a key fob.
The more likely scenario is that someone would be working at Ford in a rather shady or unsecure dealership, and is able to program a fob by VIN without having one of the fobs available. Or, someone gains access to that software via Ford and pulls your code from their database. Your vehicle security is only as good as the most vulnerable dealership in the country, and only as good as the database your codes are stored on. But at that point, it wouldn't do you any good to hide your fob in a faraday cage regardless, as they wouldn't need your fob for anything at that point. Chances are, this is how people are stealing vehicles without keys or key fobs, not by spoofing or cloning existing fobs.
The keypad is technically a vulnerability, given how you can literally just rip it off the vehicle and take it home to play with at your discretion, but it's only useful for unlocking doors. It won't provide codes that can be used to start the vehicle as that's a separate signal that they'd have to decode too.
TL;DR no, don't bother with a faraday cage unless it compliments your tinfoil hat. And if you find that your keypad was ripped off your Bronco, maybe contact your dealership about what kind of security measures they could take in response.
I have to turn to the same side of the pocket that my keyfob is in for mine to unlock. I switch it up every time, I don't want to be predictable. Someone might be watching....I can leave my fob in my pocket and still not be able to unlock my doors, extended range my ass.
Well...it probably is my ass getting in the way, but still.
Finally! Someone explaining this in a language I can understand.
Well, my 98 Silverado had higher insurance because I lived near a city (Dallas) AND it was the easiest car to steal for like a decade. It's more a wonder the new tech works at all than that it allows miscreants to steal your stuff.Absolutely love the bronco but this post makes walking to my ‘94 Toyota pickup, sticking the key in the door lock then in the ignition to start it all the sweeter. No OTA blowups, no key fob in tinfoil, hell it is not even OBD II.
I can say the same thing about my 1986 mustang, but you can steal it with a screwdriver.Absolutely love the bronco but this post makes walking to my ‘94 Toyota pickup, sticking the key in the door lock then in the ignition to start it all the sweeter. No OTA blowups, no key fob in tinfoil, hell it is not even OBD II.
+1 insightful. Somebody must have slept at a Holiday Inn last night!Ford key fobs have some serious rolling codes. Nobody in the locksport/pen testing communities that I'm a part of have been able to duplicate the code more than once, even with vehicles that are over a decade old or more at this point. They could get a signal to replicate your key long enough to open the door, but if they ask the vehicle to do anything beyond that like starting it, they need another code generated for that operation. When you unlock the door, the vehicle tells the fob to roll to the next code, and that last code is no longer valid. When you hit the start button, the vehicle tells the fob to roll to the next code with its own rolling code, then listens to the fob for that next code that should match the same encryption, and until it does, it'll give you the no key detected message. It's a two-way encrypted signal. What that means is they would have to replicate the first code that the key fob announces to unlock the door, not terribly difficult if the fob is in your pocket and you're walking away, I've personally done it with my own stuff. In order to start the vehicle, they would have to spoof your vehicle's query signal (an encrypted rolling signal itself) to make the key fob generate another encrypted code to start it, out of range of the vehicle itself (if the vehicle hears it, then the code they swiped is useless to them). Once they have that code, they would need another one to take it out of park and drive it..
How about a rum and coke? Do you keep in one hand or can you set it down? I got questions! lolI can say the same thing about my 1986 mustang, but you can steal it with a screwdriver.
OTA stuff aside (you can disable that), I prefer having all of that complicated security crap on my Bronco because the chances of it being stolen via security weaknesses are beyond the ability of most defcon speakers and beyond the ability of virtually anyone that wants to steal it. Older Toyotas are fantastic vehicles to practice locksport on though, because picking is all you need to gain complete access. The tolerances and bitting are good for a beginner to learn how to pick with both traditional picks as well as a Lishi tool, and I actually have a Lishi that'll fit your truck. It would take me about 5min to drive off without damaging anything or leaving any trace that it was picked. Plus, once I get an open, I now have your bitting, and I could find a quiet spot to cut myself a spare key with my nipping pliers in another 5min, giving me persistent access any time I want it. I'd go up to the door, unlock it without opening the door, copy the bitting, lock it back again, and leave. Later on when conditions were good I'd come back with a freshly made key and drive away. It's so ridiculously easy to steal a non-electronic vehicle that it's surprising any are left.Absolutely love the bronco but this post makes walking to my ‘94 Toyota pickup, sticking the key in the door lock then in the ignition to start it all the sweeter. No OTA blowups, no key fob in tinfoil, hell it is not even OBD II.
Ooh, where do I pick those bad boys up?!? My speakers are wankers.... beyond the ability of most defcon speakers...