GT-R Register - Nissan Skyline and GT-R Drivers Club forum

GT-R Register - Nissan Skyline and GT-R Drivers Club forum (https://www.gtr.co.uk/forum/)
-   General Nissan R35 GT-R Chat (https://www.gtr.co.uk/forum/general-nissan-r35-gt-r-chat.html)
-   -   GTR relay theft testing - the results are not good. (https://www.gtr.co.uk/forum/566951-gtr-relay-theft-testing-results-not-good.html)

goodatcrashing 27th February 2019 10:18 PM

GTR relay theft testing - the results are not good.
 
3 Attachment(s)
Working in the automotive industry, I frequently talk to our security experts who have equipment, often very rudimentary from eBay, used to test our vehicles against theft. The Thatcham security pass criteria is >2 minutes against entry.

The Relay theft technique commonly used by thieves takes seconds and I was curious if it worked on a DBA GTR and test some of the forum myths. We took a readily available kit and tested my DBA GTR with a stock security system.

I stood 30 metres away from the car with keys in my pocket. My assistant tried unlocking the car from the door unlock button and predictably the door would not unlock. Stood in the same position still with keys in pocket, the receiver side of the relay device was placed 2 metres away from me and the transmitter next to the door. This time, the doors unlocked on the first attempt. Then the transmitter was placed on the passenger seat and the engine fired up on first attempt. My assistant managed to drive around the car park even when out of range from the receiver, with a few annoying warning bongs about the key not being present, but did not shut down the engine. This happened in the space of 30 seconds.

This worked on almost all the key-less entry cars we tested in the car park, so is not isolated to GTR's. We repeated the test with my keys placed in a signal defender pouch and failed to unlock the doors despite trying several different techniques.

My advice is to be aware of these techniques and not to rely solely on the OEM security.

Chronos started a thread about relay theft here which started my curiosity:
https://www.gtr.co.uk/forum/541201-b...eek-video.html

SKNAM 27th February 2019 10:27 PM

Interesting read, thank you - shows how clever (or not!) the basic car alarm systems fitted as standard are. I always use a signal defender pouch, though its a bit of a faff and bulky for pockets....If you go for a pouch, make sure you get one for your spare key as well.

snuffy 27th February 2019 10:41 PM

Quote:

Originally Posted by SKNAM (Post 5770125)
I always use a signal defender pouch, though its a bit of a faff and bulky for pockets....If you go for a pouch, make sure you get one for your spare key as well.

But do you really need to carry your key around in the pouch ?

Obviously when you are at home, yes, because the key is within range of the signal relay.

But when you park the car somewhere else, then you (and therefore the key) are not likely to be in range of the signal relay.

So when I'm at home I keep both keys in my pouch, but when I go out I don't take the pouch.

SKNAM 27th February 2019 10:52 PM

Yeah, I do - I often use station carparks and I'm concerned about my key being "scanned" or whatever its called, as I then spend the next 2-3 minutes walking through the carpark and then waiting on the platform for train etc. Mind you, I'm so paranoid that I even limit the amount of time the key is out of the pouch when locking/unlocking and driving too. Probably look a right plonker! :eek:

PaulH0070 27th February 2019 10:56 PM

Quote:

Originally Posted by snuffy (Post 5770129)
But do you really need to carry your key around in the pouch ?

Obviously when you are at home, yes, because the key is within range of the signal relay.

But when you park the car somewhere else, then you (and therefore the key) are not likely to be in range of the signal relay.

So when I'm at home I keep both keys in my pouch, but when I go out I don't take the pouch.

Bit paranoid but you could get followed into a car park by people with this tech and they could gain access to your car while you walk away? Unlikely but possible.

I've got a big pouch for home and a smaller one for when I'm out. Half the size of a mobile, takes up very little room in my pocket :thumbsup:

goodatcrashing 27th February 2019 10:56 PM

Quote:

Originally Posted by snuffy (Post 5770129)
But do you really need to carry your key around in the pouch ?

Obviously when you are at home, yes, because the key is within range of the signal relay.

But when you park the car somewhere else, then you (and therefore the key) are not likely to be in range of the signal relay.

So when I'm at home I keep both keys in my pouch, but when I go out I don't take the pouch.

We didn't have time to fully test, but the receiver works with a signal booster made from a bit of looped wire and extends the signal range.

A possible scenario is that someone follows you after you've parked up, gone inside a restaurant and sits nearby with the receiver in a bag. Providing they are within transmitting range (depends on device), the second thief holding the transmitter can open the doors and drive off.

goodatcrashing 27th February 2019 11:01 PM

I've also read online (so may not be 100% factual), that if there is no assault or forced entry, police consider this low down on their priority, hence why this is so common.

snuffy 27th February 2019 11:48 PM

Quote:

Originally Posted by goodatcrashing (Post 5770135)
A possible scenario is that someone follows you after you've parked up, gone inside a restaurant and sits nearby with the receiver in a bag. Providing they are within transmitting range (depends on device), the second thief holding the transmitter can open the doors and drive off.

But are not all the reported cases in the media are that of cars being stolen off people's drives in the middle of the night as opposed to someone who's doing their shopping in Tescos?

Takamo 28th February 2019 06:12 AM

This is old information, it's been happening for some time now. The only product that can protect your car from being taken in a hurry is the Ghost immobiliser system. The ghost immobiliser requires the customers unique chosen code ranging from 4 to 20 digits using the cars factory buttons before it's going to start. Forget key scanning devices even if the thief had your original keys it ain't starting without the code being entered. The Ghost also prevents ecu hacking which is another way they are overriding the factory immobiliser. Very very clever bit of kit. For those of you who are planing future mods/tuning we fit the ghost to accommodate this so your tuner doesn't brick the ecu so no worries there.

goodatcrashing 28th February 2019 12:34 PM

Quote:

Originally Posted by Takamo (Post 5770151)
This is old information, it's been happening for some time now. The only product that can protect your car from being taken in a hurry is the Ghost immobiliser system. The ghost immobiliser requires the customers unique chosen code ranging from 4 to 20 digits using the cars factory buttons before it's going to start. Forget key scanning devices even if the thief had your original keys it ain't starting without the code being entered. The Ghost also prevents ecu hacking which is another way they are overriding the factory immobiliser. Very very clever bit of kit. For those of you who are planing future mods/tuning we fit the ghost to accommodate this so your tuner doesn't brick the ecu so no worries there.

Yes, agree this has been happening for many years and is certainly not new. I wanted to test specific cars, such as the GTR to clarify some of the forum myths that it only affected CBA's or that the engine would not start.

At some point, I'd like to test my GTR with the other tools commonly used by thieves such as the OBD key clone.

I'm not here to endorse any specific products, but there are several options people can use depending on budget, security level and hassle factor.

No matter what security you have, if a thief is determined and well equipped enough, they will be able to steal it.

Chronos 28th February 2019 01:40 PM

Quote:

Originally Posted by goodatcrashing (Post 5770117)
Working in the automotive industry, I frequently talk to our security experts who have equipment, often very rudimentary from eBay, used to test our vehicles against theft. The Thatcham security pass criteria is >2 minutes against entry.

The Relay theft technique commonly used by thieves takes seconds and I was curious if it worked on a DBA GTR and test some of the forum myths. We took a readily available kit and tested my DBA GTR with a stock security system.

I stood 30 metres away from the car with keys in my pocket. My assistant tried unlocking the car from the door unlock button and predictably the door would not unlock. Stood in the same position still with keys in pocket, the receiver side of the relay device was placed 2 metres away from me and the transmitter next to the door. This time, the doors unlocked on the first attempt. Then the transmitter was placed on the passenger seat and the engine fired up on first attempt. My assistant managed to drive around the car park even when out of range from the receiver, with a few annoying warning bongs about the key not being present, but did not shut down the engine. This happened in the space of 30 seconds.

This worked on almost all the key-less entry cars we tested in the car park, so is not isolated to GTR's. We repeated the test with my keys placed in a signal defender pouch and failed to unlock the doors despite trying several different techniques.

My advice is to be aware of these techniques and not to rely solely on the OEM security.

Chronos started a thread about relay theft here which started my curiosity:
https://www.gtr.co.uk/forum/541201-b...eek-video.html

good effort bud, and great info that does dispel a few myths.. shows that the faraday/signal defender bag IS a must when parking the car up.. i bought one ages ago, and also tested it and the car didnt unlock..

TBH as these relay thefts are on the incrase, and the kits available easier to aquire.. what are the car manufacturers doing about it? .. and can we disable the keyless entry on our R35's??

thanks!

Takamo 28th February 2019 03:34 PM

Quote:

Originally Posted by goodatcrashing (Post 5770215)
Yes, agree this has been happening for many years and is certainly not new. I wanted to test specific cars, such as the GTR to clarify some of the forum myths that it only affected CBA's or that the engine would not start.

At some point, I'd like to test my GTR with the other tools commonly used by thieves such as the OBD key clone.

I'm not here to endorse any specific products, but there are several options people can use depending on budget, security level and hassle factor.

No matter what security you have, if a thief is determined and well equipped enough, they will be able to steal it.

I agree but that if they really are determined they can take the owner with them or physical pick it up on a trailer but as far starting the car up using key cloning methods, signal boosting or obd hacking the ghost is the only product which prevents that successfully and if fitted correctly to the high standard required then very hard to locate and remove, it doesn't emit any signals or frequency, it doesn't click or have any wiring which will lead you to it like other devices. Faraday pouches are good but if the thief breaks into the car he can clone a key from the ecu directly via obd port which the ghost doesn't allow. In my professional opinion with 30 yrs of vehicle security experience and research the ghost and some type of tracker added to the vehicle which already has cat one factory alarm is a good enough combination. Hope this helps, oh and just to add cba, dba and eba suffer the same problem,

snuffy 28th February 2019 04:27 PM

Quote:

Originally Posted by Chronos (Post 5770225)

.. what are the car manufacturers doing about it? ..

I think some are making the keys disable once they are stationary so they will not respond whilst hanging up on a table etc.

That does not help existing keys as they stand of course.

Quote:

Originally Posted by Chronos (Post 5770225)
.. and can we disable the keyless entry on our R35's??

The only sure way is to take the battery out, but that's hardly ideal of course.


I assume the GT-R does not initiate comms until you press the door open button ? I know other cars will open the door as you approach, so those ones much be sending out "key, are you there ?" requests all the time, where as the GT-R will only send a "key, are you there?" request when you press the door open button.

In which case, would it be possible to disable the car door's button. Then it would mean the car would only open when you press the button on the remote and not the car.

Takamo 28th February 2019 06:47 PM

Quote:

Originally Posted by snuffy (Post 5770277)
I think some are making the keys disable once they are stationary so they will not respond whilst hanging up on a table etc.

That does not help existing keys as they stand of course.



The only sure way is to take the battery out, but that's hardly ideal of course.


I assume the GT-R does not initiate comms until you press the door open button ? I know other cars will open the door as you approach, so those ones much be sending out "key, are you there ?" requests all the time, where as the GT-R will only send a "key, are you there?" request when you press the door open button.

In which case, would it be possible to disable the car door's button. Then it would mean the car would only open when you press the button on the remote and not the car.

Once the signal boost your fob frequency it'll basically be exactly the same as your keys functionality, so they'll be able to press unlock on there device and open the car and then press start and go. Keyless cars are the cars they target... Easy pickings no effort required at all. With the Ghost fitted the only thing they can do is unlock your car.

Jon_H 28th February 2019 06:52 PM

about a hundred years ago when the Hot hatch was 'king' and they were being stolen left,right and centre

I had a 'Super Secret':chuckle: rocker switch fitted to a Peugeot of mine that disabled all of the electrics and only I knew where the switch was discreetly located


All witchcraft to me,but I think it only cost me a tenner to have fitted.Could the same thing not be applied to a modern car these days?

Takamo 28th February 2019 07:44 PM

Quote:

Originally Posted by Jon_H (Post 5770305)
about a hundred years ago when the Hot hatch was 'king' and they were being stolen left,right and centre

I had a 'Super Secret':chuckle: rocker switch fitted to a Peugeot of mine that disabled all of the electrics and only I knew where the switch was discreetly located


All witchcraft to me,but I think it only cost me a tenner to have fitted.Could the same thing not be applied to a modern car these days?

Yes could be but they find it and all they have to do is flick it back over as where the ghost has a selection of factory fitted buttons which can be programmed to a code between 4-20 digits of your choice which the user can change at any time once you know the original chosen code.

snuffy 28th February 2019 07:49 PM

Quote:

Originally Posted by Takamo (Post 5770303)
Once the signal boost your fob frequency it'll basically be exactly the same as your keys functionality, so they'll be able to press unlock on there device and open the car and then press start and go. Keyless cars are the cars they target... Easy pickings no effort required at all. With the Ghost fitted the only thing they can do is unlock your car.

So the problem is that the initiate key/car transaction is a simple frequency then ? Hence just the correct frequency will get the key to respond and that can come from any source.

goodatcrashing 28th February 2019 10:09 PM

Quote:

Originally Posted by snuffy (Post 5770311)
So the problem is that the initiate key/car transaction is a simple frequency then ? Hence just the correct frequency will get the key to respond and that can come from any source.

Not quite, the key has a rolling code, so the code only works once.

Relay theft works because it replicates whatever the key is sending out at the time. No matter how well encrypted the signal is, the booster doesn't need to decode it, but simply boost the signal.

Regarding what car manufacturers are doing to fix the problem, there are different solutions, like you mentioned motion sensors on keys. However, there are still ways around all of these. For some strange reason, pressing the damn button doesn't seem to have been considered?

Evo9lution 28th February 2019 10:25 PM

Quote:

Originally Posted by goodatcrashing (Post 5770323)
For some strange reason, pressing the damn button doesn't seem to have been considered?

Use an old fashioned key with my Evo. No hassle and no security risk (key is always with me).

Sometimes the best solution is the most simple!

snuffy 28th February 2019 10:26 PM

Quote:

Originally Posted by goodatcrashing (Post 5770323)
Not quite, the key has a rolling code, so the code only works once.

Indeed. The code changes every time as you say. So in non-keyless type of lock, the key sends a code (which changes every time) when you press the key fob button and then the car verifies said code. Therefore, it's not possible to capture the code and use it later (which used the be the case on early remote locking).

But from what Takamo says another device can initiate the sending of the code, and only the car knows what code to send. So I assume it's initially a simple frequency to activate the challenge/response exchange of codes.

snuffy 28th February 2019 10:29 PM

Quote:

Originally Posted by goodatcrashing (Post 5770323)
For some strange reason, pressing the damn button doesn't seem to have been considered?

You mean to de-activate the fob so that it does not respond? I.e. an on/off switch on the fob. That indeed would be the simplest solution.

simGTR 28th February 2019 11:14 PM

Quote:

Originally Posted by Takamo (Post 5770303)
Once the signal boost your fob frequency it'll basically be exactly the same as your keys functionality, so they'll be able to press unlock on there device and open the car and then press start and go. Keyless cars are the cars they target... Easy pickings no effort required at all. With the Ghost fitted the only thing they can do is unlock your car.

Which means they can piss on your seat and in the footwell. This happened to me once after my stereo got pinched, I'd rather they took the car as I couldn't get rid of the smell of piss, must have been stolen by a rhino or something. It eventually got burnt out in Chatham, which bizarrely, still drove, but the burnt smell was worse than the piss.

Chronos 28th February 2019 11:23 PM

Quote:

Originally Posted by snuffy (Post 5770335)
You mean to de-activate the fob so that it does not respond? I.e. an on/off switch on the fob. That indeed would be the simplest solution.

Sounds positive, but wouldnt the security boffins have thought of this already?

snuffy 28th February 2019 11:34 PM

Quote:

Originally Posted by Chronos (Post 5770343)
Sounds positive, but wouldnt the security boffins have thought of this already?

I was thinking about that. The trouble is that it relies on the owner pressing the on/off button. So if the car is stolen they could say "well, I pressed the button" and blame the manufacturer and no one could ever know if that was true or not.

Of course, that's no more the case of not using a key to lock your car and then blaming the manufacturer.

But, here's a question: Society is very big on "victim blaming". But if your car is stolen or your house is burgled and it's found that you left the doors/windows open etc then your insurance company will not pay up; i.e. the victim is blamed for the theft. (I know I'm wandering from the point somewhat).

Takamo 1st March 2019 06:19 AM

Quote:

Originally Posted by snuffy (Post 5770333)
Indeed. The code changes every time as you say. So in non-keyless type of lock, the key sends a code (which changes every time) when you press the key fob button and then the car verifies said code. Therefore, it's not possible to capture the code and use it later (which used the be the case on early remote locking).

But from what Takamo says another device can initiate the sending of the code, and only the car knows what code to send. So I assume it's initially a simple frequency to activate the challenge/response exchange of codes.

The code for the vehicle immobiliser is a fixed code and the code for the remote locking part maybe or is a rolling which changes every time its used. The thieves only need it once to replicate the key functionality for both unlocking the vehicle and for starting it, once they've taken it then they can program a new key into the system and it'll work just fine like your key.

Takamo 1st March 2019 06:21 AM

The key fob cloning method used nowheredays doesn't require you pressing any buttons on your fob, the thieves can simply scan the key frequency from inside your home whilst your watching gogglebox... Lol

Chronos 1st March 2019 10:44 PM

Quote:

Originally Posted by snuffy (Post 5770335)
You mean to de-activate the fob so that it does not respond? I.e. an on/off switch on the fob. That indeed would be the simplest solution.

Quote:

Originally Posted by snuffy (Post 5770347)
I was thinking about that. The trouble is that it relies on the owner pressing the on/off button.

so simply, as enthusiasts we don't want our cars to be nicked, forget the manufacturer who aint doing nowt!.. disable the "door button" and lets go old school and use the key to open the door.... as until now 2019 that'a still reasonably secure.

Security experts - (Given this is an open forum) One would hope the keys are secure per car, as in the last 50 years of cars manufacture

Takamo 2nd March 2019 06:10 AM

Quote:

Originally Posted by Chronos (Post 5770485)
so simply, as enthusiasts we don't want our cars to be nicked, forget the manufacturer who aint doing nowt!.. disable the "door button" and lets go old school and use the key to open the door.... as until now 2019 that'a still reasonably secure.

Security experts - (Given this is an open forum) One would hope the keys are secure per car, as in the last 50 years of cars manufacture

If they can't unlock your car via the cars button but can disarm the factory alarm by replicating your key then all they will do is pop the window and get it, start the car and drive away, I've seen many vehicles especially VAG group cars where they've done just that unless it's had the ghost immobiliser or some other form of aftermarket security system installed. Disableing the door entry button won't stop them if they know the factory alarm is disabled. Trust me when I say this I've had 5 gtrs now and several other vehicles over the years which were very nice and the ghost immobiliser system is the only device which successfully does what it says on the tin as they say. Best investment you'll ever make.

besty 6th March 2019 05:07 PM

Quote:

Originally Posted by Takamo (Post 5770493)
If they can't unlock your car via the cars button but can disarm the factory alarm by replicating your key then all they will do is pop the window and get it, start the car and drive away, I've seen many vehicles especially VAG group cars where they've done just that unless it's had the ghost immobiliser or some other form of aftermarket security system installed. Disableing the door entry button won't stop them if they know the factory alarm is disabled. Trust me when I say this I've had 5 gtrs now and several other vehicles over the years which were very nice and the ghost immobiliser system is the only device which successfully does what it says on the tin as they say. Best investment you'll ever make.

The Ghost costs next to nothing when you're buying a GTR. Its a no brainer based on my car jacking experience.


All times are GMT. The time now is 02:10 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
http://www.Tyreforums.com


Garage Plus vBulletin Plugins by Drive Thru Online, Inc.