GTR relay theft testing - the results are not good. - GT-R Register - Nissan Skyline and GT-R Drivers Club forum

Want to buy a banner ad? Find out more here.

Go Back   GT-R Register - Nissan Skyline and GT-R Drivers Club forum > General > General Nissan R35 GT-R Chat
Register Garage FAQ Members List Calendar Search Today's Posts Mark Forums Read Insurance


Like Tree22Likes

Reply
 
LinkBack Thread Tools Rate Thread Display Modes
Old 27th February 2019, 09:18 PM   #1 (permalink)
goodatcrashing is unaware they can edit their status
GTR.co.uk posting Member - No selling
 
Join Date: Apr 2017
Posts: 33
GTR relay theft testing - the results are not good.

Working in the automotive industry, I frequently talk to our security experts who have equipment, often very rudimentary from eBay, used to test our vehicles against theft. The Thatcham security pass criteria is >2 minutes against entry.

The Relay theft technique commonly used by thieves takes seconds and I was curious if it worked on a DBA GTR and test some of the forum myths. We took a readily available kit and tested my DBA GTR with a stock security system.

I stood 30 metres away from the car with keys in my pocket. My assistant tried unlocking the car from the door unlock button and predictably the door would not unlock. Stood in the same position still with keys in pocket, the receiver side of the relay device was placed 2 metres away from me and the transmitter next to the door. This time, the doors unlocked on the first attempt. Then the transmitter was placed on the passenger seat and the engine fired up on first attempt. My assistant managed to drive around the car park even when out of range from the receiver, with a few annoying warning bongs about the key not being present, but did not shut down the engine. This happened in the space of 30 seconds.

This worked on almost all the key-less entry cars we tested in the car park, so is not isolated to GTR's. We repeated the test with my keys placed in a signal defender pouch and failed to unlock the doors despite trying several different techniques.

My advice is to be aware of these techniques and not to rely solely on the OEM security.

Chronos started a thread about relay theft here which started my curiosity:
https://www.gtr.co.uk/forum/541201-b...eek-video.html
Attached Images
File Type: jpg 1.jpg (189.5 KB, 14 views)
File Type: jpg 2.jpg (165.0 KB, 17 views)
File Type: jpg 3.jpg (162.5 KB, 16 views)
Bennyboy1984, Chronos and SKNAM like this.
__________________
goodatcrashing is offline   Reply With Quote
Old 27th February 2019, 09:27 PM   #2 (permalink)
SKNAM is unaware they can edit their status
GT-RDC Member
 
Join Date: Nov 2018
Posts: 183
Interesting read, thank you - shows how clever (or not!) the basic car alarm systems fitted as standard are. I always use a signal defender pouch, though its a bit of a faff and bulky for pockets....If you go for a pouch, make sure you get one for your spare key as well.
__________________
SKNAM is offline   Reply With Quote
Old 27th February 2019, 09:41 PM   #3 (permalink)
snuffy is is well aware they can edit their status but hasdecided not to.
Ooo Matron !
 
snuffy's Avatar
 
Join Date: Mar 2014
Location: Chester
Cars owned: GT-R & Fiat 500
Posts: 1,944
Quote:
Originally Posted by SKNAM View Post
I always use a signal defender pouch, though its a bit of a faff and bulky for pockets....If you go for a pouch, make sure you get one for your spare key as well.
But do you really need to carry your key around in the pouch ?

Obviously when you are at home, yes, because the key is within range of the signal relay.

But when you park the car somewhere else, then you (and therefore the key) are not likely to be in range of the signal relay.

So when I'm at home I keep both keys in my pouch, but when I go out I don't take the pouch.
Chronos likes this.
__________________
MY10 Black Edition - Ocean Satin Shimmer
Russ Fellows Unsilenced Exhaust
MY2013 TCM
ACSpeedtech EcuTek RaceRom 5

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
snuffy is offline   Reply With Quote
 
Old 27th February 2019, 09:52 PM   #4 (permalink)
SKNAM is unaware they can edit their status
GT-RDC Member
 
Join Date: Nov 2018
Posts: 183
Yeah, I do - I often use station carparks and I'm concerned about my key being "scanned" or whatever its called, as I then spend the next 2-3 minutes walking through the carpark and then waiting on the platform for train etc. Mind you, I'm so paranoid that I even limit the amount of time the key is out of the pouch when locking/unlocking and driving too. Probably look a right plonker!
PaulH0070 likes this.
__________________
SKNAM is offline   Reply With Quote
Old 27th February 2019, 09:56 PM   #5 (permalink)
PaulH0070 is normally cleaning, sometimes driving
GTR.co.uk posting Member - No selling
 
PaulH0070's Avatar
 
Join Date: Oct 2017
Location: Kent
Posts: 583
Quote:
Originally Posted by snuffy View Post
But do you really need to carry your key around in the pouch ?

Obviously when you are at home, yes, because the key is within range of the signal relay.

But when you park the car somewhere else, then you (and therefore the key) are not likely to be in range of the signal relay.

So when I'm at home I keep both keys in my pouch, but when I go out I don't take the pouch.
Bit paranoid but you could get followed into a car park by people with this tech and they could gain access to your car while you walk away? Unlikely but possible.

I've got a big pouch for home and a smaller one for when I'm out. Half the size of a mobile, takes up very little room in my pocket
SKNAM likes this.
__________________
PaulH0070 is offline   Reply With Quote
Old 27th February 2019, 09:56 PM   #6 (permalink)
goodatcrashing is unaware they can edit their status
GTR.co.uk posting Member - No selling
 
Join Date: Apr 2017
Posts: 33
Quote:
Originally Posted by snuffy View Post
But do you really need to carry your key around in the pouch ?

Obviously when you are at home, yes, because the key is within range of the signal relay.

But when you park the car somewhere else, then you (and therefore the key) are not likely to be in range of the signal relay.

So when I'm at home I keep both keys in my pouch, but when I go out I don't take the pouch.
We didn't have time to fully test, but the receiver works with a signal booster made from a bit of looped wire and extends the signal range.

A possible scenario is that someone follows you after you've parked up, gone inside a restaurant and sits nearby with the receiver in a bag. Providing they are within transmitting range (depends on device), the second thief holding the transmitter can open the doors and drive off.
SKNAM likes this.
__________________
goodatcrashing is offline   Reply With Quote
Old 27th February 2019, 10:01 PM   #7 (permalink)
goodatcrashing is unaware they can edit their status
GTR.co.uk posting Member - No selling
 
Join Date: Apr 2017
Posts: 33
I've also read online (so may not be 100% factual), that if there is no assault or forced entry, police consider this low down on their priority, hence why this is so common.
__________________
goodatcrashing is offline   Reply With Quote
Old 27th February 2019, 10:48 PM   #8 (permalink)
snuffy is is well aware they can edit their status but hasdecided not to.
Ooo Matron !
 
snuffy's Avatar
 
Join Date: Mar 2014
Location: Chester
Cars owned: GT-R & Fiat 500
Posts: 1,944
Quote:
Originally Posted by goodatcrashing View Post
A possible scenario is that someone follows you after you've parked up, gone inside a restaurant and sits nearby with the receiver in a bag. Providing they are within transmitting range (depends on device), the second thief holding the transmitter can open the doors and drive off.
But are not all the reported cases in the media are that of cars being stolen off people's drives in the middle of the night as opposed to someone who's doing their shopping in Tescos?
__________________
MY10 Black Edition - Ocean Satin Shimmer
Russ Fellows Unsilenced Exhaust
MY2013 TCM
ACSpeedtech EcuTek RaceRom 5

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
snuffy is offline   Reply With Quote
Old 28th February 2019, 05:12 AM   #9 (permalink)
Takamo is Living the Dream... Alhumdulillah (thanks to God)
GTR Register Trader
 
Takamo's Avatar
 
Join Date: Oct 2005
Location: Birmingham
Cars owned: R32 GTR, R33 GTR, R34 GTR, R35 GTR and many many more!!!
Posts: 6,076
This is old information, it's been happening for some time now. The only product that can protect your car from being taken in a hurry is the Ghost immobiliser system. The ghost immobiliser requires the customers unique chosen code ranging from 4 to 20 digits using the cars factory buttons before it's going to start. Forget key scanning devices even if the thief had your original keys it ain't starting without the code being entered. The Ghost also prevents ecu hacking which is another way they are overriding the factory immobiliser. Very very clever bit of kit. For those of you who are planing future mods/tuning we fit the ghost to accommodate this so your tuner doesn't brick the ecu so no worries there.
__________________
Rabs Car Alarms 0121 771 1511 or 07973733441
Facebook:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Official Dealers of:
Autowatch Ghost Immobiliser
Smartrack Trackers, Toad, Scorpion & Blackvue

I am a sponsor of the GTR Register!
Takamo is offline   Reply With Quote
Old 28th February 2019, 11:34 AM   #10 (permalink)
goodatcrashing is unaware they can edit their status
GTR.co.uk posting Member - No selling
 
Join Date: Apr 2017
Posts: 33
Quote:
Originally Posted by Takamo View Post
This is old information, it's been happening for some time now. The only product that can protect your car from being taken in a hurry is the Ghost immobiliser system. The ghost immobiliser requires the customers unique chosen code ranging from 4 to 20 digits using the cars factory buttons before it's going to start. Forget key scanning devices even if the thief had your original keys it ain't starting without the code being entered. The Ghost also prevents ecu hacking which is another way they are overriding the factory immobiliser. Very very clever bit of kit. For those of you who are planing future mods/tuning we fit the ghost to accommodate this so your tuner doesn't brick the ecu so no worries there.
Yes, agree this has been happening for many years and is certainly not new. I wanted to test specific cars, such as the GTR to clarify some of the forum myths that it only affected CBA's or that the engine would not start.

At some point, I'd like to test my GTR with the other tools commonly used by thieves such as the OBD key clone.

I'm not here to endorse any specific products, but there are several options people can use depending on budget, security level and hassle factor.

No matter what security you have, if a thief is determined and well equipped enough, they will be able to steal it.
Takamo likes this.
__________________
goodatcrashing is offline   Reply With Quote
Old 28th February 2019, 12:40 PM   #11 (permalink)
Chronos is ripping up the tarmac with Godzilla ALL year round
GT-RDC Member
 
Chronos's Avatar
 
Join Date: Dec 2013
Location: Planet R35
Cars owned: R35 Black Edition
Posts: 5,768
Quote:
Originally Posted by goodatcrashing View Post
Working in the automotive industry, I frequently talk to our security experts who have equipment, often very rudimentary from eBay, used to test our vehicles against theft. The Thatcham security pass criteria is >2 minutes against entry.

The Relay theft technique commonly used by thieves takes seconds and I was curious if it worked on a DBA GTR and test some of the forum myths. We took a readily available kit and tested my DBA GTR with a stock security system.

I stood 30 metres away from the car with keys in my pocket. My assistant tried unlocking the car from the door unlock button and predictably the door would not unlock. Stood in the same position still with keys in pocket, the receiver side of the relay device was placed 2 metres away from me and the transmitter next to the door. This time, the doors unlocked on the first attempt. Then the transmitter was placed on the passenger seat and the engine fired up on first attempt. My assistant managed to drive around the car park even when out of range from the receiver, with a few annoying warning bongs about the key not being present, but did not shut down the engine. This happened in the space of 30 seconds.

This worked on almost all the key-less entry cars we tested in the car park, so is not isolated to GTR's. We repeated the test with my keys placed in a signal defender pouch and failed to unlock the doors despite trying several different techniques.

My advice is to be aware of these techniques and not to rely solely on the OEM security.

Chronos started a thread about relay theft here which started my curiosity:
https://www.gtr.co.uk/forum/541201-b...eek-video.html
good effort bud, and great info that does dispel a few myths.. shows that the faraday/signal defender bag IS a must when parking the car up.. i bought one ages ago, and also tested it and the car didnt unlock..

TBH as these relay thefts are on the incrase, and the kits available easier to aquire.. what are the car manufacturers doing about it? .. and can we disable the keyless entry on our R35's??

thanks!
__________________
R35 GT-R Black Edition ACSpeedtech remap EcuTek / Dodson Uprated gearbox +2013software/Greddy Intercooler/Russ Fellows Custom Full exhaust system+Downpipes/ASNU 1050 Injectors/ACSpeedtech intakes/R888R 275~305/Alcon Extreme duty discs+Hawk pads
Chronos is offline   Reply With Quote
Old 28th February 2019, 02:34 PM   #12 (permalink)
Takamo is Living the Dream... Alhumdulillah (thanks to God)
GTR Register Trader
 
Takamo's Avatar
 
Join Date: Oct 2005
Location: Birmingham
Cars owned: R32 GTR, R33 GTR, R34 GTR, R35 GTR and many many more!!!
Posts: 6,076
Quote:
Originally Posted by goodatcrashing View Post
Yes, agree this has been happening for many years and is certainly not new. I wanted to test specific cars, such as the GTR to clarify some of the forum myths that it only affected CBA's or that the engine would not start.

At some point, I'd like to test my GTR with the other tools commonly used by thieves such as the OBD key clone.

I'm not here to endorse any specific products, but there are several options people can use depending on budget, security level and hassle factor.

No matter what security you have, if a thief is determined and well equipped enough, they will be able to steal it.
I agree but that if they really are determined they can take the owner with them or physical pick it up on a trailer but as far starting the car up using key cloning methods, signal boosting or obd hacking the ghost is the only product which prevents that successfully and if fitted correctly to the high standard required then very hard to locate and remove, it doesn't emit any signals or frequency, it doesn't click or have any wiring which will lead you to it like other devices. Faraday pouches are good but if the thief breaks into the car he can clone a key from the ecu directly via obd port which the ghost doesn't allow. In my professional opinion with 30 yrs of vehicle security experience and research the ghost and some type of tracker added to the vehicle which already has cat one factory alarm is a good enough combination. Hope this helps, oh and just to add cba, dba and eba suffer the same problem,
V-SpecII likes this.
__________________
Rabs Car Alarms 0121 771 1511 or 07973733441
Facebook:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Official Dealers of:
Autowatch Ghost Immobiliser
Smartrack Trackers, Toad, Scorpion & Blackvue

I am a sponsor of the GTR Register!

Last edited by Takamo; 28th February 2019 at 02:37 PM..
Takamo is offline   Reply With Quote
Old 28th February 2019, 03:27 PM   #13 (permalink)
snuffy is is well aware they can edit their status but hasdecided not to.
Ooo Matron !
 
snuffy's Avatar
 
Join Date: Mar 2014
Location: Chester
Cars owned: GT-R & Fiat 500
Posts: 1,944
Quote:
Originally Posted by Chronos View Post

.. what are the car manufacturers doing about it? ..
I think some are making the keys disable once they are stationary so they will not respond whilst hanging up on a table etc.

That does not help existing keys as they stand of course.

Quote:
Originally Posted by Chronos View Post
.. and can we disable the keyless entry on our R35's??
The only sure way is to take the battery out, but that's hardly ideal of course.


I assume the GT-R does not initiate comms until you press the door open button ? I know other cars will open the door as you approach, so those ones much be sending out "key, are you there ?" requests all the time, where as the GT-R will only send a "key, are you there?" request when you press the door open button.

In which case, would it be possible to disable the car door's button. Then it would mean the car would only open when you press the button on the remote and not the car.
Chronos likes this.
__________________
MY10 Black Edition - Ocean Satin Shimmer
Russ Fellows Unsilenced Exhaust
MY2013 TCM
ACSpeedtech EcuTek RaceRom 5

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
snuffy is offline   Reply With Quote
Old 28th February 2019, 05:47 PM   #14 (permalink)
Takamo is Living the Dream... Alhumdulillah (thanks to God)
GTR Register Trader
 
Takamo's Avatar
 
Join Date: Oct 2005
Location: Birmingham
Cars owned: R32 GTR, R33 GTR, R34 GTR, R35 GTR and many many more!!!
Posts: 6,076
Quote:
Originally Posted by snuffy View Post
I think some are making the keys disable once they are stationary so they will not respond whilst hanging up on a table etc.

That does not help existing keys as they stand of course.



The only sure way is to take the battery out, but that's hardly ideal of course.


I assume the GT-R does not initiate comms until you press the door open button ? I know other cars will open the door as you approach, so those ones much be sending out "key, are you there ?" requests all the time, where as the GT-R will only send a "key, are you there?" request when you press the door open button.

In which case, would it be possible to disable the car door's button. Then it would mean the car would only open when you press the button on the remote and not the car.
Once the signal boost your fob frequency it'll basically be exactly the same as your keys functionality, so they'll be able to press unlock on there device and open the car and then press start and go. Keyless cars are the cars they target... Easy pickings no effort required at all. With the Ghost fitted the only thing they can do is unlock your car.
Chronos likes this.
__________________
Rabs Car Alarms 0121 771 1511 or 07973733441
Facebook:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Official Dealers of:
Autowatch Ghost Immobiliser
Smartrack Trackers, Toad, Scorpion & Blackvue

I am a sponsor of the GTR Register!
Takamo is offline   Reply With Quote
Old 28th February 2019, 05:52 PM   #15 (permalink)
Jon_H is unaware they can edit their status
GTR.co.uk posting Member - No selling
 
Join Date: Dec 2017
Posts: 80
about a hundred years ago when the Hot hatch was 'king' and they were being stolen left,right and centre

I had a 'Super Secret' rocker switch fitted to a Peugeot of mine that disabled all of the electrics and only I knew where the switch was discreetly located


All witchcraft to me,but I think it only cost me a tenner to have fitted.Could the same thing not be applied to a modern car these days?
__________________
Jon_H is online now   Reply With Quote
Old 28th February 2019, 06:44 PM   #16 (permalink)
Takamo is Living the Dream... Alhumdulillah (thanks to God)
GTR Register Trader
 
Takamo's Avatar
 
Join Date: Oct 2005
Location: Birmingham
Cars owned: R32 GTR, R33 GTR, R34 GTR, R35 GTR and many many more!!!
Posts: 6,076
Quote:
Originally Posted by Jon_H View Post
about a hundred years ago when the Hot hatch was 'king' and they were being stolen left,right and centre

I had a 'Super Secret' rocker switch fitted to a Peugeot of mine that disabled all of the electrics and only I knew where the switch was discreetly located


All witchcraft to me,but I think it only cost me a tenner to have fitted.Could the same thing not be applied to a modern car these days?
Yes could be but they find it and all they have to do is flick it back over as where the ghost has a selection of factory fitted buttons which can be programmed to a code between 4-20 digits of your choice which the user can change at any time once you know the original chosen code.
__________________
Rabs Car Alarms 0121 771 1511 or 07973733441
Facebook:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Official Dealers of:
Autowatch Ghost Immobiliser
Smartrack Trackers, Toad, Scorpion & Blackvue

I am a sponsor of the GTR Register!
Takamo is offline   Reply With Quote
Old 28th February 2019, 06:49 PM   #17 (permalink)
snuffy is is well aware they can edit their status but hasdecided not to.
Ooo Matron !
 
snuffy's Avatar
 
Join Date: Mar 2014
Location: Chester
Cars owned: GT-R & Fiat 500
Posts: 1,944
Quote:
Originally Posted by Takamo View Post
Once the signal boost your fob frequency it'll basically be exactly the same as your keys functionality, so they'll be able to press unlock on there device and open the car and then press start and go. Keyless cars are the cars they target... Easy pickings no effort required at all. With the Ghost fitted the only thing they can do is unlock your car.
So the problem is that the initiate key/car transaction is a simple frequency then ? Hence just the correct frequency will get the key to respond and that can come from any source.
__________________
MY10 Black Edition - Ocean Satin Shimmer
Russ Fellows Unsilenced Exhaust
MY2013 TCM
ACSpeedtech EcuTek RaceRom 5

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
snuffy is offline   Reply With Quote
Old 28th February 2019, 09:09 PM   #18 (permalink)
goodatcrashing is unaware they can edit their status
GTR.co.uk posting Member - No selling
 
Join Date: Apr 2017
Posts: 33
Quote:
Originally Posted by snuffy View Post
So the problem is that the initiate key/car transaction is a simple frequency then ? Hence just the correct frequency will get the key to respond and that can come from any source.
Not quite, the key has a rolling code, so the code only works once.

Relay theft works because it replicates whatever the key is sending out at the time. No matter how well encrypted the signal is, the booster doesn't need to decode it, but simply boost the signal.

Regarding what car manufacturers are doing to fix the problem, there are different solutions, like you mentioned motion sensors on keys. However, there are still ways around all of these. For some strange reason, pressing the damn button doesn't seem to have been considered?
__________________

Last edited by goodatcrashing; 28th February 2019 at 09:14 PM..
goodatcrashing is offline   Reply With Quote
Old 28th February 2019, 09:25 PM   #19 (permalink)
Evo9lution is hoping ...
GTR.co.uk seasoned Member
 
Evo9lution's Avatar
 
Join Date: Aug 2013
Location: Bedfordshire / Basellandschaft
Cars owned: Stage 4.25 R35 GT-R & Mitsi Evo IX MR FQ-360 (not standard)
Posts: 2,404
Quote:
Originally Posted by goodatcrashing View Post
For some strange reason, pressing the damn button doesn't seem to have been considered?
Use an old fashioned key with my Evo. No hassle and no security risk (key is always with me).

Sometimes the best solution is the most simple!
__________________
Not Fast but definitely Furious!!!
Evo9lution is offline   Reply With Quote
Old 28th February 2019, 09:26 PM   #20 (permalink)
snuffy is is well aware they can edit their status but hasdecided not to.
Ooo Matron !
 
snuffy's Avatar
 
Join Date: Mar 2014
Location: Chester
Cars owned: GT-R & Fiat 500
Posts: 1,944
Quote:
Originally Posted by goodatcrashing View Post
Not quite, the key has a rolling code, so the code only works once.
Indeed. The code changes every time as you say. So in non-keyless type of lock, the key sends a code (which changes every time) when you press the key fob button and then the car verifies said code. Therefore, it's not possible to capture the code and use it later (which used the be the case on early remote locking).

But from what Takamo says another device can initiate the sending of the code, and only the car knows what code to send. So I assume it's initially a simple frequency to activate the challenge/response exchange of codes.
__________________
MY10 Black Edition - Ocean Satin Shimmer
Russ Fellows Unsilenced Exhaust
MY2013 TCM
ACSpeedtech EcuTek RaceRom 5

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
snuffy is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
GTR attempted theft and a warning. New Reg General Nissan R35 GT-R Chat 119 25th July 2015 10:42 AM
GTR R35 Theft ! jensengtr General Nissan R35 GT-R Chat 37 16th September 2011 10:12 PM
ATTENTION Skyline GTR owners world wide / car theft!!!! gtrlux General Nissan Skyline Chat 107 31st August 2010 01:07 PM
Not the fuel pump relay... ShopGTR Electronics 5 24th October 2007 05:22 AM
Dyno results part two*** results and graph chris singleton General Nissan Skyline Chat 7 30th November 2005 01:05 PM


All times are GMT. The time now is 01:59 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
http://www.Tyreforums.com

tyreforums

 

Garage Plus vBulletin Plugins by Drive Thru Online, Inc.