Proceedings of 2018 ASEE Northeast Section Conference

Key Fob Protection
Alex Neville, Rachel Melisse, Alfonzo Sanfilippo, Gaston Cetrangolo, AAron Carpenter


In 2015, computer hacker Sam Kamkar announced that he had built a small hand held electronic device that could be used to mimic the application of an owner's key. He stated that the device could receive a copy of the access code from the owner's key by transmitting a jamming signal, stopping the signal from being received by the vehicle, and copying it on his device.  (1, Thompson). Since there is no expiration date on each code, it can later be used for a onetime access. However, this is only one methodology of how hackers have been able to convince the vehicle that it is the owner’s remote, granting them access to the vehicle. A Swedish team developed a device that captures the key’s radio frequency, which then transmits it to another device. This device then receives the signal and transmit the copied signal to the vehicle. If the second device is within the programmed access proximity, the device will grant access to the vehicle (2, Greenberg). These experiments proved successful, and exposed security flaws in the current design of keyless access systems.  By understanding the fundamentals of these experiments, further measures can be taken to protect against these and future attacks.

Using a combination of different techniques and strategies, there are several approaches that could be taken to prevent this type of vehicle intrusion using spoofed key fobs. One example would be access code hijacking. To prevent this, an expiration date will be assigned to the rolling code; this will eliminate the possibility of an intrusion after a prolonged period of time. Along with an expiration date, software will be developed that will provide an early warning system to the vehicle’s owner if the code was copywritten. These solutions are only a defense against access code hijacking. In order to prevent attacks through other channels, for example, a radio signal attack other security measures must be taken. By introducing an additional layer to the communication method between the car and the keyless access system, it will help to secure the vehicle from theft if the vehicle’s remote is outside of its programmed access proximity.  This layer would include the key’s ability to compare its location to that of the vehicle.  With many vehicles having GPS loaded on-board the only necessary modification would be to the remote.  Developing these security measures should be a high priority to manufactures as consumers are concerned about the diminishing security of modern vehicles. With these advancements, the rate of thefts of keyless access systems should drop significantly.

Last modified: 2018-04-27
Full Text: PDF

<< Back to Proceedings