[Andrew Nohawk], has noticed a spike of car break-ins and thefts — even in broad daylight — in his native South Africa. The thieves have been using remote jammers. Commercial detectors are available but run into the hundreds of dollars. He decided to experiment with his own rig, whipping up a remote jamming ‘detector’ for less than the cost of a modest meal.
Operating on the principle that most remote locks work at 433MHz, [Nohawk] describes how criminals ‘jam’ the frequency by holding down the lock button on another device, hoping to distort or outright interrupt the car from receiving the signal to lock the doors. [Nohawk] picked up a cheap 433MHz receiver (bundled with a transceiver), tossed it on a breadboard with an LED connected to the data channel of the chip on a 5V circuit, and voila — whenever the chip detects activity on that frequency, the LED lights up. If you see sustained activity on the band, there’s a chance somebody nearby might be waiting for you to leave your vehicle unattended.
If you want to know more about how these jamming attacks work, check out [Samy Kamkar’s] talk from the Hackaday SuperConference.
Once mounted in your vehicle and you notice the 433MHz band jammed, casually bust out your taser gloves and hang around your car for a bit to show you mean business.
Nice little board, two receivers and one transmitter bundled together!
BUT IS IT AS EFFECTIVE AS THE CAR FLAMETHROWER SECURITY SYSTEM?
https://www.youtube.com/watch?v=aLhWzMOccTg
Carjacker only on one side? Flame both sides anyway!
The Blaster (also called the “BMW Flamethrower”) was a 1998 invention by South African inventor Charl Fourie designed to provide a defense against carjackings.
The Blaster received ample (and often satirical) media coverage from abroad. In particular, it earned its inventor the 1999 Ig Nobel Peace Prize (a parody of the real Nobel Prizes).
1998? I’m sure someone did it before that. In 1982 I was working in Johannesburg at a company that installed its specialty equipment in customer vehicles. We’d often get vehicles in with previous “security enhancements” — most often just armor and other passive defenses, but more than one with rigs something like this. Usually the gas was tear gas, not butane, but I distinctly recall one that was said to be a flamethrower.
And the big Ka-CHUNK; BLEEP-BLEEP and alarm lights flashing suddenly suspiciously absent from the car when pressing the lock button doesn’t set off any alarms in the owner?
Apparently not, as stealing from jammed cars is a big thing here in ZA.
It became habitual for people to walk away and lock the car as they walked away. Eventually I guess people just stopped noticing if it made the noise and the lights went on since they were so used to it always happening
-AM
Most cars don’t bleep bleep. Most cars more expensive than a Kia Rio don’t go Ka CHUNK either. In most cars about the only thing you may or may not see is indicators flashing, something that is especially easy to miss on a sunny day.
Funny, my Subaru Forester beeps, flashes the lights, and goes ker-chunk when I lock the doors with the remote. I’m fairly certain that I spent a lot more on it than I would have a Kio Rio of the same year.
Clearly, you’re not near many American cars. Why, oh why, do they have to use the blasted HORN to signal a door lock. Positively idiotic, and most people either don’t know or don’t care how to disable the obnoxious blast. A parking lot in the morning at work would be humorous if it weren’t so annoying.
My Subarus all chirp(ed) with a pleasant little beep, but even that is stupidly annoying when you get home at night and feel it would be neighbourly not to wake the neighbourhood. Fortunately, on Subarus it’s straightforward to turn off the beep.
The problem is that so many people are uneducated about how they work. One press of the button locks the doors and flashes the lights. Two presses of the button locks the doors, flashes the lights, and sounds the horn.
People have somehow become conditioned to press the button multiple times, even at night when the blinking of the lights is obvious, and they wouldn’t need to sound the horn at all.
Cost savings. The same reason American cars use the same tail light bulbs for turn signals as brake lights, and used front turn signals as marker lights. I loved 1980’s American cars, where you can barely tell the person is indicating because it takes several seconds to realize their turn signal is blinking (slowly) between dim, and slightly less dim.
But hey, America kept us safe from evil european cars that didn’t have 5mph bumpers and far superior headlights! Gotta slap weird bumpers on them, and switch out great headlights for barely-better-than-a-candle US DOT headlights because those european market headlights that project a beautiful, bright, even field of light across the roadway, don’t also put a ton of light up above the road in order to satisfy a standard ***designed before road signs were reflective.***
I think it wasn’t until some time in the 90’s that federal headlight regulations were finally brought up to modern standards.
Can I block neighbors use of this ridiculously silly use of their system for my need of not hearing the sound of it
The latest devices block and record your press but, if you notice and press it a second time, they block and store THAT code and transmit the first so your car DOES lock but they still have a code they can broadcast to get in. Such a device can be built for bout 35 bucks.
Do you have a link for one? It was pretty pricey for me to implement codegrabbing / rolljam: http://andrewmohawk.com/2016/02/05/bypassing-rolling-code-systems/
-AM
Yup, same trick can work with some garage door openers at your house. :-)
call me crazy, but I always try my door before leaving my car; you can audibly hear the lock engaging from the outside (as well as the horn beeping), but I’m aware that the possibility always exists of a malfunction. However unlikely, a couple seconds spent pulling the door handle before walking off would solve the problem.
With my new car I can’t do that anymore. As soon as I grab the handle the car unlocks. The good thing though there is a little “pad” on the outside of the handle that when I touch it it locks the car. No need for using the remote to lock the door.
A fair point, at least it already has a solution in the form of the touch pad.
Mine does this, too. I haven’t touched my keyfob in forever…
I got this car late last year when I sold my TDi back to VW. I love just leaving the fob in my pocket and not having to reach for keys all the time.
Messes with my mind, though. I’m constantly forgetting the key, or forgetting where I put it on me. I’m so used to “stick key in ignition, take key out.”
I wonder how paranoid the maker of this device would get if there was a local ham doing ATV on 70cm.
Or even 70cm FM voice… been there, done that. The receiver in a 2007 Holden Rodeo won’t hear its own key fob over the top of a Kenwood TH-F7E transmitting at 433.525MHz (input frequency to VK4RBC Mt. Coot-tha, Brisbane).
This, I know from first-hand experience. Best bit is people can’t complain: ACMA band plans state very clearly that 433MHz is licensed to radiolocation (primary service), land mobile or amateur (secondary), not ISM or LIPD.
“Australia is part of ITU Region 3 the band 433.05 to 434.79 MHz is not a designated ISM band in Australia, however the operation of low powered devices in the radiofrequency band 433.05 to 434.79 MHz is supported through Radiocommunications class licence for low interference potential devices (LIPDs)[3].”
https://en.wikipedia.org/wiki/ISM_band
Only because Spectrum Management, as the ACMA was then known… was asleep at the wheel and realised “Ohh crap, there’s too many of these things!”
If you look at the band plans published by the ACMA, my earlier point stands. I think the ACMA is more authoritative than Wikipedia, given they are responsible with enforcement of said band plans.
Just get Lo Jack and the police should be there.
In South Africa?
I’ve had this same transmitter/receiver pair sitting on my workbench for 4 months, just because it was on sale at MPJA.
I’ll have to give it a try soon.
They’re not good, anyway. They tend to drift all over the place.
Try to get a better one, that uses a PLL.
The receiver is a very basic super regen 433MHz which has a fairly wide bandwidth (a good thing for picking up a wide range of interference sources) but also will happily output noise on the dataline when idle. Unless the AGC is regularly ‘trained’ it’ll be on high gain and pick up all sorts of sources. I’m surprised this was reliable enough to pick up interference, whenever I’ve checked the dataline on these (they’re everywhere on ebay) the output is pretty damn noisy.
cars are using 433mhz for keyfobs ???
lolwut?
are these cars by any chance walmart-brand? dollar-tree? poundland?
what about those keyfobs for cars with key-less ignitions?
welcome to the hotel california…XD
it was a song about the future, where at the hotel-california, the 433mhz jammers prevent you from starting your car, then as you wait for a cell signal (for a tow) you decide to check back in for another day.
You mean the nearly-worldwide Industrial, Scientific, Medical band? The frequency band is irrelevant. What’s relevant: the protocol and its security. One could do public key crypto over 433mhz.
Actually they use 433MHz… 433 millihertz would be a tad slow!
Or you could simply wait until your passengers all have their doors open then poke the door lock button as you get out.
On Fords with the 5 button keypad, just press the last two buttons together to lock all the doors. Ignore that there are 10 digits on there, it only has 5 buttons so there’s a lot of ‘different’ codes which are actually duplicates.
Challenge! A mechanical gizmo to unlock a Ford keyless entry. Hang it on the door and let it run, it’ll need a way to detect when the lock opens so it’ll quit.
What used to be a thing on some brands was the driver’s door would automatically unlock when closed, to make it nearly impossible to lock the keys inside. You either had to lock it from outside with the key or reach in from the back door and lock the driver’s door on the inside.
I haven’t yet encountered a vehicle with a wireless lock fob with that feature to force the driver’s door to be locked from the outside.
Haha. Funny thing is those virtual wires are sold in pairs. The TX module can be used as a jammer; I made a remote voltmeter with a pair of them. Whenever it’s on, we can’t open the garage, or the multitude of cars in the driveway or in the street. Its range is at least 50meters of jam. I think the one I was using was from seeed. No I didn’t toggle the ptt TX. Its just on and transmitting as fast as the ADC can poll the line.
I’ve always been too cheap to use the remote on the way out. Consequently I always lock the door with the button with the door open and then close it after I get out. I’m out, the car is locked, and I haven’t wasted precious battery power. I guess that habit would protect me from this exploit as well.
Thanks for this article. As obvious as it is, I’d never realized that remote locking meant that locking could be jammed. The opposite is even more scary. A woman being followed by a creepy guy in a dark parking lot may find that jamming makes it impossible for her to unlock her car. That is scary. Wireless technology has a serious downside.
It’s also yet another reason I am delighted that I drive a simple but reliable 1981 Toyota. It not only ‘just works,’ when something breaks the part to fix it is remarkably cheap. Someone really should make a simple, no-frills car like it today.
could you make one detector with triangulation to find transsmitter that is jamming to find the criminals
Kind of like this:
https://mikeh69.wordpress.com/2017/07/13/detecting-car-keyfob-jamming-using-a-raspberry-pi-and-a-dvb-t-dongle/
I would like to use this solution, but with some addition: I would like to link it to an Arduino or Raspberry and add a buzzer to the circuit. The buzzer should only come on after about 3 seconds of detected jamming..