The Great Ohio Key Fob Mystery, Or “Honey, I Jammed The Neighborhood!”

Hack long enough and hard enough, and it’s a pretty safe bet that you’ll eventually cause unintentional RF emissions. Most of us will likely have our regulatory transgression go unnoticed. But for one unlucky hacker in Ohio, a simple project ended up with a knock at the door by local authorities and pointed questions to determine why key fobs and garage door remotes in his neighborhood and beyond had suddenly been rendered useless, and why his house seemed to be at the center of the disturbance.

Few of us want this level of scrutiny for our projects, so let’s take a more in-depth look at the Great Ohio Key Fob Mystery, along with a look at the Federal Communications Commission regulations that govern what you can and cannot do on the airwaves. As it turns out, it’s easy to break the law, and it’s easy to get caught.

Hobbled Fobs

According to a report in the New York Times, the problems in North Olmstead, Ohio began in late April when people began to notice that key fobs and garage door remotes weren’t working. Fearing malicious activity in their suburban enclave – a justifiable fear, as we’ve seen with Samy Kamkar’s keyfob replay attacks – good citizens began calling the local authorities to report the issue.

Exactly which authorities have jurisdiction over key fob issues isn’t clear, but according to the report, everyone from the local utility companies to the city council got involved in the investigation. The cable and phone providers couldn’t locate any faults with their equipment in the affected area, and the electric utility even took the somewhat ham-fisted approach of selectively cutting power to various sections to see if the signal stopped. It didn’t.

Local amateur radio operators were in on the action as well, which is par for the course with a group that has a vested interest in a low noise floor and routinely self-polices the airwaves. It appears that a ham in the area volunteered his expertise and equipment and did a little wardriving, eventually narrowing down the source of emissions to a single block, and then to a single house, which was pumping out a powerful signal at 315 MHz.

At that point, a City Councilman named Chris Glassburn paid a visit and discussed the problem with someone described as “an inventor” with “a fascination with electronics” – one of us, in other words. The problem seemed to lie with a device made by the gentleman to alert him when someone was upstairs while he was down in his basement shop. The device, details of which are not covered in the story, was battery powered, which explains why the electric company’s brute force attacks didn’t reveal the location. Once the battery was removed, the interference stopped, and life in North Olmstead, Ohio returned to normal.

Part 15 Rules

Based on the sketchy accounts offered by the non-technical media, it’s a little hard to piece together exactly how this happened. Councilman Glassburn declined to identify the hapless hacker, for understandable privacy reasons and because there was nothing malicious about the emissions. So unless he happens to be a Hackaday reader and decides to share the technical details of what he built, we’ll just have to make a few guesses as to how this whole thing went down.

The signal that was tracked to the source was a 315 MHz signal, in the part of the UHF band dedicated to “Unlicensed Part 15 Devices” by the US Federal Communications Commission. FCC rules generally require devices that intentionally radiate coherent signals, like ham and public service radios, microwave links, and television and radio stations, to be licensed. But licensing all the millions of devices that intentionally transmit signals would be prohibitive, and so Part 15 rules allow for low-power, unlicensed transmitters, to accommodate devices like WiFi, cordless phones, Bluetooth, and of course, key fobs and garage remotes.

Part 15 rules for unlicensed transmitters control unwanted emissions by having manufacturers submit a sample device for inspection. The device has to meet various requirements and pass a series of lab tests to earn certification and a label that shows the device is up to snuff. Each band has its own requirements with regard to radiated power and spurious emissions. Equipment operating in the 315 MHz band is covered by §15.231.

Assuming the hacker in question was using commonly available transmitters for the 315 MHz band, like these keyfobs from Adafruit, he appears to have violated a couple of parts of §15.231. Paragraph A stipulates that transmitters can only send intermittent control signals, and that the device automatically stops transmitting after five seconds. The reports make it clear that this was a continual problem over a period of weeks, so it seems like the transmitter was modified for continuous operation.

The hacker also seems to have run afoul of paragraph B, which limits the field strength of the device measured at a distance of 3 meters from the antenna to 12.5 mV/meter. Given that remotes for an entire neighborhood of North Olmstead were knocked out, and that there were reports of interference in the community of Fairview, my guess is that the signal was reaching out for a mile (1.6 kilometers) or more. To be able to propagate that far and still have enough power to swamp everyone’s remotes, it seems like the transmitter was overpowered, to say the least.

Mea Culpa

The apparent inadvertent violations of §15.231 assume that the transmitter used was something commercially available and therefore subject to the FCC inspection process prior to being put on the market. The other possibility is that the unnamed hacker built a 315 MHz transmitter from scratch. If that’s the case, then the provisions of §15.23, Home-built devices, would apply. There’s not much in that section other than to say that homebrew devices operating the unlicensed bands must not be marketed or made in quantity, and must follow good engineering practices to adhere to the standards that a commercial device in that band would. So a homebrew device that radiated that much power would probably still run afoul of the rules, but it’s in a much greyer zone.

None of this is to suggest that the Ohio hacker knowingly violated the rules, of course. Modification of stock devices comes naturally to people like us, after all, and we’ll give him the benefit of the doubt that he didn’t know that such modifications were illegal, assuming he did make modifications.  I can’t cast any stones, having inadvertently operated a pirate TV station for a few days in the 1980s when the RF modulator on my COSMAC 1802 got a wee bit overpowered and transmitted my blocky one-bit scatology to the neighborhood; thankfully the kindly amateur radio operator across the street paid me a visit before dropping a dime on me with the FCC.

All indications are that the Ohio hacker was eager to take the interfering device down when he was confronted and hasn’t put it back up, which suggests he’s a law-abiding fellow who just made a mistake. But his experience shows how easy it is to run afoul of the rules and have your little pet project get much more attention than you perhaps intended.

Thanks to [maxw] for calling our attention to this story.

Banner image:

“Remote Entry Keyfob – 2013 Volvo XC60”by HighTechDad is licensed under CC BY 2.0

90 thoughts on “The Great Ohio Key Fob Mystery, Or “Honey, I Jammed The Neighborhood!”

  1. I’m shocked the “Inventor” didn’t have any idea that their newly-installed radio-frequency-using “invention” had some associated with the newly-appeared radio-frequency-related problems in the immediately surrounding area.

    1. Why would you assume the inventor was aware of the problems? If he could still open his car, his doorbell wasn’t affected, and his garage opens with hand power. Even if one of his neighbours mentioned “huh, my car remote isn’t working” it’s normal to think “you need a new battery” rather than “something is jamming it!”

    2. In much of the US local news is somewhat of a cesspool now that very few local papers remain independent and actually employ local reporters (especially in small towns). It is entirely possible that the offending basement tinkerer was entirely unaware of the local news stories circulating about radio interference.

      I suppose it is also possible (though, given the power level we’re talking about, unlikely) that the device was not intended to be a transmitter at all but just happened to leak a clock signal or something like that.

  2. “… when the RF modulator on my COSMAC 1802 got a wee bit overpowered and transmitted my blocky one-bit scatology to the neighborhood;”

    Would you mind explaining that in more detail?
    I already knew what “scat” is and “scatology” is what I assumed it would be but what’s “my blocky one-bit scatology”???
    Some strange idiomatic phrase / hacker slang I’ve never heard of before?

      1. that still doesn’t answer what he actually send out but after further searching for “cosmac 1802” it may be some kind of computer with a TV-out so he “just” transmitted his computers screen output?

        1. Yup. Old consumer TVs didn’t have composite video in, so old personal computers (and early VCRs) had built in RF-modulators just to be fed directly to the TVs demodulator. Needless to say, this caused massive degradation in video quality.

        2. I think you’re over thinking it.
          Back in the day when home computers connected to a TV and were still very uncommon devices, tinkerers and hackers were closer to one part per tens or hundreds of thousands of people.
          So pretty much anything put on the screen would be considered ‘crap’ by basically everyone within range to pick up the unintended broadcast.

          1. That reminds me of NES clone I had near mid 90s. It had RF modulator and to connect it to TV RF input I had a RF switch (very local product) with other input being fed by cable connection (again RF modulated over Coax at that time) One day my friend staying opposite to my place told me how he can watch every game I am playing. (It was very uncommon for anyone to have one such console at home at that time. So I was the only one in the block with one.)

    1. I had an 1802 based VIP in the early ’80s, the RF modulator we used was intended for and Apple ][ and required a little jumpering. Given that it generated a picture on channel 12 as well as the intended 3/4 I can see one of these getting out of hand.

      The gold star for early home computer RF goes to the gen 1 VIC-20, which basically jammed every TV in the house.

    2. Teenage boys love to swear, right? At least I did, and I spent a lot of time perfecting my skills. Then when I discovered that I could compose messages on the computer by setting pixels on the screen, great fun was had by making lewd and crude messages appear on my TV. And, apparently, TVs for hundreds of yards around.

      1. ah, ok. So a combination of missing linguistic knowledge of an uncommon use of uncommon words in english and the inability to figure out for sure what a COSMAC 1802 is lead to me not understand at all what you meant up there.
        I would have immediately understood something like “… transmitted my typed up swear-word-salad to (the TVs) in the neighborhood.” ;-)

  3. I love this site but one thing that has annoyed me for years is how little the legality of rf projects seems to be considered. There are so many articles about intentionally transmitting square waves* such as from a RasPi GPIO or VGA port, extending the range of WiFi devices**, building rf noisy equipment without shielded cases, etc…

    Don’t get me wrong. I have no problem with sharing that kind of information. You can publish a how to article for building a megawatt spark gap transmitter for all I care. I’d just like to see more disclaimers, you really shouldn’t do this because…. or use a lowpass filter, and how to build one…

    I’m sure we all bend the rules a bit here and there. But I think there might be a lot of readers here that don’t even realize when they are doing it. Think of it this way, if I were driving a road in your neighborhood and asked you what the speed limit is I might appreciate you saying it’s 45 but traffic is usually more like 55. I might chose to go 55 but don’t imply that the limit IS 55 when it is actually lower!

    * – a perfect square wave would be an infinite sum of odd-harmonics. In other words, your RasPi FM transmitter isn’t just transmitting on that FM broadcast band frequency that you chose because it was empty. It’s broadcasing on several multiples of that frequency, possibly interfering with aircraft, emergency responders, etc…

    ** – Legal power limits for WiFi are measured in effective radiated power. That means it isn’t about the number of watts out the antenna jack. If you take that same power and focus it into a tighter beam you concentrate more energy into the space you are pointing at. In other words your Pringle Cantenna very well might not be legal!

    1. Rant acknowledged! We _do_ take it seriously that folks are using the airwaves correctly. Hence this article, actually.

      And when you count wifi and all of the other little wireless devices out there that use the ISM bands, it’s pretty amazing the value we all get out of this “free” resource. It’s truly a treasure.

      1. High power is relative. The transmitters he was jamming run on coin cells, so are very low power. Something running from a modest battery pack or UPS could easily put out 1000x the signal.

      1. That was going to be my guess. Suppose the legal device calls for maybe 5 volts and he was using an old car battery he had lying about so he would not have to swap batteries so much. Just a guess but, it sounds like something I might have done not knowing what was really happening. At least we now know how to build a jammer to jam neighbor’s garage doors and key fobs, ha ha.

      2. To be persnickety. In proper technical language, it shouldn’t mean that. Of course the lazy used of language, means that that a “dry cell” is synonymous with “battery”. When I have time, for kicks, I ask the store personnel, there they keep the dry cells. Sooner or later I’ll run into another smart ass, that will take me to the mobile phones, telling me they are all dry

        1. Etymology does not determine meaning.

          Any single cell packaged for use as a single cell is a “battery.” Words are permitted to have more than one meaning, and in this case, the word does have multiple overlapping meanings.

          So you’re being persnickity, but also “yer rong!”

    1. I wondered the same. I know very little about radio transmissions and I guess for that matter electronics, but when i read that this was battery powered and affected what I assume was more than multiple blocks for weeks or months, it didn’t add up. I wish the article would have spent more time explaining how this could have happened instead of covering all of the laws he broke.

      1. I wish I could have too, but the perpetrator’s name wasn’t released, and despite my best efforts I wasn’t able to sleuth out any more information. I did send an email to the fellow who eventually tracked the guy down, and he’s promised to get back to me, so maybe when he does I can ask him for specifics. He should know since he was in the house.

      2. Or, as is typical of news media. They may be presenting it in a way that makes it sound bigger than it really is. It could be that the affected area is a lot smaller than they lead on.
        Even a typical garage door opener with a fresh battery will often work a few houses away. Something with only slightly more power, operated repeatedly, could interfere with a half dozen houses, which would probably be enough to get some attention eventually.

        1. I think the fact that the ham radio guy had to drive around just to narrow it down to a neighborhood would indicate that it really did cover a fairly large area.

          1. Not true. If he had a good antenna and receiver he could probably have heard it from the other side of the city. If he had a good DF unit, he probably could have done it by stopping twice.

            NASA regularly receives single-digit watt signals from spacecraft millions of kilomenters away.

    2. I once had a (retail, not home built) battery powered RF device that was only supposed to send a brief signal every now and then. But as the battery ran out, it somehow glitched itself into an always-on jamming transmitter. Noticed after a day or so because other RF devices in the (immediate) vicinity failed all at the same time.

      So perhaps, the device was failing in an unforeseen way? Still seems unlikely it’d transmit at such power for such a long time then.

      1. Yeah, I had an LCD wrist watch that used an incandescent bulb to illuminate the dial.
        But if the battery was low, the light would stay on and quickly drain the battery.

        1. like all these newfangled eee-lec-tronic dee-vises that turn an LED *on* when the gizmo is *off*. The other day I setup a DVD player for a senior citizen and it changes its 7 segment displays to be continually lit as OFF when it’s off.

          It’s irritatingly stupidly counter-sensical to to turn something ON to indicate the device is OFF. Why can’t a television rely on the fact that people can see the picture to tell that is is in deed ON, and the lack of a picture is a pretty certain indication it is OFF? If it has a screen blanking power saving function *then* is when it should turn on an LED to indicate “I am ON but my video output is OFF.”

          It’s like pinning a sign saying SLEEPING to your blanket when you’re asleep in bed. Or how on packages of Oreos where it says “Slit appears when open” or labels on pull top cans of fruit “Popping sound may occur when opening.”. What’s next? Labels on clothes that say “Human not inside when not being worn.”?

          Please, just stop it with the blindingly obvious and completely useless information!

          1. The reality is that most devices are never OFF any more, they’re just in a nonfunctioning low-power state. This is necessary so that you can turn them ON with the remote control, which only works at all if the device is already ON.

            Back in the late 1980’s my mother in law had her whole house fried when a falling telephone pole shorted the 2400V feed to the 120V secondary outputs to a few houses. She complained bitterly that she had turned everything off, but she also had mostly state of the art devices for the day which weren’t really off.

          2. Forgot to add… the reason for the OFF light / OFF message is so you will know the device is energized, unlike my MIL who did not know her OFF devices weren’t really OFF when the power pole came for them.

          3. I can’t answer for the rationality of the rest, but the fruit can one is because some people might mistake the pop sound as an indicator the contents are spoiled and producing gas. Don’t want customers throwing out perfectly good fruit by mistake.

          4. In response to Fred: That warning can make sense on peanuts (which are more pea than nut) to let the buyer know that there may be real (tree) nuts in there too, although most of those have been revised to read something like “May contain traces of tree nuts” to make that a little clealer. The time I bought a bag marked “Natural Almonds” in 2 cm tall letters on the front, “Ingredients: Almonds.” on the back (there wasn’t anything else on the ingredients list, like salt or oil), and was partially transparent to show that the bag did, indeed, contain nothing but almonds, and was STILL marked “Contains almonds” after the ingredients list – that one would make Captain Obvious do a face-palm.

          5. This seemed strange (and irritating) to me when I first upgraded from a CRT to LCD TV many years ago, since up to that point my experience was that indicator lights mean ‘on’! I think it’s done this way for (at least) two reasons:
            1. Localroger is absolutely correct–it shows the device is energized but not turned on.
            1.a. If you have a partially functional TV (powers on but no picture) you may still have an indicator of the device’s state.
            2. On a TV, a bright LED ‘on’ indicator would be irritating, especially when watching in a darkened room. Hence the reverse logic.

      2. The Radio Shack HTX-202 VHF handheld ham radio does this. If the CPU decides the battery voltage has gone too low while the unit is transmitting, it will shut down the CPU leaving the transistors controlling the transmitter on until the battery goes completely flat, or you realize what happened and turn the radio off.

        I haven’t seen the HTX-404, UHF band, behaving as poorly.

    3. I’m guessing it was probably a simple UPS that can be bought at any computer supply store. It would easily fit with the story – runs off main power for most of the time, goes on battery when the utility gets cut to see if they can isolate, back to main power when utility is turned back on.

  4. A significant part of the problem is the unapproved 315/433 MHz devices for sale on the various websites. Perhaps additional caution language on tape wrapped around the modules would help?

    From the limited information available it looks like the issue with this person’s project was not the frquency they were using, and perhaps not even the power, but that they were transmitting continuously (enough at least to prevent others from using their devices on the same frequency). The key to getting away with something like this is to use short low duty cycle transmissions so as not to draw attention to yourself.

  5. Sure would be nice if that ham showed up at the Dayton Hamvention foxhunting forum (this Saturday at 9:15) and provided a little insight into the hunt. Hams do foxhunting as a sport, but this is the practical side of the sport, and I am sure it would be a fun addition to the forum.

    1. I also personally experienced something of the sort. I build GPSDOs and one of my projects is a discipline module that can be used with an FE405 precision OCXO. That oscillator’s output is 15 rather than 10 MHz. Whenever I ran it, our wireless alarm system would report a receiver jam. Well, the overtone sequence for 15 MHz pretty much hits a lot of sweet spots, and one of the outputs was a square wave…

    2. Our ham club tracked down one of these for a retired schoolteacher, whose radio & TV reception would be periodically jammed by static.

      We camped out at her house (in pairs) for a couple of hours several nights a week. We finally caught it happening and started to shut off circuits at the fusebox. The first time, it stopped before we could shut it off. The next night, we got it.

      It was the gas burner control on her furnace or hot water heater. The contacts were arcing when the thermostat called for heat. Gas company came out and replaced it, which eliminated the interference, and she was our club’s best friend until her death a few years later (she had, of course, originally blamed the interference on a some local ham operator).

      The hardest thing about the whole adventure was a bunch of strange guys invading a nice old lady’s house and convincing her to let us hang out and mess with her electricity. It helped that one of our guys was the technical lead at a locat TV station, which allayed her fears a bit (he was an excellent diplomat).

  6. So… there was more information from other sources. I don’t have any personal knowledge of the situation, but have followed the case as it happened 40 miles or so from me. But, here’s a little more just to satisfy some of the questions.

    The man was minimally self-trained in electronics. The signal was tracked down by a ham/TV repairman. The signal was not on all the time, but was on for long periods at a time. It took long enough to find the source of the problem that local news covered it a couple times before they found the problem. When questioned about the device, the person clearly was unaware that it was causing an issue and discontinued use immediately. That coupled with medical issues that may have contributed to the incident appears to have guided the police to make the decision onsite to not file charges. They would have likely had to turn the case over to the FCC. I didn’t read where they consulted with the FCC. If they didn’t, the man could technically still be charged. Generally, the FCC is pretty forgiving the first time when it’s an accident. But, don’t depend on that.

    The man apparently spends a great deal of time upstairs in his home and the device was used to tell him when someone was downstairs. It apparently transmitted constantly when someone was downstairs and lit a light so that he would know.

    From a technical standpoint, I think that he could have been (could still be) charged. Those fines are not minimal. (I believe that they start at $10K.) So, let’s be careful out there people.

    1. Based on what I’ve read, it appears that for those fines to have any actual teeth, the FCC needs the DOJ to go after the person. Based on past instances of the FCC going after some troublesome HAMs, it seems they have trouble getting the DOJ to take on such cases.

      1. The high fines are for show. The most effective more is to confiscate the gear of intentional offender, and probably not unintentional offenders as well. My guess if it doesn’t put life or propery at immediate risk, DOJ is not going to act.

  7. Something similar from the ’70s. I was an active HAM/Homebrewer then (In my teens) I had built a 150 watt 2m (144MHz) tube amplifier. I finished it, did a little troubleshooting, and used it for several QSOs. All seemed well. Later, while we were eating dinner,a neighbor knocked on our door, and told us that a certain (I don’t remember which 40 years later!) TV channel was being jammed in the whole neighborhood. Of course, neighbors knew each other back then, so everyone in the nearby areas knew that my father and I were what we now call makers and that I was a HAM operator. The antennas were a giveaway if they hadn’t already known. I went downstairs to my shack, and rightaway noticed that the plate current was way too high and that the anodes of the dual tetrode (I think it was a tetrode, beam power tube maybe? I can’t remember) were cherry red. I shut it off immediately and the problem was solved. It was a parasitic oscillation that I later eliminated by putting resistors in the anode leads with a turn or so of wire around the body of each resistor.

      1. typically home medical devices have a battery backup that lasts a couple of hours. I know my dad’s home dialysis machine did, and my grandfather’s respirator.

  8. One of my uncles had a remote operated garage door opener back when those were first introduced. Almost every time when he came home from work, the garage door would be open. Turned out the analog frequency pulse it used for the open command was the same as or close enough to one of the frequencies used for air to ground transmissions from aircraft, and his home was close to the local airport glide path.

    1. A housing development was built near my house when I was a child.
      As a special feature, all the houses had remote garage door openers.
      All operated on the same signal…

  9. look on the bright side the frequency used does not reside on the emergency bands so only car key fobs and garage doors will not work it isnt like the neon sign that wiped out the emergency dispatch

  10. The most important part of the NYtimes article is in the first paragraph. This place was only a few miles from a NASA research facility.

    The poor guy getting stung is a cover up for Alien intervention!

    The EIRP of a device to jam keyfobs etc for a few houses let alone blocks would have to be enormous and quiet wide band.

  11. While I understand it torques off those, who have yet to figure out what is the small shit not to sweat is. Posts should contain caveats. To keep the posts simple. Create a web located document in which various instruction topics have hyperlinks that can be pointed to in the postings by Hackaday staff.

    Im not sure it’s still in place the only FCC regulations that local law enforcement is allowed to enforce are those related to CB. My impression local enforcement, isn’t interested.

  12. I like yours old story. But here, on Eastern Europe, in the communist era, if you mess with RF, in (maximum) few hours the knock on your door was from secret service… I know from a (then) teenager living in a small town who experienced it…

    1. Well, I was almost expelled from my high school when I experimented with SW to MW converter in order to listen to my favorite Radio Free Europe on a simple transistor radio in the 80’s. Luckily my real intent was not disclosed, so I survived with just playing stupid geek (which was not hard at all that time) in front of the police investigator. Neverheless they asked my school for references about myself and it was enough to be conditionaly expelled.
      It was quite some fun to tinker with bolshevik authorities here in the CZ some 35 years ago…

    1. one aspect of ISM and part 15 communications is that you have no right to use unlicensed bands. If a licesed use of the band is interfering with your use, it is your problem.

  13. In a now unfortunatley out of print book by Tom Wheeler “Electronic Communications for Technicians” – He tells a story about a local Ham radio enthusiast who was being blamed for heavy RF interference in his town. He investigated it, and found the source of the RF: some idiots at a restaurant removed the door of a commercial microwave oven, and were just smart eneough to over-ride the interlock. They figured they could save time with orders in the kitchen, not needing to close and open the door!!!! Yikes!

  14. So great to see a general public community experience the ruin of their RF devices. The RF spectrum has become a cesspool of radio interference from about every switch mode power supply ( the little plugin chargers used for for your phone, iPod etc) , and unfiltered , unshielded Chinese imported crap.
    My own LF, MF HF to microwave band has been useless for listening to anything normally receivable.

    The FCC doesn’t do much…even worse in Canada with NO support for RFI abatement unless air or police bands.
    The article made me laugh about the d vices needed FCC approval. We have seen so any devices “self approved” or FCC approved, only to have the manufature NOT INSTALL the required filtering once appoval was given….it’s a joke and simply leading to the sell off of the bad to digital “ pay to use” services…hopefully it will com back to haunt them with G5 and the incredible noise problems this will cause to Every receiving device..

  15. a roomate of mine and I where working on his CB radio at the house and he wanted to move it inside so we could tinker with it… flash forward a week later and the men in black where sitting on our couch having a discussion with us about our cb radio and why we where operating so close to an airport… we lived just on the other side of the fence… talk about sweating bullets…

  16. I remember back when I built an amp to send cable through a house with lots and lots of leaky connections which actually worked at clearing up the static. The FCC paid me a visit that my house was blanking out the radios of air craft passing over in approach to a local airport… Ah fun times.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.