Hacker News new | past | comments | ask | show | jobs | submit login
Drivers locked out of their cars at Royston Tesco (bbc.co.uk)
73 points by LiamPa on Feb 28, 2021 | hide | past | favorite | 100 comments



Article from a few years ago about a neon sign switching-mode power supply that was causing interference on the 433MHz frequency (as well as others):

http://www.arrl.org/news/view/amateur-radio-sleuthing-pins-d...

And “an inventor” who's make shift doorbell was causing problems on 355MHz:

https://hackaday.com/2019/05/15/the-great-ohio-key-fob-myste...

Trouble with these devices is they rely on all applications just transmitting data very briefly. If someone doesn't it can block everything


Would it be possible to shield the external noise somehow, eg with some foil in a cone shape?


I highly doubt it's actually jamming the the 433MHz signal from the fob. Command signals are most likely properly decoded by the vehicle, but rather the RSSI measurements are getting disturbances. Those signals are LF (25kHz or 125kHz)sent from the vehicle (multiple antennas) to the fob for localization. Fob performs the measurements and returns values to the vehicle. If the fob is not localized in the expected area, passive unlock or start would not work, and could even start the alarm.

Some gate/card readers going crazy maybe...

Wireless chargers that now come inbuilt as standard can also create enough disturbances to mess up the LF RSSI (but limited to single vehicle). Manufacturers are slowly moving to UWB and BLE for localization, as ToF is more robust (especially for relay attacks) than a simple signal strength measurement, plus it provides a common mechanism for both phones and fobs on the vehicle side.


> "I thought it was some kind of alien phenomena."

Any sufficiently advanced technology is indistinguishable from magic.

For some (a lot?) of people, keyless entry seems still to be an advanced technology.


I have an EE degree and I firmly consider even the simplest forms of radio communication insane magic.


I have two degrees in electrical engineering and feel the same way.


Monopoles.


I think this is a statement about the poor state of education.

I had a 40 year old oscilloscope open (Tek 465) on my desk a few years back when the in laws came round and it was like watching the monkeys around the monolith in 2001.


Last time this happened in the UK it was a push to call for assistance system that got stuck on, also at 433mhz. It’ll be the same here.


https://www.yorkpress.co.uk/news/9374180.tesco-fuel-pump-mys... (2011)

A Tesco spokesperson said its garages had a system which allowed disabled drivers to contact a member of staff in the kiosk using a special key fob to call for assistance.

This used a short signal which came on briefly to alert staff that someone needed help. But at Clifton Moor this had become jammed on and had blocked the remote central locking and ignition frequencies used by some cars.


There is nothing 'mysterious' about this, this is just how radios work. Neither does it have to be malicious.

Most car key fobs work in the 433MHz range, if there is something in the area transmitting at said frequency, it will cause the relatively weak signals from keys fobs to be blocked. This it why we have electromechanical compatibility (EMC) certification for any electrical devices being sold.

With the market being flood with cheap electronics from foreign manufacturers who do not care about getting certified, a single misbehaving weather station, 'smart' door bell, or baby monitor can cause disruptions to other wireless devices.


Still sounds pretty mysterious to me. This kind of event is rare, and the source of the interference is (currently) a mystery. I’d love to pop by with a HackRF and directional antenna if I lived anywhere near-by!


It's not that uncommon actually.

Even at my car dealership this is a common problem. A couple hundred cars with the same keyless entry system parked in the same lot. All those cars are actively scanning for their key fob, which causes all sorts of RF collisions. I've gotten used to having to use my physical key when picking up my car at the dealership.


I guess that's the opposite failure case from 30 years ago, where there was a decent chance that your physical key would unlock another car of the same make/model.


What brand of cars are these? It's not an issue in any car park I've been to.


Lexus / Toyota


My money's on Volkswagen.


the cars are transmitting? are you quite sure?


For keyless entry, cars are always transmitting. They look for a response of a key. In case of my car, if a keys comes close enough, it lights up the doors and doorhandles.


Unless you want to recharge your fob every week it has to stay passive as much as possible. The car has a bigger battery.


Some older fobs do recharge when in the car’s ignition. My old bmw did this and it was recommended to swap the keys from time to time to make sure they didn’t run out off battery. I guess this can’t be the case with the “keyless” keys though


Could be a challenge-response scheme where all cars are sending their challenge at the same time, after the initial signal from the keyfob.


Great way to get lynched by angry drivers assuming the person with the gear is the culprit.


Just wear a safety vest and a safety helmet, people will recognize you as the problem-solver you are!


Don't forget the clipboard.


It's in Britain. We're not like that.


The shame of being angrily tutted at is comparable.


That is indeed a cause for concern. Donning a yellow fluorescent jacket should prevent any tutting, though.


We'll just say it's not a problem and then have the hypothetical argument we wanted to have when we're back home.


This is the way


I mean, it certainly beats the boat ride to America, but, have to say it's starting to feel like neither ended up being the place to be.


Not that rare for me or the people next door.. key fobs dont work frequently at my home.. have to use the physical key and operate the fob from within the car to disable the immobiliser


It feel like it's getting more and more common. There is so much cheap no-name hardware imported where they just slap on FCC and CE logos.

My bet is that it's a cheap power supply, they are the worst offenders.


I bought a couple capacitive touch 433Mhz light switches to use for a home automation system on AliExpress. Turns out they were very prone to detecting “ghost” touches and would sometimes end up stuck in the “touched” position forever, which would cause the same issue. Ended up binning them and going back to “push button” switches which are more reliable and are more likely to fail into the “off” position should they fail.


The “China Export” logo is a blatant but subtle imitation of the actual CE logo. Quite frankly insidious...

https://support.ce-check.eu/hc/en-us/articles/360008642600-H...


hmm?

> In 2008, a logo very similar to CE marking was reported to exist and alleged to stand for China Export because some Chinese manufacturers apply it to their products.[14] However, the European Commission says that this is a misconception [... ...] despite the Commission's assurance that it is without foundation, this urban myth continues to be available on many websites.

https://en.wikipedia.org/wiki/CE_marking#China_Export


The wikipedia article is contradicting it's own sources and links to the incorrect mark, the China Compulsory Certificate mark. The European Commission hasn't confirmed the existence of the China Export mark, but claims that it is illegitimate if it does exist. The EC is "...in constant discussion with Chinese authorities..." and intends for Member States to potentially "impose sanctions".

>The Commission ... considers that the mark [China Export (CE)] ... constitute the CE marking as foreseen in the European legislation without, however, respecting the dimensions and proportions prescribed therein.

>...the Commission deems it necessary to establish a comprehensive Community legislative framework in order to ensure coherent market surveillance ...

>...It also provides for the legal basis for Member States to impose sanctions in the case of misuse which should serve as a deterrent.

https://www.europarl.europa.eu/sides/getAllAnswers.do?refere...



I believe you meant eletromagnetic compatibility (EMC).


Yes, you are right. That was a typo


I once found out that that the reason why people parked next to my car can't unlock their cars is because I had my rear parking sensor switched on. As soon as I switched them off, their car fobs would start working again. I had some custom Chinese-made rear parking sensor installed. So nothing "mysterious", just radio frequency interference.


I mean, it's not a mystery to you, but it's certainly a mystery to most of the general public. You can't see radio waves and most people have no idea that their car remote is operating in the same space as dozens of radio stations, GPS, Wi-fi etc. The vast majority of the population is quite happy to accept technology as magic.


I didn't mean "mystery" as "unexplained", I meant "mystery" as "magic, conspiracy, aliens..." type of interpretation which general public seem to take on lately.


What's stopping people from physically inserting the key into the lock/ignition?


In some cars, if you lock the car with the fob it primes the alarm. If you subsequently unlock it with the physical key the alarm will activate when you enter the car. You can only disable it in with the fob. Source: had a 7th gen Honda Civic.

Many cars hide their keyholes making them essentially inaccessible. Many drivers probably don't know they have one. Volkswagen has been doing this on some models since 2009. Source: had a Mk6 Golf.


Cars not having physical locks on doors or for ignitions anymore is one, I assume.


Does such car exist? (Tesla Maybe?)


My car has only has a mechanical lock on the driver's door. And the manual strongly advises against regular use of that lock for some reason. Supposedly, it is just a backup. A quick search of other brands comes up with similar stories and anecdotes of these locks breaking quickly if someone was relying on then too much.


Modern (all?) Teslas do not have a physical key hole at all, you need to use a key card or key fob or the app (which works over bluetooth)


I only just realised that there is an emergency physical key door lock on my Hyundai, but you have to pry a cover off the door handle to get to it.


my 6 year old nissan doesn't have a physical key. most keyless cars you can open the door but not start the engine without a functioning wireless key


Are you 100% sure? My car (12yo Toyota) has keyless entry and start, and the fob has an RFID chip inside. If the car can't detect the fob (e.g. the battery is dead) you can hold it against the "Start" button which has a RFID reader. I ask, because this feature is not advertised other than a few sentences in the manual, and it seems a pretty badly designed feature to not have a backup.

The fob also has a physical key hidden inside - although that's a bit more obvious as there is a key hole on the drivers door.


I found this https://www.douglassnissanofwaco.com/service/service-tips/ho...

So you may be right after all. I knew about the physical key but at the dealership they only said its used to open the doors.


None of the cars I have driven in the last decade had physical keys. Owned a Nissan, Mercedes and Toyota, rented various BMWs, Peugeots etc...


A lot of them actually have a real key "hidden" within the digital fob, see example: https://www.bimmer-tech.net/blog/item/105-about-bmw-key-fob

I have never had to actually use it, but looked into it when I got low battery-warnings to make sure I would not be locked out.

Assuming this is not a legal requirement I am sure there are models where this is not possible though.


those are for opening the doors but you cannot use them to start the engine


From the link: > Once inside your vehicle, insert your remote key fob in the ignition slot or, if your car doesn't have one, hold it against the key markings on the side of the steering column. You'll then be able to start your BMW with the start/stop button on your vehicle's dashboard, even if your key fob is dead.

Other cars probably have other solution. It was possible in my case as well (not BMW) but do not remember the process.


Mind listing some exact vehicle make+models?

Because besides personal experience, googling the proximity keys of all of those brands shows the expected pop-out keys.

Also photos of various models from all those brands in 2020 show key holes on the driver's door, which would suggest there is in fact a key somewhere that fits it.


In the keyfob there is usually a foldout key hidden even in modern cars


None of the cars I owned had this. I hadn't fiddled with the rented cars keys so those might have had it.


Having just had to spend £380 to replace the receiver on my Ford I thought it did not have a physical key at all, then the nice dealership assistant lady told me on the phone "you need to open you keyless fob, there is a key inside"... I never knew!


Dirt. Not using the mechanical key for a long time has consequences.


The ham radio folk, of which I am one, are probably down there with scanners now and could tell you the problem ;-)

Before I was a licensed ham I put together a little AM transmitter with a 9v battery connected to a portable cd player. I was shocked that I could pick up the signal several miles away (and yes I know hams, very bad behaviour, I was ignorant).

I'll put my money on a new antenna having gone up nearby.


As a fellow ham I’d probably stay away these days in fear of being labelled the cause of the problem.


> ask to speak to the on-duty manager to make them aware you are having difficulties getting into your vehicle as they are aware of the process to follow.

Wonder what the "process" to solve this is if they don't even know the cause?


maybe they bring out the huge car sized faraday cage


If you build a structure out of supermarket trolleys around the car, would that be sufficient? I love the idea of a car size foldable Faraday cage btw.


Serious answer? Maybe. It would depend on the frequency the keyfob is using, and the spacing of the grid, and the metal they're made of.

There's a good chance a cage made out of shopping carts would block HF and below quite effectively. UHF and microwave will go straight through it though. Any holes need to be significantly smaller than the wavelength.


I would bet a small amount of money that the process is (1) put the fob very close to the car's receiver and try again, followed by (2) disassemble the fob and look for a mechanical key.


Portable faraday cage over the car and driver?


I wonder if a cone of tinfoil (handily available at Tesco) would work, shielding key and lock during unlock? Or are the receivers elsewhere in the car?


It'll be someone using a 'jam, listen, and replay' device to unlock and start keyless cars so they can drive them to a port and steal them.

Pretty much every week a car is stolen this way from my street. I now always take the engine management fuse out of the fusebox when parking my car so at least the car can't start when a thief pulls this... They tried anyway though!


Curious as to how such a device would recover the original signal while it’s broadcasting a stronger signal to jam the frequency.

Also, if you don’t mind, which city/country are you in? It seems insane that this is a regular problem happening in the same location and law enforcement doesn’t catch on.


You jam at a slightly different frequency - different enough that you can tell the signals apart with your hackrf, but close enough that the receiver chip can't [1]

Of course, the strategy I've heard outlined is to jam and record one rolling code, then a second one, then to replay the first code so the fob holder sees the system respond to their button press but the attacker has a ready-to-use code. If people are seeing their cars failing to unlock, it's not that specific attack.

[1] Page 63 of https://samy.pl/defcon2015/2015-defcon.pdf


a) use a directional antenna for the jamming transmitter. Everyone except the car can receive the fob signal just fine

b) use a directional antenna pointed at the fob. You jam everyone but RSSI for the fob signal received through the antenna is still acceptable

c) jamming signal triggered by fob transmission, possible to jam specific packet bytes, like the CRC (recoverable later)

d) jamming signal uses a period that is a little shorter than packet length, repeated packets can be recovered by combining their intact parts

etc..


Where do you live that a car gets stolen from your street every week?


I can share that from living in a Northern UK city, between 2 or 3 "notorious" streets there would be multiple car break-ins each week. The University's student Facebook page became a constant feed of people reporting cars with smashed windows.


There is a big difference between drug addicts breaking windows to steal change and cars being stolen,


I lived in Leeds (Northern UK City) for a while about 15 years ago and, yeah, cars were stolen routinely (mine included). I would expect it is less common now though?


Damn. I figured the CCTV would at least knock crime down a little.

Afraid to ask what kind of crime happens in places without cameras - those that exist.


Police just don't care about stolen cars. It's the same people who do it each week. They live at the end of the road at number 110. None of the stolen cars have ever been recovered, but they're all insured against theft so most people don't care and just buy another car till they get a model that's harder to steal.


> jam, listen, and replay

Does that actually work? I thought the fob would contain some kind of private key that's used in a challenge/response scheme with the car, precisely to avoid the replay attack?


It's a real-time relaying, for precisely the reason you suggest, but yes it does work.


It's odd that no one has analyzed the 433 MHz band to find out what is interfering with all these signals. It's most likely to be a bit of misbehaving equipment permanently on a channel.


Presumably they've given Ofcom a call and they'll go look whenever they get around to it, but some noise on ISM is probably not treated as an emergency.


If you look at the Ofcom schedule it says that 433Mhz ISM devices must accept harmful interference. So you’re probably right. They aren’t safety critical systems.


The equipment should've gone through EMC so it might just be the sheer volume rather than one or two offenders.


I had an experience like this in a parking lot in Belarus: our van wouldn't react to the keyfob. A man soon came by offering to help for some money, but some others warned us he was using some kind of jammer to make this happen on purpose.

In fact I think it wasn't specifically made to be a jammer, he was just trolling with an accidentally-discovered device causing interference


Tesco seems to be using wireless price tags. Maybe their transmitter is sending a signal that is strong and continuous enough to cause this?

https://electronics.stackexchange.com/questions/86895/how-el...


There is a place in Doncaster where remote keys just don't work! It is fortunate I still could unlock manually. Of course this was over a decade ago so it may not exist now.


I wondered if it might be linked to one of the nearby military bases (e.g. radar), but I misremembered where they are; RAF Alconbury is to the north of Cambridge instead.


Does UK still have those vans that drive around, looking for unlicensed TVs?

If so, could one of those be repurposed? I suspect they have fairly wideband scanners.


I remember this being a common fear in the UK during the 90s. I cannot report on whether such vans actually existed.


Well, you're in luck! I can report on them existing.

https://en.wikipedia.org/wiki/TV_detector_van

I remember seeing them, when I lived in London, in the 1970s.


They must not have been from around there. It’s a local shop, for local people.


It's yet another large Tesco Extra on the edge of a town, in this particular case just off the Royston Bypass, with the intended large catchment area of such hypermarkets. The "local shop" on the other hand would be the Tesco Express in the town centre.


> Royston Bypass

New road bad! There's nothing for you here.


I immediately thought the same when I saw that headline


There's several previous cases of RF interference causing this.


Hey, I've been to this Tesco! (My company is a km or so away)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: