I already put mine in a metalic bag for the night, or just press the "lock" button twice which disables the keyless entry system entirely.
Manufacturers really need to hurry up and implement more accurate timing detection in the keys - it should be absolutely trivial to detect how far away the key is based on the response time, but for some reason manufacturers don't do this yet.
Edit: I also know people who take the exact opposite approach with their expensive vehicles - they leave the key in plain sight near the front door, so if someone wants to steal the car using this method they can do so without entering the house or if they do break in they will(hopefully) take the key and leave, without threatening and possibly harming their family. I'm not sure which way is better - preventing the thief from stealing your vehicle and risk that they will then decide to break in and get the key from you, or let them steal it and just deal with insurance later.
«it should be absolutely trivial to detect how far away the key is based on the response time»
It's not possible. A keyfob has a relatively slow R/F communication channel, less than 1 Mbit/s (at best) because it's constrained by power. Thus the "length" of a bit transmitted over the air is 300 meters or more. The receiver needs to demodulate "300 meters" of R/F signal to recover a single bit. A difference of +/- 10 meters when these thieves boost the signal across your front yard is therefore indistinguishable from R/F noise and not demodulable by the receiver. You can visualize this as a 300 meter bit that has a noisy beginning and a noisy end.
That's why the distance-bounding techniques (term we use in the field) used by car manufacturers are instead pretty primitive, such as measuring the strength of the R/F signal (which is easily defeated by a proper signal booster.)
It is absolutely possible. As I wrote elsewhere in the comments, you need to use radios with timestamping that can measure the distance (10cm accuracy is achievable). See for example Decawave DW1000 radios.
Use those and you can base your distance estimation on time measurement, rather than signal strength. Amplifiers won't help.
Nope, DW1000 can't work in an adversarial scenario.
Their ranging algorithm critically depends on the receiver time-stamping the "leading edge" of the first bit of the first byte of the PHY header. This bit is either always 0 or always 1 (it's part of the 802.15.4 data rate field), so an attacker can easily cheat by preemptively sending a 0 or a 1 just before the signal booster can relay the first legitimate bit from the keyfob. This legitimate bit will be received (by the booster) while the preemptive bit is still being transmitted, so the booster can smoothly transition to sending the subsequent legitimate bits, and the receiver will have been completely fooled that the keyfob is nearby.
DW1000 is nice but it only works in scenarios where both transmitters and receivers are being honest to each other.
Is there any reason that keyfobs couldn't use 2.4 GHz (aside from cost)? Apple claims to be detecting if your Apple Watch is close enough to unlock your computer using Bluetooth at that frequency. Bluetooth LE also seems to claim battery life that is competitive.
BLE beacons do a crap job of detecting distance and battery life is just OK (a few months typically). BLE can obviously be used to differentiate between in-range and out-of-range which is useful for some applications but you can't really use it to measure distance more granularly.
> it should be absolutely trivial to detect how far away the key is based on the response time
Is that true? Accurate, very low power distance detection has a lot of potential applications (e.g. your phone straying too far away) but BLE (for example) doesn't really work for measuring distance--through signal strength--at all. If it's possible, I'd be very curious how to build such a distance detector.
I think the timing method relies on a challenge response. In short, one side sends something and the other side expects a reply within some amount of time.
If you just simply add distance to the system with no additional overhead. The time it takes for the ack should go up in a measurable amount of time.
And if you did anything more -- like some of the system do today -- where they make a generic pipe that pipes it over the internet via LTE and back -- then for sure we would have a ack way out of the time tolerance.
To my knowledge most of these systems work but using some sort of out of band transmission over other wireless means such as WIFI/LTE/or simply another band.
The second method they use has to do with rolling codes. Where they jam the signal and intercept your keyfob code, preventing it from reaching the car. They store this and when the target realizes they did not actually lock/unlock they car they attempt to unlock it again. This time they jam the signal from the keyfob to the car, but replay the code they intercepted the first time, and saving the last code sent from the keyfob for later when the target is not around. This method works for more than just cars, it can be used for most rolling code systems.
Apparently UWB [1] is being touted as the solution to determining indoor ___location given that BLE and WiFi based on signal strength don't really work well. But development is still ongoing.
I used some Decawave UWB hardware years ago and even in somewhat complicated environments (though walls, multipath, other RF stuff going on) they were accurate within 5-10%.
If you are processing data with nanosecond precision(which is not difficult with modern microchips) then you can tell the distance to the key by just measuring the number of nanoseconds elapsed since the request was sent(accounting for amount of time taken to calculate the response). If you can measure the time in nanoseconds that's good enough to tell the difference between the key being 1m and 10m away.
I think that assumes that all the processing the key fob does internally is reliable constant-time down to the nanosecond. I don't know if that's true but my first guess is that it's doubtful.
Well, those chips are designed for this one purpose and nothing else - it should be possible to design them in such a way that the encryption/decryption process always ends in constant time.
I know how the mechanism would work. I am just not aware of what hardware would be needed to support this type of digital tether using only a small battery for perhaps a year.
I don't think it's the distance really, it's the relaying and the additional steps that adds latency. If the data rate is low, and the data is not trivially small (ie over some 10s or 100s of bytes), you are in the milliseconds area, which should be very easily tracked.
Perhaps if the keyfob needs to do some additional conditioning on the data (eg some decryption+encryption), or is very slow, the extra overhead of the relay is small in comparison.
I don't know how the keyfob conserves power, but I guess some kind of duty cycling the radio, in which the first wake-up latency of the keyfob is not necessarily know beforehand. But, just send a few packets back and forth and get the overall latency and it should be able to determine if a relay is used.
If you are measuring response time in nanoseconds then you have enough precision to tell how far away from you the key is, down to a metre. Even at the speed of light, the signal will travel slightly longer if the key is 10m away from you compared to a key that is 1m away from you.
> I also know people who take the exact opposite approach with their expensive vehicles - they leave the key in plain sight near the front door
This seems like the best strategy to me. If you have a desirable vehicle and someone decides to break into your house to get hold of the keys they're going to turn the place upside down trying to find them. If you're in at the time you're also putting yourself in a lot of danger.
Just leave the keys by the front door and let the insurance deal with it.
Criminals seeking to commit property crime generally go to great lengths to avoid possible confrontations with people. Stealing one more BMW that week is not worth the risk of a 9mm hole in your chest. Breaking into someone's home when you are all but sure they are there (because their car is in the driveway and you want their keys) is just begging for a confrontation. Someone breaking into your house with the expectation of a confrontation with you is probably after more than just your keys.
People who's threat model does not include home invasion can generally leave their keys wherever is convenient in your home with immeasurably little additional risk. If you feel your threat model includes home invasion then where your keys are if the least of your issues.
A few years ago, a local hospital reported a suspiciously bad hand injury to the police.
It turned out that the patient had committed a home invasion, only to be greeted by a homeowner wielding a replica katana. The invader tried to defend himself by holding the blade...
I can easily see that situation becoming lethal to the invader if the homeowner really wanted it to.
Manufacturers really need to hurry up and implement more accurate timing detection in the keys - it should be absolutely trivial to detect how far away the key is based on the response time, but for some reason manufacturers don't do this yet.
Edit: I also know people who take the exact opposite approach with their expensive vehicles - they leave the key in plain sight near the front door, so if someone wants to steal the car using this method they can do so without entering the house or if they do break in they will(hopefully) take the key and leave, without threatening and possibly harming their family. I'm not sure which way is better - preventing the thief from stealing your vehicle and risk that they will then decide to break in and get the key from you, or let them steal it and just deal with insurance later.