Here’s how I understand the issue:
A keyfob is a radio Transmitter. To unlock your car you need the radio transmission to reach the car. The keyfob doesn’t transmit a signal when at rest. Therefore putting a keyfob in a Faraday bag achieves nothing.
Older fobs never turned off - so they are constantly broadcasting the signal for the car. Newer fobs do turn off when at rest so they’re less risky, but if say it’s in your pocket it’s constantly moving so someone could still relay it to steal your vehicle, assuming they get close enough to you.
The faraday bag is good for older fobs or if you think you’re at risk of a key relay attack.
fobs don’t turn off. but the car sends a signal to the fob, the fob responds in kind. fobs don’t constantly transmit
the farraday cage blocks the intial signal sent by the car. Or as already noted; by the guy standing near enough to get it. (frequently still outside the house.) who then relays it to a guy in/at the car.
Yes I simplified. Some(? I’d hope all but probably not) new fobs do turn off (ignore the car broadcast) if they are not moved for a time. I proved this to myself with my 2020 car by putting my keys down by my car door, I could only unlock the car for a minute or two after I put it down, after that keyless entry didn’t work until I disturbed the fob to wake it up.
This is to mitigate the relay attack at home (and I’m sure other times, like if the key is in a purse), one avenue was that attackers would count on people hanging their keys by the door, so accessible to selective standing on the stoop with a relay. By turning off at rest they can’t be exploited this way.
That’s clever. I did not know that some key fobs have motion detection as a security feature.
The fob doesn’t turn off.
The car is always calling out for a response and the key “hears” the call and responds with their agreed upon codeword.
A faraday is like plugging the key’s ears and putting a gag in its mouth. It can’t hear or say anything.
… Which means that if the hacker is near you when you park - there is a time period where the fob isn’t masked by the bag, because it is coming out of the ignition, and voulaa - you can record the key’s pong of the car’s ping, retransmit, and get in. Correct?
This would be easily mitigated by the keyfob using a rolling code. The attacker can record the signal, so the car will also have received it. A replay of that specific code won’t work again. That is a principle used in cheap garage door fobs for many years. So I guess keyless fobs would have at least that level of security.
Better would be a cryptographic encryption using public/private key (already done in chip cards, so common technology). Though - looking at the dumb things car manufacturers did - I wouldn’t be surprised if they didn’t use private/public keys for this.
