I Don’t Think This Will Work

Car alarm key fobs generally have two different methods of operating. One is an infra-red LED in the keyfobs, which pulses the light at a reciever normally mounted where the rear-view mirror is. The other (more common) type uses RF energy (i.e radio waves) just like FM radio, etc. These are more common as there was an unfortunate series of car thefts associated with people using things like auto-learning remote controls to copy the IR pulses, then beam them back to the waiting BMW…

In the UK there are various slices of spectrum allocated to these kinds of devices. I think you will find that most are in the 250Mhz to 455Mhz range. There are several systems in use, fixed code (where the number sent each time is the same) or the more cunning rolling code system. Landrovers / Rovers / I am guessing things like BMW now use this kind of code. This means a replay attack becomes technically infeasable (assuming the algorithm is good and the system isn’t equipped with a soft fallback option – but this is probably getting boring now) so you can’t record the keyfob and just play it back using a digital scanner.

I heard recently that a new Chrystler (I think it was) uses SMS to unlock / start the car. The owner just sends a text (presumably with a password) to their car… Not a bad idea on a cold winters day when you want the engine / car warm before you go…

I suspect this will become common in top end cars, but I suspect that bluetooth might replace some of these kayfob units. It is almost certainly more secure still than even the rolling codes, and has the advantage that you can potentially integrate it in to mobiles etc. Not sure on that one – manufacturers are likely to be reticent to “hand over” security to anything they haven’t built.