Does pressing a car remote many times offer denial of service attack for rolling codes?












5















My understanding of remote car key fobs, and similar security devices with rolling codes, is that the key device is a transmitter that, each time the button is pressed, sends the next secret in a known sequence that is unique to the key. It does not contain a receiver.



Meanwhile, the receiver in the car tracks (for each key fob it recognises) what it expects the next secret to be, and only unlocks if it receives the correct code.



There is a risk that a transmission maybe lost - e.g. the button pressed when out of range - so the receiver actually accepts any of the next few secrets in the sequence. I have heard of one system that allowed a window of up to 256, but I don't know if that number is correct and whether it is typical.



If my understanding is correct, it is possible to render a key fob useless (i.e. perform a denial of service attack on the owner) by pressing the button at least 256 times while out of the range of the car.



This obviously relies on access to the key fob, but not when the car is close - which is a time the user may be less vigilant.



So, if a friend gets drunk in a pub, I can make sure they can't drive home by rapidly pressing their car remote 300 times while they are in the bathroom.



It has always bothered me that such an attack is possible, and yet I have never heard of anyone performing it, which makes me doubt that I have understood this completely.










share|improve this question























  • A) You don't need the key fob to work to drive home. They contain back-up physical keys. B) If you want to prank your friend by disabling their key fob, wouldn't it be easier to just take the battery out and pocket it, rather than to push the button 300 times?

    – Xander
    3 hours ago











  • @Xander: It's been a while since I thought about it, but I believe my aftermarket alarm includes an immobiliser that requires the fob to deactivate. The physical car key isn't enough. Ironically, I keep a spare battery and jeweller's screwdriver in my glovebox and don't know the reset sequence in ThoriumBR's answer, so I am not typical.

    – Oddthinking
    2 hours ago











  • Let's be clear. Crushing the remote under your heel would also be a denial of service, but this is really more about understanding the weaknesses than actually attacking effectively.

    – Oddthinking
    2 hours ago
















5















My understanding of remote car key fobs, and similar security devices with rolling codes, is that the key device is a transmitter that, each time the button is pressed, sends the next secret in a known sequence that is unique to the key. It does not contain a receiver.



Meanwhile, the receiver in the car tracks (for each key fob it recognises) what it expects the next secret to be, and only unlocks if it receives the correct code.



There is a risk that a transmission maybe lost - e.g. the button pressed when out of range - so the receiver actually accepts any of the next few secrets in the sequence. I have heard of one system that allowed a window of up to 256, but I don't know if that number is correct and whether it is typical.



If my understanding is correct, it is possible to render a key fob useless (i.e. perform a denial of service attack on the owner) by pressing the button at least 256 times while out of the range of the car.



This obviously relies on access to the key fob, but not when the car is close - which is a time the user may be less vigilant.



So, if a friend gets drunk in a pub, I can make sure they can't drive home by rapidly pressing their car remote 300 times while they are in the bathroom.



It has always bothered me that such an attack is possible, and yet I have never heard of anyone performing it, which makes me doubt that I have understood this completely.










share|improve this question























  • A) You don't need the key fob to work to drive home. They contain back-up physical keys. B) If you want to prank your friend by disabling their key fob, wouldn't it be easier to just take the battery out and pocket it, rather than to push the button 300 times?

    – Xander
    3 hours ago











  • @Xander: It's been a while since I thought about it, but I believe my aftermarket alarm includes an immobiliser that requires the fob to deactivate. The physical car key isn't enough. Ironically, I keep a spare battery and jeweller's screwdriver in my glovebox and don't know the reset sequence in ThoriumBR's answer, so I am not typical.

    – Oddthinking
    2 hours ago











  • Let's be clear. Crushing the remote under your heel would also be a denial of service, but this is really more about understanding the weaknesses than actually attacking effectively.

    – Oddthinking
    2 hours ago














5












5








5


1






My understanding of remote car key fobs, and similar security devices with rolling codes, is that the key device is a transmitter that, each time the button is pressed, sends the next secret in a known sequence that is unique to the key. It does not contain a receiver.



Meanwhile, the receiver in the car tracks (for each key fob it recognises) what it expects the next secret to be, and only unlocks if it receives the correct code.



There is a risk that a transmission maybe lost - e.g. the button pressed when out of range - so the receiver actually accepts any of the next few secrets in the sequence. I have heard of one system that allowed a window of up to 256, but I don't know if that number is correct and whether it is typical.



If my understanding is correct, it is possible to render a key fob useless (i.e. perform a denial of service attack on the owner) by pressing the button at least 256 times while out of the range of the car.



This obviously relies on access to the key fob, but not when the car is close - which is a time the user may be less vigilant.



So, if a friend gets drunk in a pub, I can make sure they can't drive home by rapidly pressing their car remote 300 times while they are in the bathroom.



It has always bothered me that such an attack is possible, and yet I have never heard of anyone performing it, which makes me doubt that I have understood this completely.










share|improve this question














My understanding of remote car key fobs, and similar security devices with rolling codes, is that the key device is a transmitter that, each time the button is pressed, sends the next secret in a known sequence that is unique to the key. It does not contain a receiver.



Meanwhile, the receiver in the car tracks (for each key fob it recognises) what it expects the next secret to be, and only unlocks if it receives the correct code.



There is a risk that a transmission maybe lost - e.g. the button pressed when out of range - so the receiver actually accepts any of the next few secrets in the sequence. I have heard of one system that allowed a window of up to 256, but I don't know if that number is correct and whether it is typical.



If my understanding is correct, it is possible to render a key fob useless (i.e. perform a denial of service attack on the owner) by pressing the button at least 256 times while out of the range of the car.



This obviously relies on access to the key fob, but not when the car is close - which is a time the user may be less vigilant.



So, if a friend gets drunk in a pub, I can make sure they can't drive home by rapidly pressing their car remote 300 times while they are in the bathroom.



It has always bothered me that such an attack is possible, and yet I have never heard of anyone performing it, which makes me doubt that I have understood this completely.







wireless locks vehicle






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 3 hours ago









OddthinkingOddthinking

6071612




6071612













  • A) You don't need the key fob to work to drive home. They contain back-up physical keys. B) If you want to prank your friend by disabling their key fob, wouldn't it be easier to just take the battery out and pocket it, rather than to push the button 300 times?

    – Xander
    3 hours ago











  • @Xander: It's been a while since I thought about it, but I believe my aftermarket alarm includes an immobiliser that requires the fob to deactivate. The physical car key isn't enough. Ironically, I keep a spare battery and jeweller's screwdriver in my glovebox and don't know the reset sequence in ThoriumBR's answer, so I am not typical.

    – Oddthinking
    2 hours ago











  • Let's be clear. Crushing the remote under your heel would also be a denial of service, but this is really more about understanding the weaknesses than actually attacking effectively.

    – Oddthinking
    2 hours ago



















  • A) You don't need the key fob to work to drive home. They contain back-up physical keys. B) If you want to prank your friend by disabling their key fob, wouldn't it be easier to just take the battery out and pocket it, rather than to push the button 300 times?

    – Xander
    3 hours ago











  • @Xander: It's been a while since I thought about it, but I believe my aftermarket alarm includes an immobiliser that requires the fob to deactivate. The physical car key isn't enough. Ironically, I keep a spare battery and jeweller's screwdriver in my glovebox and don't know the reset sequence in ThoriumBR's answer, so I am not typical.

    – Oddthinking
    2 hours ago











  • Let's be clear. Crushing the remote under your heel would also be a denial of service, but this is really more about understanding the weaknesses than actually attacking effectively.

    – Oddthinking
    2 hours ago

















A) You don't need the key fob to work to drive home. They contain back-up physical keys. B) If you want to prank your friend by disabling their key fob, wouldn't it be easier to just take the battery out and pocket it, rather than to push the button 300 times?

– Xander
3 hours ago





A) You don't need the key fob to work to drive home. They contain back-up physical keys. B) If you want to prank your friend by disabling their key fob, wouldn't it be easier to just take the battery out and pocket it, rather than to push the button 300 times?

– Xander
3 hours ago













@Xander: It's been a while since I thought about it, but I believe my aftermarket alarm includes an immobiliser that requires the fob to deactivate. The physical car key isn't enough. Ironically, I keep a spare battery and jeweller's screwdriver in my glovebox and don't know the reset sequence in ThoriumBR's answer, so I am not typical.

– Oddthinking
2 hours ago





@Xander: It's been a while since I thought about it, but I believe my aftermarket alarm includes an immobiliser that requires the fob to deactivate. The physical car key isn't enough. Ironically, I keep a spare battery and jeweller's screwdriver in my glovebox and don't know the reset sequence in ThoriumBR's answer, so I am not typical.

– Oddthinking
2 hours ago













Let's be clear. Crushing the remote under your heel would also be a denial of service, but this is really more about understanding the weaknesses than actually attacking effectively.

– Oddthinking
2 hours ago





Let's be clear. Crushing the remote under your heel would also be a denial of service, but this is really more about understanding the weaknesses than actually attacking effectively.

– Oddthinking
2 hours ago










1 Answer
1






active

oldest

votes


















5















it is possible to render a key fob useless by pressing the button at least 256 times while out of the range of the car.




Not useless, but desynchronized. Any car will allow you to re-synchronize it by this typical procedure:




  • Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.


  • Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.


  • Switch the ignition off.




yet I have never heard of anyone performing it




You don't have any 3-year olds around?



My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.



Three-year-olds can be dangerous, relentless attackers, so take care with the physical security of your key fobs.






share|improve this answer


























  • I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

    – Oddthinking
    2 hours ago













  • My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

    – ThoriumBR
    2 hours ago











  • Perfect. With that anecdote, this becomes a great answer.

    – Oddthinking
    1 hour ago











  • You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

    – John Dvorak
    58 mins ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f202026%2fdoes-pressing-a-car-remote-many-times-offer-denial-of-service-attack-for-rolling%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









5















it is possible to render a key fob useless by pressing the button at least 256 times while out of the range of the car.




Not useless, but desynchronized. Any car will allow you to re-synchronize it by this typical procedure:




  • Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.


  • Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.


  • Switch the ignition off.




yet I have never heard of anyone performing it




You don't have any 3-year olds around?



My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.



Three-year-olds can be dangerous, relentless attackers, so take care with the physical security of your key fobs.






share|improve this answer


























  • I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

    – Oddthinking
    2 hours ago













  • My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

    – ThoriumBR
    2 hours ago











  • Perfect. With that anecdote, this becomes a great answer.

    – Oddthinking
    1 hour ago











  • You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

    – John Dvorak
    58 mins ago
















5















it is possible to render a key fob useless by pressing the button at least 256 times while out of the range of the car.




Not useless, but desynchronized. Any car will allow you to re-synchronize it by this typical procedure:




  • Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.


  • Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.


  • Switch the ignition off.




yet I have never heard of anyone performing it




You don't have any 3-year olds around?



My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.



Three-year-olds can be dangerous, relentless attackers, so take care with the physical security of your key fobs.






share|improve this answer


























  • I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

    – Oddthinking
    2 hours ago













  • My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

    – ThoriumBR
    2 hours ago











  • Perfect. With that anecdote, this becomes a great answer.

    – Oddthinking
    1 hour ago











  • You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

    – John Dvorak
    58 mins ago














5












5








5








it is possible to render a key fob useless by pressing the button at least 256 times while out of the range of the car.




Not useless, but desynchronized. Any car will allow you to re-synchronize it by this typical procedure:




  • Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.


  • Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.


  • Switch the ignition off.




yet I have never heard of anyone performing it




You don't have any 3-year olds around?



My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.



Three-year-olds can be dangerous, relentless attackers, so take care with the physical security of your key fobs.






share|improve this answer
















it is possible to render a key fob useless by pressing the button at least 256 times while out of the range of the car.




Not useless, but desynchronized. Any car will allow you to re-synchronize it by this typical procedure:




  • Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.


  • Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.


  • Switch the ignition off.




yet I have never heard of anyone performing it




You don't have any 3-year olds around?



My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.



Three-year-olds can be dangerous, relentless attackers, so take care with the physical security of your key fobs.







share|improve this answer














share|improve this answer



share|improve this answer








edited 1 hour ago









Oddthinking

6071612




6071612










answered 3 hours ago









ThoriumBRThoriumBR

20.9k55068




20.9k55068













  • I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

    – Oddthinking
    2 hours ago













  • My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

    – ThoriumBR
    2 hours ago











  • Perfect. With that anecdote, this becomes a great answer.

    – Oddthinking
    1 hour ago











  • You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

    – John Dvorak
    58 mins ago



















  • I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

    – Oddthinking
    2 hours ago













  • My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

    – ThoriumBR
    2 hours ago











  • Perfect. With that anecdote, this becomes a great answer.

    – Oddthinking
    1 hour ago











  • You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

    – John Dvorak
    58 mins ago

















I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

– Oddthinking
2 hours ago







I have never heard of anyone saying "My three year old 'broke' my keyfob." and I guess I expected to hear this more often.

– Oddthinking
2 hours ago















My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

– ThoriumBR
2 hours ago





My older daughter did that... She got the garage door remote when we were putting things on the car, and after driving 10 minutes without her complaining about anything, I saw her pressing buttons on the remote... Got home to a desynchronized remote.

– ThoriumBR
2 hours ago













Perfect. With that anecdote, this becomes a great answer.

– Oddthinking
1 hour ago





Perfect. With that anecdote, this becomes a great answer.

– Oddthinking
1 hour ago













You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

– John Dvorak
58 mins ago





You don't even need a three-year-old. A pack of chewing gums (Preferably reduced to just two or three remaining pills) in the same pocket will do just fine.

– John Dvorak
58 mins ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f202026%2fdoes-pressing-a-car-remote-many-times-offer-denial-of-service-attack-for-rolling%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

How to label and detect the document text images

Vallis Paradisi

Tabula Rosettana