Thursday, February 09, 2017

The Signal Beacon In Your Pocket

Yesterday's experiment listening to nearby gas and water meters got me thinking about tapping into other devices that emit radio signals. One such tiny device is the clicker on my car's key fob. This is more technically known as a Remote Keyless System, and operates on the well known frequency of 315Mhz.

Visualizing these signals is almost trivial. I kicked off SDR Touch, tuned it to 315Mhz and pressed the clicker. Here's a screencast showing the result:

As you can see, clicking the key fob causes a noticeable burst of activity.

So now what?

Capturing this data is easy enough, and analyzing it shouldn't be too difficult either. Here's someone who did just this. And once you've analyzed it, it seems like it would be simple to write some code to detect this signal and take action. I can imagine a Raspberry Pi + SDR Dongle sitting around waiting for my key fob clicks.

It also doesn't take much imagination to see nefarious uses of both capturing and re-sending these key less entry signals. But I'll leave those exploits to others.

I can imagine a more MacGyver'y type hack where your key fob is turned into a signal beacon. It plays the role transmitter, while SDR Touch is the receiver. Let's say you wanted to signal someone in the next room. If your accomplice has SDR Touch open, then a simple press of your car's remote is all it would take to send them a message. Just agree ahead of time on what the pattern of bursts mean, and you're all set. Think 007 on the very cheap.

Finally, it's worth noting that these short range, 315Mhz transceivers are actually dirt cheap. Consider this one on sale on Amazon for $5.00. I could imagine swapping out the foot pedal in my last project with one of these transceivers. Then I could have a key fob clicker that controlled emacs. How cool would that be?!

No comments:

Post a Comment