Solving the Mystery of a Keyless Vehicle Entry RF Deadspot in a Carpark with a FUNcube Dongle

The Brisbane Times ran a story today that discussed an interesting RF phenomenon that was solved using a FUNcube dongle software defined radio. The Funcube dongle is a SDR similar to the RTL-SDR. The issue was that vehicle wireless entry keyfobs would not work at a particular location within an outdoor shopping centre car park.

The story goes like this – First a user on a local Brisbane subreddit message board posted about how he had noticed that his cars wireless entry keyfob would not work when he parked in a certain area of the shopping area car park. The user wrote:

I walked out to my car from Bunnings, and there was a new HSW Maloo parked in front of me with the owner staring at his key fob and shaking his head.

I said “let me guess, car won’t open?” and he said yeah, and he’d been trying for about 5 minutes. I said that I’d had the same thing happen to me a few months back in the same spot, and then went to open my car.

Nothing. No beep, door stayed locked. Looked around and there was another couple trying to get into their car as well (late model C Class).

It took about 5 minutes of me trying the door every 20 seconds or so before it opened. HSV owner was still there when I left. The only thing he and I could think of causing it was the mobile phone tower in front of Aldi.

After reading the post, user u/riumplus decided to go out to the same spot with his Funcube dongle SDR and see if there was any interference that might explain the issues. But he found no such interference. However, when he pressed the wireless entry on his own keyfob he noticed reflections from the main transmission that were coming from the buildings walls. He wrote:

So I pulled out my SDR and I did a complete frequency sweep from 100kHz to 2.2GHz and… also nothing. Everything completely normal. Nothing on that frequency, nor anything odd anywhere else on the spectrum. Couldn’t see any of the usual potential harmonics from RFID or standard WiFi gear. Here’s the output at 433.3MHz(forgot to grab a screenshot centred right at 433.92Mhz but it was also empty, as was 315MHz).

Here’s where it gets interesting – I noticed that that location is almost in the middle of the car park between the three buildings, and they all have large amounts of metal flashing on their fronts. On a whim I watched the output when I pressed my own keyfob. And what do you know, I could see distorted reflections from my own signal bouncing off these buildings right back at me. My guess is that this is what was causing you issues!

It may sound counter-intuitive, but next time it happens try cupping the keyfob in your hand to weaken the signal. It should still be strong enough to trigger your car to open, but then the reflections will be weak enough they won’t cause you trouble.

So it seems that the layout of the buildings caused a focal point for reflections at that particular location which affected some wireless keyfobs.

The location in the carpark of the deadzone.
The location in the carpark of the deadzone.
Tweet
Share54
Reddit
Vote
Email
54 Shares

Related posts:

  1. RTL-SDR vs Funcube PRO+ Dongle
  2. Tutorial: HF Decoding Tour with the FUNcube Dongle Pro+
  3. Investigating QRM from Powerline Ethernet Devices with a Funcube Dongle
  4. Modifying a Laptop by Embedding an RTL-SDR and FunCube Dongle
  5. How to Receive the Funcube Satellite with an RTL-SDR

5 comments

  1. Believer

    Aliens designed the building in this way! I can see it with my FunCubeDigliDiDingDong! No prrof needed, believe me!

    Reply
  2. SF01

    Its interesting to note that if your fob doesn’t work and you are in expected range you could be victim of a “Jam, Record and Steal” rolling code attack…. Id only be concerned parked out front of Defcon or in a major city but its something to think about…

    hackaday.com/2014/03/17/hacking-rolling-code-keyfobs

    Reply
  3. Pat Barthelow

    “After reading the post, user u/riumplus decided to go out to the same spot with his Funcube dongle SDR and see if there was any interference that might explain the issues. But he found no such interference. However, when he pressed the wireless entry on his own keyfob he noticed reflections from the main transmission that were coming from the buildings walls.”
    ******************
    Can u/riumplus provide us with a short video clip or screen shots, of what displays the Funcube software produced that he correctly diagnosed as multipath reflections from the buildings? Such a video would be very interesting to see and interpret for most of us.—Thanks very much.

    Reply

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>