Here’s how I understand the issue:
A keyfob is a radio Transmitter. To unlock your car you need the radio transmission to reach the car. The keyfob doesn’t transmit a signal when at rest. Therefore putting a keyfob in a Faraday bag achieves nothing.
I don’t know where you got the idea that the key fob doesn’t transmit a signal when at rest. If you’re talking about keyless ignition with the button on the car (not remote start via key fob) the key fob transmits a response when it gets a request from the car.
The bad guys have a clever trick, though. They put one guy in your car and one guy next to you. The guy at the car hits the ignition button transmits the signal to the other guy, who transmits it to your fob. The second guy then transmits the response from your fob back to the guy in the car, who then sends it to the car. As far as your car knows, the fob is in the car. So it starts. A Faraday cage can protect against this.
I have proximity unlock and my car is parked (at home) just close enough to my catch-all tray where I store my keys to constantly lock and unlock. It usually teeters on lock/unlock so closely that a person walking between the two will trigger it. So, to prevent a dead battery or stolen car, I keep my fob in a faraday bag.
Older fobs never turned off - so they are constantly broadcasting the signal for the car. Newer fobs do turn off when at rest so they’re less risky, but if say it’s in your pocket it’s constantly moving so someone could still relay it to steal your vehicle, assuming they get close enough to you.
The faraday bag is good for older fobs or if you think you’re at risk of a key relay attack.
fobs don’t turn off. but the car sends a signal to the fob, the fob responds in kind. fobs don’t constantly transmit
the farraday cage blocks the intial signal sent by the car. Or as already noted; by the guy standing near enough to get it. (frequently still outside the house.) who then relays it to a guy in/at the car.
Yes I simplified. Some(? I’d hope all but probably not) new fobs do turn off (ignore the car broadcast) if they are not moved for a time. I proved this to myself with my 2020 car by putting my keys down by my car door, I could only unlock the car for a minute or two after I put it down, after that keyless entry didn’t work until I disturbed the fob to wake it up.
This is to mitigate the relay attack at home (and I’m sure other times, like if the key is in a purse), one avenue was that attackers would count on people hanging their keys by the door, so accessible to selective standing on the stoop with a relay. By turning off at rest they can’t be exploited this way.
To unlock your car you need the radio transmission to reach the car.
Correct. So, I build a receiver to pick up the signal from your fob, and then I re-transmit that same signal to your car.
It’s slightly more complicated than that. But not by as much as you’d think.
They’re using relay hacks to activate the fob while it’s not near the car.
The fob doesn’t turn off.
The car is always calling out for a response and the key “hears” the call and responds with their agreed upon codeword.
A faraday is like plugging the key’s ears and putting a gag in its mouth. It can’t hear or say anything.
… Which means that if the hacker is near you when you park - there is a time period where the fob isn’t masked by the bag, because it is coming out of the ignition, and voulaa - you can record the key’s pong of the car’s ping, retransmit, and get in. Correct?
Modern fobs should be designed to prevent replay attacks (there should be something specific in the request that alters the response), so it shouldn’t be possible to record a response and then use it later.
voulaa
voilà
That is a possibility if you aren’t normally keeping it in the bag unless being needed in the moment.
It is far more common for the attempted theft to occur late at night because thieves avoid greater risk.
Sounds like good practice–your next car might rely on SIKE or something else that requires a two-way transceiver