Remote keyless system



A remote keyless system (RKS), also known as remote keyless entry (RKE) or remote central locking, is an electronic lock that controls access to a building or vehicle by using an electronic remote control (activated by a handheld device or automatically by proximity). RKS largely and quickly superseded keyless entry, a budding technology that restrictively bound locking and locking functions to vehicle-mounted keypads.

Widely used in automobiles, an RKS performs the functions of a standard car key without physical contact. When within a few yards of the car, pressing a button on the remote can lock or unlock the doors, and may perform other functions.

A remote keyless system can include both remote keyless entry (RKE), which unlocks the doors, and remote keyless ignition (RKI), which starts the engine.

History
Remote keyless entry was patented in 1981 by Paul Lipschultz, who worked for Niemans (a supplier of security components to the car industry) and had developed a number of automotive security devices. His electrically actuated lock system could be controlled by using a handheld fob to stream infrared data. Patented in 1981 after successful submission in 1979, it worked using a "coded pulse signal generator and battery-powered infra-red radiation emitter." In some geographic areas, the system is called a PLIP system, or Plipper, after Lipschultz. Infrared technology was superseded in 1995 when a European frequency was standardised.

The remote keyless systems using a handheld transmitter first appeared on the French made Renault Fuego in 1982, and as an option on several American Motors vehicles in 1983, including the Renault Alliance. The feature gained its first widespread availability in the U.S. on several General Motors vehicles in 1989.

Prior to Remote Keyless Entry, a number of systems were introduced featuring Keyless Entry (i.e., not remote), including Ford's 1980 system introduced on the Ford Thunderbird, Mercury Cougar, Lincoln Continental Mark VI, and Lincoln Town Car, which Ford called Keyless Entry System (later marketed SecuriCode). The system used a five-button keypad on the driver-side with that could unlock the driver's door when the code was entered, with subsequent code entries to unlock all doors or trunk &mdash; or lock the vehicle from the outside.

The sixth generation Buick Electra (1985-1991) featured a sill-mounted keypad for model years 1985-1988, superseded in 1989 by a remote keyless entry system.

Nissan offered the same door keypad technology on the 1984 Maxima, Fairlady, Gloria and Cedric, essentially using the same approach as Ford, with the addition of being able to roll the windows down and open the optional moonroof from outside the vehicle on the door handle installed keypad on both the driver's and front passengers door as well as roll the windows up, close the optional sunroof and lock the vehicle.

As of 2024, Ford continued to offer a fob-operated remote keyless system or completely keyless system, augmented by its Securicode five-button keypad. The combination enabled tiered or time-restricted permissions, i.e., the code giving access to the vehicle but not its operation &mdash; and the code being easily changed to prevent subsequent vehicle access.

Function
Keyless remotes contain a short-range radio transmitter, and must be within a certain range, usually 5–20 meters, of the car to work. When a button is pushed, it sends a coded signal by radio waves to a receiver unit in the car, which locks or unlocks the door. Most RKEs operate at a frequency of 315 MHz for North America-made cars and at 433.92 MHz for European, Japanese and Asian cars. Modern systems since the mid-1990s implement encryption as well as rotating entry codes to prevent car thieves from intercepting and spoofing the signal. Earlier systems used infrared instead of radio signals to unlock the vehicle, such as systems found on Mercedes-Benz, BMW and other manufacturers.

The system signals that it has either locked or unlocked the car usually through some fairly discreet combination of flashing vehicle lamps, a distinctive sound other than the horn, or some usage of the horn itself. A typical setup on cars is to have the horn or other sound chirp twice to signify that the car has been unlocked, and chirp once to indicate the car has been locked. For example, Toyota, Scion, and Lexus use a chirp system to signify the car being locked/unlocked. While two beeps means that driver's door is unlocked, four beeps means all doors are unlocked. One long beep is for the trunk or power tailgate. One short beep signifies that the car is locked and alarm is set.

The functions of a remote keyless entry system are contained on a key fob or built into the ignition key handle itself. Buttons are dedicated to locking or unlocking the doors and opening the trunk or tailgate. On some minivans, the power sliding doors can be opened/closed remotely. Some cars will also close any open windows and roof when remotely locking the car. Some remote keyless fobs also feature a red panic button which activates the car alarm as a standard feature. Further adding to the convenience, some cars' engines with remote keyless ignition systems can be started by the push of a button on the key fob (useful in cold weather), and convertible tops can be raised and lowered from outside the vehicle while it's parked.

On cars where the trunk release is electronically operated, it can be triggered to open by a button on the remote. Conventionally, the trunk springs open with the help of hydraulic struts or torsion springs, and thereafter must be lowered manually. Premium models, such as SUVs and estates with tailgates, may have a motorized assist that can both open and close the tailgate for easy access and remote operation.

For offices, or residences, the system can also be coupled with the security system, garage door opener or remotely activated lighting devices.

Programming
Remote keyless entry fobs emit a radio frequency with a designated, distinct digital identity code. Inasmuch as "programming" fobs is a proprietary technical process, it is typically performed by the automobile manufacturer. In general, the procedure is to put the car computer in 'programming mode'. This usually entails engaging the power in the car several times while holding a button or lever. It may also include opening doors, or removing fuses. The procedure varies amongst various makes, models, and years. Once in 'programming mode' one or more of the fob buttons is depressed to send the digital identity code to the car's onboard computer. The computer saves the code and the car is then taken out of programming mode.

As RKS fobs have become more prevalent in the automobile industry a secondary market of unprogrammed devices has sprung up. Some websites sell steps to program fobs for individual models of cars as well as accessory kits to remotely activate other car devices.

On early (1998–2012) keyless entry remotes, the remotes can be individually programmed by the user, by pressing a button on the remote, and starting the vehicle. However, newer (2013+) keyless entry remotes require dealership or locksmith programming via a computer with special software. The Infrared keyless entry systems offered user programming, though radio frequency keyless entry systems mostly require dealer programming.

Passive Systems
Some cars feature a passive keyless entry system. Their primary distinction is the ability to lock/unlock (and later iterations allow starting) the vehicle without any input from the user.

General Motors pioneered this technology with the Passive Keyless Entry (PKE) system in the 1993 Chevrolet Corvette. It featured passive locking/unlocking, but traditional keyed starting of the vehicle.

Today, passive systems are commonly found on a variety of vehicles, and although the exact method of operation differs between makes and models, their operation is generally similar: a vehicle can be unlocked without the driver needing to physically push a button on the key fob to lock or unlock the car. Additionally, some are able to start or stop the vehicle without physically having to insert a key.

Security
Keyless ignition does not by default provide better security. In October 2014, it was found that some insurers in the United Kingdom would not insure certain vehicles with keyless ignition unless there were additional mechanical locks in place due to weaknesses in the keyless system.

A security concern with any remote entry system is a spoofing technique called a replay attack, in which a thief records the signal sent by the key fob using a specialized receiver called a code grabber, and later replays it to open the door. To prevent this, the key fob does not use the same unlock code each time but a rolling code system; it contains a pseudorandom number generator which transmits a different code each use. The car's receiver has another pseudorandom number generator synchronized to the fob to recognise the code. To prevent a thief from simulating the pseudorandom number generator the fob encrypts the code.

News media have reported cases where it is suspected that criminals managed to open cars by using radio repeaters to trick vehicles into thinking that their keyless entry fobs were close by even when they were far away (relay attack), though they have not reported that any such devices have been found. The articles speculate that keeping fobs in aluminum foil or a freezer when not in use can prevent criminals from exploiting this vulnerability.

In 2015, it was reported that Samy Kamkar had built an inexpensive electronic device about the size of a wallet that could be concealed on or near a locked vehicle to capture a single keyless entry code to be used at a later time to unlock the vehicle. The device transmits a jamming signal to block the vehicle's reception of rolling code signals from the owner's fob, while recording these signals from both of his two attempts needed to unlock the vehicle. The recorded first code is sent to the vehicle only when the owner makes the second attempt, while the recorded second code is retained for future use. Kamkar stated that this vulnerability had been widely known for years to be present in many vehicle types but was previously undemonstrated. A demonstration was done during DEF CON 23.

Actual thefts targeting luxury cars based on the above exploit have been reported when the key fob is near the front of the home. Several workaround can prevent such exploits, including placing the key fob in a tin box. A criminal ring stole about 100 vehicles using this technique in Southern and Eastern Ontario.