Is there a computer chip in a key fob

[RemyDog2014]

I purchased my first Ram Truck in Dec. 2024, a 2019 Classic 1500 SLT- Hemi V-8. It came with two key fobs. One key fob worked fine, the other fob would unlock the truck but not lock it. I took both fobs to Batteries Plus and replaced the batteries and they fixed the fob that would not lock the truck. I have read thru the key fob topic posts but have not seen any post addressing my concerns. Just this afternoon, I was sitting about 6 feet away from the key fob that I use regularly when all the sudden my truck locked itself and the lock alarm sounded. Nothing was touching the fob whatsoever as I watched the normal lights on the truck flash as it locked itself. Has my key fob been hacked or is there any possible explanation as to what could of happened that my truck locked itself? Thank you in advance for any replies.

 

[GTyankee]

There are 3 types of FOBs
1 is called a Transponder Key, it has a chip in it, it is Waterproof, Surfers, Hikers, Bike Riders use them


then there is a Passive FOB & Smart FOB
They have Circuit Boards in them

 

[04fxdwgi]

I purchased my first Ram Truck in Dec. 2024, a 2019 Classic 1500 SLT- Hemi V-8. It came with two key fobs. One key fob worked fine, the other fob would unlock the truck but not lock it. I took both fobs to Batteries Plus and replaced the batteries and they fixed the fob that would not lock the truck. I have read thru the key fob topic posts but have not seen any post addressing my concerns. Just this afternoon, I was sitting about 6 feet away from the key fob that I use regularly when all the sudden my truck locked itself and the lock alarm sounded. Nothing was touching the fob whatsoever as I watched the normal lights on the truck flash as it locked itself. Has my key fob been hacked or is there any possible explanation as to what could of happened that my truck locked itself? Thank you in advance for any replies.

All the remotes are on radio frequencies. That being said, some stray signal from a passer by or someone transmitting on an odd frequency "could" cause a glitch. Anytime there are multiple users and equipment on open frequencies, anything can happen.

Most of the time, it is the fob in a pocket and the button gets pushed inadvertently.

BUT there are some bad actors out there with "test boxes" than can do things like that.

 

[Docwagon1776]

Has my key fob been hacked or is there any possible explanation as to what could of happened that my truck locked itself? Thank you in advance for any replies.

No, your key fob can't be hacked. There are ways to duplicate it so another key acts like your key, but nobody can remotely hack your key.

What's going on could be any number of things, but it's much more likely to be an electrical gremlin in your truck than anything else. Sometimes it's as simple as a battery on the edge of dying. I'd start with that, unless you have an aftermarket alarm or something. If you have aftermarket electronics, unhook those first. But check your truck's battery. Low voltage in modern vehicles causes lots of odd stuff.

 

[BossHogg]

Just this afternoon, I was sitting about 6 feet away from the key fob that I use regularly when all the sudden my truck locked itself and the lock alarm sounded. Nothing was touching the fob whatsoever as I watched the normal lights on the truck flash as it locked itself. Has my key fob been hacked or is there any possible explanation as to what could of happened that my truck locked itself? Thank you in advance for any replies.

I believe the truck has an "auto lock" setting where it will lock the doors after a set amount of idle time passes.

A keyfob in a pocket that presses against something else is the main culprit for unintended FOB actions.

The FOB actions (not the passive entry) work like a garage door opener. The truck and the FOB use a rolling code to authenticate a received FOB signal.

 

[SitKneelBend]

All the remotes are on radio frequencies. That being said, some stray signal from a passer by or someone transmitting on an odd frequency "could" cause a glitch. Anytime there are multiple users and equipment on open frequencies, anything can happen.

Most of the time, it is the fob in a pocket and the button gets pushed inadvertently.

BUT there are some bad actors out there with "test boxes" than can do things like that.

Everyone here has pretty much summed this up pretty nicely, but to pile on to what @04fxdwgi stated, thieves have relatively inexpensive devices now that can capture signals and clone them to replicate the "secure" communication between your vehicle and your FOB. It generally requires proximity though (the same ranges your FOB operates from). IF you have security cameras and know the time of the incident you can check to see if there were any vehicles passing by at the time listening for an alarm to sound.

In addition, I think I've heard a story before of someone who purchased a used CDJR vehicle that the prior owner had subscribed to UConnect Services with and was able to control the vehicle remotely still after sale with the features in the app (ie, remote start/lock/etc). It's possible that may be what you experienced.

 

[Ken226]

I've had the same issue with every Chrysler vehicle I've owned that used these key fob types. About a half dozen so far.

It's always been the same problem and the same fix.

How to Fix Your Key Fob Single Button Failure

When you're vehicle suddenly decided to lock or unlock repeatedly when your key fob is in your pocket or purse and you're not touching it, you may have a com...

youtu.be

 

[GTyankee]

I no longer LOCK my Doors using a FOB.
I manually Lock the Doors

BUT, i have a Passive FOB, not the Smart FOB

I don't know if that makes a difference

My Spare FOB is kept near my Printer, etc.
The Battery is NOT in the Spare FOB , so it can't Transmit

 

[ts27330]

No, your key fob can't be hacked. There are ways to duplicate it so another key acts like your key, but nobody can remotely hack your key.

What's going on could be any number of things, but it's much more likely to be an electrical gremlin in your truck than anything else. Sometimes it's as simple as a battery on the edge of dying. I'd start with that, unless you have an aftermarket alarm or something. If you have aftermarket electronics, unhook those first. But check your truck's battery. Low voltage in modern vehicles causes lots of odd stuff.

Yes, your key fob signal can be hacked. Car thieves can scan for these signals and hack them to break into cars. With the proper electronics and software techniques, a determined hacker can intercept or block your key fob signal, infiltrate your car’s software, and even remotely control your vehicle12.

 

[Docwagon1776]

Yes, your key fob signal can be hacked. Car thieves can scan for these signals and hack them to break into cars. With the proper electronics and software techniques, a determined hacker can intercept or block your key fob signal, infiltrate your car’s software, and even remotely control your vehicle12.

Read my second sentence again. Cloning is not hacking.

The "remotely control your vehicle" and "infiltrate your car's software" is ********.

 

[SitKneelBend]

Read my second sentence again. Cloning is not hacking.

The "remotely control your vehicle" and "infiltrate your car's software" is ********.

It's actually very possible on any modern car to completely drive it remotely with the proper equipment. One of the reasons (I think) the SGM was implemented in 2018 was to limit the commands that cross the CANBUS network. This video gives you a good idea of what can be done with all modern CDJR vehicles.

Hackers Remotely Kill a Jeep on a Highway | WIRED

Two hackers have developed a tool that can hijack a Jeep over the internet. WIRED senior writer Andy Greenberg takes the SUV for a spin on the highway while ...

www.youtube.com

 

[Docwagon1776]

It's actually very possible on any modern car to completely drive it remotely with the proper equipment. One of the reasons (I think) the SGM was implemented in 2018 was to limit the commands that cross the CANBUS network. This video gives you a good idea of what can be done with all modern CDJR vehicles.

Hackers Remotely Kill a Jeep on a Highway | WIRED

Two hackers have developed a tool that can hijack a Jeep over the internet. WIRED senior writer Andy Greenberg takes the SUV for a spin on the highway while ...

www.youtube.com

If, like the hackers in the 2015 story, you have physical access to the vehicle, can plug into the OBD port to upload your code, etc. you can get limited functionality remotely, like those guys did.

You can't do it without physical access to the vehicle. You sure AF can't do it via "hacking the fob". Which is why, 10 years later, there's still zero cases of it occurring outside of test conditions like those above, unlimited physical access to the car, the ability to leave something plugged in to the OBD port, etc.

Now, in theory it's possible for OTA updates to brick your vehicle. Imagine a bad actor with the resources of a major gov't, for example, sending an OTA update that remaps fuel and spark curves to the point the vehicle won't start. It wouldn't give them control, but it'd be a huge disruption to a rival state's economy and ability to function in the short term...

 

[SitKneelBend]

If, like the hackers in the 2015 story, you have physical access to the vehicle, can plug into the OBD port to upload your code, etc. you can get limited functionality remotely, like those guys did.

You can't do it without physical access to the vehicle. You sure AF can't do it via "hacking the fob". Which is why, 10 years later, there's still zero cases of it occurring outside of test conditions like those above, unlimited physical access to the car, the ability to leave something plugged in to the OBD port, etc.

Now, in theory it's possible for OTA updates to brick your vehicle. Imagine a bad actor with the resources of a major gov't, for example, sending an OTA update that remaps fuel and spark curves to the point the vehicle won't start. It wouldn't give them control, but it'd be a huge disruption to a rival state's economy and ability to function in the short term...

The first test was a Toyota that required physical access. The second test (with the Jeep) required no physical access and the point of entry was the radio's onboard Sierra Wireless AirCard. The hacked into it's cellular connection and proceeded to do anything they wanted by sending commands across the CANBUS. I wouldn't describe that as limited, yes their were limits but disabling the accelerator means they could likely also command wide open throttle and disable the brakes as they did in the end. Steering is also completely by wire on all modern vehicles, there are many aftermarket self driving pilots that make use of these same "security flaws" to drive vehicles without driver intervention.

I've imagined the scenario you've laid out and believe firmly those exploits are already widely available to state actors and far more capable then slightly altering programming. The scary part is, it doesn't take the resources of a government to completely own a modern vehicle. As evidenced by that video, it just takes two nerds, the will, and a laptop...

But to get back on topic, I believe OPs concern may have been that the FOB was cloned (when it was "fixed" which I would describe as a hack) and someone was testing the clone prior to the opportunity to steal the truck.

 

[Docwagon1776]

The first test was a Toyota that required physical access. The second test (with the Jeep) required no physical access and the point of entry was the radio's onboard Sierra Wireless AirCard. The hacked into it's cellular connection and proceeded to do anything they wanted by sending commands across the CANBUS.

After they'd had physical access to the vehicle for over a year.

Do you think it would have worked with a vehicle that they didn't have access to? Like just go to a dealer, point at one, and say "do that one?"

I don't, or they would have demonstrated that. It would have been a much bigger deal and got them a lot more attention, after all. In their paper they mention scanning for vehicles, saying they identified vulnerable ones, but didn't attempt to do anything to them so they don't know 100% it will work. Does that make sense to you? They just decided to not bother to go any further and only do the vehicle they had access to?

And, tellingly, a decade after their "how we did it" paper was published, zero occurrences. Nobody else has been curious or evil and just taken over someone's car. No jealous stalkers, no ransomware threats, etc.

20 years in law enforcement and a healthy disrespect for academia, so perhaps I'm overly cynical, but when nobody else replicates the work and it isn't used by those with ill intent in 10 years ever, I'm not buying it.

 

[Gettintired]

I purchased my first Ram Truck in Dec. 2024, a 2019 Classic 1500 SLT- Hemi V-8. It came with two key fobs. One key fob worked fine, the other fob would unlock the truck but not lock it. I took both fobs to Batteries Plus and replaced the batteries and they fixed the fob that would not lock the truck. I have read thru the key fob topic posts but have not seen any post addressing my concerns. Just this afternoon, I was sitting about 6 feet away from the key fob that I use regularly when all the sudden my truck locked itself and the lock alarm sounded. Nothing was touching the fob whatsoever as I watched the normal lights on the truck flash as it locked itself. Has my key fob been hacked or is there any possible explanation as to what could have happened that my truck locked itself? Thank you in advance for any replies.

I had the same problem with both of my key fobs and I took them apart and found that a little metallic cup mounted to the rubber had come loose and was laying on the contact for locking button and was constantly making contact. I took the buttons and glued them back to the rubber and all is well

 

[SitKneelBend]

After they'd had physical access to the vehicle for over a year.

Do you think it would have worked with a vehicle that they didn't have access to? Like just go to a dealer, point at one, and say "do that one?"

I don't, or they would have demonstrated that. It would have been a much bigger deal and got them a lot more attention, after all. In their paper they mention scanning for vehicles, saying they identified vulnerable ones, but didn't attempt to do anything to them so they don't know 100% it will work. Does that make sense to you? They just decided to not bother to go any further and only do the vehicle they had access to?

And, tellingly, a decade after their "how we did it" paper was published, zero occurrences. Nobody else has been curious or evil and just taken over someone's car. No jealous stalkers, no ransomware threats, etc.

20 years in law enforcement and a healthy disrespect for academia, so perhaps I'm overly cynical, but when nobody else replicates the work and it isn't used by those with ill intent in 10 years ever, I'm not buying it.

It was a very big deal at the time. FCA responded and patched all 8.4 radios across brands to fix the vulnerability that was exploited here. They even went so far as to mail update USBs to all affected owners which essentially said "do this immediately". All other unpatched systems were done OTA (if capable) and/or at the next dealership appointment via a Recall.

They definitely had physical access to develop the exploit, but they developed an exploit meant to work remotely and once developed could easily be used to affect an entire fleet of vehicles from a manufacturer. CDJR vehicles look different, but they all operate in nearly identical ways and even have the same programming in their BCMs for all brands (for example, my 2014 Ram has body control options for 3rd row entertainment screens).

It would 100% work on any vehicle they didn't have access to if they were able to get wireless comms up with the AirCard on an unpatched system. They notified FCA because they are White Hats, often there can be lucrative bounties associated with finding these vulnerabilities. They also didn't disclose the vulnerability until after FCA implemented a fix.

Unhacking the hack: Ensuring security | Stellantis Blog

blog.stellantisnorthamerica.com

As I said earlier, I suspect the implementation of the Security Gateway Module across all brands in 2018 was an effort to further secure the CANBUS from malicious intrusions as demonstrated by the original hack.

To be clear, I appreciate your cynicism. All of those are great questions to ask...

 

[SitKneelBend]

I had the same problem with both of my key fobs and I took them apart and found that a little metallic cup mounted to the rubber had come loose and was laying on the contact for locking button and was constantly making contact. I took the buttons and glued them back to the rubber and all is well

You can buy replacement inserts on Amazon now too relatively cheap. I used them to add factory remote start to my OEM FOBs.

Amazon.com

You can see the metal cups you mentioned in the pictures for anyone interested...

 

[Docwagon1776]

It was a very big deal at the time. FCA responded and patched all 8.4 radios across brands to fix the vulnerability that was exploited here. They even went so far as to mail update USBs to all affected owners which essentially said "do this immediately". All other unpatched systems were done OTA (if capable) and/or at the next dealership appointment via a Recall.

They definitely had physical access to develop the exploit, but they developed an exploit meant to work remotely and once developed could easily be used to affect an entire fleet of vehicles from a manufacturer. CDJR vehicles look different, but they all operate in nearly identical ways and even have the same programming in their BCMs for all brands (for example, my 2014 Ram has body control options for 3rd row entertainment screens).

It would 100% work on any vehicle they didn't have access to if they were able to get wireless comms up with the AirCard on an unpatched system. They notified FCA because they are White Hats, often there can be lucrative bounties associated with finding these vulnerabilities. They also didn't disclose the vulnerability until after FCA implemented a fix.

Unhacking the hack: Ensuring security | Stellantis Blog

blog.stellantisnorthamerica.com

As I said earlier, I suspect the implementation of the Security Gateway Module across all brands in 2018 was an effort to further secure the CANBUS from malicious intrusions as demonstrated by the original hack.

To be clear, I appreciate your cynicism. All of those are great questions to ask...

I remember. We were issuing Chargers and it was a real BFD all of a sudden when the question of could our police cars be taken over remotely was a serious concern or not.

Their paper is still online if you care to read it. Like you say, there's a profit motive to identify exploits. In academia there's also the drive to get attention and prestige for funding. They specifically said they weren't 100% sure the exploit would work with other vehicles, but thought it would, mentioned scanning for and identifying vulnerable vehicles, and then never trying it. That still doesn't add up to me. That's like if the Apollo missions had gotten 6' off the lunar surface, said "yeah, we could totally land on the moon, theory is sound" and then just heading home without landing.

 

[SitKneelBend]

I remember. We were issuing Chargers and it was a real BFD all of a sudden when the question of could our police cars be taken over remotely was a serious concern or not.

Their paper is still online if you care to read it. Like you say, there's a profit motive to identify exploits. In academia there's also the drive to get attention and prestige for funding. They specifically said they weren't 100% sure the exploit would work with other vehicles, but thought it would, mentioned scanning for and identifying vulnerable vehicles, and then never trying it. That still doesn't add up to me. That's like if the Apollo missions had gotten 6' off the lunar surface, said "yeah, we could totally land on the moon, theory is sound" and then just heading home without landing.

I did read that white paper back when it was released. I'd imagine a lot of that "never tried it talk" is ethical CYA...I'd also imagine their bounty "if paid" included a non-disclosure agreement to ensure this didn't become a zero-day exploit. It's only a matter of time before another exploit like this is known to the public though in my opinion. I find the out of control Tesla footage to peak my conspiratorial interest though and wonder if these are the aforementioned state actors playing with their toys...

I know it won't happen, but I wish the manufacturers would completely segment the powertrain from the cabin network with no point of ingress outside of a physical connection. They've taken steps to make them read only but there is no air gap between that and the wireless systems associated with vehicle entertainment systems and associated telematics modules.

 

[Docwagon1776]

I did read that white paper back when it was released. I'd imagine a lot of that "never tried it talk" is ethical CYA...I'd also imagine their bounty "if paid" included a non-disclosure agreement to ensure this didn't become a zero-day exploit. It's only a matter of time before another exploit like this is known to the public though in my opinion. I find the out of control Tesla footage to peak my conspiratorial interest though and wonder if these are the aforementioned state actors playing with their toys...

I know it won't happen, but I wish the manufacturers would completely segment the powertrain from the cabin network with no point of ingress outside of a physical connection. They've taken steps to make them read only but there is no air gap between that and the wireless systems associated with vehicle entertainment systems and associated telematics modules.

There's no need for an ethical CYA if you simply get permission from the owner or dealership before trying it. They give the info to the manufacturer before going public with it, and if there was an NDA it was a pretty leaky one.

Self driving software doesn't need any outside actor. It just needs Johnny Five to come alive and take over. Given the amount of paying beta testers, err I mean early adopting customers, out there, I'm surprised this doesn't happen more often. I'm not saying it's not outsiders, but it's much simpler and cleaner for it to be a screw up in the sensors or software as a default answer until proven otherwise.

That said, I'm largely in agreement with you on the risk for powertrain access remotely (or, frankly, internally with no override). That's why I'm uninterested in powertrain OTA updates, self driving, or driver monitoring ability. Driver monitoring is especially risky, IMO, a built in shut down system based on if the computer thinks you are sleepy or drunk and shouldn't be driving so it won't let you? Hard ******* pass to that.