# Audi TT with advanced key stolen in 10 seconds



## tt3600 (Apr 8, 2006)

Glad l was able to get all the options and deliberately leave out advanced key.

https://whatcar.com/news/security-new-c ... nds/n19898


----------



## smh (Jun 27, 2017)

Its interesting that this article states that the key fob disables itself until moved again after a 15 minutes if its not moved. This is the first time I have heard about this. I wonder if anyone else has tested this on the facelifted versions and also whether its also true of non-RS variants? I suspect its likely that if one TT keys it then they all will (of the same age) but you never know.

Personnally I disable advance key when I lock the car at night (press the fob lock button then immediately hold the advance lock button on the door handle) its not ideal as you have to remember to do this but having the fob deactivate itself after 15 minutes would be a good second line of defense.


----------



## Taylortony (Feb 10, 2012)

https://www.bbc.co.uk/news/business-49273028

Though as a rag top is shown you could go through the roof quicker


----------



## smh (Jun 27, 2017)

I just left my key fob next to the car in range of the door but untouched on the ground for 20 minutes. The car opened straight away when I opened the door by pulling the handle.

I can only conclude either that the key fob is different on the TTRS (mine is a Jul-2019 TT s-line 2.0 quattro) or alternatively it doesn't so to sleep when it is in range of the car. If its the latter then there is no way to test it that I can think of.


----------



## phazer (Apr 2, 2018)

smh said:


> I just left my key fob next to the car in range of the door but untouched on the ground for 20 minutes. The car opened straight away when I opened the door by pulling the handle.
> 
> I can only conclude either that the key fob is different on the TTRS (mine is a Jul-2019 TT s-line 2.0 quattro) or alternatively it doesn't so to sleep when it is in range of the car. If its the latter then there is no way to test it that I can think of.


The whole point of the sleeping fobs is that they *do* go to sleep when in range of the car otherwise there would be no point :lol: The sleeping fobs detect movement, after 15 minutes (IIRC) they go to sleep and need moving before they can be used to open the car.

Seems weird that Audi would have different systems on different models? Especially as it isn't just top line models being stolen these days.

Was your car actually built in July?


----------



## smh (Jun 27, 2017)

The car was built mid April 2019. I agree it seems weird that Audi would use different fobs for different models thats why I was usprised when I tested it.

Regarding the fob going to sleep when in contact with the car. As the fob only works within 1-2m of the door then the expectation could be that it won't be communicating with the car when it goes to sleep, so I could see how communication from the car could stop it sleeping. But a relay attack would still be thwarted as the fob will already be asleep when they try and contact it as it would have been more than 1-2m away from the car and still for 15 minutes.


----------



## ZephyR2 (Feb 20, 2013)

So now its been widely published that TTs are vulnerable every tosser with a relay kit will be trying their luck with each TT they find down a drive.
If you've got Advanced key you'd be advised to re-think where / how you keep your key in the house. And don't forget about where you leave your spare key too.
This doesn't apply to Toshiba though who doesn't believe such things are possible.


----------



## kevin#34 (Jan 8, 2019)

After closing the car, it's enough to put the key in a metal box to stop connection with the car (Faraday cage)


----------



## Mark Pred (Feb 1, 2017)

I know of an RS3 stolen without keys and that wasn't far away from where my cars are parked. Not good.

Glad I managed to get my TT without Advanced Key. I notice on the new RS, you can only have B&O as part of a pack, which includes said free invitation to steal the car? Can you completely disable the keyless function via the on-board computer? I'd hope you can, else ordering an RS is going to be interesting, as B&O is must have and Advance Key is must not have!


----------



## Toshiba (Jul 8, 2004)

B&O certainly isn't a must have, its' pretty shit to be fair.. the badge is the only good things and that's the polite version.
Advance key makes 0 difference, you could do the same with bank cards..

Even without advanced key you can scan for keyfob presses too,


----------



## cliveju (Jun 27, 2018)

What happens to a car stolen without a key? Once the engine has stopped it won't start again. Are they all broken up? If not there must be a very sophisticated operation to reprogram the cars to work with new keys.


----------



## Toshiba (Jul 8, 2004)

Don't break the hysteria, it's less dramatic....!
But that answer is the sane for both systems, you can simply program a key to the dash.


----------



## tt3600 (Apr 8, 2006)

Toshiba said:


> Even without advanced key you can scan for keyfob presses too,


How's the car started without the key?

Edit: Oh

Still the thieves that tried to steal my car (twice) have not returned since l got a steering wheel lock.


----------



## ZephyR2 (Feb 20, 2013)

tt3600 said:


> Toshiba said:
> 
> 
> > Even without advanced key you can scan for keyfob presses too,
> ...


It isn't started. This method just provides access to the car, usually for the theft of its contents. And don't forget, half the cars that use a fob for locking still require a physical key to start them.


----------



## Macauley (May 31, 2017)

Guys, just get a ghost Immobiliser and you won't need to worry about losing your car, keyless or not


----------



## powerplay (Feb 8, 2008)

If the car can't be started once they've pirated the key's signal then how is this "stoles in 10 seconds" and not just "broken into in 10 seconds" ???


----------



## Blade Runner (Feb 16, 2018)

smh said:


> The car was built mid April 2019. I agree it seems weird that Audi would use different fobs for different models thats why I was usprised when I tested it.
> 
> Regarding the fob going to sleep when in contact with the car. As the fob only works within 1-2m of the door then the expectation could be that it won't be communicating with the car when it goes to sleep, so I could see how communication from the car could stop it sleeping. But a relay attack would still be thwarted as the fob will already be asleep when they try and contact it as it would have been more than 1-2m away from the car and still for 15 minutes.


You might be right. It is more important that the key goes to sleep when it is away from the car, i.e. safely tucked up in your house. When it is close to the car why would it need to go to sleep, as the only person in possession would be you? As you say, no way of really testing the theory with yours and you don't really know whether you have the sleeping variety or not. Maybe they should have put a tiny indicator LED on the fob, which would then blink when in sleep mode?

You need someone with a new RS (with the C&S pack) to repeat your experiment. Not sure of the manufacturing "cutoff date", but _What Car_? did a security group test last month and the TTRS Roadster they tested definitely had sleep mode on the Advanced key. And it defeated their 'relay attack team'.

https://www.whatcar.com/news/security-new-cars-that-can-be-stolen-in-under-30-seconds/n19898#8

I agree with Mark about the odd way that Audi tend to group unrelated items into 'packs' and then don't allow you to specify them separately.


----------



## Toshiba (Jul 8, 2004)

Once in the car use the OBD to program a key. 
Same as you would have to do with advanced - otherwise once stopped its useless.

Convenance is just that, if you want secure you don't have it from either standard solutions or a single physical key. You need a third party solution that requires multiple methods to start.

As above, its the manufactures fault, the key should stop after 30seconds or so.


----------



## phazer (Apr 2, 2018)

Blade Runner said:


> You might be right. It is more important that the key goes to sleep when it is away from the car, i.e. safely tucked up in your house. When it is close to the car why would it need to go to sleep, as the only person in possession would be you?


If you have the key on you it is moving and by definition will not go to sleep. If the key is in range but not moving it should go to sleep to remove that as an attack vector.

For example (and it's a real one on another forum some years ago) a terraced house where your drive way is under your living room window. You chuck your keys on the window sill. Still in range of the car, fob not moving...should it stay active and allow your car to be driven away or as I believe should it go to sleep?


----------



## ZephyR2 (Feb 20, 2013)

smh said:


> I just left my key fob next to the car in range of the door but untouched on the ground for 20 minutes. The car opened straight away when I opened the door by pulling the handle.
> 
> I can only conclude either that the key fob is different on the TTRS (mine is a Jul-2019 TT s-line 2.0 quattro) or alternatively it doesn't so to sleep when it is in range of the car. If its the latter then there is no way to test it that I can think of.


You could try putting your fob on the ground next to the car in a metal box or Faraday pouch and then carefully open the box after 20 mins and see if it still works.

The concept of fobs going to sleep is a new measure only recently being adopted by manufacturers. I suspect that when WhatCar said to Audi "we're doing a feature on cars' vulnerability to relay attack, could you give us a TT to test" they sent them a brand new model with a new secure fob that hasn't yet been rolled out. No doubt hoping to avoid them highlighting the weakness of the current fobs.


----------



## phazer (Apr 2, 2018)

ZephyR2 said:


> The concept of fobs going to sleep is a new measure only recently being adopted by manufacturers. I suspect that when WhatCar said to Audi "we're doing a feature on cars' vulnerability to relay attack, could you give us a TT to test" they sent them a brand new model with a new secure fob that hasn't yet been rolled out. No doubt hoping to avoid them highlighting the weakness of the current fobs.


Cynical but I would imagine you're dead right!


----------



## Toshiba (Jul 8, 2004)

phazer said:


> Blade Runner said:
> 
> 
> > You might be right. It is more important that the key goes to sleep when it is away from the car, i.e. safely tucked up in your house. When it is close to the car why would it need to go to sleep, as the only person in possession would be you?
> ...


Thats an urban myth, anyone with advance - put your key on the ground in front of the car and then try and open the door.
All those bleating remember, you can do the open coding real easy and the start car system is 100% the same for BOTH. so if you can use a relay to start advance, you can use a relay to start cars without once open.. You cant have it both ways.


----------



## E.L.Wisty (Sep 19, 2018)

> You could try putting your fob on the ground next to the car in a metal box or Faraday pouch and then carefully open the box after 20 mins and see if it still works.


 Schrodinger famously didn't know his car had been stolen until he did this.


----------



## phazer (Apr 2, 2018)

Toshiba said:


> Thats an urban myth, anyone with advance - put your key on the ground in front of the car and then try and open the door.
> All those bleating remember


If you say so. I wasn't talking about a VAG car in the first place, let alone a TT.

Besides, the whole point of security is that you take care of it properly or you may as well not bother. The car industry has a terrible record of not bothering and when they get called out they do small things that gather good press but don't really effect any change. The more tech, the more connection options available the more interesting hacks will appear. Hell it might peak my interest enough to dust off my reverse engineering tools/skills :wink:

You are correct abut the TT with keyless start being as vulnerable as keyless assuming you have entry to the vehicle. That said a significant proportion of modern cars are susceptible to brute forcing new keys due to the weird practice of leaving the ODB enabled when the car is supposedly secured so when all is said and done, break a window and brute force it -as was being done to 1 series beemers.


----------



## phazer (Apr 2, 2018)

E.L.Wisty said:


> > You could try putting your fob on the ground next to the car in a metal box or Faraday pouch and then carefully open the box after 20 mins and see if it still works.
> 
> 
> Schrodinger famously didn't know his car had been stolen until he did this.


 :lol: :lol: :lol:


----------



## BauhauTTS (Jan 8, 2017)

E.L.Wisty said:


> > You could try putting your fob on the ground next to the car in a metal box or Faraday pouch and then carefully open the box after 20 mins and see if it still works.
> 
> 
> Schrodinger famously didn't know his car had been stolen until he did this.


It was only stolen once he tried to look at it.


----------



## Toshiba (Jul 8, 2004)

Yep. convenience vs security...

Use the recorder, open the car, code a key. user the recorder use the method described in the video to start the car - any car with keyless. Both will take "10 seconds" if they have the relay, they certainly have the recorder for the fob.

Just move, they are both equally as bad. but its not something i worry about. this is what insurance is for and its better than them breaking in the house for the key. So bonus..!


----------



## ZephyR2 (Feb 20, 2013)

Toshiba said:


> Yep. convenience vs security...
> 
> Use the recorder, open the car, code a key. user the recorder use the method described in the video to start the car - any car with keyless. Both will take "10 seconds" if they have the relay, they certainly have the recorder for the fob.


Or use the hidden key to lock the car in your driveway and then they won't be able to record the signal - inconvenience vs security. You can do that with both Advanced and standard fobs, the difference is that with an advanced fob they can still unlock the car later using relay attack and then start it up. 
With a standard fob they would have to break in to the car but then relay would not be able to start it.

Glad to see you have finally acknowledged that relay attack does exist.


----------



## Toshiba (Jul 8, 2004)

But the realty of it is next to nothing, people just want to complain.... and blow it out of all reality..
I could just put the car on a tow and drive it off too but no one talks about how bad that is.

The relay works on advance or keyless, its not more relevant to one or the other.
What next skimming RFID card in peoples wallets and that if you leave the house you will lose your savings?


----------



## smh (Jun 27, 2017)

I suffered like others in that I wanted the B&O but not the advance key and to get one I had to have the other. I use the method of disabling advance key by hitting the fob lock button and then holding the advance key lock on the door which turns advance key entry off until you unlock it again. When its at home its locked in a garage, the advance key disabled and all keys safely tucked up in faraday wallets.

I have also reached out to Audi to find out if the latest advance keys should disable themselves after 15 minutes , if my key has the feature and if not whether you can buy the latest fobs that do disable themselves to replace the existing ones. I'll report back if I hear anything.


----------



## ZephyR2 (Feb 20, 2013)

Toshiba said:


> What next skimming RFID card in peoples wallets and that if you leave the house you will lose your savings?


Here ya go ....
https://www.amazon.co.uk/AKIELO-Blo...ss-Protector/dp/B076FW99RD?ref_=fsclp_pl_dp_3


----------



## MarkB (Aug 9, 2019)

Hi everyone. Sorry for my ignorance. So if you still need to manually press the fob to lock/unlock the car are these relay devices ineffective, even with push button start? It's only at risk with advanced key where you can open the door by holding the handle?


----------



## phazer (Apr 2, 2018)

MarkB said:


> Hi everyone. Sorry for my ignorance. So if you still need to manually press the fob to lock/unlock the car are these relay devices ineffective, even with push button start? It's only at risk with advanced key where you can open the door by holding the handle?


You don't need to worry, whilst a relay attack to start the car is theoretically possible the chance of the circumstances coming together that are required and someone wanting to do it are vanishingly small. You'd have to be there with the key too in which case demanding you give it them is the more likely outcome.

Theft of a key from a person/car jacking is still a rare crime.


----------



## Toshiba (Jul 8, 2004)

Yeah, it's all getting blown out of proportion vs the actual risk posed.
The risk is just as low with or without advanced and its less likely as to your RFID bank card being scammed.

Some seem to like to be either alarmists or drama queens.


----------



## MarkB (Aug 9, 2019)

phazer said:


> MarkB said:
> 
> 
> > Hi everyone. Sorry for my ignorance. So if you still need to manually press the fob to lock/unlock the car are these relay devices ineffective, even with push button start? It's only at risk with advanced key where you can open the door by holding the handle?
> ...


Ok thank you phazer. Good to know!


----------



## Mark Pred (Feb 1, 2017)

Toshiba said:


> B&O certainly isn't a must have, its' pretty shit to be fair.. the badge is the only good things and that's the polite version.
> Advance key makes 0 difference, you could do the same with bank cards..
> 
> Even without advanced key you can scan for keyfob presses too,


Well, that's your opinion, which on most occasions counts for FA. B&O in my car is stunning, wouldn't be without it and a must have for most, tone deaf ignoramuses accepted.


----------



## Toshiba (Jul 8, 2004)

You don't and cant speak for most. 
Most say its not worth it, at least on the TT... So i think I'm in the majority and the indignant ignoramus's is just you


----------



## kevin#34 (Jan 8, 2019)

let's say that B&O is not really stunning, but better than Audi Sound System and much much better than std audio system... (I have B&O and I compared it with a friend who has MK3 with ASS)


----------



## Toshiba (Jul 8, 2004)

That's closer the truth. If the standard system supplied with nav is a 6.0, B&O is a 6.21, it's certainty not good. Again, this is in context to the TT. Some of the systems in the other cars in the range are much better.


----------



## Mark Pred (Feb 1, 2017)

Toshiba said:


> You don't and cant speak for most.
> Most say its not worth it, at least on the TT... So i think I'm in the majority and the indignant ignoramus's is just you


No I don't and nor do you F*&% Wit. I know every Forum always has a someone like you on it and most of the time we just ignore them, but you know what, why don't you back up some of the crap you post with some facts? You know, put your money where your mouth is... that kind of thing... make sense :roll:


----------



## Toshiba (Jul 8, 2004)

You had an immediate reply from someone else saying the same - what more facts do you need? Its been discussed a million times and the answers the same each time and you always get your boyfriends panties in a twist over it.

Personally i dont give a woopsie what you want, B&O sucks, advanced is not really any more or less secure and thats simply the reality. If you don't like reality, tough shite... And yes, forums do seem to have cunts like you, but i general ignore them but happy to keep replying to you if you want to be a dick.


----------



## smh (Jun 27, 2017)

I have now had confirmation from Audi that my car built in April 2019 does not have the 15 minute timer to disable the fob if its not moved. I also asked whether it was possible to buy a replacement that would disable the advance key if it was moved in 15 minutes and was told that they would only supply a replacement fob with the same functionality as the original.

So it looks like either the RS has a different key fob or possibly someone got it wrong in the original article and there is no 15 minute disabling of the fob.


----------



## j77drs (Aug 8, 2019)

where do you find out if the car has this or not ?

i have a 2019 BE TT and interested to know


----------



## tt3600 (Apr 8, 2006)

@smh get yourself a steering wheel lock. The security design of advanced key is dumb


----------



## Toshiba (Jul 8, 2004)

The advance key just opens the door, on its own it's useless as a means to theft unless you have something in the glovebox.
Its the keyless start that's the dumb part.


----------



## powerplay (Feb 8, 2008)

It's all pretty dumb to be honest, this strive to make things as "easy" as possible.

Nothing was ever wrong with using a key to open and start a car, sometimes the low-tech solution is just the best solution.

I have a protective wallet affixed on the wall next to my key rack and I just drop my key fob inside - doesn't even have to be closed for it to work so my other keys hang outside and the fob is protected, no signal gets out and the buttons don't unlock the car that's a few feet away.


----------



## RobinHelsby (Mar 24, 2018)

For what it's worth, we bought a small cash box from Rymans and just put the keys (mine and hers) into it. £10.


----------



## leopard (May 1, 2015)

Even better, buy a tin of biscuits e.g. Fortnam & Mason or Harrods will suffice, enjoy the contents and put your keys in said empty box. Simples


----------



## debatable_andrew (Aug 4, 2019)

Always a spare CR2032


----------



## Rukka (May 9, 2017)

Better still - just have GAP insurance.

I'd rather someone stole my TTS without breaking into the house for keys and putting my family at risk.


----------



## captainhero17 (Apr 10, 2018)

Lucky for me in my part of the woods the TT is still considered a girly or hairstylist car. So no one bothers to steal it. Unless the mafiosos wife wants a new car. :lol: :lol:


----------



## Alan Sl (Nov 11, 2009)

captainhero17 said:


> Lucky for me in my part of the woods the TT is still considered a girly or hairstylist car. So no one bothers to steal it. Unless the mafiosos wife wants a new car. :lol: :lol:


I didn't realise hairstylists were so well paid, I think I will retrain and change my profession.


----------



## captainhero17 (Apr 10, 2018)

Alan Sl said:


> captainhero17 said:
> 
> 
> > Lucky for me in my part of the woods the TT is still considered a girly or hairstylist car. So no one bothers to steal it. Unless the mafiosos wife wants a new car. :lol: :lol:
> ...


Have you seen the prices for a decent haircut anywhere in Europe? (Dont get me started about London). Tony&Guy or not those basta$*s are well off most times than not. Especially the hairstylists for females. :lol: :lol:


----------



## powerplay (Feb 8, 2008)

I cut my own hair and own a TT.

Not sure if that's good or bad, suspecting not good... :roll:


----------



## captainhero17 (Apr 10, 2018)

I envy you powerplay. I would love to he able to cut my own hair. Since it grows so fast I either spend a lot getting constant haircuts or looking like I was stranded on an island for 10 years.


----------



## tt3600 (Apr 8, 2006)

Video:


----------



## captainhero17 (Apr 10, 2018)

tt3600 said:


> Video:


Excelent video. Just to add to it. Car manufacturers should make the keys as small as possible so you can swallow them and prevent the car thief from pistol whipping you and bypassing this "hacker bs". The down side that you also have to always have laxative pills with you to get the keys. :lol:

"Honey can you take the kids to school?"
"Sure darling..." *opens the WC door* [smiley=bigcry.gif] [smiley=bomb.gif] [smiley=bigcry.gif]


----------



## ZephyR2 (Feb 20, 2013)

You're already one step behind ..... :lol: 
https://www.theverge.com/2019/8/12/...dd-video-watch-body-hacking-body-modification


----------



## captainhero17 (Apr 10, 2018)

ZephyR2 said:


> You're already one step behind ..... :lol:
> https://www.theverge.com/2019/8/12/...dd-video-watch-body-hacking-body-modification


Yes and no. Because now the thief can use a machete and just cut the owners arm. My method requires him to either:
- feed you prunes
- tickle you in to pooping
- stick some fingers and rummage around inside you. (the fun way).

Either way its a win win and a fun night for ya. :lol: :lol:


----------



## leopard (May 1, 2015)

A wet slobbery tongue, think old Labrador dog or an Ant Eater up your sheriff's will always induce a poo...


----------

