Military radio signal jams garage doors

[[email protected]]

|
| [email protected] wrote:
|>
|
|> BTW, I've actually overloaded a couple GFCI receptacles with my 2 meter
|> hand held ham radio transmitter running at 5 watts to a rubber duck
|> antenna at a distance of 10 feet. Those things really freak out when
|> that happens. It could have been a resonance in the wiring.
|>
|
| When I was young, I hooked up a 5 wattt mobile CB directly to the
| antenna inputs of a
| portable B&W TV. Ended up frying the sucker (the TV, not the radio.

I would expect. Gotta learn those lessons young

 

[Jim Thompson]

|
| [email protected] wrote:
|> |
|> |>
|> |>Jim Thompson wrote:
|> |>> On 3 Dec 2006 16:07:56 GMT, [email protected] wrote:
|> |>
|> |>> Clear back in 1950, 390MHz was assigned to the military. But _some_
|> |>> garage-door-opener companies have continued to use that frequency
|> |>> based on the FCC "low-power-non-interference" rule.
|> |>>
|> |>> In COS the openers were simply over-powered by a high power military
|> |>> antenna located on Cheyenne Mountain.
|> |>>
|> |> Hmm, I remember hearing of an incident of Sputnik screwing with garage
|> |>door openers back in the day.
|> |
|> | I was a Senior in High School when Sputnik went up. I don't think RF
|> | garage door openers existed back then ;-)
|>
|> If not then, soon after. My grandfather's brother had a remote garage door
|> opener in 1961. I can't say whether it was optical or radio as I was a bit
|> too young then to consider it important. But I sure thought it was great.
|> It might have been rather expensive at the time.
|
|
| And probaly without the modern coding remotes have today. (remember,
| computer took up
| entire rooms at this time. I wonder if the first RF garage door
| openers listened for a specific audio tone broadcasted by the radio
| transmitter, or simply responded whenever
| an RF signal was detected on its frequency.

My guess would be an audio tone. A more advanced design would compare
to a 2nd audio tone such that the 1st must be stronger. They did have
a means to reject neighbors. I remember my uncle mentioning his neighbor
(in an area of expensive homes) also having one of these and they did not
operate each other. Being RF frequency selective would be a bit hard to
do for such cheap electronics. I have no idea if the audio would have
been AM or FM modulated, but my guess would be AM. Still, it could easily
be FM with the 2 tone test where one has to be much higher than the other
to reject all the background hiss from FM demodulation.

These days, I'd want to make one with a challenge response security system
built in so "the code" itself is never actually sent. For example, the
remote makes a request to the base, the base generates a random number,
encrypts it, sends one or the other to the remote, the remote does the
same if sent the number or decrypts if sent the result, and sends back its
result for confirmation and action. As long as it's very hard to derive
the key from those two pieces of data, it should be reasonably secure.

I can remember units from about 15 years ago... they had dip switches
with 7 (bit) selections to set a code.

...Jim Thompson

 

[[email protected]]

|
|>
|>hob wrote:
|>
|>> 1) If the military signals are interfering with those digital commands, then
|>> the signal must be overwhelming the receivers - they surely are not sending
|>> simultaneous multiple sets of "trains" of pulses that fool all those
|>> receivers' security, weak as it is.
|>
|> I wonder if they sell garage door openers and remotes that use
|>challenge-response. It wouldn't be that expensivge to do.
|
| I have problems with steel doors, and walls that use metal mesh for
| the stucco, so my range is crap.
|
| I'v been considering some kind of IR replacement. Any available
| commercially?

Try coax through the wall to an external antenna.

 

[Jim Thompson]

|
|>
|>hob wrote:
|>
|>> 1) If the military signals are interfering with those digital commands, then
|>> the signal must be overwhelming the receivers - they surely are not sending
|>> simultaneous multiple sets of "trains" of pulses that fool all those
|>> receivers' security, weak as it is.
|>
|> I wonder if they sell garage door openers and remotes that use
|>challenge-response. It wouldn't be that expensivge to do.
|
| I have problems with steel doors, and walls that use metal mesh for
| the stucco, so my range is crap.
|
| I'v been considering some kind of IR replacement. Any available
| commercially?

Try coax through the wall to an external antenna.

Brings to mind the cell phone extender gimmick... external antenna
capacitively-coupled thru the rear vehicle window, then another
antenna inside

...Jim Thompson

 

[krw]

I can remember units from about 15 years ago... they had dip switches
with 7 (bit) selections to set a code.

I don't remember how many switches (IIRC 10) but before the "opener
codes now in use, Sears used a trinary code.

 

[[email protected]]

| I am curious as to if/how they are jamming those encoded "digital" signals
| that garage door openers have used for the past 15 years.
|
| 1) If the military signals are interfering with those digital commands, then
| the signal must be overwhelming the receivers - they surely are not sending
| simultaneous multiple sets of "trains" of pulses that fool all those
| receivers' security, weak as it is.

I'd guess it most likely is an overload of cheap receivers.


| 2) If they are overwhelming the digital receivers instead of "stealing the
| codes" so as to make them not work, they must be pumping out one hell of a
| lot of power, relatively speaking - and that means the residents are being
| subjected to the same steady barrage of RF.
| And from days past, memory had the 390M range as not being particularly
| friendly to humans (you don't feel anything until after any damage is done)
|
| 3) And curiously - if it jams the local garage door openers so well, why
| isn't the miltiary using them in Iraq to jam the IED
| detonators? -(apparently GDO remotes are the new favorite detonator of the
| anti-US forces in Iraq)

Good question. It might need to be on a very close frequency for the
overload to be effective by getting through the first stage filter.
Maybe the IEDs get set up with a variety of unanticipated frequencies.
It might be needed to be within less than 1% of frequency to be able
to do an effective overload.

All the garage door units I've ever examined had regenerative
receivers. Those, of course, overload quite easily, and selectivity is
seldom better than a few percent, e.g. a 5-10MHz bandpass @ 300MHz.
Can't be more selective than that anyhow--the regenerative detector
drifts about that much all by itself.

Best,
James Arthur

 

[Joel Kolstad]

I don't remember how many switches (IIRC 10) but before the "opener
codes now in use, Sears used a trinary code.

Contemporary openers use a "rolling code" where the transmitter sends out an
changing number every time you press the button. Initially you press a
"learn" button on the receiver which allows its to sync up with the
transmitter. After that, the receiver will only accept codes that are within
some small boundary of where in the sequence it thinks the transmitter
*should* be (it needs some margin in case people accidentally press the button
a little early, or if the kids play with it, or...).

This approach prevents capturing & re-transmitting the same signal to get into
someone's garage. However, at least in theory if you knew the garage door
opener brand you might know the algorithm and hence be able to predict what
the next code in the sequence is and generate *that* if you're trying to,
e.g., rob the house. Fancier openers then still have DIP switches that must
match at the transmitter and the receiver that feed into how the next number
in the sequence is created, which prevents that particular attack.

At that point, for the average garage a physical attack becomes much more
viable than somehow trying to track multiple transmissions to ascertain the
DIP switch settings and break in electronically. It also keeps the garage
door opener cheap in that it doesn't have to receive -- still only transmit.

----

For the older non-rolling code transmitters (that just transmitted a specific
binary or trinary word each time), I've seen an awful low that were just still
at the factory default settings of all zeroes (or ones or...). Shows you how
much the average person is concerned about security...

 

[legg]

Aren't those band segments reserved for military use worldwide by
international agreement?

For 'world-wide' arrangements, I think you'd have to consult the ITU.
http://www.itu.int/home/index.html

For other US-Canada, US-Mexico and others:
http://www.fcc.gov/ib/files/11_27_01/annual_rpt2001.pdf

Please do.

RL

 

[joseph2k]

For 'world-wide' arrangements, I think you'd have to consult the ITU.
http://www.itu.int/home/index.html

For other US-Canada, US-Mexico and others:
http://www.fcc.gov/ib/files/11_27_01/annual_rpt2001.pdf

Please do.

RL

ITU has only allocated subauthority, it is WARC that makes the big
decisions.

 

[Rich Grise]

Military radio signal jams garage doors By ROBERT WELLER, Associated
Press Writer
Sat Dec 2, 5:03 PM ET

DENVER - What do remote-control garage door openers have to do with
national security? A secretive Air Force facility in Colorado Springs
tested a radio frequency this past week that it would use to
communicate with first responders in the event of a homeland security
threat. But the frequency also controls an estimated 50 million garage
door openers, and hundreds of residents in the area found that theirs
had suddenly stopped working.

They should just give their remotes little tinfoil hats. ;-)

Cheers!
Rich

 

[Rich Grise]

| OK...here is an example of what NOT to do when testing RF equipment.
| So if you were one of the unfortunate souls that had to open your
| garage door manually, be happy it wasn't in the middle of a hail
| storm!!

Why not?

I presume this is all operating as a secondary unlicensed spectrum
user. The garage door company perhaps should have used some other
frequency in the first place.

But I also worry about the fact that this was a small area. While it
may well jam the door radios nearby, would this signal make it to the
intended first responders all over the country?

What does "first responders" mean in this context?

Thanks,
Rich

 

[Bud--]

For the older non-rolling code transmitters (that just transmitted a specific
binary or trinary word each time), I've seen an awful low that were just still
at the factory default settings of all zeroes (or ones or...). Shows you how
much the average person is concerned about security...

Richard Fynman was a physicist on the Manhattan Project and had a known
interest in safes. He was asked to see if he could open a safe - the
person with the combination was not there that day. This may not have
been the Manhattan Project, but IIRC the safe was to protect classified
information. He tried the default combination those safes were shipped
with and it worked.

 

[VWWall]

Richard Fynman was a physicist on the Manhattan Project and had a known
interest in safes. He was asked to see if he could open a safe - the
person with the combination was not there that day. This may not have
been the Manhattan Project, but IIRC the safe was to protect classified
information. He tried the default combination those safes were shipped
with and it worked.

When I was in the Army, years ago in North Africa, I once had to open a
safe used for crypto equipment, after the owner had been transferred.
The first thing I tried was his birthdate. It worked!

Many hackers get computer access by using "password" as the password.

 

[legg]

ITU has only allocated subauthority, it is WARC that makes the big
decisions.

Hmmm.

It's now the WRC; World Radiocommunication Conference.

RL