GoGoBark:Interference Attacks on UWB Ranging for IEEE 802.15.4z Standard

The industry generally acknowledges that Ultra Wide Band (UWB) technology can theoretically mitigate the issue of Relay Attacks associated with traditional Low Frequency (LF) and Bluetooth Passive Keyless Entry (PKE) systems. UWB localization technology is increasingly being incorporated into the latest digital car key systems, as the functionality of UWB ranging is directly tied to the car's susceptibility to relay attacks and the proper operation of the car key. However, during a security test project at GoGoByte, we discovered that merely adhering to the IEEE 802.15.4z and Car Connectivity Consortium (CCC) Digital Key standards does not ensure the reliable performance of the UWB ranging function. We have proposed a "sniper" jamming attack on High Rate Pulse (HRP) UWB ranging. For confidentiality reasons, we used the iPhone 14 and AirTag as demonstration devices. Upon activation of the attack device, the UWB-based ranging function of the iPhone fails, with a success rate of 99%. This attack method impacts not only Apple smartphones but also digital car keys that utilize IEEE 802.15.4z HRP UWB ranging.