Cars Being Stolen With Keyless Entry
Car owners who leave their keys on a table or near their front doors could be permitting thieves to steal the signal. This relay attack is just one of the latest techniques criminals are using to steal brand new keys from cars.
Keyless ignition vehicles emit a low-power radio signal that is used to locate the fob that matches. If the signal is captured and recreated, it could be used to unlock the car and then start it up.
Relay Attack
Imagine your car being parked safely in the driveway, with the key fob tucked away in your home. You're confident that your vehicle is safe, but unnoticed by you, sophisticated thieves are plotting an attack. Instead of slamming windows and jiggling locks, thieves are using technology to hack into vehicles using digital cracks in their armor. Known as relay theft, it's becoming a common method of stealing vehicles with keyless entry.
The keyless entry system in cars is controlled by a signal sent by the car's radio transmitter to the key fob. To prevent unauthorized keyless entry the RF transmitters on the key fob and car are programmed to only be activated when they're within certain distance from each other. The thief is able to circumvent this restriction employing a technique called the "relay-attack".
To accomplish this two people work together: one stands by the car with a device that captures an electronic version of the key fob's signal. The other, who is at the owner's home and uses a different device to transmit the signal from the key fob back to the car. This trickery fools the car into believing the key fob is at the distance needed to allow it to be opened and started the vehicle.
This kind of heist was once a costly process that required expensive equipment. It is now possible to purchase an inexpensive relay transmitter online and carry out a heist within minutes. This is the reason why car thieves are enthralled by it.
While certain vehicles are less susceptible to this kind of theft than others, all modern vehicles with keyless entry are at risk. In fact researchers have tested 237 vehicles that are popular and found that they can be all stolen using this method.
Tesla vehicles are believed to be less susceptible to this kind of theft. However, the company hasn't yet implemented UWB technology that would allow it to perform distance checks and prevent relay attacks. The company has promised to make this happen in the near future, but for now they are still vulnerable. That's why it's essential to take a proactive approach to your vehicle security and install an anti-theft kit that protects your keys and the car from such attacks.
CAN Injection Attack
Modern vehicles can defend themselves from thieves by exchanging encrypted messages with the key to verify its authenticity. The system is generally believed to be secure, however criminals have found a way around it. They simply impersonate the smart key and send other messages to the vehicle letting it unlock the doors, turn off its engine immobilizer, and then leave the car. To accomplish this, they have access to the smart keys' internal communications network.
Today, most cars are equipped with between 20 and 200 electronic control units, or ECUs, that control different aspects of the vehicle's operation. They communicate with one another using an electronic network referred to as CAN bus. These ECUs enter a low-power sleep mode to decrease their power consumption. This mode is activated when the ECUs receive an "wake up" frame. These frames are typically sent by the ECU that manages the smart key or door. However the messages aren't usually encrypted or authenticated so they could be snatched by criminals with a cheap and simple device.
They search for a spot that allows them to connect directly to the wires for CAN connection. They are usually hidden in the headlights, or in other areas of the front of the vehicle. To get them, you can pull the bumper and cut holes in the headlamp assemblies. The thieves employ a device known as an CAN injection attack. It is used to send fake messages which trick the car's safety systems into unlocking and disengaging the engine immobilizer.
These devices are for sale on the Dark Web, and work for the majority of major car makers including BMW, Cadillac, Chrysler, Fiat, Ford, Honda, Hyundai, Jaguar, Jeep, Lexus, Nissan, Renault, Toyota, Volkswagen, Maserati, and many more. Researchers who have discovered the CAN Injection attack recommend that all car makers address the issue in their current models. However, these criminals will continue taking everything they can. We can prevent this by implementing mechanical safety measures such as Discloks in all our vehicles and parking them in well-lit and visible areas.
The Signal is blocked
In a variation of the relay attack, which makes use of a device, thieves can jam the signal sent by a key fob while the vehicle is locked. The device may be in the pocket of a thief in a parking lot or in a hiding spot near the driveway being targeted. Owners aren't able to verify if the vehicle is locked after pressing the lock button. The device used by the criminal block the signal that locks the vehicle. Thus, thieves are able to escape with the car.
They also have devices that amplify signals from the key fob to unlock vehicles. They may even do this while the key is in the pocket of the driver or hanging from a hook in the house. Once the car has been unlocked, hackers can make use of an ordinary diagnosis port to program a blank fob.
Automobile manufacturers have come up with a range of anti-theft systems to safeguard against these types of attacks. But, thieves are constantly looking for ways to defeat these measures.
For instance, they've been using devices that transmit on the same frequency as remote key fobs to intercept their signals. The thieves copy the unlock code of the key fob and begin the vehicle using this fake signal.
This method is particularly popular in the US and Europe where a large number of cars are sold with wireless technology that lets owners unlock and start their vehicle by using a mobile application on their phone. This technique is likely to increase in popularity as more manufacturers try to link their cars with their owners smartphones.
In addition to implementing anti-theft systems in vehicles, it's vital for drivers to follow the best practices when parking their vehicles. They should never leave their key fobs in the ignition, should always ensure that their vehicle is locked completely when they're not there and should use a steering wheel or gearstick lock if possible. They should also consider installing a tracking device to their vehicle in the event that it's stolen.
Flat Battery
This kind of attack is more common than many people believe. Thieves use cheap devices to extend keyless entry cars stolen the signal from your key fob to unlock and start the car, even if it's turned off. They then drive the car around the corner or to a trailer and leave with it. It is possible to shield your vehicle from this by installing an interrupter for the starter circuit. Simpler versions come with an ON/OFF button that interrupts the circuit. It's about $15 and is easy to install.
Car thieves are always looking for new ways to take vehicles. Car manufacturers, police and insurance companies are always trying to stay abreast of the latest methods and offer better anti theft systems for modern vehicles. But that doesn't stop the thieves who are able to be quick to adapt and find ways to get around the latest anti-theft measures.
For example, many thieves use devices that operate on the same frequency as the fob in order to block the signal. They place the device in their pocket or somewhere near their vehicle, and it prevents the fob's lock signal from reaching the vehicle and thereby leaving the vehicle unlocked. This can be done within seconds. The device is inexpensive and readily available online.
Another option is to hack into the car's computer system. This is more difficult, but nevertheless feasible. Hackers have created devices that connect to the diagnostic port of all cars and allow them to access the software. From there, they are able to program the blank key fob to start working. It is possible to do this on older vehicles as well however it is more difficult without removing the ignition.
As more vehicles are linked to the phones of drivers, this method may become more popular as well. Once a criminal has the username and password for an app for vehicles and then they can unlock the car or start it with the app on their phone. You can guard yourself by not putting valuables inside your car, and also by parking in garages.