Cars Being Stolen With Keyless Entry
If car owners leave their keys on the table or near their doors, they could unknowingly be allowing thieves to steal their signal. This relay attack is a high-tech method used by criminals to steal new keyless vehicles.
All keyless ignition vehicles emit a low power radio signal to locate a matching fob. If the signal is captured and recreated it can be used to unlock the car and begin it up.
Relay Attack
Imagine your car in your driveway, and your key fob inside your home. You're confident that your car is secure, but unseen by you sophisticated thieves are planning a heist. Instead of slamming windows or jiggling locks, these thieves are leveraging technology to hack into cars via digital chinks in their armor. Known as relay theft, it's an increasingly popular method of stealing cars with keyless entry.
The keyless entry system in cars is controlled by a signal by the car's radio transmitter to the key fob. To ensure that keyless entry is not unauthorized, the RF transmitters in the key fob and in the car are programmed to only be activated when they're within certain distance from one another. The thief can circumvent this limitation employing a technique called the relay-attack.
To accomplish this two people work in tandem: one stands by the car, using a device that captures an electronic version of the key fob's signal. The other person, who is at the owner's home and uses a different device to transmit the signal from the key fob to the car. This trick tricked the car into thinking the key fob is close enough to unlock and start it up.
This type of heist was once a costly process that required expensive equipment. Today, you can purchase a cheap relay transmitter on the internet and complete a heist within minutes. This is why it's so popular with car thieves.
While certain vehicles are less susceptible to this kind of theft than others, all modern cars that have keyless entry are vulnerable. In fact researchers have tested 237 popular cars and found that they could be targeted by this method.
Tesla vehicles are said to be less vulnerable to this kind of theft. However Tesla hasn't implemented UWB technology to allow it to perform distance checks and prevent relay attacks. The company has said that they will implement this in the future but until then, they're vulnerable. Installing an anti-theft system that safeguards your keys and your car against such attacks is a proactive way to ensure the security of your car.
CAN Injection Attack
Modern cars can guard themselves against thieves by sending encrypted messages to the key to prove its authenticity. The system is believed to be secure, but thieves have found ways around it. They impersonate the smart key, then send messages to the vehicle and then drive off. To do that, they get access to the smart key's internal communications network.
The majority of cars today are fitted with between 20 and over 200 electronic control units, or ECUs, which control various aspects of the vehicle's operation. They communicate with each other using the CAN bus. To keep power consumption low the ECUs are put into a low-power sleep mode that's activated when they receive a 'wake up frame. These frames are usually sent by the ECU that manages the smart key or door. These messages aren't always authenticated or encrypted. This means that criminals can capture them using a simple and cheap device.
They look for a place that allows them to connect directly to the wires of the CAN connection. They're usually hidden inside the headlights or elsewhere in front of the car and are accessible by removing the bumper and cutting holes in the headlamp assembly to expose them. The thieves use the device referred to as a CAN injection attack to send out fake messages that trick the car's safety systems into unlocking and disengaging the engine immobilizer.
These devices are for purchase on the Dark Web, and work for most of the major car makers, including BMW, Cadillac, Chrysler, Fiat, Ford, Honda, Hyundai, Jaguar, Jeep, Lexus, Nissan, Renault, Toyota, Volkswagen, Maserati, and more. Researchers who have discovered the CAN Injection attack recommend that all car makers fix this in their existing models. However, the thieves will continue taking whatever they can. We can stop this from happening by installing mechanical security measures, such as Discloks inside every car we own and parking them in website well-lit, well-lit areas.
Jamming the Signal
In a variation of the relay attack, which makes use of a device that can be used to block the signal from a key fob while the vehicle is locked. The device could be hidden in the pocket of a burglar in a parking area or in a hiding spot near the driveway being targeted. Owners don't check whether their car is locked after pressing the lock button. Instead, thieves can take off with the car since the signal that normally locks the car has been blocked by the crook's device.
They also make use of devices that amplify signals from the key fob to unlock vehicles. They can do this when the key is in the pocket of the driver or hanging from its hook in the home. When the car is unlocked, they can make use of a standard diagnostic port or computer hackers to program the blank key fob and gain control of the vehicle.
Automobile manufacturers have come up with a variety of anti-theft solutions to protect against these types of attacks. But, thieves are constantly finding ways to beat these measures.
They've started using devices that transmit at the same frequency as remote keyfobs to intercept signals. The crooks then copy the unlock code from the key fob, and then start the vehicle using this fake signal.
This method is particularly popular in the US, where many cars come with wireless technology. Owners can unlock and start their vehicle through a mobile application on their smartphone. This technology is likely to be more commonplace as more car manufacturers attempt to connect their vehicles with their owners' smartphones.
In addition to installing anti-theft technologies in vehicles, it's crucial for drivers to leverage best practices when parking their vehicles. They should never leave the key fobs in ignition and always secure the car when they are not in it. If they can, they should also use the gearstick or steering locking device. They should also think about installing a tracking device onto their vehicle in the event it is stolen.
Flat Battery
This kind of attack occurs more often than we think. Thieves use cheap devices to extend the signal from your key fob to unlock and begin cars even if they're turned off. They then simply drive the car around a corner or to a trailer and then drive off with it. Installing a starter circuit interruption switch will protect your vehicle from this. The simplest ones are an ON/OFF switch that shuts off the starter circuit. It's priced at around $15 and is easy enough to install by yourself.
Car thieves are always working on new ways to get into vehicles and steal them. Car manufacturers, police and insurance companies are always trying to stay abreast of the latest techniques and offer better anti theft systems for modern vehicles. But that doesn't stop the thieves who are able change quickly and find ways to circumvent the latest anti-theft measures.
For instance, many thieves use a device that works on the same radio frequency as the fob in order to block the signal. The device is tucked away in the pocket or close by the vehicle and blocks the fob from transmitting the signal to the car. This can be done in a matter of minutes. The device is cheap and easily available on the internet.
Another tactic is to hack the car's computer system. This is more difficult but it is still possible. All cars have a diagnostic port, and hackers have designed devices that connect to them and let them access the software in the car. From there, they can program the blank key fob to get it to work. It is possible to do this on older vehicles as well, but it's more difficult if you remove the ignition.
As more vehicles are connected to the phones of drivers and this method could become more popular too. Once a thief has access to the username and password to a vehicle app they can open or start the vehicle by using the app. Fortunately, you can be safe from these kinds of attacks by not leaving valuables in your car, and then parking it in a secure garage or parking lot.