Cars Being Stolen With Keyless Entry
Car owners who throw keys on tables or near their front door may be unwittingly giving thieves the ability to take over the signal. This relay attack is just one of the high-tech methods criminals are using to steal new keyless vehicles.
Keyless ignition vehicles emit a low-power radio signal to find the fob that matches. If the signal is recorded and recreated, it can be used to unlock the car and start it up.
Relay Attack
Imagine your car in your driveway, and your key fob inside your home. You're confident that your car is safe, but not seen by you, sophisticated thieves are plotting a heist. Instead of breaking windows or jimmying locks, they are leveraging technology to hack into vehicles using digital cracks in their armor. Known as relay theft, it's an increasingly popular method of stealing cars that have keyless entry.
The keyless entry system in cars is controlled by a signal from the car's RF transmitter to the key fob. To prevent keyless entry by intruders the RF transmitters on the key fob as well as the car are programmed only to be activated when they are within a certain distance from each other. A thief, however, can circumvent this limitation using a technique known as the "relay-attack".
To do so, two people work together: one stands by the car and uses an instrument that records an electronic version of the key fob's signal. The other person, who is at the owner's home and uses a different device to transmit the signal from the key fob to the car. This trickery fools the car into thinking that the key fob has traveled a distance sufficient to allow the vehicle to start and unlock. vehicle.
This type of attack was once a costly process that required expensive equipment. You can now buy a relay transmitter for a small price on the internet and complete an heist in a matter of minutes. This is the reason why car thieves love it.
All modern cars with keys are at risk. Some cars are more vulnerable to this type than others. Researchers have tested 237 of the most popular cars and found that every one of them can be stolen by this method.
Tesla vehicles are said to be less susceptible to this kind of theft. However, the company hasn't yet implemented UWB technologies that would allow it to perform distance checks and stop attacks via relay. The company has said that they will implement this in the near future, but until then, they are vulnerable. That is why it's important to be proactive about your vehicle security and install an anti-theft tool which protects your keys as well as your vehicle from these kinds of attacks.
CAN Injection Attack
Modern vehicles are designed to shield themselves from thieves by exchanging cryptographic messages with the key to prove that it's authentic. This system is generally reckoned to be secure, but thieves have found a way around it. They fake the identity of the smart key, then send messages to the vehicle and then drive away. To do that, they get access to the smart key's internal communications network.
The majority of cars today are fitted with between 20 and 200 electronic control units, also known as ECUs, that control different aspects of the vehicle's operation. They communicate with one another using an electronic network referred to as CAN bus. To keep power consumption low they ECUs go into sleep mode with low power that is activated when they receive a wake up' frame. These frames typically come via the door or smart key receiver ECU. These messages aren't always authenticated or encrypted. This means that criminals are able to intercept them with the use of a cheap and simple device.
They look for a place that allows them to connect directly to the wires of the CAN connection. They usually hide in the headlights, or in other locations in the front of the vehicle. To get them, you need to pull the bumper and cut holes in the headlamp assemblies. The thieves employ the device referred to as a CAN injection attack to send fake messages that trick the car's safety systems into unlocking and disengaging the engine immobilizer.
These devices are available for purchase on the Dark Web, and work for most of the major car makers including BMW, Cadillac, Chrysler, Fiat, Ford, Honda, Hyundai, Jaguar, Jeep, Lexus, Nissan, Renault, Toyota, Volkswagen, Maserati, and more. Researchers who discovered the CAN Injection attack recommend that all car makers fix this issue in their existing models. However, these criminals will continue taking whatever more info they can. We can prevent this by installing mechanical security measures like Discloks in all of our cars and parking them in well-lit, well-lit areas.
The Signal is blocked
In a variant different to the relay attack, thieves could make use of a device to block the signal that is sent by an electronic key fob if the vehicle is locked. The device could be found in the pocket or hiding place of a thief on an open parking lot or in the driveway being targeted. Once owners hit the lock button on their fobs, and then walk away and leave, they don't have to think about whether or not the car is really locked. Instead, thieves can take off with the car since the signal that normally locks the car has been blocked by the device of the criminal.
They also have devices that amplify signals from the key fob to unlock vehicles. The crooks can do this even when the key is in the pocket of a driver, or hanging from a hook inside the home. Once the car is unlocked, they can use an ordinary diagnostic port or computer hacker to program a blank key fob and gain control over the vehicle.
To guard against this kind of attack, car manufacturers have developed a variety of anti-theft devices. However, criminals are constantly trying to beat these measures.
For instance, they've begun using devices that transmit on the same radio frequency as remote key fobs to intercept their signals. The thieves then copy the unlock code of the key fob, and then start the vehicle with this fake signal.
This method is especially popular in the US where a lot of cars are equipped with wireless technology. Owners can start and unlock their car by using a mobile app on their smartphone. This technology is likely to be more commonplace as more companies attempt to connect their vehicles with their owners phones.
In addition to incorporating anti-theft technology in vehicles, it's vital for drivers to leverage best practices when parking their vehicles. It is not a good idea to leave key fobs in the ignition, and should always ensure that the vehicle is locked completely when they're not in it and should use a steering wheel or gearstick lock, if they can. It is also recommended to consider having a tracking device fitted to their car in case it is stolen.
Flat Battery
This type of attack is more frequent than most people realize. The thieves make use of low-cost devices that increase the signal of your key fob to enable it to unlock and start your car in the event that it is off. Then they drive the vehicle to the trailer or around a corner, and take the vehicle away. Installing a starter circuit interruption switch can protect your vehicle from this. Simpler versions come with an ON/OFF button that shuts off the circuit. It's about $15 and is simple to install.
Car thieves are always trying new ways to gain access to vehicles and steal them. Car manufacturers, police and insurance companies are constantly trying to keep up with the latest methods and offer better anti-theft systems for modern vehicles. But this isn't stopping thieves who adapt quickly and find ways around the latest anti-theft technology.
For example, many thieves use devices that operate on the same frequency as the fob to jam the signal. The device is put in the pocket or close by the vehicle and blocks the fob from transmitting the lock command to the vehicle. This can be done in seconds. The device is affordable and available online.
Hacking the computer system of the car is an alternative option. This is more difficult, but still possible. Hackers have designed devices that plug into the diagnostic port of all cars and allow them to connect to the software. They can then program a blank fob to function. It is possible to do this on older cars also but it's more difficult if you remove the ignition.
As more vehicles are linked to smartphones of drivers the method is likely to be more popular. Once a criminal has the username and password to a vehicle app and is able to unlock or start the vehicle with the application. You can help protect yourself from these types of attacks by not leaving valuables in your car and putting it in a garage or secured parking lot.