Cars Being Stolen With Keyless Entry
If car owners throw their keys on the table or at their door, they may unknowingly allow thieves to hijack their signal. This relay attack is just one of the high-tech methods criminals are employing to steal new keyless cars.
Keyless ignition vehicles emit an extremely low-power radio signal, seeking a compatible fob to respond. If the signal is recorded and recreated it can be used to unlock the car and then start it up.
Relay Attack
Picture your car parked securely in the driveway, and the key fob tucked away inside your home. You're confident that your vehicle is secure, but unseen by you, sophisticated thieves are plotting an attack. Instead of breaking windows or jimmying locks, these thieves are leveraging technology to hack into cars via digital cracks in their armor. Known as relay theft, it's a more common way to steal cars that have keyless entry.
The keyless entry system found in cars is controlled by a signal by the car's radio transmitter to the key fob. To ensure that keyless entry is not unauthorized the RF transmitters inside the key fob and car are programmed to only be activated when they're within certain distance of each other. However, thieves can override this restriction using an attack known as the'relay attack'.
Two individuals are required to perform this: one person is close to the car and utilizes a device to capture a digitalized version of the the key fob. The other, standing by the home of the owner and using a second device to transmit the key fob signal back down to the car. This trickery tricks the car into believing that the key fob has reached the distance needed to allow it to be opened and started the vehicle.
This type of heist used to require expensive equipment. Now, you can buy a relay transmitter on the inexpensive online market and carry out a heist in minutes. This is why it's well-liked by car thieves.
All modern vehicles that have keyless access are vulnerable. Certain cars are more susceptible to this type than others. In fact, researchers have tested 237 popular vehicles and found that they could be targeted by this method.
Tesla vehicles are believed to be less vulnerable to this type of theft, however, the company hasn't yet implemented UWB features that would effectively perform distance checks on the car's signal to prevent relay attacks. The company has said it will implement this feature in the near future, but until then, they remain vulnerable. That's why it's essential to take a proactive approach to your security in your car and install an anti-theft kit which protects your keys as well as your the car from such attacks.
CAN Injection Attack
Modern cars can guard themselves from theft by sending encrypted messages to the key in order to confirm its authenticity. The system is generally believed to be secure, but criminals have found a way to circumvent it. They can pretend to be the smart key and send other messages to the vehicle letting it unlock the doors, turn off its engine immobilizer, and let them go on their way. To do this, they get access to the smart key's internal communications network.
Today, most cars are equipped with between 20 and over 200 electronic control units, or ECUs, that control different aspects of the vehicle's operation. They communicate via an electronic network known as CAN bus. To reduce power consumption the ECUs enter sleep mode with low power that is activated when they receive a 'wake up frame. These frames are typically sent by the ECU that manages the smart key or door. However, these messages aren't always authenticated or encrypted, which means that they could be snatched by criminals using a cheap and simple device.
To do this, they look for a location where they can connect directly to the CAN bus wires. They are usually hidden in the headlights, or in other locations in the front of the vehicle. To gain access to them, you need to pull the bumper and cut holes in the headlamp assemblies. The thieves then employ a device dubbed a CAN injection attacker to send fake messages that fool the security systems of the car to unlock it and disable the engine immobilizer.
The devices are available on the Dark Web and work with all major car makers which include BMW and Cadillac, Chrysler, Fiat and Ford, Honda, Hyundai and Jeep, Lexus and Nissan, Renault and Toyota, Volkswagen and Maserati. Researchers who have discovered the CAN Injection attack recommend that all car manufacturers fix this in their existing models. However, these thieves will continue to take any opportunity they can. The best we can do is attempt to stop this from happening by installing mechanical security measures such as Discloks on all of our vehicles and ensuring that they are always parked in well-lit areas that are clearly visible to people passing by.
Blocking the Signal
In a different variant of the relay attack, thieves could make use of a device to block the signal sent from an electronic key fob if the vehicle is locked. The device could be hidden in the pocket or hidden where a burglar is hiding on an open parking lot or even near the driveway that is being targeted. Once owners hit the button to lock their fobs and leave they don't consider whether or not the car is really is locked. The device used by the criminal blocks the signal that locks the car. Therefore, thieves could escape with the car.
They also make use of devices that amplify signals from the key fob to unlock vehicles. They may even accomplish this if the key is inside the pocket of the driver or hanging from its hook in the home. After the car is locked, hackers can use the standard diagnostic port to program the fob with a blank.
To safeguard against this kind of attack, car manufacturers have come up with a range of anti-theft devices. But thieves always come up with ways to thwart these measures.
They've begun using devices that transmit at the same frequency as remote keyfobs to intercept signals. The crooks can then copy the unlock code of the key fob and then start the car using this fake signal.
This technique is particularly popular in the US where a lot website of cars are equipped with wireless technology. Owners can unlock and start their vehicle through a mobile application on their phone. This technology is likely to increase in popularity as more car manufacturers attempt to connect their vehicles with their owners smartphones.
In addition to incorporating anti-theft technology in vehicles, it's crucial for drivers to leverage best practices when they park their vehicles. They shouldn't leave their key fobs in the ignition. They should always ensure that the vehicle is locked completely when they're not using it and should make use of an engine or steering wheel lock if possible. They should also consider installing a tracking device on their vehicle in case it's stolen.
Flat Battery
This type of attack is more common than many people believe. Thieves employ cheap devices to extend the signal from your key fob to unlock and begin the car, even if it's switched off. Then, they drive the car to a trailer or around a corner and take it away. Installing an interrupter switch for the starter circuit will protect your vehicle from this. The most basic ones have an ON/OFF switch that interrupts the starter circuit. It's about $15 and is simple to install.
Car thieves are always looking for new ways to get into vehicles and steal them. The police as well as car manufacturers and insurance companies are always trying to catch up with their strategies and provide better anti-theft systems for modern vehicles. But that doesn't stop the thieves who are able to be quick to adapt and find ways to circumvent the most up-to-date anti-theft systems.
Many thieves block the signal by using devices that operate on the same radio frequency as the fob. They place the device in their pocket or somewhere near their vehicle, and it prevents the fob's lock signal from reaching the vehicle, leaving the vehicle unlocked. This can be accomplished in a matter of seconds. The device is affordable and readily available on the internet.
Hacking the computer system of the car is an alternative option. This is more difficult, but possible. Hackers have developed devices that connect to the diagnostic port of all vehicles and permit them to access the software. They can then program an unfinished fob to function. This can also be done on older vehicles, however it is more difficult without removal of the ignition lock.
As more vehicles are connected to drivers' phones, this method may be more popular. Once a thief gets the username and password for an app for vehicles, they can then unlock or start the car by using the app on their phone. It is possible to defend yourself from these kinds of attacks by not putting valuables in your car and putting it in a garage or secured parking lot.