Cars Being Stolen With Keyless Entry
If car owners leave their keys on the table or near their door, they may not realize that they are allowing thieves to hijack their signal. This relay attack is one of the latest techniques criminals are using to steal brand new keyless cars.
Keyless ignition vehicles emit a low power radio signal to find the fob that matches. If the signal can be captured and recreated, it can be used unlock the car and to start it.
Relay Attack
Imagine your car safely at your driveway, with your key fob at home. You're confident that your vehicle is safe, but unnoticed by you, sophisticated thieves are plotting an heist. Instead of breaking windows or jimmying locks, thieves are leveraging technology to gain access to cars through digital chinks in their armor. This method of stealing cars that have keys is known as relay theft.
The keyless entry system found in cars is controlled by a signal sent from the car's RF transmitter to the key fob. To ensure that keyless entry is not unauthorized the RF transmitters on the key fob and car are programmed to only activate when they're within certain distance from each other. A thief, however, can circumvent this limitation employing a method known as the "relay-attack".
Two individuals are required to perform this: one person is close to the car and utilizes a device to capture a digitalized version of the signal coming from the key fob. The other person, who is at home with the owner and uses a different device to transmit the signal from the key fob to the car. This trick tricks the car into believing that the key fob has traveled a distance sufficient to allow it to be opened and started the vehicle.
In the past, this kind of heist required expensive equipment to carry out. However, now you can purchase relay transmitters on the cheap online and execute a heist in minutes. This is why it's so well-liked by car thieves.
While some cars are less prone to this kind of theft than others, all modern cars with keyless entry are vulnerable. Researchers have tested 237 popular cars and found that all of them could be taken by this method.
Tesla cars are said to be less prone to this kind of theft, however, the company hasn't yet implemented UWB features that would effectively check distances on the car's signal to stop relay attacks. The company has stated that they'll implement this in the near future, but until then, they're vulnerable. This is why it's crucial to take a proactive approach to your security in your car and install an anti-theft device that protects your keys and car from these types of attacks.
CAN Injection Attack
Modern vehicles are designed to protect themselves from thieves by exchanging cryptographic messages with the key to prove that it's genuine. This method is generally thought to be secure, however criminals have found a way around it. They simply impersonate the smart key and send other messages to the car letting it unlock the doors, turn off its engine immobilizer, then let them go on their way. To do this, they gain access to the smart keys' internal communication network.
Most cars today are equipped with between 20 and 200 electronic control units, or ECUs, that manage various aspects of the vehicle's operation. They communicate through an electronic network known as CAN bus. These ECUs enter a low power sleep mode to reduce their power consumption. This mode is activated when the ECUs receive a "wake up" frame. These frames are typically sent from the door or smart key receiver ECU. However the messages aren't usually authenticated or encrypted so they can be intercepted by criminals using a cheap and basic device.
To accomplish this, they must look for a location where they can connect directly to the CAN bus wires. These are often hidden away inside the headlights or elsewhere in front of the car, and can be accessed by pulling the bumper off and cutting holes in the headlamp assembly to expose them. The thieves use a device known as an CAN injection attack. It is used to send fake messages which can trick the security systems of the car into unlocking and disengaging the engine immobilizer.
These devices are for sale on the Dark Web, and work for all major car manufacturers which include BMW, Cadillac, Chrysler, Fiat, Ford, Honda, Hyundai, Jaguar, Jeep, Lexus, Nissan, Renault, Toyota, Volkswagen, Maserati, and more. Researchers who discovered the CAN Injection attack recommend that all car manufacturers fix this in their existing models. However, these thieves will continue taking whatever they can. We can stop this by implementing mechanical safety measures such as Discloks in all our vehicles and parking them in well-lit, well-lit areas.
Blocking the Signal
In a variation of the relay attack, which makes use of a device that can be used to block the signal sent by key fobs while the vehicle is locked. The device could be found in the pocket or hidden the location of a thief in a parking lot, or near the driveway being targeted. The owners don't know if the vehicle is locked when they press the lock button. Instead, thieves can drive off with the vehicle because the signal that normally locks the car has been blocked by the device of the criminal.
They also make use of devices that amplify signals from the key fob to unlock vehicles. The crooks are able to do this even when the key is inside a driver's pocket, or hanging on a hook inside the home. After the car has been unlocked, they can use a standard diagnostic port or computer hacker to program the blank key fob and gain control of the vehicle.
Automobile manufacturers have come up with various anti-theft devices to guard against these kinds of attacks. However, thieves will always find ways to defeat these measures.
For example, they've started using devices that transmit on the same frequency as remote key fobs to intercept their signals. The thieves can then copy the unlock code of the key fob and then start the car using this fake signal.
This method is particularly popular in the US, where many cars come with wireless technology. Owners can start and unlock their car through a mobile application on their smartphone. This technology is expected to become increasingly popular as more and more manufacturers attempt to connect their vehicles to their owners' smartphones.
It is essential that drivers follow the best practices to park their vehicles. They should never leave the key fobs in ignition and lock the car when they are not in it. If possible, they should also use a steering or gearstick locking device. They should also think about fitting a tracking device to their vehicle in the event that it's stolen.
Flat Battery
This type of attack occurs more often than we think. Thieves employ inexpensive devices to extend the signal from your key fob to unlock and begin a car even when it's switched off. Then they drive the car to the trailer or around a corner to take it away. Installing an interruption switch to the starter circuit can protect your vehicle from this. The simplest ones are an ON/OFF switch which interrupts the starter circuit. It's about $15 and is simple to install.
Car thieves are constantly looking for new ways to rob vehicles. The police as well as the car makers and insurance companies are always trying to keep up with their tactics and offer better anti-theft solutions for modern vehicles. However, this doesn't stop thieves who can be quick to get more info adapt and find ways to circumvent the latest anti-theft technology.
A lot of thieves block the signal with devices that operate on the same radio frequency as the fob. The device is put in the pocket or near the vehicle and prevents the fob from transmitting the lock command to the car. This can be done in seconds. The device is affordable and easily available online.
Hacking the computer system of the car is an alternative option. This is more difficult, but possible. Every car has an diagnostic port, and hackers have designed devices that connect to them and let them access the car's software. From there, they can program a blank key fob and start working. It is possible to do this with older cars as well, but it's more difficult if you remove the ignition.
As more vehicles are connected to smartphones of drivers, this method may become more popular as well. Once a criminal has the username and password to an application for vehicles, they can unlock or start the vehicle by using the app. It is possible to be safe from these kinds of attacks by not leaving valuables in your car and putting it in a garage or secured parking lot.