As the rise in the number of vehicle thefts by keys decreases, a number of auto-based companies are adopting keyless technologies, however, researchers have found recent thefts far from similar. United Kingdom stolen car recovery and tracking service provider, TRACKER, has warned against thieves stealing keyless-based vehicles without needing any form of physical access.
As keyless technology does not require a physical form of authentication, it is clearly vulnerable to hacking and having the technology tampered with remotely. Thieves have been found jamming the lock signal or reading the signal and emulating it to gain access to keyless vehicles, by using cheaply available kits found widely available online.
While more companies are moving towards keyless technology, criminals have moved towards cleaner equipment publicly available such as reprogrammable keys and computers. TRACKER reported the equipment needed to execute such attacks is available on eBay for less than $150. Meaning anyone could hack a car for under $150.
Swiss Federal Institute of Technology, ETH Zurich, shows that wireless key signals can also be read over long distance with a simple low-cost amplifier. Although the signal needs to be moderately close to the physical car or locks, signals can be picked up from up to 100 meters away from the vehicle. Meaning attackers could be in a closer remote location such as a house or office space.
ETH Zurich researchers tested 10 car models from eight different vehicle manufacturers, all of which could be opened with a signal amplified to a car from around 100 meters away, allowing for remote unlocking. Different crypto and protocols did not affect the style of execution needed for the attack, protocols could be easily emulated. Kits for wired attacks were found to cost around $50, and for their easy-to-execute wireless attacks, kits cost around $100-$1000 commercially, depending on the electric materials that were used.
Released figures by the ACPO show there has been a massive 76% decline in car theft over the past 10 years, yet other thieves are exploiting newer technologies which help reduce the risk of being caught, seeing as the older method required the latter, some form of physical access (keys, picking, breaking windows).
“Car hacking is a growing issue for motorists, especially as the devices that override the ignition system are so freely available on the internet and only cost around £20 ($30),” police liaison officer for TRACKER, Andy Barrs, said in a statement. “Today’s sophisticated security systems mean thieves have to be smarter than ever and the latest trends show that criminal gangs have found a way to crack keyless cars,” Barrs continued.
Another challenge that remains is “the equipment being used to steal a vehicle in this way is legitimately used by workshops to carry out routine maintenance, therefore the challenge remains, how to stop these devices ending up in the wrong hands,” Barrs told Fleetworld.
“The criminal act of stealing vehicles through the re-programming of remote-entry keys is an on-going industry-wide problem,” said Jaguar Land Rover in a statement to BBC a short time ago.
Though many claim keyless cars have helped reduced theft, some say the physical key is still the most common weak point. “The keys are still the weakest link in a car security chain. If someone has your keys, they have your car,” Ian Crowder, from motorists’ group the AA said.
Thieves will always want your key and default to breaking in a home to steal the keys for the vehicle.
Has keyless technology created a new market for thieves, complicated the car hacking market, or only altered the market for car theft?