Cars Being Stolen With Keyless Entry
Car owners who leave their keys on a table or in front of their front door could be allowing thieves to hijack the signal. This relay attack is a sophisticated method criminals use to steal new keyless vehicles.
Keyless ignition vehicles emit a low power radio signal to find a matching fob. If the signal can be recorded and recreated, it could be used unlock the car and start it.
Relay Attack
Picture your car parked securely in your driveway, with the key fob sitting safely in your home. You're confident that your car is secure, but unseen by you sophisticated thieves are planning a heist. Instead of slamming windows and jiggling locks, these thieves are leveraging technology to hack into cars via digital cracks in their armor. This method of stealing cars that have keys is known as relay theft.
The keyless entry system that is found in cars is controlled by a signal by the car's RF transmitter to the key fob. To ensure that keyless entry is not accessed by intruders the RF transmitters on the key fob as well as the car are programmed to turn on when they are within a certain distance from each other. However, thieves can circumvent this limitation employing a method known as the'relay-attack'.
Two people are required to complete this: one person stands near the car and uses a device to capture an electronic version of the signal coming from the key fob. The other who is at home with the owner and uses a different device to transmit the signal from the key fob back to the car. This trick tricks the car into thinking that the key fob is close enough to unlock and start it up.
This kind of heist was once a costly process that required expensive equipment. Today, you can purchase a cheap relay transmitter on the internet and complete an heist in just a few minutes. This is why it's so popular among car thieves.
All modern vehicles that have keys are at risk. Some cars are more vulnerable to this type than others. In fact, researchers have tested 237 popular cars and found that they could be all stolen using this method.
Tesla vehicles are supposedly less susceptible to this type of theft, however, the company hasn't yet implemented UWB features to effectively perform distance checks on the car's signal and prevent relay attacks. The company has said that they will do this in the near future, but until then, they are vulnerable. This is why it's crucial to be proactive about your car security and install an anti-theft tool that protects your keys and car from these types of attacks.
CAN Injection Attack
Modern cars are designed to protect themselves from theft by transferring cryptographic messages using the key to prove it's authentic. The system is believed to be secure, but thieves have found ways to get around it. They just impersonate the smart key, and send messages to the car, letting it unlock the doors, turn off its engine immobilizer, and then drive away. To do this they have access to the smart key's internal communications network.
The majority of cars today are fitted with between 20 and 200 electronic control units, also known as ECUs, that manage various aspects of the vehicle's operation. They communicate with each other using a network known as CAN bus. To keep power consumption low, these ECUs enter a low-power sleep mode that's activated when they receive a 'wake up frame. These frames are typically sent by the ECU that is in charge of the smart key or door. These messages aren't always authenticated or encrypted. This means that thieves can intercept them with the use of a cheap and simple device.
They search for a location that allows them to connect directly to the wires of the CAN connection. They usually hide in the headlights, or in other places in the front of the vehicle. To access them, you need to remove the bumper and make holes in the headlamp assemblies. The criminals then employ a device known as a CAN injection attacker to send fake messages which fool the security systems of the car into unlocking the car and disengaging its engine immobilizer.
These devices can be purchased on the Dark Web and work with most major car manufacturers which include BMW and Cadillac, Chrysler, Fiat and Ford, Honda, Hyundai and Jeep, Lexus and Nissan, Renault and Toyota, Volkswagen and Maserati. The researchers who discovered this CAN Injection attack are recommending that all car makers fix it in their existing models, but the reality is that these thieves will continue to take everything they can lay their hands on. We can stop this by installing mechanical safety measures, such as Discloks inside all our vehicles and parking them in well-lit and visible areas.
Jamming the Signal
In a variant different to the relay attack, thieves may use a gadget to jam the signal that is sent by a key fob when the vehicle is locked. The device may be inside the pocket of a burglar in a parking area or in a hiding spot near the driveway being targeted. The owners don't know whether the vehicle is locked after pressing the lock button. Instead, thieves could drive off with the vehicle because the signal that normally locks the car has been blocked by the crook's device.
They car stolen with keys from house also have devices that amplify signals from the key fob to unlock vehicles. They may even do this when the key is inside the pocket of the driver or hanging from its hook in the home. After the car is unlocked, hackers can make use of the standard diagnostic port to program the fob with a blank.
Automobile manufacturers have come up with various anti-theft devices to guard against these kinds of attacks. However, criminals are constantly trying to beat these measures.
They've begun using devices that transmit at the same frequency as remote keyfobs in order to intercept signals. The crooks can then copy the unlock code of the key fob and then start the car using this fake signal.
This method is especially popular in the US, where many cars are equipped with wireless technology. Owners can start and unlock their car through a mobile application from their mobile. This technology is expected to become increasingly popular as more and more manufacturers attempt to connect their vehicles to their owners' smartphones.
It is essential that drivers follow the best practices when parking their vehicles. They should never leave their keys in the ignition and lock the car when they are not in it. If they can it is also recommended to use a gearstick lock or steering device. They should also consider installing a tracking device to their car in case it is stolen.
Flat Battery
This type of attack is more frequent than many people believe. The thieves make use of inexpensive devices that extend the signal from your key fob to enable it to unlock and start your car when it's off. They then drive the car around a corner or onto a trailer to leave with it. Installing a starter circuit interruption switch will protect your vehicle from this. Simpler versions have an ON/OFF button that shuts off the circuit. It costs around $15 and is simple to install.
Car thieves are always trying new ways to get into vehicles and then steal them. The police as well as car manufacturers and insurance companies are constantly trying to keep up to their tactics and develop better anti-theft systems for the latest cars. However, that doesn't stop thieves who are able to change quickly and discover ways to bypass the most recent anti-theft measures.
Many thieves jam the signal with a device that uses the same radio frequency as the fob. They put the device in their pockets or close to their vehicle, and it stops the fob's lock signal from reaching the vehicle which leaves it unlocked. This can be done within minutes. The device is affordable and is available online.
Another strategy is to hack into the car's computer system. This is more difficult but possible. Every car has a diagnostic port, and hackers have developed devices that plug into them and let them access the car's software. They can then program a blank fob to function. It is also possible to do this on older vehicles, however it is more difficult to do without removing the ignition lock.
This method could become more popular as more vehicles are connected to drivers' mobile phones. Once a burglar has gained the username and password to an app for vehicles and then they can unlock or start the car using the app on their phone. You can help be safe from these kinds of attacks by not putting valuables in your car and putting it in a garage or secure parking lot.