Cars Being Stolen With Keyless Entry
If car owners throw their keys on the table or near their doors, they may unknowingly allow thieves to steal their signal. This relay attack is one of the advanced methods criminals are using to steal brand new keyless vehicles.
Keyless ignition vehicles emit a low-power radio signal that is used to locate an appropriate fob. If the signal can be recorded and recreated, it can be used to unlock the car and start it.
Relay Attack
Picture your car parked securely in your driveway, with the key fob sitting safely inside your home. You're sure that your car is safe, but unnoticed by you sophisticated thieves are planning an attack. Instead of slamming windows and jiggling locks, thieves are leveraging technology to hack into vehicles using digital cracks in their armor. This method of stealing cars with keyless access is known as relay theft.
Keyless entry cars are designed to operate using an electronic signal that is that is transmitted by the car's remote control (RF) transmitter to the owner's key fob. To ensure that keyless entry is not accessed by unauthorized individuals, the RF transmitters on the key fob and the car are programmed only to turn on when they are within a certain distance from each other. However, thieves are able to override this restriction using a technique called the 'relay attack'.
Two people are required to complete this: one person is close to the car and utilizes a device to capture an electronic version of the signal from the key fob. The other who is at the owner's home is using a second device to transmit the signal from the key fob back to the car. This trick tricked the car into thinking the key fob is close enough to unlock and begin the engine.
This type of heist used to require expensive equipment. However, now you can pick up relay transmitters for cheap online and execute a heist in minutes. This is why it's popular with car thieves.
All modern vehicles that have keyless access are at risk. Some cars are more vulnerable to this type of attack than others. In fact researchers have examined 237 popular vehicles and found that they could be all stolen using this method.
Tesla vehicles are believed to be less prone to this kind of theft, but the company hasn't yet implemented UWB features that would effectively conduct distance checks on the car's signal to prevent relay attacks. The company has stated that they will implement this in the future but until then, they are vulnerable. That is why it's important to be proactive about your security in your car and install an anti-theft kit which protects your keys as well as your vehicle from these kinds of attacks.
CAN Injection Attack
Modern vehicles can defend themselves from thieves by sending encrypted messages to the key to confirm its authenticity. The system is believed to be secure, but thieves have found ways around it. They pretend to be a smart key, transmit messages to the vehicle, and then drive off. To accomplish this, they have access to the smart keys' internal communication network.
Nowadays, the majority of cars are equipped with between 20 to 200 electronic control units (or ECUs) that manage different aspects of the car's operation. They communicate with one another using an electronic network referred to as CAN bus. These ECUs enter a low-power sleep mode to reduce their power consumption. This mode is activated when the ECUs receive a "wake up" frame. These frames are usually sent by the ECU that controls the smart key or door. These messages are not always encrypted or authenticated. This means that criminals can intercept them with the use of a cheap and simple device.
To accomplish this, they must look for a place that allows them to connect directly to the CAN bus wires. They usually hide in the headlights or in other locations in the front of the vehicle. To get them, you need to remove the bumper and make holes in the headlamp assemblies. The thieves use an instrument known as an CAN injection attack to send fake messages that can trick the security systems of the car into unlocking and disengaging the engine immobilizer.
These devices can be purchased on the Dark Web and work with the majority of major car manufacturers which include BMW and Cadillac, Chrysler, Fiat and Ford, Honda, Hyundai and Jeep, Lexus and Nissan, Renault and Toyota, Volkswagen and Maserati. The researchers who discovered this CAN Injection attack are recommending that all car makers fix it in their existing models, but the reality is that these thieves will continue to steal whatever they can get their hands on. The best we can do is to try and prevent this by installing mechanical security measures like Discloks on all our vehicles, and making sure that they are always located in areas with adequate lighting that are clearly visible to people passing by.
Jamming the Signal
In a different variant of the relay attack, thieves could employ a device to block the signal that is sent by a key fob when the car is locked. The device could be in the pocket or hiding place of a thief on a parking lot, or near the driveway that is being targeted. When owners press the button to lock their fobs and walk away, they don't think about whether or not their car is actually locks. The device used by the criminal blocks the signal that locks the vehicle. Thus, thieves are able to drive away with the vehicle.
They also make use of devices that amplify signals from the key fob to unlock vehicles. They may even accomplish this if the key is in the pocket of the driver or hanging from its hook in the house. After the car is unlocked, hackers can make use of an ordinary diagnosis port to create a blank fob.
To guard against this kind of attack, car makers have developed a variety of anti-theft devices. But thieves always come up with ways to thwart these measures.
They've been using devices that transmit at the same frequency as remote keyfobs in order to intercept signals. The thieves copy the unlock code of the key fob, and then start the vehicle with this fake signal.
This method is especially popular in the US, where many cars are equipped with wireless technology. Owners can unlock and start their vehicle through a mobile application on their phone. This technology will likely increase in popularity as more manufacturers try to connect their vehicles with their owners smartphones.
It is essential that drivers follow the best practices when parking their vehicles. They should never leave their key fobs in the ignition, should always ensure that the car is fully locked when they're not in it and should utilize an engine or steering wheel lock, if they can. They should also think about having a tracking device fitted to their car in case it gets stolen.
Flat Battery
This type of attack is more frequent than people think. The thieves employ inexpensive devices that extend the signal from your key fob in order to unlock and start your car, even if it is off. They then drive the car around a corner or to a trailer and take off with it. It would be possible to protect your car from this by installing an interrupter switch for the starter circuit. Simpler versions include an ON/OFF button that shuts off the circuit. It's about $15 and is easy enough to install yourself.
Car thieves are always working on new ways to get into vehicles and take them away. The police as well as car manufacturers and insurance companies are always trying to keep up with their tactics and provide better anti-theft systems for modern cars. However, this doesn't stop thieves who can adapt quickly and find ways to bypass the latest anti theft measures.
For instance, a lot of thieves use a device that works on the same radio frequency as the fob to jam the signal. They put the device in their pockets or near their vehicle, and it stops the fob's lock command from reaching the vehicle, leaving it unlocked. This can be done in just a few seconds. The device is cheap and easily accessible online.
Hacking the computer system of the car is another option. This is more difficult but possible. Hackers have designed devices that connect to the diagnostic port of all cars and allow them to access the software. They can then program a blank fob to function. It is possible to do this read more on older vehicles too however it is more difficult if you remove the ignition.
As more vehicles are connected to the phones of drivers, this method may become more popular as well. Once a burglar has gained the username and password to the vehicle app, they can then unlock the car or start it by using the app on their phone. Fortunately, you can protect yourself from these types of attacks by not leaving valuables in your car and putting it in a garage or secured parking lot.