Cars Being Stolen With Keyless Entry
If car owners throw their keys on the table or next to their doors, they could unknowingly allow thieves to steal their signal. This relay attack is a highly-tech method criminals use to steal keyless vehicles.
All keyless ignition vehicles emit a low power radio signal that is used to locate the fob that matches. If the signal is captured and recreated, it can be used to unlock the car and then start it up.
Relay Attack
Imagine your car safely parked in the driveway, and the key fob safely in your home. You might think that your car is safe however, sophisticated thieves are planning a heist without you even knowing. The thieves employ technology to snoop on vehicles through digital chinks. Known as relay theft, it's an increasingly common way to steal cars that have keyless entry.
Keyless entry cars are designed to operate using signals that are transmitted from the remote control (RF) transmitter to the owner's key fob. To prevent keyless entry by unauthorised persons the RF transmitters that are on the key fob and the car are programmed only to be activated when they are within a certain distance from one another. A thief, however, is able to circumvent this restriction employing a method known as the "relay-attack".
Two individuals are required to perform this: one person stands close to the car and uses a device to capture a digitalized version of the the key fob. The other, in the vicinity of the owner's house and using a second device to send the key fob's signal to the car. This trickery fools the car into thinking the key fob is near enough to be able to unlock it and start the engine.
In the past, this kind of heist required expensive equipment to carry out. Now, you can buy relay transmitters for inexpensive online market and carry out the heist in just a few minutes. This is the reason it's well-liked by car thieves.
All modern vehicles that have keyless access are at risk. Certain vehicles are more vulnerable to this type than others. Researchers have examined 237 well-known automobiles and found that all of them could be taken through this method.
Tesla vehicles are said to be less susceptible to this kind of theft. However Tesla hasn't implemented UWB technology that would allow it to perform distance checks and stop relay attacks. The company has stated that they'll implement this in the near future, but until then, they're vulnerable. That is why it's important to adopt a proactive approach to your car security and install an anti-theft device that safeguards your keys and vehicle from these kinds of attacks.
CAN Injection Attack
Modern vehicles can defend themselves from thieves by exchanging encrypted messages with the key to prove its authenticity. The system is thought to be secure, but criminals have found ways to circumvent it. They fake the identity of a smart key, transmit messages to the vehicle and then drive off. To do this they gain access to the smart key's internal communication network.
Today, most cars are equipped with between 20 and 200 electronic control units, or ECUs, that manage various aspects of the vehicle's operation. They communicate via a network called CAN bus. These ECUs enter a low power sleep mode to reduce their power consumption. This mode is activated when ECUs receive an "wake up" frame. These frames are typically sent through the door or a smart key receiver ECU. These messages aren't always authenticated or encrypted. This means that thieves can capture them using the use of a cheap and simple device.
They search for a spot where they can connect directly to the wires for CAN connection. These are often hidden away inside the headlights or elsewhere in front of the vehicle, and are accessible by pulling the bumper off and cutting holes in the headlamp assembly to expose them. The criminals then use a device called an CAN injection attacker, which is used to send fake messages that trick the car's security systems into unlocking it and disengaging its engine immobilizer.
These devices can be bought on the Dark Web and work with the majority of major car manufacturers, including BMW and Cadillac, Chrysler, Fiat and Ford, Honda, Hyundai and Jeep, Lexus and Nissan, Renault and Toyota, Volkswagen and Maserati. The researchers who discovered this CAN Injection attack are recommending that all car makers fix it in their existing models, but the fact is that the thieves will continue to grab whatever they can get their hands on. We can stop this from happening by implementing mechanical safety measures, such as Discloks inside all of our cars and parking them in well-lit, visible areas.
The Signal is blocked
In a variant different to the relay attack, thieves could make use of a device to block the signal from an electronic key fob if the car is locked. The device could be inside the pocket of a thief in a parking space or in a hideout close to the driveway that is being targeted. Once owners hit the button to lock their fobs and walk away, they don't think about whether or not their car is actually locks. The device of the crook blocks the signal that locks the vehicle. Therefore, thieves could leave the vehicle.
The crooks also use devices to amplify the key fob's signals to unlock vehicles. They can even do this when the key is in the pocket of the driver or hanging from a hook inside the house. When the car is locked, they can use a standard computer hacker to program a blank key fob and gain control over the vehicle.
Automobile manufacturers have developed a range of anti-theft systems to guard against these kinds of attacks. But, thieves are constantly trying to beat these measures.
They've been using devices that transmit at the same frequency as remote keyfobs in order to intercept signals. The crooks then copy the unlock code of the key fob, and then start the vehicle with this fake signal.
This technique is particularly popular in the US where a lot of cars have wireless technology. Owners can start and unlock their car by using a mobile app from their mobile. This technology is likely to become more popular as more manufacturers try to connect their vehicles with their owners' smartphones.
It is essential that drivers follow the right procedures to park their vehicles. They should not leave the key fobs in ignition and always secure the car when not in it. If possible it is also recommended to use a gearstick lock or steering device. They should also consider installing a tracking device on their vehicle in the event it is stolen.
Flat Battery
This kind of attack is more prevalent than most people realize. Thieves use cheap devices to extend the signal from your key fob to unlock and start the car, even if it's turned off. They then drive the car around the corner or onto a trailer to then drive off with it. It would be possible to protect your car from this by installing an interrupter switch for the starter circuit. Simpler versions have an ON/OFF button that shuts off the circuit. It's about $15 and is easy to install.
Car thieves are always searching for new ways to steal vehicles. Car manufacturers, police and insurance companies are constantly trying to keep up with the car stolen without key latest techniques and offer better anti theft systems for modern vehicles. But this isn't stopping thieves who adapt quickly and find ways to circumvent the latest anti-theft technology.
A lot of thieves block the signal with a device that uses the same radio frequency as the fob. They put the device in their pockets or somewhere close to their vehicle, and it blocks the fob's lock command from reaching the car, leaving it unlocked. This can be done in just a few seconds. The device is inexpensive and can be purchased on the internet.
Hacking the computer system of the car is another option. This is more difficult but feasible. Hackers have developed devices that connect to the diagnostic port of all cars and allow them to connect to the software. From there, they are able to program a blank key fob and start working. This is also possible on older cars, although it is more difficult without removal of the ignition lock.
As more vehicles are linked to drivers' phones, this method may become more popular too. Once a thief gets the username and password to an app for vehicles they are able to unlock or start the car by using the app on their phone. You can help be safe from these kinds of attacks by not putting valuables in your car, and then parking it in a garage or secure parking lot.