Cars Being Stolen With Keyless Entry
If car owners place their keys on the table or next to their door, they may not realize that they are allowing thieves to hijack their signal. This relay attack is one of the high-tech methods criminals are using to steal new keys from cars.
All keyless ignition vehicles emit a low-power radio signal to find the fob that matches. If the signal is recorded and recreated it can be used to unlock the car and begin it up.
Relay Attack
Imagine your car safely in your driveway, and your key fob at home. You might think that your car is safe but sophisticated thieves are planning a heist, without you even knowing. Instead of slamming windows and jiggling locks, thieves are leveraging technology to hack into vehicles using digital chinks in their armor. Known as relay theft, it's an increasingly popular method of stealing cars with keyless entry.
Cars equipped with keyless entry are designed to operate via signals that are sent from the remote control (RF) transmitter to the owner's key fob. To prevent keyless entry by unauthorised persons, the RF transmitters on the key fob as well as the car are programmed to activate when they are within a specified distance of each other. However, a thief can overcome this limitation using a technique called the 'relay attack'.
To accomplish this two people work in tandem One stands near the car and uses a device that captures a digitized version of the key fob's signal. The other person, who is at the owner's home, uses a second gadget to transmit the signal from the key fob to the car. This trickery fools the car into thinking the key fob is near enough to unlock and begin the engine.
This type of attack used to require expensive equipment. You can now buy an inexpensive relay transmitter online and carry out a heist within minutes. This is the reason why car thieves love it.
All modern vehicles that have keyless access are vulnerable. Some cars are more susceptible to this kind of attack than others. Researchers have examined 237 well-known automobiles and found that all of them are susceptible to being stolen through this method.
Tesla vehicles are supposedly less susceptible to this type of theft, but the company hasn't yet implemented UWB features that would effectively perform distance checks on the car's signal and protect against relay attacks. The company has stated that they'll implement this in the near future, however until then, they're vulnerable. This is why it's crucial to take a proactive approach to your vehicle security and install an anti-theft device that protects your keys and car from these types of attacks.
CAN Injection Attack
Modern cars can guard themselves against thieves by sending encrypted messages to the key to confirm its authenticity. The system is thought to be safe, but thieves have found ways around it. They pretend to be a smart key, send messages to the vehicle and then drive away. To do this, they gain access to the smart keys' internal communication network.
Most cars today are equipped with between 20 and 200 electronic control units, also known as ECUs, that manage various aspects of the vehicle's operation. They communicate with each other via the CAN bus. These ECUs enter a low-power sleep mode to lower their power consumption. This mode is activated when the ECUs receive a "wake up" frame. These frames are usually sent via the door or smart key receiver ECU. However the messages aren't usually authenticated or encrypted and, therefore, can be intercepted by criminals using a cheap and basic device.
They search for a location that allows them to connect directly to the wires of the CAN connection. They are usually hidden in the headlights or in other locations in the front of the vehicle. To get them, you can remove the bumper and cut holes in the headlamp assemblies. The thieves use the device referred to as an CAN injection attack. It is used to send fake messages which trick the car's safety systems into unlocking and disengaging the engine immobilizer.
These devices can be purchased on the Dark Web and work with the majority of major car manufacturers which include BMW and Cadillac, Chrysler, Fiat and Ford, Honda, Hyundai and Jeep, Lexus and Nissan, Renault and Toyota, Volkswagen and Maserati. Researchers who have discovered the CAN Injection attack recommend that all car manufacturers fix this issue in their existing models. However, these thieves will continue to steal whatever they can. The best we can do is to try and prevent this by putting in mechanical security measures like Discloks on our vehicles and ensuring that they are always placed in areas that are well-lit and are clearly visible to passers-by.
The Signal is blocked
In a different variation of the relay attack, thieves can use a gadget to jam the signal from the key fob when the car is locked. The device could be inside the pocket of a burglar in a parking area or in a hideout near the driveway that is being targeted. When owners hit the button to lock their fobs and walk away and leave, they don't have to think about whether or not their car is really is locked. Instead, thieves can take off with the car because the signal that normally locks the car has been blocked by the device of the criminal.
They also make use of devices that amplify signals from the key fob to unlock vehicles. They can even do this while the key is in the pocket of the driver or hanging from a hook in the home. When the car is unlocked, they can make use of a standard diagnostic port or computer hacker to program an unlocked key fob to gain control of the vehicle.
To safeguard against this kind of attack, car makers have created a variety of anti-theft devices. But thieves always come up with ways to thwart these measures.
They've started using devices that transmit at the same frequency as remote keyfobs in order to intercept signals. The crooks can then copy the unlock code of the key fob and then start the car using this fake signal.
This method is very popular in the US and Europe where many cars are sold with wireless technology that lets owners unlock and start their cars by using a mobile application on their phone. This technology is expected to become more popular as more and more manufacturers attempt to link their vehicles with their owner's smartphones.
In addition to implementing anti-theft systems in vehicles, it's crucial for drivers to use the best practices when parking their cars. They should not leave their keys in the ignition and lock the car when not in it. If possible it is also recommended to use a gearstick lock or steering device. They should also consider installing a tracking device to their car in case it's stolen.
Flat Battery
This kind of attack occurs more often than we think. The thieves employ inexpensive devices that extend the check here signal from your key fob to unlock and start your car if it is off. Then they drive the vehicle to an unmarked trailer or around a corner and take the car away. It is possible to shield your vehicle from this by installing an interrupter for the starter circuit. The most basic ones have an ON/OFF switch that interrupts the starter circuit. It's about $15 and is simple enough to install by yourself.
Car thieves are constantly searching for new ways to steal vehicles. Car manufacturers, police and insurance companies are always trying to stay on top of the latest tactics and provide better anti-theft systems for modern vehicles. However, this does not stop thieves who are able to be quick to adapt and find ways around the most recent anti-theft measures.
A lot of thieves block the signal with devices that use the same radio frequency of the fob. The device is placed in the pocket or close to the vehicle and blocks the fob from sending the lock command to the car. This can be done within just a few seconds. The device is cheap and available on the internet.
Another option is to hack the car's computer system. This is more difficult, but still feasible. Hackers have developed devices that plug into the diagnostic port of all vehicles and allow them to access the software. They can then program an unfinished fob to work. It is possible to do this on older cars also, but it's more difficult without removing the ignition.
As more vehicles are linked to the phones of drivers and this method could become more popular too. Once a thief has the username and password to a vehicle app and is able to unlock or start the vehicle with the app. It is possible to be safe from these kinds of attacks by not putting valuables in your car, and then parking it in a garage or secured parking lot.