Cars Being Stolen With Keyless Entry

Car owners who throw their keys on tables or near their front doors could be giving thieves the ability to take over the signal. This relay attack is a highly-tech method used by criminals to steal keys from new vehicles.

Keyless ignition vehicles emit an extremely low-power radio signal, seeking a compatible fob that can respond. If the signal is recorded and recreated it can be used to unlock the car and start it up.

Relay Attack

Imagine your car in your driveway, and your key fob at home. You may think your car is secure however, sophisticated thieves are planning a heist without you being aware. Instead of breaking windows or jimmying locks, thieves are using technology to gain access to cars through digital chinks in their armor. This is known as relay theft, it's an increasingly popular method of stealing cars with keyless entry.

The keyless entry system that is found in cars is controlled by a signal sent from the car's RF transmitter to the key fob. To ensure that keyless entry is not accessed by unauthorised persons, the RF transmitters on the key fob as well as the car are programmed only to be activated when they are within a specific distance from each other. The thief is able to circumvent this restriction employing a technique called the "relay-attack".

To accomplish this, two people work in tandem: one stands by the car and uses the device that captures a digitized version of the key fob's signal. The other, in the vicinity of the home of the owner is using a different device to send the key fob signal back down to the car. This trickery fools the car into thinking that the key fob has traveled a distance sufficient to unlock and start the vehicle.

In the past, this type of attack required expensive equipment in order to execute. You can now buy an inexpensive relay transmitter online and pull off a heist within minutes. This is why car thieves are enthralled by it.

While certain cars are less susceptible to this type of theft than others, all modern cars with keyless entry are at risk. Researchers have examined 237 well-known cars and found that all of them can be stolen by this method.

Tesla vehicles are said to be less vulnerable to this kind of theft. However, the company hasn't yet implemented UWB technology that would enable it to perform distance checks and prevent attacks via relay. The company has stated that they will implement this feature in the near future, but until then, they remain vulnerable. Installing an anti-theft device that guards your keys and your car against such a threat is a proactive way to ensure the security of your vehicle.

CAN Injection Attack

Modern vehicles are designed to shield themselves from theft by exchanging cryptographic data with the key to prove it's authentic. The system is generally believed to be secure, but criminals have found a way around it. They impersonate a smart key, transmit messages to the vehicle and then drive off. To do that they gain access to the smart key's internal communications network.

The majority of cars today are fitted with between 20 and 200 electronic control units, or ECUs, that control different aspects of the vehicle's operation. They communicate with each other using the CAN bus. To ensure that power consumption is low, these ECUs go into sleep mode with low power that is activated when they receive a 'wake up' frame. These frames are typically sent by the ECU that controls the smart key or door. These messages are not always encrypted or authenticated. This means that criminals are able to intercept them with the use of a cheap and simple device.

They search for a location that allows them to connect directly to the wires of the CAN connection. These are often hidden away inside the headlights or elsewhere in front of the car and are accessible by removing the bumper and cutting holes in the headlamp assembly to expose them. The thieves employ an instrument known as a CAN injection attack to send fake messages which fool the safety systems of the car to unlock and disable the engine immobilizer.

The devices are available on the Dark Web and work with all major car makers, including BMW and Cadillac, Chrysler, Fiat and Ford, Honda, Hyundai and Jeep, Lexus and Nissan, Renault and Toyota, Volkswagen and Maserati. The researchers who discovered this CAN Injection attack are recommending that all car manufacturers fix it in their existing models, but the reality is that the thieves will continue to steal everything they can lay their hands on. The best we can do is try and prevent this by installing mechanical security measures like Discloks on cars and ensuring that they are always placed in areas that are well-lit and are clearly visible to passers-by.

Jamming the Signal

In a different variation of the more info relay attack, thieves may make use of a device to block the signal from a key fob when the car is locked. The device could be found in the pocket or hiding where a burglar is hiding on an open parking lot or even near the driveway that is being targeted. The owners don't know if the car is locked after pressing the lock button. Instead, thieves can take off with the car because the signal that normally locks the car is blocked by the device of the criminal.

They also make use of devices that amplify signals from the key fob to unlock vehicles. They can accomplish this if the key is inside the pocket of the driver or hanging from its hook inside the house. Once the car has been locked, hackers can use a standard diagnosis port to create an unlocked fob.

Car manufacturers have come up with a variety of anti-theft solutions to guard against these kinds of attacks. But, thieves are constantly looking for ways to defeat these measures.

For example, they've started using devices that transmit on the same frequency as remote key fobs in order to intercept their signals. The thieves can then copy the unlock code of the key fob and start the car with this fake signal.

This technique is particularly popular in the US where a lot of cars come with wireless technology. Owners can unlock and start their vehicle through a mobile application on their phone. This technique is likely to become more popular as more manufacturers try to link their cars with their owners phones.

In addition to implementing anti-theft systems in vehicles, it's important for drivers to follow the best practices when they park their vehicles. They shouldn't leave their keys in the ignition. They should always make sure the car is fully locked when they're not using it and should make use of an engine or steering wheel lock, if it is possible. They should also consider installing a tracking device to their car in the event it gets stolen.

Flat Battery

This kind of attack is more frequent than most people realize. The thieves employ low-cost devices that increase the signal of your key fob in order to unlock and start your car when it's off. They then drive the car around a corner or to a trailer and leave with it. It is possible to shield your vehicle from this by installing an interrupter switch for the starter circuit. Simpler versions come with an ON/OFF button that interrupts the circuit. It costs around $15 and is easy to install.

Car thieves are constantly searching for new ways to steal vehicles. Police, car manufacturers and insurance companies are always trying to stay on top of the latest methods and offer more effective anti-theft systems for modern vehicles. However, this isn't stopping thieves who be quick to adapt and find ways to bypass the latest anti-theft technology.

Many thieves jam the signal with devices that use the same radio frequency of the fob. They put the device in their pockets or in a location near their vehicle, and it blocks the fob's lock commands from reaching the vehicle, leaving it unlocked. This can be done in seconds. The device is affordable and easily accessible on the internet.

Another option is to hack into the car's computer system. This is more difficult but it is still possible. Hackers have developed devices that plug into the diagnostic port of all vehicles and permit them to access the software. They can then program the fob with blank code to function. It is possible to do this on older cars as well, but it's more difficult without removing the ignition.

As more vehicles are connected to smartphones of drivers, this method may become more popular too. Once a thief gets the username and password to an app for vehicles, they can then unlock or start the car with the app on their phone. Fortunately, you can be safe from these kinds of attacks by not putting valuables in your car and parking it in a garage or secure parking lot.