Keyless entry systems vulnerable to high-tech car thieves
Swiss researchers find holes in the keyless systems from eight car manufacturers.
By Colin Bird
Remote keyless entry has been around for a while – since the late 1980s, in fact – and today it’s almost standard on all new cars. But the pervasiveness of this feature is not without consequence. As researchers in Switzerland point out, the technology can make vehicle theft a breeze for a savvy thief.
Remote keyless-entry systems use radio waves that typically are specific to a manufacturer, and the signals are usually encrypted. When your vehicle’s key fob is within 20 feet of the car, you’re allowed to transmit a signal to unlock the doors, pop the trunk, remote start your car (when equipped) or activate the car alarm.
Researchers at ETH Zurich discovered that these encrypted signals are easy to intercept and trick.
The theft works by setting up two antennas, one near the targeted vehicle and one near the holder of the key fob — be it in a purse, bag or pocket. This equipment can usually be purchased for $100 to $1,000. The person with the antenna aimed at the owner of the key fob needs to get within 26 feet of the target. In a store, this could be a few aisles away, so as to not arouse suspicion.
Once the antenna is near the intended victim’s key fob, the key transmits a low-power signal to the antenna, which is then relayed to the antenna near the vehicle. Once that occurs, the thief can unlock the doors and drive away (if the vehicle has push-button start).
The Swiss researchers hacked into eight car manufacturers’ passive-entry systems using this method. No cryptology or protocol could stop it.
While this system may seem fairly complicated, it could catch on with car thieves because of the cost of the equipment and anonymity. However, the hack cannot start the cars with traditional keys. Today’s ignition systems are increasingly complicated and secure. That’s one reason why car thefts are largely on the decline in the U.S.
David Wagner, a computer science professor at the University of California at Berkeley, said there are probably easier way to steal cars, but the “nasty aspect of high-tech car theft” is that it doesn’t leave any sign of forced entry. That could lead to problems with police and insurance companies in tracking down the criminals or with filing claims.
Right now, the only way to protect yourself is by either shielding your key fob’s radio with a guard or leaving your key fob at home. Srdjan Capkun, an assistant professor at ETH Zurich, says the institute is working on a way to prevent this sort of theft.
MORE AT CARS.COM
Researchers at ETH Zurich discovered that these encrypted signals are easy to intercept and trick.
Once the antenna is near the intended victim’s key fob, the key transmits a low-power signal to the antenna, which is then relayed to the antenna near the vehicle. Once that occurs, the thief can unlock the doors and drive away (if the vehicle has push-button start).
The Swiss researchers hacked into eight car manufacturers’ passive-entry systems using this method. No cryptology or protocol could stop it.
While this system may seem fairly complicated, it could catch on with car thieves because of the cost of the equipment and anonymity. However, the hack cannot start the cars with traditional keys. Today’s ignition systems are increasingly complicated and secure. That’s one reason why car thefts are largely on the decline in the U.S.
David Wagner, a computer science professor at the University of California at Berkeley, said there are probably easier way to steal cars, but the “nasty aspect of high-tech car theft” is that it doesn’t leave any sign of forced entry. That could lead to problems with police and insurance companies in tracking down the criminals or with filing claims.
Right now, the only way to protect yourself is by either shielding your key fob’s radio with a guard or leaving your key fob at home. Srdjan Capkun, an assistant professor at ETH Zurich, says the institute is working on a way to prevent this sort of theft.
. .