A new report by NBC News alerted motorists of a new wave of car thefts in which the thieves use a high tech device to gain access to vehicles. This may suggest that the keyless remote technology used in some cars is not very secure.
According to the report, criminals have designed a new high-tech gadget giving them full access to your car. “It’s so easy, it’s like the criminals have your actual door remote,” the NBC report states.
The police and security experts are baffled by what they have seen, because up to now they believed that the security system used by cars were “hackproof”.
Modern remote entry systems, like the ones used in cars, employ rolling codes and data encryption making it very difficult to crack.
However, according to one of the US’s top security experts, Jim Stickley, criminals seemed to have cracked the system.
“This is really frustrating because clearly they’ve figured out something that looks really simple and whatever it is they’re doing, it takes just seconds to do,” Stickley said.
The report highlighted some perplexing things when observing the thieves in action with these devices:
- The device only seems to work on some vehicles.
- The thieves only seem to strike on the passenger side.
According to the report, the motor vehicle and alarm system manufacturers do not know what this technology is, or how to fight it.
Possible relay attack
Some commentators are speculating that these devices may use a type of relay attack. The thief sits close to the vehicle and intercepts the wireless communication when the owner presses the open button.
This communication is then replayed by the hacking device which is equipped with an RF receiver (to intercept the communication) and a transmitter (to send the communication).
In an academic paper titled “Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars”, the researchers showed that relay attacks on Passive Keyless Entry and Start (PKES) systems used in modern cars can be successful.
“We demonstrated on 10 cars from different manufacturers that PKES systems in some modern cars are vulnerable to relay attacks,” the paper stated.
“This attack allows an attacker to open the car and start the engine by placing one antenna near the key holder and a second antenna close to the car.”
The feasibility of this attack was demonstrated using both wired and wireless setups.