CAT Autokeys explains the problem of keyless car entry system hacking for the next generation of connected cars.
The subject of car connectivity is currently a hot topic in the automotive industry and more car companies than ever before are working with technology companies such as Microsoft to make comprehensive connectivity a reality.
One area of importance for future connected vehicles is security and instead of physical keys, connected cars are increasingly looking to digital, smartphone-based entry. In this respect, CAT Autokeys has looked at how thieves can hack into cars with keyless entry and has examined what the potential data security risks are that are posed by such methods of entry.
Recently, Oberthur Technologies, a firm specialising in embedded digital security, went into a bit more detail on some of the additional security challenges of digitising car keys.
Virtual keys must be stored securely on the user’s smartphone with an optimum level of security – similar, if not identical to, the levels of security given to online banking. Strong authentication of the device used will be necessary, with prior registration with the service a must. The use of online mobile apps remains problematic, as they don’t have the required security levels. Instead, the virtual key must be stored within a mobile phone’s internal NFC secure element.
Further along the line, it’s suggested that to provide the most robust form of authentication of the digital key, biometrics may be used to link the user’s identity with their phone, and therefore their car keys.
How the car keys will work is just one of the challenges facing the connected cars of the future, and it’ll be interesting to see what developments are made! But did you know that criminal gangs are using hi-tech equipment to re-programme car keys to steal vehicles? CAT Autokeys takes a deeper look at the tech behind keyless entry theft and asks whether it’s something you should be concerned about.
What is Keyless Entry Theft?
Simply put, keyless entry theft is when a thief can enter and steal your vehicle without using its key. Tech-savvy criminals are using increasingly sophisticated methods to manipulate the wireless signals used by car keys to secure and start the vehicle.
In fact, 42% of all London car thefts were carried out in this way in 2015, with higher end vehicles being the most targetted. There are several different methods thieves can use to get into a keyless entry vehicle and one example is the amplification Attack.
This method involves using technology to alter the radio frequencies used by car keys. A 2016 study by a German security firm found that 24 different vehicles from 19 manufacturers were vulnerable to this kind of keyless theft.
Using a cheap radio amplifier to alter the radio frequency of cars, criminals can trick the car’s system into thinking that the owner is nearby with the key. By extending the range of peoples’ wireless fobs, it’s possible to enter the car, and even start the engine.
Stealing Your Car Without the Key
Although the days of hotwiring are mostly behind us thanks to advances in immobilising technology, wireless key fobs mean that criminals are still able to gain access to vehicles, and in some cases, steal them, without using the correct car keys.
Sometimes, if the owner’s key fob is nearby, it may have enough range to simply allow a criminal to try the door.
Alternatively, the signal from a wireless key fob can be jammed using a device, and the owner, believing that they’ve locked their car, unknowingly leaves it unlocked and walks away. At the end of 2016, the BBC reported on how thieves used radio jammers to interrupt signals from wireless keys to prevent them being properly locked.
The cars weren’t stolen in this case, just the contents inside. This is because the thieves lacked the ability to start the ignition without the key.
This isn’t always the case though. Many criminals gain entry to a vehicle either by using wireless key jamming technology, or the old-fashioned way – smashing the driver’s window.
Once in the vehicle, a key fob programmer is plugged into the car’s on-board diagnostics port to capture its data. To allow independent locksmiths and mechanics, not just main dealerships, to replace lost car keys, it’s a requirement that new fobs can be programmed from data in the car’s electronics system.
These programmers are readily available online, and programming a new, blank key fob with the vehicle’s data doesn’t take long at all – just seconds. Additional tech to overcome immobilisers is widely available. With a newly programmed and working key, it’s just a case of driving the vehicle away.
Cause for concern
Vehicles with keyless entry and start systems tend to be higher-end cars, which are naturally a prime target for criminals.
It’s worth remembering that although keyless car thefts have risen in recent years, overall car crime in the UK has dropped by 75% in the past decade.
However, police still warn that all cars with keyless entry are vulnerable as long as hackers can crack the codes. It’s likely that this will be a constant battle between manufacturers and criminals, as manufacturers update their security and hackers work to find a way around it.
If you’re concerned that your keyless entry vehicle is vulnerable, it’s worth following basic safety recommendations, such as parking it in an open, well-lit and secure area, fitting an immobiliser and using a good old-fashioned steering wheel lock.