How Hackers Can Use Smart Keys To Steal Cars

Modern smart keys use radio frequencies to let drivers unlock and start a vehicle without fumbling with a key fob. Now European researchers have found such systems can be hacked, letting thieves easily steal your car.

We've written before about hackers testing the increasingly complex electronics inside vehicles, which typically lack basic security measures. While many of the hacks require access to the car's diagnostic port, one team was able to wirelessly set off faults through tire pressure sensors.

The research by the team from the Swiss Federal Institute of Technology targeted a new weakness; the smart key fobs common on luxury vehicles and spreading to mainstream models that allow a driver to unlock doors and start a vehicle without touching the fob. Using radio signals, the fob and vehicle send encrypted signals to each other over short distances, and while other researchers had suggested the fobs could be vulnerable, no one had put the idea to a test.

Using ten different borrowed models from eight manufacturers (without the automakers' input), the Swiss team was able to unlock and start all of their test vehicles, showing that hacking the smart fobs is "feasible and practical." Their system simply used two antennas; one carried by the hacker trying to get in and start the vehicle, the other in the vicinity of the fob, to amplify the signals between the transmitters and break in.

How Hackers Can Use Smart Keys To Steal Cars

With both wired and wireless connections between their antennas, the team was able to unlock and start vehicles even when up to eight meters away from the key fob holder. They didn't have to touch or alert the owner; just getting their antenna within a few meters of the fob was enough to pick up the signals that were then sent to the vehicle for unlocking and starting the car. Once the vehicles started, they stayed running despite the fob not being present, a feature automakers use to keep dead fob batteries from causing stalled vehicles.

The team noted that their hack could be done fairly cheaply; even the most expensive version cost only $1,000. It also left no trace; since the car isn't getting any false signals, there's no alarms or other evidence that the vehicle has been broken into. And since all keyless entry systems use the same basic design, the hack likely works on millions of vehicles.

In their paper (PDF link) to be presented later this month at a computer security forum in San Diego, the researchers say the best way to fix the security hole would be smarter software that attempts to verify how close the key fob is to the vehicle. Otherwise, the only secure solution would be the same one that's been in use for decades: an old-fashioned metal key.

[Technology Review]