How Hackers Can Use Smart Keys To Steal Cars

Illustration for article titled How Hackers Can Use Smart Keys To Steal Cars

Modern smart keys use radio frequencies to let drivers unlock and start a vehicle without fumbling with a key fob. Now European researchers have found such systems can be hacked, letting thieves easily steal your car.

Advertisement

We've written before about hackers testing the increasingly complex electronics inside vehicles, which typically lack basic security measures. While many of the hacks require access to the car's diagnostic port, one team was able to wirelessly set off faults through tire pressure sensors.

Advertisement

The research by the team from the Swiss Federal Institute of Technology targeted a new weakness; the smart key fobs common on luxury vehicles and spreading to mainstream models that allow a driver to unlock doors and start a vehicle without touching the fob. Using radio signals, the fob and vehicle send encrypted signals to each other over short distances, and while other researchers had suggested the fobs could be vulnerable, no one had put the idea to a test.

Using ten different borrowed models from eight manufacturers (without the automakers' input), the Swiss team was able to unlock and start all of their test vehicles, showing that hacking the smart fobs is "feasible and practical." Their system simply used two antennas; one carried by the hacker trying to get in and start the vehicle, the other in the vicinity of the fob, to amplify the signals between the transmitters and break in.

Illustration for article titled How Hackers Can Use Smart Keys To Steal Cars

With both wired and wireless connections between their antennas, the team was able to unlock and start vehicles even when up to eight meters away from the key fob holder. They didn't have to touch or alert the owner; just getting their antenna within a few meters of the fob was enough to pick up the signals that were then sent to the vehicle for unlocking and starting the car. Once the vehicles started, they stayed running despite the fob not being present, a feature automakers use to keep dead fob batteries from causing stalled vehicles.

Advertisement

The team noted that their hack could be done fairly cheaply; even the most expensive version cost only $1,000. It also left no trace; since the car isn't getting any false signals, there's no alarms or other evidence that the vehicle has been broken into. And since all keyless entry systems use the same basic design, the hack likely works on millions of vehicles.

In their paper (PDF link) to be presented later this month at a computer security forum in San Diego, the researchers say the best way to fix the security hole would be smarter software that attempts to verify how close the key fob is to the vehicle. Otherwise, the only secure solution would be the same one that's been in use for decades: an old-fashioned metal key.

Advertisement

[Technology Review]

Share This Story

Get our newsletter

DISCUSSION

I can see how well this would work with my better half's car...

[Thief A]: Hey, there's a sweet car coming. You ready?

[Thief B]: One sec... OK, antennas on and we're recording.

[Thief A]: OK... ok, there goes the driver... you get the code?

[Thief B]: Yeah, I got it.

[Thief A]: Let's nab it!

[Both run over, open doors.]

[Thief A]: Yeah, we did it. Start the car!

[Thief B]: You got it... oh wait, it just stalled.

[Thief A]: Did you send the right code?

[Thief B]: Yeah, I'm sure I did... lemme try again... ok, it stalled again. What the hell? Is it in Park?

[Thief A]: It should be, I didn't touch the gearsh... what the f**k is that? There's no P on it!

[Thief B]: You idiot, of course there's a P! Right there!

[Thief A]: No dumbass... that's an R! All it's got is that R and a bunch of numbers!

[Thief B]: What the f**k kind of car is this? OK, let's just try to push start it. Get your foot off the brake.

[Thief A]: OK, I'll... what? There's a third pedal down here! Which one is the brake?

[Thief B]: You're an idiot! There's no third brake pedal!

[Thief A]: I'm telling you, there is one! And don't call me an idiot, you...

[Police]: Well hello boys, what have we here?