Car thieves can easily hack remote keyless systems

Those remote key fobs nearly all automakers offer -- turns out they're fairly easy to hack so the bad guys can unlock your car and high-tail it before you even finish your shopping.

Cars with keyless entry and push-button start, such as the system from a 2009 Lincoln MKS shown here, are vulnerable to hacking by car thieves, Swiss researchers say.

Your only advantage: If your car has a remote that still requires a key, the bad guys can't start it easily, even though they can open the doors and trunk and get inside.

Cars that have keyless entry and the push-button ignition switches becoming more common are in the most jeopardy. The thieves can, in fact, start those vehicles because the same purloined signal that opens the doors also tells the push-button system it's OK to start the car when somebody pushes the button.

The setup for hacking is easy, but not simple. It requires a couple of special antenna and a certain proximity to the victim, the Swiss researchers found.

The research company, ETH Zürich, hacked into eight automakers' remote-entry systems. No coding system could stop it, the researchers said.

Our pals at cars.com's kickingtires.com explain the sad situation in depth.

Source

Keyless-Entry Cars Vulnerable to Silent Theft

Remote keyless entry has been around for a while – since the late 1980s, in fact – and today it’s almost standard on all new cars. But the pervasiveness of this feature is not without consequence. As researchers in Switzerland point out, the technology can make vehicle theft a breeze for a savvy thief.

Remote keyless-entry systems use radio waves that typically are specific to a manufacturer, and the signals are usually encrypted. When your vehicle’s key fob is within 20 feet of the car, you’re allowed to transmit a signal to unlock the doors, pop the trunk, remote start your car (when equipped) or activate the car alarm.

Researchers at ETH Zurich discovered that these encrypted signals are easy to intercept and trick.

The theft works by setting up two antennas, one near the targeted vehicle and one near the holder of the key fob — be it in a purse, bag or pocket. This equipment can usually be purchased for $100 to $1,000. The person with the antenna aimed at the owner of the key fob needs to get within 26 feet of the target. In a store, this could be a few aisles away, so as to not arouse suspicion.

Once the antenna is near the intended victim’s key fob, the key transmits a low-power signal to the antenna, which is then relayed to the antenna near the vehicle. Once that occurs, the thief can unlock the doors and drive away (if the vehicle has push-button start).

The Swiss researchers hacked into eight car manufacturers’ passive-entry systems using this method. No cryptology or protocol could stop it.

While this system may seem fairly complicated, it could catch on with car thieves because of the cost of the equipment and anonymity. However, the hack cannot start the cars with traditional keys. Today’s ignition systems are increasingly complicated and secure. That’s one reason why car thefts are largely on the decline in the U.S.

David Wagner, a computer science professor at the University of California at Berkeley, said there are probably easier way to steal cars, but the “nasty aspect of high-tech car theft” is that it doesn’t leave any sign of forced entry. That could lead to problems with police and insurance companies in tracking down the criminals or with filing claims.

Right now, the only way to protect yourself is by either shielding your key fob’s radio with a guard or leaving your key fob at home. Srdjan Capkun, an assistant professor at ETH Zurich, says the institute is working on a way to prevent this sort of theft.

A car won't open or start if the signal from its key takes too long to arrive, so the researchers devised a way to speed communication between their antennas. Most relay attacks require the signals to be converted from analog to digital and back, which takes time. The researchers were able to keep the signals in analog format, which reduced their delay from microseconds to nanoseconds and made their attack more difficult to detect.

The researchers suggest things that car owners and manufacturers can do to protect themselves. Car owners can shield their keys when they're not in use, to prevent attackers from communicating with them. Alternatively, manufacturers could add a button to fobs that would allow owners to deactivate and reactivate them. Capkun worries, however, that these types of solutions detract from the convenience that makes passive keyless entry systems worthwhile.

Ultimately, he says, manufacturers will need to add secure technology that allows the car to confirm that the key is in fact nearby. "I don't see a way around it," Capkun says. His group is actively working on protocols that would accomplish this.

David Wagner, a professor of computer science at the University of California at Berkeley who has studied the cryptographic systems used in keyless entry systems, says the research "should help car manufacturers improve auto security systems in the future."

Wagner doesn't think the research ought to make car owners anxious. "There are probably easier ways to steal cars," he says. But, he adds, a "nasty aspect of high-tech car theft" is that "it doesn't leave any sign of forced entry," so if a thief did use this method to steal a car, he says, it might be hard for police and insurance companies to get sufficient evidence of what happened. Wagner believes that manufacturers, police, and insurance companies all need to prepare for this eventuality.

"Automobiles are a key example of a system that is pervasively computerized," so they need to be thoroughly examined to ensure they are secure, says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. Kohno helped form the Center for Automotive Embedded Systems Security, which is dedicated to identifying and solving security problems with car security systems before they cause problems in the real world.