21-10-2011, 05:28pm
About 6 months ago there was an item in the InGear section of the The Sunday Times regarding keyless entry systems and the ease with which they can be "hacked". There has been a discussion over on RRsport about car security, I mentioned the article there and one of the members managed to find the same item on-line. Just be careful who is following you if you have keyless entry. Will thieves ever stop becoming more cunning?
Quote:"If your car has a keyless entry system, it may not be as secure against theft as you would expect. The Sunday Times has teamed up with university researchers to demonstrate how easy it is to steal the latest models fitted with the new system. All we used were basic components available cheaply from high street electronics shops or on the internet.
The demonstration has provoked concern within the motor industry about the security of vehicles, and prompted an admission by police that an unknown numbers of cars could already have been stolen in this way because the technique leaves no trace.
The problem affects those cars that, instead of having a traditional ignition key, are supplied with a fob or card to open the doors and enable the engine to be started. Also called proximity keys, these devices detect a low-frequency radio signal emitted by the car, and then send their own signal back to the vehicle that unlocks the doors automatically. Once inside, the driver has only to press a button to start the car rather than turn a key. The flaw does not affect other so-called smart keys where drivers use buttons on the fob to lock and unlock doors.
The proximity key system has proved popular on every type of car — from the Ford Fiesta to Bentley Continental — because it is seen as less fiddly than struggling with keys and locks. It also allows car makers to introduce a starter button in the cabin, which many regard as more stylish than a mechanical key.
Thatcham, the centre that works with insurers and car makers to research and test vehicle security systems, says the flaw in security is so serious that manufacturers may be forced to return to using traditional keys. “We are aware of this phenomenon and obviously this is a potential problem,” says Mike Briggs, vehicle security manager for Thatcham. “You could beat anything if this new technique was used. It could be that manufacturers return to a mechanical key to start cars, though we’ve not as yet seen this technique being used in Britain.”
Previously, keyless systems were thought to be secure because the device communicates with the car by sending encrypted data on weak radio waves. An owner must stand no more than two yards or so from the car in order for the car to unlock itself.
However, researchers have discovered a way to capture and transmit the signals given off by the car and increase the transmission distance. The technique, known as a “relay attack” when used by thieves, fools the fob into thinking that the car is close by, triggering it to instruct the vehicle to unlock its doors.
In the interests of security The Sunday Times is not giving away the full details of the technique, though the basics are remarkably simple.
The theft requires two people. Each is equipped with a wire antenna — not unlike those used on many radios and available off the shelf from hardware stores. When a victim is spotted, perhaps in a supermarket car park, one thief makes his way to where the car is parked. The other follows the driver.
When the driver is a safe distance from the car, the thief shadowing him or her moves to within a couple of yards of them. His accomplice then transmits the car’s electronic fingerprint message (which is constantly being sent but limited to a radius of about two yards around the car). The message is received by the thief shadowing the owner and relayed to the fob in the owner’s pocket or bag.
When it receives the car’s signal, the fob assumes it is next to it and activates its own transmitter, sending a message instructing the car to unlock its doors. Unlike the car’s signal, the fob’s signal can travel as far as 100 yards, deactivating the locking system on the car and priming the engine to start.
All the thief now has to do is get behind the wheel and press the starter button. The whole process can take less than a minute and — unless they are watching their car from a distance — the owner is unaware anything is wrong until they discover their car is missing.
The technique was tested last month by computer scientists at ETH University in Zurich, Switzerland. InGear was invited by the university to assist with a demonstration using a real car. With just a few wires and connectors that cost less than £30, we captured the wireless signal sent between the car and fob.
We were then able to fool a Toyota Prius into thinking the fob was next to the car, allowing us to open the door and start the engine. Thanks to an industry-standard safety system, the car’s engine keeps running even when the fob is out of range — a feature designed to ensure that if the fob’s battery goes flat, or a child throws it out of the window mid-journey, the engine does not cut out."
