Car Burglars Hack Passive Keyless Entry System to Steal Cars

Cars are increasingly getting more high-tech, so it’s only natural to feel secure if you own a modern car with up-to-date security features. Unfortunately, car thieves are keeping in pace. In a report from Wired Magazine, enterprising car thieves can apparently can gain entry into locked cars by exploiting an aspect of the keyless entry system feature.

According to the report, a team of security researchers from Qihoo 360 Technology Co. Ltd.—a Beijing-based internet security company that makes antivirus software—successfully put together a relay hacking system that extends the signal of the car’s keyless entry system up to 1,000 feet.

Generally, a keyless entry system opens the car automatically when the key fob is within a set proximity, normally when it’s within five feet of the car. What the relay hack does is ‘trick’ the system into thinking the fob is nearby. This allows burglars to unlock your car with the intention to steal your car’s contents, maybe even the car itself.

The total cost to make the device? Just $22. That’s roughly P1,000. For years, car owners have reported thieves approaching their vehicles with one of these underhanded devices., and $22 is the cheapest they’ve ever been. Aside from being extremely cheap to build, the new hacking system also has increased range, permitting thieves to open car locks even if they’re more than a thousand feet away from the key fob.

How the relay hack works

Tricking the car into thinking the fob is nearby requires the use of two radio signal devices working toegether. To open the car, one car thief carries one device and tails the car owner, while thief with the second device stays with the car. Once the first thief gets near the car owner’s key, his device ‘copies’ the fob’s signal, then transmits the copied signal to the other device, which then transmits it to the keyless entry system.

"The attack uses the two devices to extend the effective range of the key fob," said Jun Li, one of Qihoo's researchers. "You're working in your office or shopping in the supermarket, and your car is parked outside. Someone slips near you and then someone else can open up and drive your car. It's simple."

Will the hack work on your car?

The Qihoo researchers used the relay hack on Chinese market cars, namely a Qing hybrid and local market Chevrolet Captiva. Though one might presume that their car is safe from such hacks, the bad news is that the keyless systems equipped in these cars come from a Dutch company called NXP that builds the system for a lot of new cars today, including some by Volkswagen and Ford.

Hopefully, NXP can address the situation before car thievery becomes the norm. According to Qihoo, NXP and other keyless system manufacturers can prevent the relay attack by limiting call-and-response time constraints between key and car further. Relay the signal beyond a shorter call-and-response limit, and the system can reject fraudulent transmissions altogether.