Tag Archives: Hacking

Gadget Man – Episode 124 – Keyless Car Theft Explained and How to Stop it

How many of us own and drive a vehicle with a keyless entry system? Well, it appears that many thousands of us that do have woken up this morning to a very worrying report from the General German Automobile Club (ADAC),

In order to unlock your keyless entry vehicle, you simply need to carry your key-fob. As you approach the vehicle, it recognises the encrypted signal transmitted from the fob. This, in turn, instructs the vehicles central-locking system to unlock the doors when you either touch the door handle or press the button on the door-handle. There is no requirement to insert the key into the ignition as the car is fitted with a start/stop button. If you own a car with both keyless entry and start/stop system, you aren’t alone, they are now widely used in hundreds of models or cars and in some cases motorbikes.

Now for the bad news. A recent study by the General German Automobile Club (ADAC) has discovered that the technology is far from secure in all but THREE cases and in fact the method of stealing a keyless vehicle is extremely simple.

In order to steal a keyless vehicle, a thief simply employs a rudimentary transceiver which takes the relatively weak signal transmitted and received from the fob to the car and amplifies it, it is then possible for the signal to reach from the fob to the car and hey presto, the car is unlocked and can (in most cases) be started.

Once the car is running, the need for a key is obsoleted and the car can now be driven until it is depleted of fuel. In most cases, the cars are taken abroad and the retrofitted with standard locking and start systems. As long as the car does not stall, it will run for as long as the fuel tank will take it.

NO AMOUNT of hacking or decryption is needed, it is reliant solely on the amplification of the already transmitted signal!

Arnulf Thiemel, car-technician at the ADAC.
Arnulf Thiemel, car-technician at the ADAC. Image Credit: ADAC

Arnulf Thiemel, car-technician at the ADAC, said “The ADAC demands that vehicles be protected against any kind of manipulation and illegal access. For the affected vehicles, there must be solutions put in place to improve the security.  All new  vehicles should also be equipped with a methodologically that ensures secure safety solutions which also withstands neutral side checks”

Which cars and manufacturers were affected?

Unfortunately, it would appear that EVERY manufacturer tested has at least one model which could be stolen using the method above.

Alfa Romeo, Audi, BMW, Chevrolet, Citroen, DS Automobiles, Fiat, Ford, Honda, Hyundai, Infiniti, Jaguar, Jeep, KIA, Land Rover, Lexus, Mazda, Mercedes, MINI, Mitsubishi, Nissan, Opel, Peugeot, Renault, Seat, Skoda, SsangYong, Suzuki, Subaru, Tesla, Toyota, Volvo, Volkswagen and motorcycles from BMW, Ducati and KTM. 

The following vehicles could NOT be opened using this method but if already open it was STILL POSSIBLE to start and drive the cars.

BMW i3 (2014)
Infiniti Q30 (2016)
Mazda 2 Skyactive 90 Kizohu (2018)
Volvo XC60 T5 (2017)

The following vehicles could NOT be opened or started using this method.

Jaguar i-Pace (2018)
Land Rover Discovery (2018)
Land Rover Range Rover (2018)

The vehicles above are currently immune from this method of attack. This is because they employ a variation of the keyless system by broadcasting using ultra-wideband frequencies. Basically, the equipment used to amplify the signal is ‘currently’ unable transmit or receive at the radio frequencies used in these models of cars.

Jaguar-Land Rover filed the patent for this method of keyless access in 2017. We can now only hope that they freely license these patents to other car makers or a comparable technology can be developed.

What Now?

All too often our deep-rooted human needs to be ‘waited upon’ result in solutions which in the first instance appear to solve a problem that really didn’t exist, but in real-world use turn out to have a sting in the tail. In the case of the study by ADAC, it would appear that there are very urgent questions to answer and drivers should be aware of the security issues surrounding their vehicles.

Faraday Cases?

Prior to speaking to BBC Radio Suffolk, many listeners talked about using Faraday Cases or Bags to house their keys. The theory behind this was to block the signal completely whilst the car isn’t in use (ie. whilst the keys were stored in the home or place of work).

Faraday Bag for Keyless Fobs from Amazon

I personally believe that keeping the keys away from the car or placing them in a container which COMPLETELY blocks radio signals is the only way to avoid the potential theft of vehicles using this method. However, radio signals can travel through types of metal, so be ABSOLUTELY confident that anything you purchase to secure your fobs, does indeed work as described.

Immediate Steps to Take

If you are concerned about the security of your keyless car fob, contact your car’s manufacturer as soon as possible and ask them what steps they have taken to secure your car? Ask them if there are software updates to improve security? Ask them if these systems can be deactivated until such time as they can be completely secure?

Listen in!

This morning I spoke to Mark Murphy on BBC Radio Suffolk about the use of Faraday Cage technology to try and reduce the chances of Keyless entry cars being stolen. Listen in to the stream above. If you like what you hear or read, don’t forget to LIKE, SHARE and SUBSCRIBE. See you next time!

Matt
The Gadget Man

I previously spoke about this topic a while back, you can read and listen at this link Gadget Man – Episode 113

The Gadget Man – Episode 101 – WannaCry – WannaCrypt – Eternal Blue – What Happened and What to Do?

Following my previous post which can be found here, I talked this morning to Mark Murphy on BBC Radio Suffolk about WannaCry and the effect it has had on the NHS, what needs to be done to stop it happening again and what we can do to protect ourselves.

To read and in depth article on how to protect your computers from such attacks, click here

PLEASE ensure your computers have all their updates installed and make sure you have Anti-Virus software installed.

 

 

Gadget Man – Episode 99 – Hackers, Spammers and Scammers

This morning I was interviewed by Mark Murphy on BBC Radio Suffolk about what makes me grumpy?

At the moment a lot of my time is spent securing websites and investigating hacking attempts, so this felt like a legitimate ‘grump’.

If you own a website, don’t assume it’s secure, make sure it’s secure.

Listen in to the stream and let me know what you think…

The Gadget Man – Episode 82.5 – Attempted Telephone Extortion by a ‘Help Desk’

The Gadget Man - Episode 82.5 - Attempted Telephone Extortion by a 'Help Desk'
The Gadget Man – Episode 82.5 – Attempted Telephone Extortion by a ‘Help Desk’

We’re now firmed established in the New Year now and 2016 is looking to be a memorable one for technology. What hasn’t changed however is computer crime. Criminals have now settled in to established methods of computer crime using either hacking or persuasion on the telephone or email.

Attached is a recording of a telephone conversation I had with a ‘cold caller’ who goes on to tell me that I possibly have issues with my computer and with their help, they are suggesting they can fix them.

I have had countless telephone calls very similar to this one, what is different is that I specifically request the caller to go home and think about who they are working for, when they immediately hang up on me.

To be clear, NO COMPANY is able to tie your telephone number to your computer in this context. It would be incredibly time consuming to go about such an act and would therefore be reserved for government or police forces to do. If anybody calls you out of the blue and suggests your computer is faulty, hang up and consider reporting the call to the police and telephone provider. Do NOT follow any instructions by the caller to run software of ANY kind, they are simply attempting to extort money from you which could run into thousands of pounds.

If you know ANYONE who might be vulnerable to this kind of scam then please send them the link to this page.

Happy New Year

Matt

Photo Credit : Christiaan Colen via Flickr

The Gadget Man – Episode 71.5 – The state of Internet security with Danvers Baillieu from Hide My Ass

Danvers Baillieu from Hide My Ass
Danvers Baillieu from Hide My Ass

We’re half way through Cyber Security Month and you can’t open a paper or turn on the TV without hearing about the latest high profile data leak. Security Issues are certainly something that we have covered in the past, so today I was delighted to have the opportunity to interview Danvers Baillieu, Chief Operating Officer of Hide My Ass!

Hide My Ass! or HMA are one of the leading firms of companies providing secure VPN connections to the internet and it was great to speak to Danvers to hear his view on current Internet security issues that are seemingly constantly in the news.

In the interview we covered internet security from both a company and personal point of view, how the governments should or shouldn’t involve themselves and what we should be looking out for in the future.

Listen in the stream and let me know what you think of the topics covered.

Thanks to Danvers for taking time out of his day and for Jocelyn from Cow PR for setting up the interview.