Hey there, human — the robots need you! Vote for IEEE’s Robots Guide in the Webby Awards.

Close bar

Hacking Cars with Keyless Systems Feasible and Practical, Swiss Researchers Say

Future electronic traffic management systems also susceptible?

3 min read

Hacking Cars with Keyless Systems Feasible and Practical, Swiss Researchers Say

As I noted last year, the security of modern cars is about the same as that of your average PC. Swiss security researchers at ETH Zurich University have again reinforced that point, at least according to this article in MIT's Technology Review two weeks ago.

Apparently, the researchers have shown that it is both "feasible and practical" to hack cars equipped with passive keyless entry and start (PKES) (aka smart key) systems, according to this other somewhat more detailed article in ComputerWorld that came out today. While hacking smart keys has been discussed for some time (see this PDF), finding an approach workable by your "average car thief" has proven a bit more elusive.

According to the story in Technology Review, the researchers:

"... examined 10 car models from the eight manufacturers. They were able to access all 10 and drive them away by intercepting and relaying signals from the cars to their wireless keys. While they could relay the signals from the key back to the car as well, usually they did not need to because the key transmits its signals up to around 100 meters. The attack works no matter what cryptography and protocols the key and car use to communicate with each other."

"Normally, when a wireless key is within a few meters of the right car, it detects a low-powered signal that causes it to issue a command that opens the car enable the ignition. The researchers used a pair of antennas to transmit these signals from the car to the key when the key was farther away, tricking the car into opening without the ordinary authorization. One antenna needs to be very close to the car, and one needs to be within eight meters of the key."

The cost of the equipment required to unlock the cars range between $50 and $1,000, depending on the attack strategy and the electronics used, the Swiss researchers said.

As I mentioned earlier, the ComputerWorld article provides more details on the approach the researchers used for those of you who are interested, or alternatively, you can spend the time and read the original research paper (here in PDF). The security researchers are presenting their paper at the Network and Distributed System Security Symposium in San Diego, California during the week of 6-9 February.

There are ways to make it harder to break into cars using a PKES system, such as removing the batteries from the wireless smart key, or place your wireless key into a case that blocks its electronic signals. The researchers also suggest that manufacturers may want to place an additional button on their wireless key fobs that disconnects a key's communications with a vehicle.

The Technology Review article says that security analysts don't think wireless key hacking is a big worry right now (there are simpler ways to steal a car, as I noted here last year), it might become one in the future, especially since a thief wouldn't leave any sign of a forced entry. Many insurance companies won't cover theft if it appears to be from negligence, such as leaving your car unlocked.

Also, what if a thief or other malefactor could access say a police vehicle in this way, and then gain access to sensitive police information through a terminal in the vehicle? It may sound far fetched, but a story today from Western Australia reports that the police there are trying to determine whether a person who stole a police car was able to access the "inbuilt police computer database, TARDIS," which might have been operational at the time of the theft.

And finally, just to make you feel even more secure about your future driving experience, there is this article appearing in NetworkWorld yesterday describing how in the future, it may be possible for terrorists to hack into traffic management systems and create chaos if the (currently defined) wireless network standards planning to be used are not made highly secure.

The article also relates how the wireless standards, which are used today in electronic toll systems, can be exploited to hack into those toll systems as well.

Happy motoring!

The Conversation (0)