Key jacking or car hacking – which is the worst security threat?

Paul Smith, Director of Traka Automotive investigates

Car thefts in England and Wales rose by 56 per cent last year according to the latest data from Office of National Statistics (ONS): some 89,000 vehicles were stolen in 2017, up from 56,000 the previous year. Attempted thefts and theft of belongings left inside vehicles was also up markedly.

The main reason is that thieves have found a way to circumvent security associated with modern keyless entry systems which nearly all new cars now fit as standard. This supposition is backed up by ONS data, which shows almost half of all recorded thefts involved criminals entering vehicles through an unlocked door, up from just 13 per cent in 2006. Incidents involving thieves attempting to force car doors has actually decreased from 31 per cent to 14 per cent in the decade since 2006. Out of the 43 police forces in England and Wales, 41 experienced an increase in car crime over the last three years.

So how do keyless car entry fobs work and why is it vulnerable? Remote fobs consist of a short-range radio transmitter. When the remote is within a specific range (typically, 5-20 metres) of your car and you press one of its buttons, a coded signal embedded in radio waves, is sent to a receiver unit installed inside your car. The receiver unit then decodes and translates that signal, which consequently locks/unlocks the doors of the car.

Most remote keyless entry systems operate at a frequency of 433.92 MHz for Japanese, European and Asian cars. Manufacturers implement encryption in their keyless remotes to prevent the interception of radio signals that are produced by the remotes, which greatly helps to prevent the theft of cars by using another vehicle’s keyless remote. However, it does not prevent signal amplification and relaying which is the problem here.

Criminal gangs are using a pair of radio transmitters which essentially intercept and amplify the signal from a keyless entry car fob (perhaps placed on the side table close to a home owner’s front door) and then relay that strengthened signal to a second person standing by the car who sends the amplified signal to the car’s locking system – effectively tricking the car’s security system into thinking the real key is in very close proximity.  The amplification and relay kits can be bought on eBay for as little as £100. Once the thief is in the car, he only need to dip the clutch and press the ignition to drive the car away. West Midlands Police recently released video of a pair of criminals using the ‘relay attack’ method to steal a brand new Mercedes in Birmingham, taking just one minute to open it and drive away.

TRACKER, which offers GPS vehicle tracking technology including unauthorised driver alerting, estimates 96 per cent of the motorists it surveyed recently are at risk of having their car stolen by criminals using the relay attack’ method. Right now, 66 per cent of stolen vehicles being recovered have been subject to this type of key jacking technique, confirming how prevalent this crime is becoming in the UK.  A German company called ADAC identified 110 cars from 27 different manufacturers as at risk from keyless entry hacks. BMW, Audi, Ford, Land Rover, Hyundai, Renault and VW were among the manufacturers whose cars are at risk from key jackers. 

The rise in key jacking is starting to be a reputational issue for prestige marques as, naturally, thieves are targeting more expensive vehicles. The latest communication between a BMW owner and the manufacturer, as seen by the Daily Mail during April, indicates that BMW is not prepared to take responsibility for these thefts and the West Midlands police and crime commissioner recently went on record to say that BMW’s attitude was “arrogant and outrageous”. The brick bats are starting to fly and when the police are advising that you need to rely for your new car security on one of those steering wheel locks of yesteryear, you know we are in trouble.

As if key jacking was not enough of a problem, we now need to prepare for an increase of cyber-attacks on our increasingly connected, intelligent and eventually, autonomous cars. In other words, we are moving into a world where hackers are just as likely to be trying to hack your car as your office networked PC or cloud service provider.  

A Gartner report estimates there will be 250 million connected cars on the road by 2020.  Today’s cars, endowed with digital infotainment systems, onboard diagnostics and telematics systems; all collecting a lot of information about the car’s running status; overall vehicle health and fuel economy, even logging the driver’s driving-style offer multiple routes into a car’s controls systems for a hacker. The latest cars can pack 30 or more electronic control units or ECUs. These tiny digital brains now have at least partial control over everything from steering and braking to suspension settings and throttle inputs. The problem is, anything controlled by computers is hackable. We’ve already seen some serious, although not thankfully malicious, car cyber-attacks hit the headlines around the world.

A group of Chinese security researchers were able to hack a Tesla Model X. The hackers were able to turn on the brakes remotely and get the doors and boot to open and close while blinking the lights in time to music streamed from the car’s radio — an effect they dubbed “the unauthorised Xmas show.” This was a complex hack through which they were able to remotely control the car via both Wi-Fi and a cellular connection. Tesla successfully patched this issue within two weeks of it being reported.

We’ve also had Charlie Miller and Chris Valasek, two US-based IT engineers who managed multiple hacks of Ford and Toyota Prius cars compromising safety systems, gaining access to several car’s brakes, cruise control, steering, parking assist as well as the remote keyless entry system of course.

Going back a little further into mid-2015 these same engineers did a highly-publicised 'stunt hack' of a 2014 Jeep Cherokee in the States which resulted in Fiat Chrysler having to complete a 1.4m vehicle recall, fixing the vulnerability through an upgrade to its Uconnect software which powers new style digital dashboard displays which had been fitted into three different marques in the US.

The exploit allowed hackers to take control of the vehicle’s infotainment systems, working through controls and remotely sending Controller Area Network (CAN) messages via the internet to alter the car’s settings of the windscreen wipers, radio, even steering, brakes and transmission. They demonstrated the ease at which they could shut the engine off and even disable brakes and drive the car off the road. 

If we move into the autonomous vehicle age hacking gets even more sophisticated but no less do-able. A very clever man named Jonathan Petit has worked out how to disrupt the LiDAR system which enables autonomous cars to build up an accurate 3D view of what’s around them. He’s effectively laid bare the techniques for turning an autonomous car into a killing machine unless major improvements are made to existing technologies being used.

In the future, rapid reaction to security vulnerabilities and automatic issuing of patches direct to vehicles will be a necessity. In this sense, Tesla has the right model for the connected smart car of the near future. It treats each of its cars like the computers on wheels that they are becoming. Tesla’s security patches and software upgrades are almost as regular as those emanating from Microsoft for Office 365 users. They come down from the cloud just as soon as the car is connected, and it’s safe to do so.

Dealers are not immune from this increasing cyber threat. Rapid adoption of increasingly sophisticated and networked IT systems in dealerships, together with the arrival of more connected cars on their forecourts, puts their systems in the line of fire.

Dealers’ DMS, CMS, EMACS and other data-intensive IT systems hold vital information about vehicles sold and being maintained by them. A hacker might decide that it’s easier to target these central systems and from there hack into multiple vehicles on a dealer’s books - or simply steal and sell this vital vehicle data to thieves.

The key is to be aware of the fact that there are more and more networked IT systems in use in your dealership and in the cars you are selling and servicing. This inevitably means you are going to need to beef-up your IT skills across the board, while considering cyber security as a key part of this upskilling push. And while you’ve got security on your mind, you might want to have a word with your OEMs about tightening security around their keyless entry fobs.