Connected Cars and Keyless Entry: The Security Risks

September 6, 2017

In this post, leading automotive locksmiths CAT Autokeys, discuss connected cars and ask what is keyless entry theft, how does it work, and is it worth worrying about?

Connected cars are undoubtedly one of the hot topics in the automotive industry at the moment. Essentially, all this means is a car that’s connected to the internet, and tends to be full of interesting technology. More and more, car companies are working with technology companies – for example, Microsoft continues to work with car companies to work towards connected cars.

Instead of physical keys, connected cars are increasingly looking to digital, smartphone-based entry. We’ve looked at how thieves can hack into cars with keyless entry before, but what are the potential data security risks posed by cars with smartphone entry?

Recently, Oberthur Technologies, a firm specialising in embedded digital security, went into a bit more detail on some of the additional security challenges of digitising car keys.

connected-cars-1Virtual keys must be stored securely on the user’s smartphone with an optimum level of security – similar, if not identical to, the levels of security given to online banking. Strong authentication of the device used will be necessary, with prior registration with the service a must. The use of online mobile apps remains problematic, as they don’t have the required security levels. Instead, the virtual key must be stored within a mobile phone’s internal NFC secure element.

Further along the line, it’s suggested that to provide the most robust form of authentication of the digital key, biometrics may be used to link the user’s identity with their phone, and therefore their car keys.

How the car keys will work is just one of the challenges facing the connected cars of the future, and it’ll be interesting to see what developments are made! But did you know that criminal gangs are using hi-tech equipment to re-programme car keys to steal vehicles? We take a deeper look at the tech behind keyless entry theft, and ask whether it’s something you should be concerned about.

What is Keyless Entry Theft?

Simply put, keyless entry theft is when a thief can enter and steal your vehicle without using its key. Tech-savvy criminals are using increasingly sophisticated methods to manipulate the wireless signals used by car keys to secure and start the vehicle.

In fact, 42% of all London car thefts were carried out in this way in 2015, with higher end vehicles such as the BMW 3 Series, Audi Q7 and Range Rover the most stolen vehicles.

There are several different methods thieves can use to get into your keyless entry vehicle.

Amplification Attack

The first of these methods involves using technology to alter the radio frequencies used by car keys.

A 2016 study by a German security firm found that 24 different vehicles from 19 manufacturers were vulnerable to this kind of keyless theft.

Using a cheap radio amplifier to alter the radio frequency of cars, criminals can trick the car’s system into thinking that the owner is nearby with the key. By extending the range of peoples’ wireless fobs, it’s possible to enter the car, and even start the engine.

Stealing Your Car Without the Key

Although the days of hotwiring are mostly behind us thanks to advances in immobilising technology, wireless key fobs mean that criminals are still able to gain access to vehicles, and in some cases, steal them, without using the correct car keys.

Sometimes, if the owner’s key fob is nearby, it may have enough range to simply allow a criminal to try the door.

Alternatively, the signal from a wireless key fob can be jammed using a device, and the owner, believing that they’ve locked they’re car, unknowingly leaves it unlocked and walks away. At the end of 2016, the BBC reported on how thieves used radio jammers to interrupt signals from wireless keys to prevent them being properly locked.

connected-carsThe cars weren’t stolen in this case, just the contents inside. This is because the thieves lacked the ability to start the ignition without the key.

This isn’t always the case though. Many criminals gain entry to a vehicle either by using wireless key jamming technology, or the old-fashioned way – smashing the driver’s window.

Once in the vehicle, a key fob programmer is plugged into the car’s on-board diagnostics port to capture its data. To allow independent locksmiths and mechanics, not just main dealerships, to replace lost car keys, it’s a requirement that new fobs can be programmed from data in the car’s electronics system.

These programmers are readily available online, and programming a new, blank key fob with the vehicle’s data doesn’t take long at all – just seconds. Additional tech to overcome immobilisers is widely available. With a newly programmed and working key, it’s just a case of driving the vehicle away.

I Have a Wireless Key Fob – Should I Be Concerned?

Vehicles with keyless entry and start systems tend to be higher-end cars, which are naturally a prime target for criminals.

It’s worth remembering that although keyless car thefts have risen in recent years, overall car crime in the UK has dropped by 75% in the past decade.

However, police still warn that all cars with keyless entry are vulnerable as long as hackers can crack the codes. It’s likely that this will be a constant battle between manufacturers and criminals, as manufacturers update their security and hackers work to find a way around it.

If you’re concerned that your keyless entry vehicle is vulnerable, it’s worth following basic safety recommendations, such as parking it in an open, well-lit and secure area, fitting an immobiliser, and using a good old-fashioned steering wheel lock.

 

 

Add new comment

By submitting this form, you accept the Mollom privacy policy.