January 28, 2019

99% of keyless cars vulnerable to a simple hacking technique

By Ellen Daniel

Many of the most popular keyless cars on UK roads are under threat from an inexpensive and simple hacking technique, a new study has found.

The German General Automobile Club (ADAC) tested 237 keyless cars to see whether the keyless entry system could be breached.

A keyless entry system is an electronic lock activated using wireless signals, meaning the car can be opened and started without the need to push a button or turn a key. Although convenient, this technology can leave vehicles vulnerable to being unlocked and stolen.

UK Government figures show that car theft has risen sharply in recent years, increasing by 56% in 2017, with 89,000 vehicles stolen in that year. With keyless technology built into many new models, this is only set to increase.

The ADAC found that 99%, of the keyless cars tested could be broken into using a technique that tricks the car into registering that the key fob is far closer than it actually is.

Worryingly, this means that 230 car models tested could be easily unlocked using what is known as a relay attack.

Relay attacks

A relay attack in computer security is a type of hacking technique in which an attacker intercepts and manipulates communications between two parties initiated by one of the parties.

According to Which? attackers use devices called relay boxes, one located near the key and one near the car, to extend the signal from the key so it is able to unlock the car without the car owner being close by. This means that the technology can be intercepted without the need for data hacks or cracking encryption programmes, but rather with a device that can be bought online.

Unlike other methods of vehicle theft, this can also be carried out without arousing suspicion, and can take less than 20 seconds.

Popular keyless cars are at risk

This security weakness affects a large number of vehicles on UK roads. with four of the five most popular car models in Britain, the Ford Fiesta, Volkswagen Golf, Nissan Qashqai and Ford Focus, all identified as being vulnerable to this digital hacking technique.

The only three models that ADAC could not unlock during the test were all from Jaguar Land Rover. This is because they are fitted with technology that allows the car to accurately detect how far away the key fob is.

What can be done to prevent this?

ADAC highlighted that not enough is being done to ensure that keyless cars are protected from this type of attack, and it is the duty of vehicle manufacturers to prevent this.

It also dispelled the myth that wrapping tin foil around a key fob prevents the signal being intercepted; the foil does not always provide reliable protection against radio waves.

It is therefore essential for drivers to contact their car’s manufacturer to ensure their security is up-to-date, or investing in additional security measures such as a steering wheel lock.

The New Vehicle Security Assessment (NVSA), a recently introduced criteria designed to address the problem of digital theft, will mean that new models are assessed to see how well-prepared they are. However, for the keyless cars already on the road, these rules do not apply, meaning many vehicles are still vulnerable.

Verdict deals analysis methodology

This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,