Archiv für den Monat Dezember 2018

How hackers are stealing keyless cars

Wirelessly unlocking your car is convenient, but it comes at a price. The increasing number of keyless cars on the road has led to a new kind of crime — key fob hacks!  With the aid of new cheap electronic accessories and techniques, a key fob’s signal is now relatively easy for criminals to intercept or block. Imagine a thief opening your car and driving away with it without setting off any alarms!

According to the FBI, car theft numbers have been on a downward spiral since their peak in 1991. However, numbers have been steadily inching their way up again since 2015. In fact, there was a 3.8 percent increase in car theft cases in 2015, a 7.4 increase in 2016 and another 4.1 increase in the first half of 2017.

In order to fight this upward trend and prevent your car from becoming a car theft statistic itself, awareness is definitely the key.

So arm yourself against this new wave of car crimes. Here are the top keyless car hacks everyone needs to know about.

1. Relay hack

Always-on key fobs present a serious weakness in your car’s security. As long as your keys are in range, anyone can open the car and the system will think it’s you. That’s why newer car models won’t unlock until the key fob is within a foot.

However, criminals can get relatively cheap relay boxes that capture key fob signals up to 300 feet away, and then transmit them to your car.

Here’s how this works. One thief stands near your car with a relay box while an accomplice scans your house with another one. When your key fob signal is picked up, it is transmitted to the box that’s closer to your car, prompting it to open.

In other words, your keys could be in your house, and criminals could walk up to your car and open it. This isn’t just a theory either; it’s actually happening.

According to the German Automotive Club, here are the top cars that are vulnerable to key fob relay attacks:

Audi: A3, A4, A6

BMW: 730d

Citroen: DS4 CrossBack

Ford: Galaxy, Eco-Sport

Honda: HR-V

Hyundai: Santa Fe CRDi

Kia: Optima

Lexus: RX 450h

Mazda: CX-5

Mini: Clubman

Mitsubishi: Outlander

Nissan: Qashqai, Leaf

Vauxhall: Ampera

Range Rover: Evoque

Renault: Traffic

Ssangyong: Tivoli XDi

Subaru: Levorg

Toyota: Rav4

Volkswagen: Golf GTD, Touran 5T

2. Keyless jamming

In this scenario, the crooks will block your signal so when you issue a lock command from your key fob, it won’t actually reach your car and your doors will remain unlocked. The crooks can then have free access to your vehicle.

Safety tip: To prevent this from happening to you, always manually check your car doors before stepping away. You can also install a steering wheel lock to prevent car thieves from stealing your car even if they do get inside.

3. Tire pressure sensor hijack

Here’s a novel technique, but it is happening — crooks are hijacking your tire sensors to send false tire pressure readings. Why? So they can lure you into stopping your car, creating an opportunity for them to attack you. Sounds crazy, but this scheme is out there.

Safety tip: If you have to check your tires, always pull over at a well-lit, busy public area, preferably at a gas station or a service garage so you can ask for assistance.

4. Telematics exploits

One of the current buzzwords for connected cars is something called telematics. What is telematics? Simply put, it’s a connected system that can monitor your vehicle’s behavior remotely. This data may include your car’s location, speed, mileage, tire pressure, fuel use, braking, engine/battery status, driver behavior and more.

But as usual, anything that’s connected to the internet is vulnerable to exploits and telematics is no exception. If hackers manage to intercept your connection, they can track your vehicle and even control it remotely. Quite scary!

Safety tip: Before you get a car with built-in telematics, consult with your car dealer about the cybersecurity measures they’re employing on connected cars. If you do have a connected car, make sure its software is always up-to-date.

5. Networking attacks

Aside from taking over your car via telematics, hackers can also employ old-school denial-of-service attacks to overwhelm your car and potentially shut down critical functions like airbags, anti-lock brakes, and door locks. Since some connected cars even have built-in Wi-Fi hotspot capabilities, this attack is completely feasible. As with regular home Wi-Fi networks, they can even steal your personal data if they manage to infiltrate your car’s local network.

Also, it’s a matter of physical safety. Remember, modern cars are basically run by multiple computers and Engine Control Modules (ECMs) and if hackers can shut these systems down, they can put you in grave danger.

Safety tip: Changing your car’s onboard Wi-Fi network’s password regularly is a must.

6. Onboard diagnostics (OBD) hacks

Did you know that virtually every car has an onboard diagnostics (OBD) port? This is an interface that allows mechanics to access your car’s data to read error codes, statistics and even program new keys.

It turns out, anyone can buy exploit kits that can utilize this port to replicate keys and program new ones to use them for stealing vehicles. Now, that’s something that you don’t want to be a victim of.

Safety tip: Always go to a reputable mechanic. Plus, a physical steering wheel lock can also help.

7. In-car phishing

Another old-school internet hack is also making its way to connected cars, specifically models with internet connectivity and built-in web browsers.

Yep, it’s the old phishing scheme and crooks can send you emails and messages with malicious links and attachments that can install malware on your car’s system. As usual, once malware is installed, anything’s possible. Worse yet, car systems don’t have built-in malware protections (yet), so this can be hard to spot.

Safety tip: Practice good computer safety practices even when connected to your car. Never open emails and messages nor follow links from unknown sources.

How about car insurance?

Unfortunately, this rise in car theft numbers will not only put your keyless car at increased risk, but it can also hike up your insurance rates as well.

If you have a keyless car, please check your car insurance and see if it’s covered against car hacks. Since these types of crimes are relatively new, there might be some confusion on who’s going to be liable for what — will it be the driver, the car maker or the car computer developer?

According to financial advice site MoneySupermarket, most car insurance policies currently have these in place when dealing with emerging car technologies:

  • Drivers have one insurance policy that covers both manual and autonomous (self-driving) car modes.
  • If the driver of a self-driving car inflicts injury or damage to a third party, that party can claim against that driver’s car insurer regardless of what driving mode the car was in when the accident occurred.
  • Now here’s the part that covers car theft due to key fob and wireless attacks. Apparently, drivers won’t be liable for faults and weaknesses in their car’s systems and they will be able to file a claim if they are injured or have suffered loss because of those faults.

With key fob relay car theft and hacks, MoneySupermarket said that insurance companies will pay out as long as the car owner has taken reasonable steps to protect their vehicle.

However, if your particular car model is a common target for keyless theft, car insurance companies may charge you with higher premiums.

Steps to stop relay attacks

But still, it’s important to have the best possible protection against these emerging car crimes.

There are a few easy ways to block key fob attacks. You can buy a signal-blocking pouch that can hold your keys, like a shielded RFID-blocking pouch.

Stick it in the fridge…

If you don’t want to spend any money, you can stick your key fob into the refrigerator or freezer. The multiple layers of metal will block your key fob’s signal. Just check with the fob’s manufacturer to make sure freezing your key fob won’t damage it.

…or even inside the microwave

If you’re not keen to freeze your key fob, you can do the same thing with your microwave oven. (Hint: Don’t turn it on.) Stick your key fob in there, and criminals won’t be able to pick up its signal. Like any seasoned criminal, they’ll just move on to an easier target.

Wrap your keyfob in foil

Since your key fob’s signal is blocked by metal, you can also wrap it up in aluminum foil. While that’s the easiest solution, it can also leak the signal if you don’t do it right. Plus, you might need to stock up on foil. You could also make a foil-lined box to put your keys in, if you’re in a crafting mood.