As cars become more and more reliant on computers and operating systems, not just in their engines but in the ways drivers interact with them, they continue to be susceptible to hacks and other software-based attacks. The latest example comes from the US’s National Insurance Crime Bureau (NICB), which has identified a new tool that can allow thieves to unlock cars equipped with keyless-entry, start the engine, and simply drive off.
Not much is known about this “mystery device” yet, but the NICB, a non-profit organization formed by the insurance industry, says it obtained one from a third-party security expert from overseas. The agency says it’s heard of the device being used in Europe, with rare reports that it’s made its way to the US, however there are no official police reports identifying the device as the source of a car theft.
As the Los Angeles Times reports, the device is actually made of two components. As a driver parks and locks their vehicle, a thief standing nearby holds the parts in their hands, with the first used to amplify the signal sent from the key fob to the car when it is locked. This signal is then passed to the second component, which tricks the vehicle into thinking it’s the key fob. Cars outfitted with keyless ignition can then not only be unlocked, but started and driven.
In their informal testing, the NICB tried the device on 35 different cars, finding that 19 could be unlocked, with 18 of those able to be started and driven. Among the cars vulnerable to the hack included the 2017 Toyota Camry, 2016 Chevrolet Impala, 2015 Ford Edge, and 2013 Volkswagen Jetta Hybrid.
The NICB believes that the device is based on a Relay Attack unit, a tool that car manufacturers use to test the network security of their vehicles. The bad news is that this means there’s really no way to combat such a device. The good news, however, is that with no reports of it being successfully used in the US, it seems that the device is not something easy to come by. Of course, there are still plenty of other methods out there for hacking keyless-entry systems.
SOURCE LA Times