Wireless key entry has made getting into the car much easier and safer than it used to be. As long as the key is somewhere on your person, the door will just open. Some thieves are using exploiting this technology with a $225 tool that lets them open the doors and start the car without having a key fob, according to the German automobile club ADAC.
Wireless car entry is dependent on radio communication between the key fob and the car itself. When the key is close enough, it sends a message to the car’s entry system, signaling someone is ready to unlock the doors or start the engine. The car entry system sends a signal back to the key fob, and if the fob is reached, the two work in concert to perform their duties.
The ADAC researchers used that same principle to get into the cars without having to place the fob physically close to the car. They built one radio and placed it by the victim’s car, and placed another in the range of her fob. The radio by the car signaled to the vehicle to open the door, and then the car’s entry system sent out a signal to the key. While the actual key fob could be up to 300 feet away, the second radio was able to amplify its signal to the first radio to open the door and turn the car on.
Because the ADAC’s radio tools were so inexpensive and easy to make, the club did not publish the exact diagram for fear that others could easily replicate their methods. However, thieves are already using similar tools to open unsuspecting victims’ cars, as seen in the German language surveillance video below.
The following European car models were vulnerable to the attack, according to Wired: the Audi A3, A4 and A6, BMW’s 730d, Citroen’s DS4 CrossBack, Ford’s Galaxy and Eco-Sport, Honda’s HR-V, Hyundai’s Santa Fe CRDi, KIA’s Optima, Lexus’s RX 450h, Mazda’s CX-5, MINI’s Clubman, Mitsubishi’s Outlander, Nissan’s Qashqai and Leaf, Opel’s Ampera, Range Rover’s Evoque, Renault’s Traffic, Ssangyong’s Tivoli XDi, Subaru’s Levorg, Toyota’s RAV4, and Volkswagen’s Golf GTD and Touran 5T. While the researchers were unable to unlock the BMW i3, they could start the car with their radios.
It’s important to note that the cars the researchers tested were all European models, which operate under different radio frequencies than those from the U.S. However, they said the same technique could potentially be used here. One hacker was able to access any car or garage with keyless entry using a $32 device he built himself.
If you’re concerned about someone compromising your keyless entry vehicle, one step you can take is to put your fob in a metal box called a Faraday cage, which blocks electric fields from entering and thereby stops thieves from accessing your fob’s signal. Most of us have one of these Faraday cages at home, in the form of our freezers. Not all freezers are Faraday cages, though, so your results may vary.
On the whole, it’s important that car makers put the ADAC’s research and other security research into practice by building smarter key fobs and software systems without these vulnerabilities. Keeping your car from malicious joyriders might depend on it.
[Man unlocking car via Shutterstock]