Modern automobiles contain lots of computers and electronic sensors. These control most aspects of the car’s operation, from engine timing and adjusting the brakes to controlling the air conditioner and providing anti-theft systems. These systems have made cars more pleasant to drive, more fuel efficient, and safer, but they come with a downside: using software control almost always introduces new security risks. (I’ve written here before about hacking a car’s sensor systems, and more recently about defeating car immobilisers.)
Many newer model cars come with wireless systems to unlock the vehicle’s doors, and to start the engine. According to a new article at Technology Review, a group of security researchers at ETH Zürich have devised a signal relay attack that enabled them to open and start ten different cars from eight manufacturers, without having possession of the physical key. The research, led by Srdjan Capkun, will be presented at the Network & Distributed System Security Symposium, to be held in San Diego CA in February.
The attack is basically a man-in-the-middle one. The car emits a low-intensity signal that is picked up by the key fob when it is in close proximity to the car; the fob then transmits a code back to the car, causing the doors to be unlocked and the engine enabled or started. The researchers used an antenna close to the car to pick up its signal, then relayed it to a transmitter close to the key. The key’s signal could also be relayed back, though this was generally unnecessary, because the key fob’s transmitter has a range of ~100 meters.
Though this might seem cumbersome, the team managed to come up with plausible attack scenarios.
An attacker could watch a parking lot and have an accomplice watch as car owners as entered a nearby store. The accomplice would only need to be within eight meters of the targeted owner’s key fob, making it easy to avoid arousing suspicion.
With the technology currently in use, encryption of the signal makes no difference, because the authentic transmissions from the car and the key fob are just being duplicated. The researchers say that they are working on new protocols that will be more secure.
David Wagner, a professor of computer science at the University of California at Berkeley who has studied the cryptographic systems used in keyless entry systems, says the research “should help car manufacturers improve auto security systems in the future.
As Prof. Wagner notes, there are probably easier ways of stealing a car; however, one bad aspect of high-tech theft is that it leaves no evidence of forced entry or tampering with the car, which may present problems for the police and insurance companies.
The law of unintended consequences is still very much in force.