You can imagine the dismay: you scrimp and save to buy a £72,000 ($92,000) Volvo XC90 4×4 only to wind up standing outside in your slippers, bewailing a parking spot suddenly as barren as your dreams of having a nice car.
TWICE.
Sadly enough, this is the fate that befell Londoner Jas Hara, all thanks to those keyless entry fobs and the thieves who know how to hack them.
The 41-year-old underwriter for an investment firm and his 39-year-old wife, Havinder, told the Evening Standard that the exact same thing happened to the first new car they ever bought a little over a year ago.
Well, that’s not going to happen again, they said, as they went out and bought a tracking device for the replacement car. They also installed CCTV cameras overlooking their drive in Hampden Way, in the London neighborhood of Southgate, along with a video doorbell and motion sensors.
Those cameras didn’t keep the theft from happening again, but they did do an excellent job of capturing it the second time around. In the CCTV footage, two suspects used a scanning device to unlock the car, jump in, hit the start button and pull away – all within 90 seconds.
Hara said that this is the same technique used to steal the same model car from his driveway in October 2017.
These wireless keyfob-hacking crimes are called relay attacks. The attack involves relay devices that are capable of receiving wireless signals through walls, doors and windows.
CCTV footage of a relay attack captured in West Midlands in December 2017 shows one of the thieves standing near the victim’s property, waving a relay device until he gets a signal from a key fob inside the house or garage. The other thief stood near the car with his own relay box, which receives the signal from the relay box near the property. The car sniffs the unlock-me signal that’s close by, and it obligingly unlocks the door.
Similar to the 90-second theft of the Volvos, the West Midlands ripoff – of a Mercedes – took about a minute. And here’s the thing about relay attacks: given that they work by extending the signal coming from the car keys inside the house and tricking the car’s system into believing that it’s the actual key, they don’t trigger car alarms.
It used to be the case that relay attacks would only unlock cars. But now thieves can not only get in, they can start up your car and drive away.
The Evening Standard pulled up some statistics showing that there’s been a surge in relay-attack car thefts:
Car-hacking, or “relay attack”, is said to have fuelled a surge in vehicle thefts. Figures from the Office for National Statistics show 89,000 cars were stolen in 2017, up from 57,000 the year before. The Association of British Insurers reported a record £271 million in theft claims in the first nine months of 2018. Keyless entry was cited as the “main driver” in the rise in offences.
Well, that’s not too surprising: these attacks are cheap and easy. The attack devices vary in signal range and price. Powerful units fetch hundreds of dollars, but thieves don’t need top-of-the-line devices.
The Berlin-based automobile club ADAC reported in a 2016 study that car thieves can make do with a $225 signal booster to fool cars into thinking their owners are nearby, allowing them to easily unlock the cars and start them up: a silent theft that doesn’t leave a scratch.
How do you protect your ride?
Faraday cages protect fobs from sending or receiving signals, so you can always toss your keys into the refrigerator… or a metal box… or hey, a chips packet works, too.
Then again, you can turn off your key, as one of our readers has suggested, though not all car manufacturers have keyless fobs that easily allow that.
There is yet another relay-attack-thwarting, authentication-token-based technology that we believe may have been invented or at least rediscovered by Naked Security’s Paul Ducklin:
Put a slot in the car into which you have to insert a metal authentication token cut into a unique shape, and then turn it to the left or right to prove your presence…
That, in fact, is the technology that Mr. Hara plans to adopt in the future, in addition to buying a car that’s less blingy, he told the Evening Standard:
Now I think we will stick with a bog-standard car, and I would rather use a normal key from now on.