You can imagine the dismay: you scrimp and save to buy a £72,000 ($92,000) Volvo XC90 4×4 only to wind up standing outside in your slippers, bewailing a parking spot suddenly as barren as your dreams of having a nice car.
TWICE.
Sadly enough, this is the fate that befell Londoner Jas Hara, all thanks to those keyless entry fobs and the thieves who know how to hack them.
The 41-year-old underwriter for an investment firm and his 39-year-old wife, Havinder, told the Evening Standard that the exact same thing happened to the first new car they ever bought a little over a year ago.
Well, that’s not going to happen again, they said, as they went out and bought a tracking device for the replacement car. They also installed CCTV cameras overlooking their drive in Hampden Way, in the London neighborhood of Southgate, along with a video doorbell and motion sensors.
Those cameras didn’t keep the theft from happening again, but they did do an excellent job of capturing it the second time around. In the CCTV footage, two suspects used a scanning device to unlock the car, jump in, hit the start button and pull away – all within 90 seconds.
Hara said that this is the same technique used to steal the same model car from his driveway in October 2017.
These wireless keyfob-hacking crimes are called relay attacks. The attack involves relay devices that are capable of receiving wireless signals through walls, doors and windows.
CCTV footage of a relay attack captured in West Midlands in December 2017 shows one of the thieves standing near the victim’s property, waving a relay device until he gets a signal from a key fob inside the house or garage. The other thief stood near the car with his own relay box, which receives the signal from the relay box near the property. The car sniffs the unlock-me signal that’s close by, and it obligingly unlocks the door.
Similar to the 90-second theft of the Volvos, the West Midlands ripoff – of a Mercedes – took about a minute. And here’s the thing about relay attacks: given that they work by extending the signal coming from the car keys inside the house and tricking the car’s system into believing that it’s the actual key, they don’t trigger car alarms.
It used to be the case that relay attacks would only unlock cars. But now thieves can not only get in, they can start up your car and drive away.
The Evening Standard pulled up some statistics showing that there’s been a surge in relay-attack car thefts:
Car-hacking, or “relay attack”, is said to have fuelled a surge in vehicle thefts. Figures from the Office for National Statistics show 89,000 cars were stolen in 2017, up from 57,000 the year before. The Association of British Insurers reported a record £271 million in theft claims in the first nine months of 2018. Keyless entry was cited as the “main driver” in the rise in offences.
Well, that’s not too surprising: these attacks are cheap and easy. The attack devices vary in signal range and price. Powerful units fetch hundreds of dollars, but thieves don’t need top-of-the-line devices.
The Berlin-based automobile club ADAC reported in a 2016 study that car thieves can make do with a $225 signal booster to fool cars into thinking their owners are nearby, allowing them to easily unlock the cars and start them up: a silent theft that doesn’t leave a scratch.
How do you protect your ride?
Faraday cages protect fobs from sending or receiving signals, so you can always toss your keys into the refrigerator… or a metal box… or hey, a chips packet works, too.
Then again, you can turn off your key, as one of our readers has suggested, though not all car manufacturers have keyless fobs that easily allow that.
There is yet another relay-attack-thwarting, authentication-token-based technology that we believe may have been invented or at least rediscovered by Naked Security’s Paul Ducklin:
Put a slot in the car into which you have to insert a metal authentication token cut into a unique shape, and then turn it to the left or right to prove your presence…
That, in fact, is the technology that Mr. Hara plans to adopt in the future, in addition to buying a car that’s less blingy, he told the Evening Standard:
Now I think we will stick with a bog-standard car, and I would rather use a normal key from now on.
Zohan
Metal authentication token and turn left or right…. I know what that is… It’s a key! Low tech rules! Faraday pouch (chip bag)is easiest to thwart attack. Remember both keys tho!
Matt Parkes
Going back to key means the car can be hot wired just like any other, you are no better off. Without knowing the full details behind how they work, what about the keyless ignition card where the fob has to be present in order for the engine to work, surely even a relay tool will only work for a short distance?
John Leslie
Keys these days have chips in them… After my house got broken in and the spare keys for my Audi were stolen (about 10 years ago) the garage immediately reprogrammed the car and the remaining key, but I had to wait to get replacement locks. So the bad guys could have opened the car but not turned off the alarm or started it.
VMAN
MFA……….
Rob
I’m very fond of my garage. I don’t understand how someone could leave such a huge investment out in the open, where it can be damaged by any number of things. I assume a garage is hard to get for people in London.
wally
you’re lucky to get to park at all
John Leslie
The trend for ever-wider cars mean many won’t fit in most garages. Even my Citroen DS3 only fits in the garage with the door mirrors folded.
BTW I asked the insurers if it would be cheaper if I kept it in the garage rather than on the drive, they said no as they get claims from people dinging their cars going in/out.
Mahhn
Thanks to a story on this last spring, I used a metal CC holder when I drove cross country in July, and still do. (tested at the door)
My hotrod benz maybe a 10 years old, but it’s mine and going to stay that way.
Sptyte
take the battery out of the fob?
Mahhn
It’s a PITA to do that on many fobs. Any metal container is pretty easy to use to drop the keys in.
However, a small On/Off switch would be a good start. Kind of like we wish we had on phones for the wifi – as those software switches don’t always really turn it off.
roleary
The librem 5 comes with a physical wifi kill switch.
Anonymous
“USD £72,000” Is the US now part of May’s BREXIT plan?
Louisa Hardwick
Fixed, thanks!
Mr
Spent all that money on fancy CCTV so they have a nice video of the theft. I’m sure that’s really useful.
So they are victim to this type of theft once, then again. Surely they should have learned from the first theft to simply use a signal blocker when the keys are in the house. It’s not exactly difficult.
Joshua Caron
Uh huh? And what makes you think they knew how the first theft happened?
harvi
hey reading your comments, both keys were in a faraday pouch which is suppose to be the signal blocker! it didn’t work!
Bob
As keyless drive is an option dictated by the cars software, surely a trip to the dealer to disable it would be a fix?