Meet the Man Who Sells Devices to Hack Your Car’s Keyless Entry
Digital tech meets physical crimes.
Passive keyless entry systems have become increasingly popular in the past decade. Simply walk up to your car with your key or fob in your pocket and touch the door handle to automatically unlock it. Another push of a button and your car comes to life. Average thieves might not understand how to exploit flaws in these systems, but now they can easily buy a device from someone who does.
This comes to us from Vice's Motherboard, which recently profiled a man who goes by the handle EvanConnect and sells these devices to interested buyers as security testing tools.
Let's take a look at how the attack works and check out his own demo video below:
It takes two to tango... err, steal a car, specifically one to stand by the car with small transponder and another to walk around the area where the victim is believed to have stored the car key—such as an office, home, or even directly behind them as they get ready to enter a parking garage's elevator.
A typical case seen by police is where a high-end vehicle is stolen overnight at someone's home, as one individual stands next to the car in the driveway while the other circulates the exterior wall of the house until they get in range of the car's matching key fob. The attacker on the driveway will attempt to unlock the car by pulling on its door handle while, while the other's transponder transmits the found signal to the device, which then relays it to the out-of-range keyfob (hence where the attack gets its name).
Finally, when the second transponder receives the acknowledgment from the actual vehicle key, the deed is done. We must say, this process happens in mere seconds, and once it's done the car is good to go until the engine is shut off at its destination.
"Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people."
That means whether you're a car thief, repo man, security researcher, or just curious, you can pick up one of these devices for the right price. Evan says he sells a basic version of his device for $9,000, or an upgraded version that covers a wider range of FSB4-compatible cars for $12,000.
The devices themselves aren't illegal and Evan warns people that the intended purpose is security research. Still, Evan says that his devices can exploit any car that uses passive keyless entry systems sold on the market as of this month, which means that automakers are still unprepared to combat the attack.
Automakers like Tesla have unintentionally fought this battle by utilizing existing technology to interface with a car's ignition system. For example, many drivers utilize their phone's Bluetooth connection or the in-app connected services to unlock and start their Tesla, though a small key card is available as a backup.
Officials have seen the number of PKE-related crimes drastically rise in recent years, meaning that unless manufacturers find some way to battle thieves, this statistic will continue to balloon.