'Relay Hack' Lets Thieves Steal Cars Using $22 of Electronics
Chinese security researchers demonstrated a way to gain access to a car using cheap electronics.
New cars feature more integrated software than ever, and with that software comes security vulnerabilities. As a recent security issue with Hyundai's Blue Link app demonstrates, telematics and other connected systems aren't immune to tampering. That could potentially make life easier for car thieves. Researchers from Chinese security firm Qihoo 360 recently demonstrated a technique called a "relay hack" that can be used to break into cars using a pair of transceivers cobbled together for just $22, according to Wired.
Those cheap transceivers were used to extend the range of a car's key fob by up to 1,000 feet. This tricks the car's onboard sensors into thinking the key fob is close buy, allowing hackers to unlock the doors. This presumably only works on newer cars with keyless entry, which automatically unlocks doors without the driver having to actually press a key fob button.
The relay hack also requires one thief to be close to the actual key fob, wherever it is. The transceivers pick up the signal from that fob and extend the range so that the car can be unlocked even if the driver isn't nearby. Such an attack could be used on a person shopping in a store or working in an office, with a car parked outside, Qihoo researcher Jun Li told Wired.
The researchers tested their hack on a Chinese-market BYD Qin and Chevrolet Captiva. However, the keyless-entry systems for those cars are manufactured by Dutch firm NXP, which also supplies systems to cars sold in the U.S.
Hijacking key fob signals isn't unheard of. Last year, researchers at Germany's ADAC demonstrated a similar hack on 24 vehicles using what they said was $225 worth of equipment, while a security flaw uncovered by German engineering firm Kasper & Oswald enabled thieves to clone key fobs for virtually every Volkswagen Group car made since 1995.
While these types of hacks are a serious issue, they're not quite as sinister as the popular image of car hacking, fueled by a 2015 demonstration in which security researchers took control of a Jeep Cherokee using a laptop. The relay hack allows third parties to gain access to a car, but it does not allow them to gain control of one while someone else is driving.
- RELATEDCan We Please Stop Pretending Car Hacking Is a Grave Threat?The Egyptians had “hackers,” too.READ NOW
- RELATEDChinese Hackers Seized Control of the Tesla Model SBut Tesla issued an over-the-air update to protect its cars before the hackers went public.READ NOW
- RELATEDOver 30 Jeeps and Dodges Were Hacked and Stolen in HoustonIs a laptop and an OBD-II connection the new screwdriver to the steering column?READ NOW
- RELATEDShould Car Hacking Be Punishable By Life in Prison?Groundbreaking automotive cyber-security legislation carries possibility of a life sentence.READ NOW
- RELATEDA Theft Expert Answers: Does Color-Changing Car Paint Actually Work?The author of How to Steal The Mona Lisa talks paramagnetic paint, a potential boon to getaway drivers.READ NOW