We’ve seen some weird stolen things in cars, but what about a strange way to have a car stolen? Police in the West Midlands of England are looking for two suspects who stole a car in late September using a method which tricks the car into thinking the thieves have the keys, reports the BBC. The victim’s car was stolen using a purely technological attack which exploits keyless cars, something which many brand new vehicles ship with today. Though the technology behind how the attack works may be advanced, just how simple the relay attack works in practice might surprise you.
The attack in the video above is performed by two men, each of whom has a small handheld unit in their possession. One man stands near the vehicle and attempts to open the handle on the car. This generates a “request” signal from the car which looks for acknowledgment that the proper key is within range. Because the key is not in range of the door and the first relay box is, the attacker’s appliance acts as an impostor. It intercepts the request signal from the car and sends it wirelessly to the second box, coining the term “relay” attack.
Now, the second box’s job is to reach the actual key fob. The second attacker stands near the front of the house with the second relay unit, which amplifies the signal unlock request, expanding its range until a response is received from the actual key fob. Once the relay unit has this signal, it transmits the acknowledgment back to the original unit placed next to the vehicle, granting the unlock request as if the key fob was in the possession of the attacker the entire time. The process is then repeated one more time to start the vehicle and away the attackers go, free to drive until they shut off the car, or it runs out of gas.
One of the first organizations to publish findings on this attack is the ADAC in Germany. Similar to a combination of the Insurance Institute for Highway Safety (IIHS) and AAA in the United States, the ADAC performs various tests and studies to seek out problems currently found on the roads of the areas that it covers, one of which is the insecurity of keyless entry systems. In the video below, an ADAC spokesperson shows further examples of the attacks being performed and other scenarios in which it has carried out tests.
Though the ADAC has asked manufacturers to look into remedying this situation, little has been done since the discovery to prevent the theft of current vehicles on the road. Because of this, the police investigating the theft recommend either clubbing the car or placing the keys to the vehicle in a bag that prevents RFID signals from traversing its walls, similarly to how Nissan’s Signal Shield armrest functions.
Even though keyless entry and other forms of convenience make life a little easier to live, it often comes at the expense of exposing another security flaw. In this case, it enables thieves to perform technologically advanced attacks and be ever more intrusive in the lives of car owners. Hopefully, through more connected vehicles that don’t rely on proximity to authenticate the owners to the car, or good old-fashioned lock-and-key (even though that doesn’t always make new cars theft-proof), this kind of security flaw can be mitigated and owners can go on trusting that their cars will be safe.