Remote door locks are a convenience to the driver, but they could also offer thieves a convenient way to break in. When you press a button on your car’s key fob, it uses radio waves to send a series of codes to a receiver inside the vehicle. If the codes match, the car accepts the input. The problem is criminals could use off-the-shelf equipment to crack the codes and unlock the vehicle.
At the Black Hat Security Conference earlier this month Australian security researcher Silvo Cesare showed a video demonstrating the security flaw, unlocking his girlfriend’s car in just a few minutes. The hack disables the alarm and leaves no evidence for police, and the victim’s key fob will still function after a few repeated presses. Most victims would probably assume the battery in the fob is simply going dead.
While he’s only tried the hack on one car, automakers tend to use the same parts and technology across different models, meaning other cars are probably carrying the same vulnerability. While Cesare would not share the specific make and model, the video does show the car and a variant of the vehicle was sold in North America.
Cesare’s method does have some drawbacks that limits its appeal to thieves. Remote key fobs have used rolling codes that change every time the user presses the button since the 1990s, and the process of cracking the active code can take up to two hours. However, cars spend most of their time parked and idle. If the car sits overnight in a driveway or deserted parking lot, a thief would have ample time to break in.
Cesare used a software-defined radio to capture and transmit the wireless signals, a device that can send and receive wireless signals on a wide range of frequencies. Along with a laptop and an inexpensive amplifier and antenna, the equipment cost approximately $1,000.
Thieves who simply want to take a car or steal something inside will probably opt for simpler and more direct methods like a slim jim or the old smash and grab. In some cases criminals might want to commit a crime using a method that doesn’t leave evidence for the victim to find, such as wiring a car bomb or attaching a GPS tracking device.
Car thieves might already be using similar technology. Last year CNN reported police were stumped by a rash of car thefts caught on tape showing thieves using mysterious black boxes to unlock the vehicles. We’re not sure if these devices use the same technique as Cesare, but as prices fall the equipment he used will become more available to criminals.