Google+

Tuesday, November 28, 2017

Minimizing the Risk of Keyless Vehicle Theft


This week, Police in England released security footage of two car thieves breaking into a Mercedes using a relay device. This incident is thought to be the first of its kind caught on camera. In the video, one thief can be seen scanning for the car’s key fob through the walls of a home while the other stands next to the car with a second device waiting for the car doors to unlock. In less than a minute, the device is able to trick the car into thinking the key fob is present, thus enabling the thieves to get into the car and drive away without triggering the alarm.

Source: businessinsider.com/thieves-unlock-a-mercedes-using-device-relays-keys-signal-west-midlands-police-2017-11

As more vehicles come equipped with keyless entry/ignition systems and as such relay devices become more easily accessible to car thieves, high-tech crimes like this are at risk of becoming more commonplace in our neighbourhoods.

Here are some actions you can take to minimize your risk:
1. Keep your keyless entry car keys well away from your car.
It sounds obvious, but a spate of attacks appear to have happened in the US that exploit this. A radio signal amplifier has been used by the thief to amplify the signal from your keyless entry keys, making the car think the keys are next to it, rather than in the nearby house. The car then unlocks when the door handle is pulled. It starts, and off the thief drives. So, if your car is parked close to your house, don’t leave the keys near the front door. Keep them well away from the car, so this ‘amplification’ attack is harder.

2. Consider putting your keyless entry keys in a RF shielded box or pouch.
Keyless entry is so easy. Keys in pocket or bag, car opens for you. Make this attack so much harder by stopping the radio signals getting from your keys. It’s a pain having to take them out of the pouch, but it could stop your car being stolen. If at home, keep the keys in a small metal box, ideally one that’s shielded from radio waves. Lead, copper or silver can work well!

3. If your car hasn’t been for a service call recently speak to your dealer.
Unless your car can update its software by itself, then it may need a software update to fix security flaws. This may require a trip to the dealer, so speak to them.

4. Even if you don’t have a keyless ignition car, don’t leave valuable stuff in it.
The attacks work against non-keyless ignition cars too. It’s just that it can be a harder to start the engine, requiring different techniques and maybe some old-school hot-wiring of the ignition. The car can be unlocked, so don’t leave anything in it. Again, this is really obvious, as smashing a window works almost as well for a thief.

Source: pentestpartners.com/security-blog/practical-security-advice-for-keyless-cars
High-tech car thefts such as this date back to 2015, when serious security flaws were flagged by experts but some major car manufacturers tried to keep the issue quiet. Read more here: computerworld.com/article/2971826/cybercrime-hacking/hack-to-steal-cars-with-keyless-ignition-volkswagen-spent-2-years-hiding-flaw

RF shielded bags (such as Faraday Bags) are worth purchasing if you are concerned about protecting key fobs and other smart devices (phones, tablets, etc.) from remote hacking. Read more here: micahflee.com/2015/11/some-thoughts-on-faraday-bags-and-operational-security

For more information on minimizing the risk of your car being stolen or broken into, please refer to the Toronto Police website on Crime Prevention and Community Safety (Auto Theft).

If you have seen or heard anything suspicious, please contact the Police.
If you see a crime in progress, please call 9-1-1 immediately.