Time to freeze your car keys – hackers can now steal cars with radio signals

22 Mar 2016

Hackers can now steal up to 24 different car types in Europe by simply amplifying radio signals to overwrite keyless entry systems

It’s time to put your car keys in with your frozen chips – German vehicle security researchers have discovered that up to 24 different car models with keyless entry systems can be hacked and stolen through a radio amplification attack.

Focused mainly on European car types but convinced the same exploit can affect US car types, German vehicle group ADAC has claimed that it performed a radio amplification attack on up to 24 cars.

This kind of attack lets thieves enhance a signal from a legitimate fob inside the owner’s home to fool the car into thinking the key was in proximity to the car in the hand of its owner.

Keyless car keys work by being in proximity to the car door and ignition.

‘The radio connection between keys and car can easily be extended over several hundred meters, regardless of whether the original key is, for example, at home or in the pocket of the owner’
– ADAC

By amplifying the signal hackers can not only unlock target vehicles but also drive them away.

“The radio connection between keys and car can easily be extended over several hundred meters, regardless of whether the original key is, for example, at home or in the pocket of the owner,” ADAC said on its website.

An attack device to carry out such attacks can be procured for just $225, according to Wired.

In the US, former New York Times tech correspondent Nick Bilton blogged last year about how in Los Angeles where he lives a number of cars were stolen without any signs of break-in.

On one occasion – a Monday morning – two teenagers attempted to steal his Prius and just as they ran away he noted that they were carrying a mysterious black device.

ADAC says its experts have been able to open cars with comfort using a self-built radio amplification device within seconds.

A terrifying new paradigm for car theft

ADAC-radio-amplification

A diagram by German motoring group ADAC illustrating how the radio amplifcation attack can occur

Testers tried the hack on 20 different models from manufacturers that included Audi, BMW, Ford, Honda, Lexus, Mazda, MINI, Mitsubishi, Nissan, Opel, Range rover, Renault, Ssangyong, Subaru, Toyota, Volkswagen and Touran.

According to ADAC only the BMw i3 resisted the researchers’ attack but they were eventually able to start its ignition.

The researchers said that not only can the radio amplification attack unlock the car and start the ignition but it overcomes the immobiliser and alarm system with ease.

As long as there is fuel in the tank or until the engine stalls or is switched off the thieves can keep on driving until a replica key is created.

Effectively, this crime requires no forced entry or burglary and all the attackers need is a few chips, some batteries, a radio transmitter and an antenna.

ADAC did not reveal all the information in case it encourages more of this kind of crime.

Wireless car keys have been a feature of most new cars in the last five years.

There are no ways to avoid this latest type of attack, but car owners like Bilton stores his keys in a freezer while another method would be to create a kind of faraday cage to block radio signals.

However, it is not clear yet just how much metal shielding is needed to block all forms of amplification attacks.

Main image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com