When the innovative British technology pioneer Kevin Ashton coined the term the “Internet of Things” (IOT) back in 1999, his vision was that computers would gather data independently by use of radio-frequency identification (RFID) and sensor technology, without the need for any human input.
Two decades later, that vision has become a reality as ordinary objects like cars, ovens, washing machines, and refrigerators have become “smart,” communicating with our devices without the need for us to do anything. However, with every new convenience comes an opportunity for hackers to exploit the system.
The Surge of Keyless Car Theft
One story that has been increasingly in the news is how tech-savvy thieves are using a digital hack to steal cars. An Action News investigation reported that a vehicle’s keyless entry system had been intercepted using a relay device that hijacked the signal from the key fob, which had the capacity to not only unlock the doors but start the engine.
What is a Passive Keyless Entry (PKE) Automotive Security System?
Unlike a standard remote keyless entry (RKE) device, which requires that you push a button to lock or unlock your vehicle, a passive keyless entry (PKE) device operates automatically when you are within close range of your vehicle.
Your key fob and vehicle are equipped with transceivers, devices that can both transmit and receive radio waves using an antenna. Your vehicle continually emits a unique radio frequency (RF) signal that the receiver in your key fob recognizes, allowing the devices to communicate remotely with each other.
All you have to do is walk up to your car with your key fob in your pocket or purse, and when you come into range, your vehicle will respond. It unlocks the door when you approach or pull on the door handle and locks it when you walk away or touch your vehicle after you exit. The keyless entry system that streamlines your life also makes it easier for hackers to steal your car by hijacking the signal emitted by your key fob.
How Does the Signal Amplification Relay Attack Work?
Sophisticated hackers are using what is known as a relay attack device to mimic your key fob. It works by stealing your key fob’s unique code and sending it to a small relay box built specifically to intercept the signal from any car using that kind of technology.
Criminals work in tandem, using transmitters and RF amplification equipment to boost the signal of a key fob that is out of the range of a car. One attacker picks up the signal from the key fob and amplifies it, transmitting it to another receiver near the vehicle. The receiver then copies the relayed signal and transmits it to the car. The car mistakenly senses that the driver is nearby and is tricked into opening the door. Cars that use a passive keyless entry system are often equipped with a keyless ignition as well, which requires that the driver push a button to start the engine.
Robert Morse with the National Insurance Crime Bureau (NICB), the top not-for-profit organization dedicated to fighting insurance fraud and crime in the United States, stated that it was a difficult crime to prove because the only real evidence of this particular kind of theft is when somebody captures it on a security camera. Morse tested the relay attack device on 35 different vehicles, opening the doors on more than half. In 18 of those cars, the ignition started, and his team was able to drive the vehicles away within seconds.
A Reformed “Grey Hat” Hacker Helps Manufacturers Fix Flaws
Keyless car theft became more challenging for hackers when Samy Kamkar focused his high-tech skills on finding vulnerabilities in the system. Kamkar is a convicted criminal and one of the most famous hackers in America. On October 4, 2005, at the age of 19, he created and released the fastest-spreading virus of all time, the MySpace “Samy” worm. The virus infected over one million users within 24 hours of its release and crashed the site.
Six months later, the Secret Service raided Kamkar's home and confiscated all his electronic devices. He was banned from the Internet for life. The young hacker who had spent every waking hour on his computer was devastated and eventually plea-bargained for three years of probation — which included being prohibited from connecting to the Internet, paying a fine, and performing community service.
Kamkar was a State of California rehabilitation success story. After his excellent behavior while on probation, Kamkar was allowed to use computers again. He was grateful for the opportunity to start anew and decided to use his tech talents to benefit the world. More than 25 years later, he is a “grey hat” hacker, an independent security researcher who uses his hacking abilities to help manufacturers identify flaws in technological systems.
Kamkar is successful because he understands the minds of hackers, who are often young and do not have the life experience to comprehend the consequences of their actions. He warns that most modern vehicles with keyless entry are vulnerable and that relay attack tools are easy to create. Vehicles loaded with the most electronic features have the greatest risks because there is a wider attack surface.
Kamkar said that because hackers are now working with car manufacturers to improve security, they should be able to innovate advancements to make it harder to steal newer models on the market. However, there is a quick and easy precaution you can take yourself to prevent tech-savvy thieves from stealing your keyless vehicle.
Invest in an Off-Grid Faraday Bag
A simple but highly effective solution recommended by everyone from locksmiths to global insurance groups is investing in a Faraday bag to prevent thieves from amplifying your key fob’s signal. The Faraday bag was named after the pioneering scientist Michael Faraday, who created an electromagnetic-blocking cage back in 1836. Once you pop your key fob inside a Faraday bag, it blocks RF signals from being transmitted and received by electronic devices.