Car owners may have to keep their wireless Key fob in a Faraday Cage or freezer to protect their remote key-less car from being hacked by the $17 “power amplifier.”
Last week, Nick Bilton of The New York Times wrote a blog post regarding the electronic thieves who rob remote Key-less car and the probable methods that user can stick to so as to safeguard the car from getting hacked.
Bilton, observed certain strange thefts occurring in his locality in Los Angeles, wherein there was an array of mysterious car break-in during the recent months. Surprisingly, there were no signs of forcible entry like door being scratched or the glass broken and it seemed the thieves targeted only those cars which use remote key-less systems, wherein a wireless Key fob is used to unlock the doors and engine ignition instead of the traditional keys. Further, Bilton recalled the different cars that were targeted by these thieves around the area near his locality: Mazda 3, Toyota Prius. Also his Prius had three break-ins in the last month.
Bilton gave some details of the most recent break-in, it seems it was early morning hours when the incident took place. It was Monday and he was busy at his kitchen table and he happened to look out of his window because of some strange noises made by his dog. What he saw took him by surprise because he saw two teenagers ride a bike and suddenly stop near his 2013 Gray Prius. Then the girl hops off the bike and pulls out a “small black device” from her backpack. Then she reaches down, opens the door and climbs into the car. By the time Bilton reached his car, the teenagers were back on the bike and they had fled from the scene. Though Bilton could not catch hold of the teenagers who were attempting the theft however, he was more concerned and also fascinating in getting to know the device that the girl had used to open the Prius.
Bilton tried inquiring Toyota regarding the device however the PR employee did not seem to know about such a device.
The spokes person at the Los Angeles Police Department’s communications desk, just casually told Bilton that he must have actually forgotten to lock the car! However, a public safety alert issued by the Toronto Police Service read: “Since January 1, 2015, investigators from 53 Division’s Major Crime Unit have noticed a spike in theft of Toyota and Lexus SUVs from driveways of homes in the Division. In all of the thefts, there have been no signs of damage at any of the scenes. Investigators believe that the suspect(s) may have access to electronic devices which can compromise an SUV’s security system.” The alert further urged people “members of the public to be vigilant when securing their SUVs, even in their driveways. Using a locked garage is recommended and any spare keys for SUVs should be secured in a safe location.”
The major issue here was that police just mentioned about the “device” but they did not give any specifications regarding this device.
Bilton further did some online research and got information that the car thieves have been using the electronic gadgets to unlock the car and steal. Some burglars hack the car and are able to drive the car without the need of keys. Some blog posts also mentioned about “secret device” that is used to unlock the car however not much was mentioned about the device.
Bilton’s research led him to some old articles dated 2012 which gave him the details of how a car can be stolen by exploiting its features in the “three minutes to steal keyless BMW’s.” He also got an article that gave details of how the thieves use the mystery device to unlock the vehicles.
The security researches told him that most cars with the remote key-less system can be hacked easily. Bilton’s search also led him to Diogo Mónica, a security researcher and chair of the Institute of Electrical and Electronics Engineers Public Visibility Committee, who confirmed “some sophisticated thieves have laptops equipped with a radio transmitter that figures out the unique code of a car’s key fob by using “brute force” to cycle through millions of combinations until they pick the right one.”
At last, Bilton got the answer to his curiosity when he spoke to Boris Danev, the founder a Switzerland based security firm known as 3DB Technologies. Mr. Danev has done his specialization on wireless devices and key fobs also he has done vast research on the security flaws of the key-less car systems.
Hence, when Bilton explained him the incident, Mr. Danev immediately understood what had happened and he explained: “The teenagers, likely got into the car using a relatively simple and inexpensive device called a ‘power amplifier’. ”
Mr. Danev further explained: “In a normal scenario, when you walk up to a car with a key-less entry and try the door handle, the car wirelessly calls out for your key so you don’t have to press any buttons to get inside. If the key calls back, the door unlocks. But the key-less system is capable of searching for a key only within a couple of feet.” During the break-in: “When the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter. And just like that, open sesame.”
Futher Mr. Danev said: “It’s a bit like a loudspeaker, so when you say hello over it, people who are 100 meters away can hear the word, ‘hello’.” Mr. Danev also added: “You can buy these devices anywhere for under $100. Some of the lower-range devices cost as little as $17 and can be bought online on sites like eBay, Amazon and Craigslist.” Mr Danev also said that his company is working with the car manufacturers to install a chip in the car which will tell how far the key is from the car and hence it can fully beat the power amplifier from tricking it.
As per Mr Danev the best way to protect the car from the “power amplifier” is to “put your keys in the freezer, which acts as a Faraday Cage, and won’t allow a signal to get in or out.”
So for all the users of the remote key-less cars try to keep your key fobs in freezer and get your cars protected from the power amplifiers and hackers.