Keyless Theft – How is it being done?
If your car comes with a smart key and push-to-start button it can be a super easy target for a professional car thief. Here I look at some of the modern methods used to compromise your vehicles factory security and explain how it is done.
This method involves transmitting a frequency that is in the same range as your cars remote so that it blocks the signal and prevents it from locking.
It does not require any sophisticated equipment and can be done with a simple car alarm remote! Ever press your remote and found it didn’t work? Then tried again and it did work!
Check to see if your car has actually locked or watch for the hazard lights to flash confirmation. If not you could be leaving your car open to content theft and a possible OBD-II Attack! (See below)
Don’t assume your car has locked because you hit the remote button!
Roll Jam Attack
This is an advanced version of Remote Jamming. It blocks the vehicle from receiving the code whilst recording it. The owner then presses the remote again and the first stolen remote code is used to lock the car. The second code is then stored to unlock the car in the future!
The video below explains the details. I’ve clipped it between the 37.40 and 51.11 as it’s the most relevant part, but the whole thing is worth watching if you have the time.
This method is used on vehicles that come with a smart key. It allows the thief to unlock and start your car by tricking it into thinking the smart key is in range.
Again I’ve cropped the video to the most relevant part which starts at 33.42 minutes in but again, the whole thing is worth watching:
OBD-II Remote Cloning
Programming a smart key via the OBD-II plug can be done in a couple of minutes with the right tools. The thief can then drive your car away!
Every car manufactured after 1996 has an OBD-II plug.
The “On Board Diagnostic” plug is there to help technicians read vehicle fault codes and electrical settings. It is also used by the Dealership and Automotive Locksmiths to code a new remote to the car using an OBDII scan tool.
These tools have become much more affordable in recent years and are easy to purchase.
An OBD BLOCK is an effective tidy way to prevent your OBDII connector from being hacked:
Traditional Remote Key V Smart Key
Remember any vehicle is easy to take if your keys get stolen, this remains the easiest way for a thief to take your vehicle.
Fact: Over 70% of cars are stolen with the keys!
A remote with a traditional key is much less vulnerable than a smart key for the following reasons:
- It only transmits when the button is pressed so is not compromised by an Amplifier/Relay Attack.
- The transponder immobiliser is not compromised by a Remote Blocking or a Roll Jam attack, but can still be vulnerable to an OBD-II key programmer.
- It still requires a cut key, placed in the ignition barrel and turned, or for the steering lock to be broken and the vehicle to be hot-wired!
I’m currently testing a new product that protects your vehicle from theft from the above methods.
More details coming soon…