April 10, 2018
By Dave Avran
A device costing about RM150 that can be easily obtained online or at electronic stores can unlock a car and start its engine by hacking its radio frequency identification (RFID) information.
What’s alarming (pun intended) is that the device works on almost every car with keyless entry. What’s more owners of cars using the keyless entry system are at risk of having their vehicles stolen in minutes by this frequency hacking device.
Car thieves are now recruiting hackers to install the required software onto their laptops and teach them how to operate the device. There are three ways to steal the encryption code to unlock keyless (push start) vehicles.
The device has to be attached to a computer and run with simple frequency monitoring software, which can be downloaded free from the Internet. The software then reads the frequency transmitted between the remote key and car locking system.
It can capture the frequency code used to lock the car. At the same time, it decrypts the rolling codes transmitted back by the car to the remote key, to unlock the vehicle.
The other method is by “attacking” the car system. The hacking device broadcasts a signal mimicking the remote, tricking the car into responding with a rolling code. The device then captures the code and decrypts it to unlock the vehicle.
The process takes just a few minutes, depending on the hackers’ code database. Thieves have also been known to steal the code from the remote key by broadcasting a radio signal to it.
This emulates the car communicating with the key, which will automatically send a response. The car thieves then capture and decrypt the frequency transmitted from the key and pair it with the car’s locking system to unlock the vehicle.
Many keyless entry systems also include a remote keyless ignition system. As such, when thieves unlock the vehicle, they can also start the car. A remote keyless ignition uses a push button to start the car, not a physical key.
To date, car manufacturers have yet to find a fool proof solution to beat these car thieves, and a police spokesman has confirmed that they are aware of this high-tech method. He advised car owners to take extra precautions like installing GPS tracking devices or use steering or gear locks to deter thieves.
The police spokesman added that keyless entry was impressive, but nothing beats a good physical lock, which makes it much harder for thieves. Automotive industry insiders agree that the good old fashioned way of securing cars using manual keys and locks is still effective in preventing vehicle theft.
The longer time taken to steal vehicles with old-fashioned locks discourages thieves.
Owners are also encouraged to use anti-theft devices such as steering locks, immobilisers, motion sensors and top-grade alarms. A good tracking device would also be of great help in the event of a theft.
On the other hand while many after-market security products serve as a visible deterrent, they offer no serious solutions to a determined vehicle thief. Steering locks are useless as the thief simply injects an acid solution into the key hole and it dissolves the lock. Or the thief cuts the steering wheel to pry it away from the steering lock.
For a pedal lock, the thief simply kicks hard on the pedal and it will slide down allowing the thief to operate the pedals. As for GPS/GSM systems, the thief can use GPS/GSM jammers readily available online and in local stores.
Therefore to completely protect your vehicle from being stolen you have to protect three important points – the ignition, the starter motor and the fuel pump. You must protect at least two of these three points. Also, your security system must be able to protect itself from being overridden.
Currently statistics of such high tech vehicle thefts are not available in Malaysia. The onus is now really on vehicle manufacturers to provide better anti car theft security systems.