German automobile club ADAC has released a report showing they were able to easily break into cars from 19 different manufacturers using a set of devices they built for a few hundred dollars.
The devices allowed the ADAC technicians to perform a relay attack on proximity key enabled vehicles by repeating the signal from the key fob.
This type of attack was previously described by researcher Boris Danev and his colleagues but was done in a lab environment with devices costing thousands of dollars. The ADAC test should serve as a significant warning to manufacturers, since it was completed using re-purposed consumer electronics that are inexpensive and portable.
Proximity keys have become widely available in the last few years and can now be found in modestly priced vehicles like the Honda Accord and Mazda CX-5. The technology operates by having a module inside the car that can query the keyless fob when entry action occurs, such as when an exterior door handle is pulled.
In most cases, the fob has to be within a few feet of the vehicle in order to respond and unlock the vehicle. Starting the vehicle works in the same manner but the fob usually has to be inside the car in order to do so.
ADAC was able to defeat the vehicle’s security mechanism by building two devices that can extend the signals up to a few hundred feet. The tester with the amplification device would walk close to the fob location, while the tester with the receiving device would walk over to the vehicle and initiate the unlock procedure.
Once inside the vehicle, the car can be started by placing the receiving device close to the ignition module and repeating the signal once more.
The procedure requires two devices — unlike the amplifier described by Nick Bilton and Boris Danev last year — but poses just as much risk due to the low cost. In my previous research on the subject, I found that such devices were available but cost tens of thousands of dollars, putting them out of reach of common thieves.
Many of the proximity key systems ADAC was able to compromise were from common vehicles, including the Audi A4, Mazda CX-5, and Toyota RAV-4. ADAC representatives who spoke to Auto Express stated, “Owners of cars with keyless locking systems should exercise increased vigilance in the storage of the key.”
I agree with their recommendation and suggest storing your proximity key fob in a small Faraday cage-type pouch to reduce the risk of theft.
Storing your key in a secure pouch shouldn’t have to be a requirement for vehicle owners, as the responsibility lies with the manufacturers to find a way to make these systems more secure. Since this type of amplification attack takes a little more time to push the signal to the car, the first step might be adding a latency check that causes the authentication handshake to time out after a certain point.