'Mystery Device' Unlocks and Starts Over 50 Percent of Tested Vehicles

by Steph Willems

December 8th, 2016 10:41 AM

mystery device unlocks and starts over 50 percent of tested vehicles

Over the past two years, we’ve brought you in-depth coverage of a crop of shadowy gadgets designed to give thieves access to parked vehicles.

Like most tools of the trade, the gadgets are very similar, using the same principle to achieve the same result — unlocking a parked vehicle by sending signals to the car’s own keyless-entry system. For vehicles with a push-button ignition, the same gadgets can sometimes start the vehicle, giving that thief an instant lifestyle upgrade.

Now, a “mystery device” purchased by the National Insurance Crime Bureau (NICB) has revealed just how vulnerable an average vehicle is to these high-tech slim jims.

The device obtained by NICB was purchased by a third-party security expert from an overseas company. It uses the same technology and principle as the mystery gadgets seen in the hands of thieves in recent security camera footage and eyewitness reports. (TTAC has detailed how the technology works here and here.)

Apparently, the buy wasn’t a sketchy, late-night parking garage trade. The “overseas company” reproduced the device for automakers and anti-theft companies to test vehicle vulnerability, so there’s no legal grey area on the NICB’s end. Called a “relay attack” unit, the device only works on vehicles with keyless entry and push-button ignition.

For real-world unscientific testing, NICB partnered with auto retailer CarMax, rather than have one of their guys roam around side streets and parking lots in search of test subjects. The bureau wanted to know four things: whether the device could unlock a car, start the vehicle, drive it away, and turn off and restart the vehicle without the manufacturer’s keyless fob. The results were surprising.

According to NICB, “Tests were also done at a new car dealership, an independent used car dealer, at an auto auction and on NICB employee vehicles and ones owned by private individuals.”

When tested on 35 different makes and models, the device unlocked 54 percent of the vehicles. It also allowed the “thief” to drive away in 51 percent of them. Once the vehicles that drove away were turned off, the device was able to restart the engine in 34 percent of them. (NICB notes that four new Chevrolets successfully repelled the device.)

“We’ve now seen for ourselves that these devices work,” NICB president and CEO Joe Wehrle said in a statement. “Maybe they don’t work on all makes and models, but certainly on enough that car thieves can target and steal them with relative ease. And the scary part is that there’s no warning or explanation for the owner. Unless someone catches the crime on a security camera, there’s no way for the owner or the police to really know what happened. Many times, they think the vehicle has been towed.”

It’s hard to protect against a relay attack, as the device simply amplifies and relays the signal from the vehicle’s proximity key. The vehicle is fooled into unlocking itself. It’s now up to automakers to design countermeasures against the technology, which can be built from aftermarket or used electronics.

Right now, the only advice from NICB is to keep valuables out of sight and always take your fob into the house. Bring the garage door opener, too.

#CarTheft #Gizmology #KeylessEntry #NationalInsuranceCrimeBureau #NICB #Technology

Comments

Join the conversation

4 of 67 comments

Vulpine on Dec 08, 2016

I'm reading a number of misperceptions above, though there may already be some correcting comments in response. I live in range of a number of Philadelphia radio stations and will note that the issue is bigger than you might imagine. Interestingly, the more common victims of this method of attack are in high-value communities... areas where the average home is in the million-dollar range--for obvious reasons. In essence, the relay only needs to get close enough to the key fob to amplify its signal to the receiver in the car. Assuming, for the moment, that it's a two-way communication (the car constantly seeks the fob until it's close enough to respond), the user of this device may only need to get ten or twenty feet closer to the fob to trigger the fob's response and then carry that 'echo' back to the car, which has already unlocked itself. Then, as long as the fob is still relaying the echo, the car will start in the driveway. Here's where things may differ, depending on brand and model. In some cases, when the car gets a certain distance away from the fob, it will shut itself down, the relay device supposedly not carrying the received code while others may keep running until it loses a signal entirely, which the relay device probably has a means to at least keep a carrier signal if not the code itself. This is definitely an issue but one that may have numerous resolutions of which one person's suggestion of a signal-blocking box in the home would be a simple and obvious, though somewhat annoying fix. Most people won't bother to take their keys out of their pocket or purse to drop them in a box overnight or, if they do, may well forget to grab them the next day and end up locking themselves out of both car and home in the process. An alternate fix might be to install a motion-sensitive switch on the key fob that prevents any sending if the fob is motionless beyond a certain set time. When the key is in a purse overnight or at the office, then the fob won't even bother to send its signal (saving battery) and make it less likely for the relay to sense a signal to unlock the vehicle. A pocket would be valid overnight when the owner is asleep though less so as long as the owner is moving around the home (once dressed.) A manual on/off switch would serve a similar purpose. Remember, any automated system would be susceptible to this or similar reverse-engineered hacking device. One way or another there needs to be a manual override that can lock down or at the least notify the owner if the vehicle is moving without permission. A third-party transponder operating at a different frequency (individually selectable) or a switch/display requiring an alphanumeric password on entering the car might help to minimize the theft of the vehicle itself but if you want to prevent or limit access entirely then we might need to revert to a physical key. I can think of several different ways to make access more difficult for the thief but they all involve making said access more difficult for the owner, too.

Like Reply
- See 1 previous
- Scoutdude on Dec 08, 2016
  
  Maybe there are some out there that will shut down when you get to far away from the fob but I doubt it as that would be considered a safety hazard. I have a friend with a Prius who went somewhere with her husband, she got out with the fob in her possession while he continued on to his destination several miles away. Then when he went to go pick her up and go home and he couldn't start the car. With a lot of the houses they are building today it wouldn't be too hard to get close enough to relay the signal.
  
  Like
- Vulpine on Dec 09, 2016
  
  @Scoutdude Kind of the point though, don't you think? Now consider the article that came out earlier this week about the BMW that became a prison for the man who stole it. There ARE ways to minimize the problem but you have to keep in mind that anything man can create, man can figure out how to mis-use... and will. Now, honestly there's a huge convenience factor in having these systems. The problem with convenience is that it tends to make people complacent. But worse, it makes things even easier for those who prey on others who become complacent. 100 years ago, nobody even considered locking their doors when they were leaving the house to go shopping. Sure, there were sneak-thieves and cat-burglars, but they were relatively uncommon and people had the mindset that, "Oh, it won't happen to me," until it did. Of course, conversely as time progressed and such things as car thefts became more common, people started locking their doors to reduce that risk, creating a separate problem that now inconvenienced them on the occasion where they locked their keys inside the car (did that myself once a long time ago, now insure I have a second set of keys available, one way or another.) With these devices now, it's like you never locked your car in the first place. No. What is needed now is a way for the owner to personalize the key fob outside of the default lock/unlock code; a way for the vehicle to know when it has gone beyond a permissible distance from the owner and disable itself. Even limiting power or speed to, say 15mph, would be enough to force the joyrider to abandon the vehicle and even a more determined thief would have second thoughts about driving it any significant distance. It wouldn't necessarily prevent the break-ins, but taking personal gear out of the car or at least having it hidden will reduce the risk. While the interior of a car may be considered "personal space," that doesn't mean you can live out of your car as though it were home. Then again, as I recall some horse-thievery laws are still on the books. Maybe cars need to be designated the same as horses and simply hang the car thief, hmmm?
  
  Like
Mulry on Dec 10, 2016

Could this device be defeated by placing one's keys inside a small Faraday cage inside one's house? No signal = no signal to amplify and exploit.

Like Reply

Recent Comments

Probert Sorry to disappoint: https://robbreport.com/motors/cars/tesla-model-y-worlds-best-selling-vehicle-1234848318/and any list. of articles with a 1 second google search. It's a tough world out there - but you can do it!!!!!!
ToolGuy "We're marking the anniversary of the time Robert Farago started the GM death watch and called for the company to die."• No, we aren't. Robert Farago wrote that in April 2005. It was reposted in 2009 on the eve of the actual bankruptcy filing.The byline dates are sometimes strange/off with the site revisions (and the 'this is a repost' note got lost), but the date string in the link is correct (...2005/04...). Posting about GM bankruptcy in 2005 was a slightly more difficult call than doing it in 2009.-- The Truth About Calendars
Kat Laneaux Agree with Michael500, we wasted all that money just to bail out GM and they are developing these cars in China and other countries. What the heck. I understand the cheap labor but that is just another foothold the government has on their citizens and they already treat them like crap. That is pretty disgusting to go forward to put other peoples health and mental stability on a crazy crazed, control freak, leader, who is in bed with Russia. Thought about getting a buick but that just shot that one out of the park. All of this for the greed. They get what they lay in bed with. Disgusting.
Michael500 Good thing Obama used $50 billion of taxpayer money to bail them out and give unions a big stake. GM is headed to BK again with their Hail Mary hope of EVs. Hopefully a Republican in office will let them go BK the next time, and it's coming. The US economy is not related/dependent on GM and their Chinese made Buicks.
MaintenanceCosts "Rural areas hardly noticed COVID at all."I very much doubt that is true in places like the Navajo Nation or the Kenai Peninsula in Alaska, some of which lost 2% or more of their population to COVID.No city had a death rate in the same order of magnitude.Low-density living is a very modern invention. Before cars, people, even in agricultural areas, needed to live densely to survive.