Volvo Patents New Tool to Combat Car Thieves

Volvo has reportedly filed a new patent with the United States Patent and Trademark Office (USPTO) that would add digital protections designed to prevent modern car thieves from doing what they do. While the golden age of car thievery typically involved criminals skulking around in the dark to find an isolated model they could jimmy open and then hot-wire, today’s thieves tend to linger in crowded parking areas our outside homes with computers that scan and capture the codes being transmitted remotely from the key fob to the car.

There are certainly newer models that can be swiped the old-fashioned way. Hyundai and Kia ended up taking a lot of bad press over the fact that some of their late-model products weren’t even equipped with immobilizers. But most of the vehicles stolen on the road today are victims of the digital duplication of their own transmitted key data.

Many automakers have tried getting around this by having rolling codes that change every time the driver accesses the vehicle. However hackers have also developed workarounds for this. There’s even dedicated software (e.g. Samy Kamkar’s Rolljam) that could be used for locksmiths and car thieves alike.

The process involves waiting around until the owner attempts to unlock the vehicle and then jamming that signal. This fools the key fob and the driver into transmitting the next code while both are captured by the thief. Sometimes this can even yield three or four unique strings of useful data. Now equipped with multiple codes that should work on the vehicle, all that’s required is to feed the car the relevant signal until it accepts.

According to the patent-scouring CarBuzz, Volvo is developing a system offering additional layers of protection to help prevent rolling password attacks:

The Volvo solution revolves around back-and-forth communication between the vehicle and its access device, along with time calculations and distance estimates based on the signal strength of secondary acoustic sensors.

The vehicle first sends an identifying signal with a timestamp to the access device via a Bluetooth connection, which is then sent back to the vehicle to verify the first time of contact. The vehicle then creates a new second unique identity, which is sent to the access device and back to the vehicle via acoustic receivers mounted on the vehicle's corners to determine the response time delay in communications and confirm the second unique identifier at the same time.

Think of this as two-factor authentication for your car, using Bluetooth as a primary password and the acoustic check as a secondary failsafe.

By bouncing a signal back and forth between the vehicle and the device trying to access it, the car should have a better sense of who is trying to get inside. If the delay between the request and the ping-back seems suspiciously long, the car will presume this is not the key fob, smartphone, or (cringe) Apple Watch that’s supposed to be given access and attempt to cross examine the distance of the Bluetooth connection with the distance of the acoustic detection system.

If they match up, no problem. However, if they end up being different, that likely means there's someone else is in the mix and up to something fishy.

In theory, this should prevent car thieves from setting up shop and trying to spoof key codes all day. Car thieves' only recourse would be to stand extremely close to the victim, which would likely be more trouble than it’s worth in most instances. That is, until hackers figure out another workaround.

[Images: USPTO]