How hi-tech thieves are defeating keyless car security systems

How hi-tech thieves are defeating keyless car security systems

Is this secure enough then, Mr Insurer?

SAM MILLER was settling down for the evening in her living room when her phone rang. Did she know that her Range Rover was on the move, asked the caller from Tracker, a vehicle location company.

“I said, ‘Are you sure? Because it’s sitting on my drive,’ ” says Miller, 45, a finance director from Marston Green in the West Midlands. “But when I looked out of the window, the car had disappeared. I don’t want to repeat what I said — there were a few expletives — but I was quite shocked, to say the least.”

When Miller looked at her CCTV system she was in for another shock. The thief had walked up, pulled the door handle and jumped into her two-year-old Autobiography-spec car, which would cost £100,000 new today. He started the engine and, after almost ploughing forwards into Miller’s house, found reverse gear and drove away. The theft was over in less than 30 seconds.

Miller’s tracking device led police to the car, which had been parked and abandoned, in less than an hour, but other owners have not been so lucky. Last week it emerged that some Range Rover owners who park their cars on the street in London are struggling to get insurance because so many of the cars are being stolen.

Quantum, a specialist insurer, says that underwriters are refusing to cover the cars because despite hi-tech security systems the vehicles suffer from a catastrophic flaw: they feature keyless entry and keyless start technology that thieves have found ways to bypass, enabling them to steal the cars at will.

The insurer says that unless Range Rovers and other high-end cars with the same technology are parked in a secure garage, the only way to get insurance for them is to combine it with household insurance to spread the risk.

“Stealing these cars is almost child’s play,” says James Wasdell, co-founder of Quantum. “Range Rovers are being targeted because they are desirable, but other cars with keyless systems have the same problem — they just aren’t as high up on thieves’ shopping lists.”

“Stealing these cars is almost child’s play,” says James Wasdell, co-founder of Quantum

Security experts say that the problem, once confined to expensive models, now affects almost every manufacturer that sells cars with keyless systems, which allow drivers to start their engine with the push of a button rather than by putting their key into the ignition. High-performance Audis and BMW X5s have also recently been targeted.

After years of denial and obfuscation, it appears that the car industry is at last waking up to the scale of the problem. Later this month at an emergency summit held by the Institution of Engineering and Technology, Edmund King, president of the AA, will warn representatives of the motor and security industries that car crime figures are likely to rise for the first time in 20 years.

“Opportunist crime such as joyriding has gone away, but we are left with a hard core of organised and well resourced crime groups targeting high-value vehicles,” King says.

These hi-tech thieves can hack into a car’s electronic security system and then program a blank key fob (read more here). Because there is no physical key to insert into the ignition, the thief can then start the car at will. Another technique can be used to fool the vehicle into unlocking the doors, giving thieves access to the car without their having to break windows and risk setting off alarms or activating immobilisers.

The electronic devices used to hack cars’ security systems are available on the internet for as little as £10. Some are fitted with torches to help thieves work in the dark.

Since The Sunday Times highlighted the vulnerability of keyless systems in 2011 the problem has escalated. The Metropolitan police say that around half of all car thefts in London are carried out without the use of any original keys. Owners can protect themselves by fitting a lock to their diagnostic port — the socket thieves plug their devices into to gain access to the car’s computer. But even that may not be enough: King will warn in his speech that crooks are already exploiting other loopholes.

Car hacking

Some are removing dashboard panels to reveal circuit boards so they can directly rewire the relevant microchip. And with the advent of mobile phone apps that can unlock your car at the swipe of a finger — they’re offered by BMW, Volvo and Tesla, among others — King warns that criminals are likely to try to steal passwords and obtain easy access. Other experts say that criminal gangs are developing key-programming software for smartphones that will make the process tougher for police to detect.

Motor manufacturers put the blame squarely on European competition regulations that force them to allow third parties such as mechanics and locksmiths to have access to the diagnostic port and the freedom to program new keys. But Mike Parris, head of the secure car division at the motoring technology consultancy SBD, says that the blame lies with crack coders from eastern Europe who can reverse-engineer vehicles to identify any security weakness and then develop devices to exploit the loophole, selling them online. As often happens with legitimate technology too, they are then copied by Chinese companies, which sell them for a lower price, making them more tempting to thieves.

The problem has become so acute that car makers could soon be forced to abandon keyless entry and revert to traditional metal keys.

The security standards of new vehicles sold in Britain are set by Thatcham, a research centre for the motor industry, which must approve cars’ security measures before insurers will cover them. Mike Briggs, security research manager at the Berkshire-based centre, says Thatcham’s tests are the toughest in Europe and have recently been tightened, which could result in some car makers failing them unless they abandon keyless entry for a conventional metal key.

Some car makers could fall short of Thatcham-approved security standards unless they abandon keyless entry

Any such move will come too late for the thousands of drivers who have had their cars stolen by the cyberthieves — apparently with ease — while the manufacturers have continued to deny that there is a security problem.

Land Rover said it frequently updated its software to make it tougher for thieves to breach. It is thought that the company is finalising an update for Range Rover owners, but no details are yet available.

Although Miller’s car was recovered, it was damaged by the thieves and is now being repaired. “Range Rovers aren’t cheap,” she says. “You spend that amount of money on a vehicle and you think it should be impossible to steal. Obviously that isn’t the case.”


An old problem: Sunday Times Driving reports on keyless car thefts

THE SUNDAY Times has led the campaign to make manufacturers do more to protect owners from theft and to highlight the security flaws in many modern cars.

The problem came to light as far back as February 2011, when we teamed up with a university in Switzerland to demonstrate how keyless entry systems could be exploited by thieves to gain access to cars and steal them. At the time car makers were reluctant to admit that they were affected. Both Toyota and Audi took a similar line to Jaguar Land Rover, which claimed that its cars were “robust” against hacking.

The problem didn’t go away, though. In February 2012 we reported on a street in London that had been plagued by vehicle thefts with no visible signs of damage and revealed that security experts were frustrated with car manufacturers, which they claimed were in denial about the problem. That summer we reported that insurance companies were refusing to pay out to owners who had had their car stolen by key hacking because they deemed the owner to be at fault on the basis that the vehicle was “impossible to steal” without the key, so it must have been left unlocked.

Car makers continued to deny there was a problem. Last year we reported on the case of Daniel Witte, who had his £70,000 Audi RS 4 stolen from his driveway in 90 seconds by thieves, who circumvented the keyless entry and start system. Even though we sent CCTV footage of the incident to the company, Audi defended its record on security and denied that there was a problem with its cars, saying the video was “inconclusive”.

In fact it wasn’t until July this year, when we reported that police had advised owners to use old-fashioned steering-wheel locks to thwart hi-tech thieves, that car companies including Jaguar Land Rover and Audi told us that there might have been weaknesses in the past. They said that their security software was constantly being updated to meet new threats.