The following thoughts are occasioned by a recent trip to Boston, during which I drove my nephew’s Mazda CX-9. Beautiful car, with all the goodies, including keyless entry and auto-start. My first thought was how hackable that thing was.
Hacking keyless entry to unlock and start cars has become all the rage, even in Africa. A rash of car thefts in Rustenburg, S.A., was caused by thieves using “a universal remote available on the black market that allegedly opens about 50% of the latest cars available on the market.”
The more sophisticated keyless car systems get, the more vulnerabilities they seem to offer. Bad boys can hack your smartphone pretty easily, and Apple’s voice-command Siri can be hacked to start your car with a proxy server. Media players are now a target:
Earlier this year, researchers from the University of California, San Diego and the University of Washington hid a Trojan on a CD, which, once inserted into the stereo, gave them access to the vehicle’s full computer system. And this past summer, researchers at the Black Hat Security Conference demonstrated a proof-of-concept hack in which they hacked into a car’s security system using a text message.
It may be slightly outrageous to say this, but there’s something about hacking into OnStar or MyFord Touch that just tickles me.
A recent story about $220,000-worth of BMWs stolen from a Dobbs Ferry, N.Y., driveway shows how people invite this kind of theft. Susan Katz reported that her husband left key fobs in their three BMW cars, parked in the driveway “to make room for Christmas decorations.”
We won’t speculate on why the Katz’s were celebrating Christmas, but why was Señor Katz dumb enough to play Santa Claus to thieves by basically leaving his cars unlocked?
That case wasn’t even hacking. It doesn’t take a genius to learn how to intercept and relay radio signals, which all key fobs emit. The way it works is described here. As that piece says, the old key-in-the door technology is really more secure, and there’s always The Club, which a lot of Mexican drivers use.
Finally, there have been many cases of plain old malicious hacking without attempting theft. The inducement is that “today’s average car has 70 embedded IT systems… run on 10 million lines of code.” In one especially painful case, drivers “discovered their leases had been transferred to deceased rapper Tupac Shakur.”
If you have keyless entry in your car, what do you do to make it (reasonably) secure?