Think thieves rely just on brute force to steal the goods you’ve stored in your car or trunk? Think again.
At the Black Hat security conference later this week, Silvio Cesare, an Australian researcher for the security firm Qualys, plans to reveal a technique that could allow someone with a bit of hacking no-how to spoof the signal from a wireless key fob and unlock a car with no physical trace, using a codebreaking attack that takes as little as a few minutes to perform, according to Wired.
The conference will host a talk on the insecurity of wireless devices at large, and the growing concern for automotive security, which conference organizers say have gone “from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks.” A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.
To make his argument, Cesare uploaded a video that shows him hacking a car lock system within mere minutes.
“I can use this to lock, unlock, open the trunk,” Cesare said. “It effectively defeats the security of the keyless entry.”
The equipment required to pull this off costs right around $1,500, so it would take an investment on the part of the law-breaker to make this heist happen — but this kind of equipment is getting cheaper by the week.
Wired explained the hacker would have to invest some serious prep time into the heist as well, and revealed a temporary fix car drivers could employ to outwit these kind of hackers:
“The attacker must first identify a portion of the unlocking code that’s different for every vehicle. That means the hacker would need to eavesdrop on one lock or unlock command sent from the victim’s key fob to pick up the car’s unique code before issuing his or her own spoofed unlock command–though that eavesdropping could occur months or even years before the unlocking attack.
Cesare suggests that limitation could serve as a form of band-aid protection: Anyone concerned about wireless car burglars could avoid using the fob in public. He suggests manually locking the car in any instance when an eavesdropper might be able to pick up the fob’s signal.”
Cesare notes in his experiment the car and key fob used a rolling code that changed with each use, so the trick took varying amounts of time — in some cases, as long as two hours.
But to use this tool, a hacker would just need to attack the car when it’s left unguarded for an extended period of time. “If someone’s parked their car in a garage overnight, something like this is definitely plausible,” Cesare said.
Cesare add that if your car had been wirelessly unlocked, the only sign would be that the key fob wouldn’t work on the next use, and it would take two or three button presses to again synch up with the car’s locking system.
Watch his experiment here:
Follow Elizabeth Kreft (@elizabethakreft) on Twitter.