Keyless entry: European researchers unlock cars with hacked radios
The downside of increased technology is increased vulnerability to hackers, and European researchers have just found another way to exploit that vulnerability. Researchers at ADAC (basically Germany’s equivalent to AAA) were able to unlock and start cars by tricking onboard systems into thinking a key fob was nearby.
Many cars today can be unlocked and even started so long as the key fob is nearby, but there may be a price to pay for that convenience. Vehicles from 19 manufacturers were vulnerable to something called the “amplifier attack,” which uses a simple radio amplifier to gain access to cars, reports The Telegraph.
However, the attack still requires some access to both the key fob and the car. A radio amplifier is placed near the fob, while a receiver is placed near the car. The amplifier increases the signal from the key fob, meaning thieves can unlock a car even if the owner is up to 90 meters (295 feet) away, according to researchers. Unlike more recent car hacks, it doesn’t involve manipulating software to get access.
This tactic actually predates most of the current concern over car hacking. It was first demonstrated by Swiss researchers in 2011, but Germany’s ADAC now says it has become much cheaper and easier. While the Swiss team spent thousands of dollars on their equipment, the ADAC setup only cost about $230. Researchers say their devices were not difficult to make, but they won’t release the exact method for security reasons.
ADAC found that 24 car models from 19 manufacturers were vulnerable to the amplifier attack. These were all European-market models, but some like the Audi A4, Kia Optima, and Land Rover Range Rover Evoque are sold in the U.S. The only car researchers couldn’t unlock was the electric BMW i3, though they were able to turn it on.
There is no complete fix for this problem right now. Since the attack requires ne’er-do-wells to place a device near a targeted key fob, though, drivers can at least protect themselves somewhat by keeping an eye out for suspicious activity.
Source | DigitalTrends