Keyless systems in cars in 2024 still easy to hack

Posted on 2024-09-22 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Modern cars are universally protected against theft by so-called keyless systems. Insiders have known for years that the systems are easy for criminals to hack. Now German automobile club (ADAC) has taken another close look at the anti-theft protection of keyless systems in modern cars. The bitter conclusion: nothing has changed, even newer cars with keyless systems can still be easily hacked and the vehicle can be stolen.

Advertising

Review: The risk of keyless go systems

I already wrote about this in 2020 within my German 50Plus blog in the article Risiko Keyless Go-Systeme beim Auto: Kein Schutz bei Diebstahl. Car manufacturers equip modern vehicles with so-called keyless go systems. This means you no longer have a mechanical key to unlock the vehicle's door and then unlock the mechanical lock on the steering wheel.

Instead, the vehicle owner receives a coded transmitter in the form of a fob or key card (in my first car, the key card still had to be inserted in a slot in the dashboard to unlock the immobilizer). If this transmitter comes close to the vehicle, the doors can be unlocked – and the vehicle can be driven with the immobilizer unlocked as long as the transmitter is in the vehicle.

If a vehicle is unlocked and the engine could be started, the vehicle can be moved even if the key card is missing. A message appears indicating that the key card is not recognized. But the anti-theft device is unlocked – as long as the engine is not switched off, the vehicle can be driven.

When criminals strike

And that brings us right to the heart of the matter: if criminals manage to hack a vehicle's keyless go system, they can unlock the doors and possibly steal items from the car. Criminals try to position themselves near the vehicle and wait until the owner locks the doors with the keyless go transmitter. The signal is then recorded by a receiver used by the criminals. As soon as the vehicle owner has left, the criminals use the recorded signal to open and remove the vehicle. There are of course conceivable variants, e.g. a jammer prevents the vehicle from locking itself, which inattentive vehicle owners may miss.

The second case is more familiar and even more annoying: luxury car parked in front of the garage, secured against theft by an immobilizer. Everything is fine – the transmitters are somewhere in the car owner's house or apartment. The car can then be opened within seconds using simple means and can be removed or stolen. Car thieves use the possibility of bridging the signal of the keyless go systems with range extenders over longer distances. This is also known as a relay attack.

Advertising

For this purpose, a receiver is positioned near the place where the car key with the Keyless Go system is kept. This then sends the tapped signal to a second receiver, which is operated next to the vehicle and acts as a "Keyless Go key". The distance can be several hundred meters. The vehicle can then be opened and started. The vehicle can then be driven away – as long as the engine is running, it is not locked.

ADAC investigation 2024

German automobile club (ADAC, the biggest car driver association in Germany) also looked into this topic in 2024 and investigated the security of keyless go systems in modern cars. After all, the issue has been known for a long time and thefts from high-end car brands are probably a daily occurrence. I already came across this topic several times last week (see the following tweet) after the ADAC published the results of its investigation.

ADAC: Risiko Keyless Go-Systeme

Around 700 vehicles were tested for the security of keyless convenience locking systems. With these keyless convenience locking systems, the vehicle recognizes when the transmitter comes close to it and unlocks the doors. Drivers do not even need to take the "key card" with the transmitter out of their handbag or pocket to lock the vehicle.

The result of this test: almost 700 vehicles with keyless systems could be opened and driven away without any problems. Only just under ten percent of the cars tested could not be outwitted and were better protected against the attack with the range extender used by the ADAC. You can easily check whether your own vehicle is affected using a PDF document Keyless-Diebstahl: Auch neue Autos sind noch leicht zu knacken.

Similar articles
New cars as a privacy night mare; Mozilla investigates situation in the U.S.
Vulnerabilities in connected cars allow remote access at Honda, Nissan, Infiniti, Acura, etc.
Car safety: Kia Challenge and Hyundai Key found on the web
Bluetooth Low Energy vulnerability and the Tesla car theft
Software: Our grave as future car owners?
Fail: Toyota enables remote start of its connected cars only with monthly subscription

Advertising
This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).