Locks and Security News: your weekly locks and security industry newsletter
17th April 2024 Issue no. 701

Your industry news - first

We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.

Is technology giving thieves a way in to cars?

by Juanita Appleby, Sbd UK

Vehicle manufacturers and suppliers continue to strive for the ultimate convenience features and modern vehicles are fitted with increasing numbers of telematics systems and on-board communication technology. This means more wireless data transfer is taking place and there is now evidence to suggest that thieves could exploit this with 'invisible' theft attacks. Whilst a great number of these cited theft methods are built on fiction, some are certainly feasible by technically capable thieves.

A Canadian news article gives two recent examples of successful University studies into vehicle security systems. The first was a study by the University of South Carolina and New Jersey's Rutgers University, in which they targeted the Tyre Pressure Monitoring System. They were able to turn the low-tyre-pressure warning lights on and off from another car travelling at normal road speeds from 120 feet (40 metres) away using low cost equipment. In the second case (recently reported in Locks and Security News), researchers at the ETH Zurich were able to use a relay attack system to unlock and drive away several different vehicles fitted with smart key systems, from a distance of up to 165 feet (50 metres).

Elsewhere, the University of Washington and the University of California San Diego managed to hack into the main CAN-BUS of a vehicle, developing their own interface (named 'CarShark') which would track and control the messages sent across the network between various on-board systems. Whilst the current version of their interface connects to the vehicle through the OBD port, they believe that it is possible that this could be developed into a wireless attack.

Meanwhile, vehicle manufacturers and suppliers continue to introduce new technology. Smart key systems are already increasing in fitment as standard OEM technology, whilst smart phone applications that allow remote control of vehicle functions are appearing across the world. In September 2010, BMW launched the 'My BMW Remote' iPhone application that gives remote control of the central locking system, allows the customer to flash the lights and sound the horn in order to find their vehicle, and also allows the vehicle's location to be plotted on a Google map. Just a few weeks later, the SK Telecom app promised all these features and more, including remote engine start and a live video feed from a camera inside the vehicle.

In recent research, SBD have predicted a continued rise in the availability and fitment of these new features, and the number of smart phone based applications in particular. However, with new technology comes concern over the security implications - whether truth or myth.

Practical attack methods that target these new technologies are likely to be at an infant stage, but as popularity and fitment increase then thieves will inevitably turn their attention to these new methods. Convenience for the customer through 'invisible' technology may yet provide car thieves with new ways to steal the vehicle unless the security of these systems is considered during the design stages.

For more information on SBD research into enhanced key fobs, remote start and smart entry systems, contact Juanita Appleby by email on [email protected]

9th February 2011