- 8 The Old Mill Norwich Road, Hoveton, Norwich, England, NR12 8DA
- info@phoenixcarkeys.co.uk
- 03330065210
Phoenix Car Keys Ltd, Company number: 15609407, Registered in England
Many modern vehicles are equipped with electronic systems that allow doors to be unlocked without using a physical key and enable keyless engine starts. Typically, manufacturers provide new cars with smart keys (electronic fobs) that operate via radio signals, notifying the car’s alarm system that the owner is approaching. If the code matches, the alarm system deactivates, and the doors unlock automatically. Similarly, the electronic fuel injection system is unlocked to allow engine start at the push of a button.
When remote smart keys (keyless fobs) were first introduced, car thefts declined globally. For a while, criminals struggled to bypass this new technology. However, methods to circumvent the security of modern cars have recently emerged. How secure do you think modern cars are compared to their predecessors? Unfortunately, many of us mistakenly believe that new cars are better protected against theft. In reality, new technologies introduced in recent years have made modern vehicles more vulnerable to hacking than older models.
According to research by the Swiss Federal Institute of Technology, modern keyless smart keys, which allow drivers to unlock doors and start the engine without physical contact, are vulnerable to radio channel hacking.
Initially, these remote keyless fobs were introduced in luxury vehicles. Later, the technology began appearing in some mid-range cars and is likely to become commonplace in budget models in the coming years. Given its widespread adoption, the Swiss institute set out to determine how secure these keyless fobs are and whether they have vulnerabilities that thieves could exploit.
Before delving into the research findings, let us explain how keyless fobs work. These special remote keys communicate with the car’s central alarm system via an encrypted radio channel. The fob and the alarm system exchange short signals at pre-set intervals. Surprisingly, no prior research had tested the security of this communication channel despite the technology being widely used for several years in the automotive industry.
To test the electronic security of vehicles, the researchers selected ten key fobs (from ten vehicles) representing eight car brands. The tests were conducted without the participation of car manufacturers. During the experiment, the Swiss engineering team demonstrated a method to hack (unlock) every vehicle in the study.
The tests revealed that remote smart keys, which unlock car doors as the owner approaches, are relatively easy to hack using a specific method and inexpensive equipment.
The primary goal is to intercept the signal transmitted by the key fob to the car’s alarm system. The signal is then recorded using a special module but not immediately transmitted to the car’s receiver. Simply put, the signal is jammed. Using another module in the setup, the recorded signal is transmitted via a specialised radio channel to the hacker’s device. The analogue signal is converted into a digital format, then retransmitted to the car’s alarm system via a fake key-like device equipped with an antenna. This device mimics the factory key fob, sending a signal that the car recognises as authentic, thereby unlocking the doors.
You might wonder why criminals would go to such lengths, given that factory key signals do not transmit over long distances, meaning thieves would need to be close to the owner approaching the car. In reality, the process is more complex.
For instance, thieves could hack a car equipped with a keyless entry system while the owner is far from their vehicle, such as in a shopping centre, cinema, workplace, or at home. Using the described method and equipment, criminals could intercept the encrypted signal from the remote fob, record it, and relay it via a radio channel using an amplifier and antenna to a fake key. This counterfeit key can unlock the car, disable the alarm, and start the engine by pressing the start button.
To successfully hack a car’s security system, the scanning antenna must be no more than eight metres away from the factory key (which could be in the owner’s pocket or bag). The transmitting antenna mimicking the original key must be positioned as close as possible to the driver’s door.
During the experiments, the researchers successfully hacked all the tested vehicles, simulating scenarios where the owner left the car parked while shopping. A person with specialised equipment intercepted the factory key’s signal, which was then transmitted to a receiver. The receiver’s antenna relayed the signal to the car’s alarm system.
Astonishingly, the researchers managed to hack the security of cars even when the fob was on a windowsill inside a flat on a low floor. They intercepted the signal and relayed it to a car parked outside, which accepted the relayed radio code as genuine.
It is worth noting that criminals cannot use intercepted signals after a certain time because the key’s signal algorithms expire quickly. This is why the equipment must transmit the signal to the car’s alarm system almost instantly after interception.
How did the engineers manage to transmit the intercepted code so quickly? They compressed the delay from microseconds to nanoseconds, enabling the alarm system to remain unaware of the hack.
The Swiss researchers highlighted that the cost of such hacking equipment does not exceed $1,000. Notably, any amateur radio enthusiast could assemble it. Moreover, during the hack, the car emits no signals indicating tampering. The process is seamless, with no false radio signals triggering alarms.
As a result, millions of vehicles could potentially be hacked using simple radio equipment.
Later this month, the engineers will officially present their findings in San Diego, USA. Detailed technical documentation of the experiment, including the technology used to bypass modern alarm systems with remote keyless entry, is already publicly available in English. This information could be valuable to specialists installing car security systems. You can download and review the report on car hacking here.
To address the vulnerability of smart car keys, experts suggest implementing intelligent software that determines the proximity of the key to the car. If the driver is far from the vehicle, the key should not emit signals detectable by the car’s alarm system. This would significantly reduce the risk of theft using this method, though not entirely eliminate it.