Friday, 08 December 2017 19:09

Warning: Key Fob System Hack for Thieves to Steal Your Car

Written by Lynn Walford, Auto Connected Car News

Drivers with electronic key fobs---watch out!

Car thieves are using a system to collect your key fob signal, save it and use it later. It’s called a “relay attack unit or box.” People who park their cars outside their homes on public streets can have their key fob signals copied and saved, then amplified to gain access to the vehicle.

Thieves take the code and send it to the signal booster, and then the booster works on the car to open the doors or start the vehicle. If you have a key fob, it can be copied and used by thieves, says Tim Dimoff, President of SACS Consulting and Investigative Services, who reports that the two-box system copies the codes and then sends them to another person further away.

To secure your car, don’t use the key fob to lock it or unlock it---the signal can be copied. Use the button on the door to lock the car and read your car manual to see if standing near the door with the fob and then tapping the button on the door will unlock your car. To be extra sure, you can use a steering wheel or pedal bar lock on the vehicle.

As we reported earlier, if you live near a public street, you can keep your key fob in a tin, Faraday bag or the freezer. It will block the signal from going out into the street.

“The fact that thieves can not only open the car, but start it, is very frightening,” said Roger Morris from the National Crime Bureau (NICB). The devices have been tested on 35 cars, and 18 vehicles were vulnerable.

In December 2016, NCIB reported on a series of unscientific tests at different locations over a two-week period. Thirty-five different makes and models of cars, SUVs, minivans and a pickup truck were tested. NICB partnered with NICB member company CarMax, because it is the nation’s largest used car retailer and has nearly every make and model in its inventory. Tests were also done at a new car dealership, an independent used car dealer, at an auto auction, on NICB employee vehicles and ones owned by private individuals.


The NICB was able to open 19 (54 percent) of the vehicles, and start and drive away 18 (51 percent) of them. Of the 18 that were started, after driving them away and turning off the ignition, the device was used to restart 12 (34 percent) of the vehicles.

NICB reports different devices are offered for sale to thieves. Some use different technology, and may work on different makes, models and ignition systems. More expensive models may have a greater range and better capabilities for opening and starting a vehicle.

While there may not be an effective way of preventing this kind of theft at this time, NICB advises drivers to always lock their vehicles and take the remote fob or keys with them. Drivers should also be on the lookout for suspicious persons or activity, and alert law enforcement rather than confronting a possible thief. 

It’s also a good idea to never invite a break-in by leaving valuables in plain sight. And once thieves get inside, they can easily steal a garage door opener and valuable papers, such as the vehicle registration, that could lead them to your home. So take the garage door opener with you and take a picture of your registration on your cell phone, rather than keeping it in the glove compartment.

This hack is different from the Nick Bilton signal amplifier hack, where the signal of the key fob is amplified to open the car door and steal expensive goods.

This is not the only way to hack into cars. Hacker/researcher George Hotz, who was stopped from testing his self-driving autonomous car system, released a car reverse-engineering tool/hacking device, “panda,” for $99.  Comma.ai, a company founded by Hotz, is offering software and hardware so that developers can use it to create their own car hacks and/or see how car software operates.

Using the cabana can reverse-engineer the raw CAN messages from a Honda with a live USB connection to panda. There is even a deeper hacking device called giraffe that pulls signals from the advanced driver safety systems and radar.

We thank Auto Connected Car News for reprint permission.

Read 3097 times