'Mystery Device' Unlocks and Starts Over 50 Percent of Tested Vehicles

by Steph Willems

Published: December 8th, 2016

mystery device unlocks and starts over 50 percent of tested vehicles

Over the past two years, we’ve brought you in-depth coverage of a crop of shadowy gadgets designed to give thieves access to parked vehicles.

Like most tools of the trade, the gadgets are very similar, using the same principle to achieve the same result — unlocking a parked vehicle by sending signals to the car’s own keyless-entry system. For vehicles with a push-button ignition, the same gadgets can sometimes start the vehicle, giving that thief an instant lifestyle upgrade.

Now, a “mystery device” purchased by the National Insurance Crime Bureau (NICB) has revealed just how vulnerable an average vehicle is to these high-tech slim jims.

The device obtained by NICB was purchased by a third-party security expert from an overseas company. It uses the same technology and principle as the mystery gadgets seen in the hands of thieves in recent security camera footage and eyewitness reports. (TTAC has detailed how the technology works here and here.)

Apparently, the buy wasn’t a sketchy, late-night parking garage trade. The “overseas company” reproduced the device for automakers and anti-theft companies to test vehicle vulnerability, so there’s no legal grey area on the NICB’s end. Called a “relay attack” unit, the device only works on vehicles with keyless entry and push-button ignition.

For real-world unscientific testing, NICB partnered with auto retailer CarMax, rather than have one of their guys roam around side streets and parking lots in search of test subjects. The bureau wanted to know four things: whether the device could unlock a car, start the vehicle, drive it away, and turn off and restart the vehicle without the manufacturer’s keyless fob. The results were surprising.

According to NICB, “Tests were also done at a new car dealership, an independent used car dealer, at an auto auction and on NICB employee vehicles and ones owned by private individuals.”

When tested on 35 different makes and models, the device unlocked 54 percent of the vehicles. It also allowed the “thief” to drive away in 51 percent of them. Once the vehicles that drove away were turned off, the device was able to restart the engine in 34 percent of them. (NICB notes that four new Chevrolets successfully repelled the device.)

“We’ve now seen for ourselves that these devices work,” NICB president and CEO Joe Wehrle said in a statement. “Maybe they don’t work on all makes and models, but certainly on enough that car thieves can target and steal them with relative ease. And the scary part is that there’s no warning or explanation for the owner. Unless someone catches the crime on a security camera, there’s no way for the owner or the police to really know what happened. Many times, they think the vehicle has been towed.”

It’s hard to protect against a relay attack, as the device simply amplifies and relays the signal from the vehicle’s proximity key. The vehicle is fooled into unlocking itself. It’s now up to automakers to design countermeasures against the technology, which can be built from aftermarket or used electronics.

Right now, the only advice from NICB is to keep valuables out of sight and always take your fob into the house. Bring the garage door opener, too.

#CarTheft #Gizmology #KeylessEntry #NationalInsuranceCrimeBureau #NICB #Technology

Steph Willems

More by Steph Willems

Comments

Join the conversation

4 of 67 comments

Vulpine on Dec 08, 2016

I'm reading a number of misperceptions above, though there may already be some correcting comments in response. I live in range of a number of Philadelphia radio stations and will note that the issue is bigger than you might imagine. Interestingly, the more common victims of this method of attack are in high-value communities... areas where the average home is in the million-dollar range--for obvious reasons. In essence, the relay only needs to get close enough to the key fob to amplify its signal to the receiver in the car. Assuming, for the moment, that it's a two-way communication (the car constantly seeks the fob until it's close enough to respond), the user of this device may only need to get ten or twenty feet closer to the fob to trigger the fob's response and then carry that 'echo' back to the car, which has already unlocked itself. Then, as long as the fob is still relaying the echo, the car will start in the driveway. Here's where things may differ, depending on brand and model. In some cases, when the car gets a certain distance away from the fob, it will shut itself down, the relay device supposedly not carrying the received code while others may keep running until it loses a signal entirely, which the relay device probably has a means to at least keep a carrier signal if not the code itself. This is definitely an issue but one that may have numerous resolutions of which one person's suggestion of a signal-blocking box in the home would be a simple and obvious, though somewhat annoying fix. Most people won't bother to take their keys out of their pocket or purse to drop them in a box overnight or, if they do, may well forget to grab them the next day and end up locking themselves out of both car and home in the process. An alternate fix might be to install a motion-sensitive switch on the key fob that prevents any sending if the fob is motionless beyond a certain set time. When the key is in a purse overnight or at the office, then the fob won't even bother to send its signal (saving battery) and make it less likely for the relay to sense a signal to unlock the vehicle. A pocket would be valid overnight when the owner is asleep though less so as long as the owner is moving around the home (once dressed.) A manual on/off switch would serve a similar purpose. Remember, any automated system would be susceptible to this or similar reverse-engineered hacking device. One way or another there needs to be a manual override that can lock down or at the least notify the owner if the vehicle is moving without permission. A third-party transponder operating at a different frequency (individually selectable) or a switch/display requiring an alphanumeric password on entering the car might help to minimize the theft of the vehicle itself but if you want to prevent or limit access entirely then we might need to revert to a physical key. I can think of several different ways to make access more difficult for the thief but they all involve making said access more difficult for the owner, too.

Like Reply
- See 1 previous
- Scoutdude on Dec 08, 2016
  
  Maybe there are some out there that will shut down when you get to far away from the fob but I doubt it as that would be considered a safety hazard. I have a friend with a Prius who went somewhere with her husband, she got out with the fob in her possession while he continued on to his destination several miles away. Then when he went to go pick her up and go home and he couldn't start the car. With a lot of the houses they are building today it wouldn't be too hard to get close enough to relay the signal.
  
  Like
- Vulpine on Dec 09, 2016
  
  @Scoutdude Kind of the point though, don't you think? Now consider the article that came out earlier this week about the BMW that became a prison for the man who stole it. There ARE ways to minimize the problem but you have to keep in mind that anything man can create, man can figure out how to mis-use... and will. Now, honestly there's a huge convenience factor in having these systems. The problem with convenience is that it tends to make people complacent. But worse, it makes things even easier for those who prey on others who become complacent. 100 years ago, nobody even considered locking their doors when they were leaving the house to go shopping. Sure, there were sneak-thieves and cat-burglars, but they were relatively uncommon and people had the mindset that, "Oh, it won't happen to me," until it did. Of course, conversely as time progressed and such things as car thefts became more common, people started locking their doors to reduce that risk, creating a separate problem that now inconvenienced them on the occasion where they locked their keys inside the car (did that myself once a long time ago, now insure I have a second set of keys available, one way or another.) With these devices now, it's like you never locked your car in the first place. No. What is needed now is a way for the owner to personalize the key fob outside of the default lock/unlock code; a way for the vehicle to know when it has gone beyond a permissible distance from the owner and disable itself. Even limiting power or speed to, say 15mph, would be enough to force the joyrider to abandon the vehicle and even a more determined thief would have second thoughts about driving it any significant distance. It wouldn't necessarily prevent the break-ins, but taking personal gear out of the car or at least having it hidden will reduce the risk. While the interior of a car may be considered "personal space," that doesn't mean you can live out of your car as though it were home. Then again, as I recall some horse-thievery laws are still on the books. Maybe cars need to be designated the same as horses and simply hang the car thief, hmmm?
  
  Like
Mulry on Dec 10, 2016

Could this device be defeated by placing one's keys inside a small Faraday cage inside one's house? No signal = no signal to amplify and exploit.

Like Reply

Recent Comments

Bd2 Lexus is just a higher trim package Toyota. ^^
Tassos ONLY consider CIvics or Corollas, in their segment. NO DAMNED Hyundais, Kias, Nissans or esp Mitsus. Not even a Pretend-BMW Mazda. They may look cute but they SUCK.I always recommend Corollas to friends of mine who are not auto enthusiasts, even tho I never owed one, and owned a Civic Hatch 5 speed 1992 for 25 years. MANY follow my advice and are VERY happy. ALmost all are women.friends who believe they are auto enthusiasts would not listen to me anyway, and would never buy a Toyota. They are damned fools, on both counts.
Tassos since Oct 2016 I drive a 2007 E320 Bluetec and since April 2017 also a 2008 E320 Bluetec.Now I am in my summer palace deep in the Eurozone until end October and drive the 2008.Changing the considerable oils (10 quarts synthetic) twice cost me 80 and 70 euros. Same changes in the US on the 2007 cost me $219 at the dealers and $120 at Firestone.Changing the air filter cost 30 Euros, with labor, and there are two such filters (engine and cabin), and changing the fuel filter only 50 euros, while in the US they asked for... $400. You can safely bet I declined and told them what to do with their gold-plated filter. And when I changed it in Europe, I looked at the old one and it was clean as a whistle.A set of Continentals tires, installed etc, 300 EurosI can't remember anything else for the 2008. For the 2007, a brand new set of manual rec'd tires at Discount Tire with free rotations for life used up the $500 allowance the dealer gave me when I bought it (tires only had 5000 miles left on them then)So, as you can see, I spent less than even if I owned a Lexus instead, and probably less than all these poor devils here that brag about their alleged low cost Datsun-Mitsus and Hyundai-Kias.And that's THETRUTHABOUTCARS. My Cars,
NJRide These are the Q1 Luxury division salesAudi 44,226Acura 30,373BMW 84,475Genesis 14,777Mercedes 66,000Lexus 78,471Infiniti 13,904Volvo 30,000*Tesla (maybe not luxury but relevant): 125,000?Lincoln 24,894Cadillac 35,451So Cadillac is now stuck as a second-tier player with names like Volvo. Even German 3rd wheel Audi is outselling them. Where to gain sales?Surprisingly a decline of Tesla could boost Cadillac EVs. Tesla sort of is now in the old Buick-Mercury upper middle of the market. If lets say the market stays the same, but another 15-20% leave Tesla I could see some going for a Caddy EV or hybrid, but is the division ready to meet them?In terms of the mainstream luxury brands, Lexus is probably a better benchmark than BMW. Lexus is basically doing a modern interpretation of what Cadillac/upscale Olds/Buick used to completely dominate. But Lexus' only downfall is the lack of emotion, something Cadillac at least used to be good at. The Escalade still has far more styling and brand ID than most of Lexus. So match Lexus' quality but out-do them on comfort and styling. Yes a lot of Lexus buyers may be Toyota or import loyal but there are a lot who are former GM buyers who would "come home" for a better product.In fact, that by and large is the Big 3's problem. In the 80s and 90s they would try to win back "import intenders" and this at least slowed the market share erosion. I feel like around 2000 they gave this up and resorted to a ton of gimmicks before the bankruptcies. So they have dropped from 66% to 37% of the market in a quarter century. Sure they have scaled down their presence and for the last 14 years preserved profit. But in the largest, most prosperous market in the world they are not leading. I mean who would think the Koreans could take almost 10% of the market? But they did because they built and structured products people wanted. (I also think the excess reliance on overseas assembly by the Big 3 hurts them vs more import brands building in US). But the domestics should really be at 60% of their home market and the fact that they are not speaks volumes. Cadillac should not be losing 2-1 to Lexus and BMW.
Tassos Not my favorite Eldorados. Too much cowbell (fins), the gauges look poor for such an expensive car, the interior has too many shiny bits but does not scream "flagship luxury", and the white on red leather or whatever is rather loud for this car, while it might work in a Corvette. But do not despair, a couple more years and the exterior designs (at least) will sober up, the cowbells will be more discreet and the long, low and wide 60s designs are not far away. If only the interiors would be fit for the price point, and especially a few acres of real wood that also looked real.