CROOKS HIJACK KEY-FOB SIGNALS TO STEAL CARS
This is all an enterprising young — and digital savvy — car thief has to do to steal your new, hightech, it’s-computerized-so-it’s-got-to-be luxury sedan: Follow you into your favourite chic little boîte, wait for you to get nice and comfy at your favourite table, then walk over and … Sit down. That’s it. Sit down. No violence. No subterfuge. Actually, no interaction at all is required. He doesn’t even have to be facing you. Just sit down at the table next to yours and maybe sip a little oh-so-fruity Chablis.
Meanwhile, outside, another bad actor, with a similar lack of fanfare, walks up to the car that you’re absolutely sure you locked — you hit the lock button twice and the horn beeped, didn’t it? — and opens the door as if he was Ali Baba himself. He pushes the starter button — yes, the hightech, anti-theft random-number-generating key fob is still in your pocket — and faster than you can say “open sesame,” your fancy new Mercedes/BMW/Audi is on its way to a shipping container destined for Upper Slobovia.
Even the trick to this subterfuge — an amplifier that increases the output of your key fob’s radio transmission that artful dodger No. 1 has in his pocket — isn’t particularly complicated. Experts who know better than I do say they’re not much harder to construct than the little Heathkit ham radios we old farts used to put together when they were the avant-garde of high-tech.
The only defence against such seemingly simple trickery is to construct something called a “Faraday cage” — you know it as the proverbial tin foil hat every dime-store Hollywood director scripts into their conspiracy theory blockbuster — or keep your key fob in something impervious to radio transmission like, say, the icebox in your refrigerator.
I know, I know. You’re thinking this is a joke. So did I when I first penned that exact same recommendation some three months ago in Top 10 ways to avoid getting your car hacked. Who could seriously recommend you wrap up your car keys in Reynolds Wrap or hide them under the Swanson’s TV Dinner as a serious deterrent to auto theft? Allgemeiner Deutscher Automobil-Club or ADAC, the German equivalent to the AAA, that’s who.
In a recent public announcement, they put together a video depicting exactly the scenario described above to illustrate how easy it is to steal a modern car. Car theft never looked so easy — or so comfortable. Even more telling, however, was some actual footage showing two reprobates stealing a new BMW 3 Series Touring in less time than it takes the owner — you have to fumble in your pockets for the key fob, after all — to get in and start his own vehicle.
Perhaps what will surprise you the most, however, is ADAC’s list of vulnerable vehicles. This is not a bunch of low-cost rust buckets lacking in supposedly high-tech protections, but a veritable who’s who of high-dollar automobiles that most owners are convinced offer all manner of protection. BMW’s 7 Series leads the list, but Audi’s A3, A4 and A6, Ford’s Galaxy (a Sienna-like minivan Ford sells in Europe) and VW’s highperformance-diesel GTD version of the Golf are also vulnerable. Indeed, the only car the automotive club couldn’t unlock was BMW’s i3, but they could start its little three-cylinder 1.5-litre engine.
“The radio connection between keys and car can easily be extended over several hundred metres, regardless of whether the original key is, for example, at home or in the pocket of the owner,” said ADAC’s researchers.
What made their announcement all the more interesting is it coincided with the first automotive Cybersecurity super summit held July 22 at Detroit’s Cobo Hall, the very same gargantuan arena that hosts the North American International Auto Show every year. Hosted by Thomas K. Billington, it was a veritable who’s who of doomsday prognosticators. Homeland Security was there, as was the FBI, the DOT, NHTSA and even the American Federal Trade Commission, each trying to out-trump the other with tales of the terrible calamities that the modern connected car might wreak on an unsuspecting public. What started out at 9 a.m. as predictions of ne’er-dowells merely misdirecting Autopilot, were, by 4 p.m., prophecies of Nice-like truck rampages, only with hundreds of inter-connected, self-driving buses (à la Tesla Master Plan, Part Deux) wreaking unimaginable havoc.
All the assembled — there were many automotive captains of industry nodding their collective affirmation — agreed that the only solution was complete technological transparency and an unprecedented level of cooperation, and not only between industry and regulators.
They also claimed they could put aside the industry’s famed inter-brand Hat-field-Mc-Coy-like chicanery for the public good. They even formed an organization called the Automotive Information Sharing and Analysis Center (Auto-ISAC) that will dedicate itself entirely to the thwarting of high-tech skulduggery and protection of its automotive citizenry. Such was the level of official co-operation on display before the cameras.
In the hallway outside this august arena, however, we got a different story. One marketing manager from a well-known computer security software provider (I’m withholding his name to protect the thankfully direct) complained that some car companies — not all, he was careful to point out — are not willing to spend even a dollar to augment their cybersecurity.
That’s not $1 for a superior anti-theft key fob mentioned above. Or even $1 to protect the ECU to prevent the horrible acts of terrorism all the prognosticators of doom were predicting.
That’s $1 per car for all the cybersecurity measures needed to protect you and yours from any intrusion — from simple auto theft to hijacking with nefarious intent — a high-tech miscreant might want to perpetrate on a car that, let me remind you, probably cost you anywhere between $20,000 and $150,000.
That’s how much they care.