The keyless entry feature in cars is very convenient and seems safe & secure at the outset. The criminals have identified the technological vulnerability and learnt how to hack the software. The hackers have developed a tool by which they can make a keyless entry in the cars and just drive off. Millions of cars are susceptible to theft, as per computer security experts.
It is important to understand how hackers can make keyless entry in the cars since in the face of super-safe system. The chip keys and key fobs in the hands of user communicate with the immobilizer readers fitted in the car. A digital password matches the code of immobilizer, it clicks to open the door and even starts the engine.
The security researchers have found security ambiguity in the keyless car entry device Megamos Crypto Transponder, the immobilizer fitted in many cars. The device in the car that allows the safe passage to the user after finding the transponder signal genuine and in order. The transponder is a passive RFID tag embedded in the vehicle key. Megamos Crypto Transponder is deployed in various models of Volkswagen, Volvo, Audi, Honda, Fiat etc.
The hackers exploit the vulnerable spots in the device and hacking 96-bit transponder secret key. They found feebleness in cipher design and authentication protocol.
As the experts reached the conclusion by attacking the security system three ways.
1. They concluded that recovering 96-bit secret key with computational complexity is not difficult to get if having access to two eavesdropped authentications.
2.They found a loophole in key-update mechanism in the transponder, found access with little computational complexity.
3. The weak cryptographic keys in vehicles of certain manufacturers make the access simpler. This vulnerable point can be ascertained by time-memory computation on any laptop.
The modus operandi of car thieves is simpler, performed with this ‘mystery’ device available through third party overseas security experts or hackers. The device is made of two modules, one module catch and amplifies the signals from key fob when the driver parks & locks the car, and then diverts the signal to the second module. The second module reroutes the signal to the vehicle which unlocks for hacker’s entry who can start the engine and get away.
How you can avoid the keyless hacking of your car?
Center lock – The simplest way is to avoid using key fob while locking your car, use center locking system.
Lock OBD – The car portal Onboard Locking system (OBD) is the brain of the car running & security software. You need to keep it locked when getting off.
Keys in the freezer– The experts suggest a strange sounding option; keep the keys in the freezer or in a box with foil. This way hackers may not track the signals.
Steering Lock-Go back on time and start locking your steering wheel in the old-fashioned way. The hackers would need to spend more time breaking it, so they would look elsewhere for an easier target.
Latest software- The experts believe cars fitted with Apple CarPlay and Android auto system are more for safety than the automotive entertainment. So, look for these functions when buying a new car.