Hacking behind third of London’s car theft

4 September 2014
By Tereza Pultarova
Mobile version
Share |
Modern car thieves use much subtler methods than breaking windows with baseball bats

Modern car thieves use much subtler methods than breaking windows with baseball bats

Car theft has entered the cyber age with more than one in three vehicles currently stolen in London being taken through sophisticated hacking methods, the Home Office has revealed. But experts say the issues were long predicted. 

According to Home Secretary Theresa May, criminals are turning towards digital methods to get hold of other people’s cars. Without having to steal the owner’s keys, break windows or damage locks, the hackers can create and programme their own keys to get into the cars. Frequently, they intercept the data needed to carry out the crime when the unsuspecting driver uses his or her securely coded key.

Speaking during an event organised by the Reform think-tank in Westminster, May said hackers can even use special malware to seize control over the vehicles through satellites, issuing remote commands to unlock doors, disabling alarms or starting engines.

May said the Home Office is working with the Metropolitan Police to find a cure for the emerging challenges.

"Because we have this understanding, we can now work with industry to improve electronic resilience, include this kind of resilience in the vehicle's overall security ratings, and work out the extent to which the same threat applies to other physical assets such as building security systems," she said.

Although the figures revealed by the Home Office may come as a surprise to the general public, the expert community has been anticipating and warning of the risks related to the spread of digital technologies in modern cars for quite some time.

“For instance proof of concept attacks against vehicle key security algorithms were conducted by academics nearly a decade ago and the necessary hardware has only become cheaper since then,” said Mike Ellims of the Institution of Engineering and Technology.

“Attacks where a duplicate set of electronics for a target vehicle is acquired, for example from a vehicle scrap facility and used to replace the electronics on the vehicle has also been known for a similar period of time. Attacks where the vehicle or duplicate key is reprogrammed in-situ is only a variant of this.”

Cases where cars have been stolen using this method were already described. Paradoxically, expensive luxurious cars packed with smart technology may appear more vulnerable then less high-tech main stream vehicles. 

Since 2012, multiple owners of luxurious BMW vehicles reported their cars missing without their smart keys being touched. The smart keys use near field communication technology to exchange data between the key and the car and allow the driver to enter the car or even start the engine without having to insert the key. The technology was originally only available with high end models but has increasingly been spreading into the mainstream market. 

Unfortunately for owners of cars equipped with smart keys, a device exists which allows anyone to access the on-board computer and programme a blank key. Although this device was originally sold to garages and recovery agents, it soon found another market among criminals.

“As vehicles become more connected attacks over wireless services could become more common if manufactures don’t respond,” Ellims said.

The IET’s Martyn Thomas agrees: “Whenever you introduce new technological features, you are opening up new vulnerabilities. It is therefore critical for the manufacturers to be using cutting edge engineering and computer simulation to assess the vulnerabilities before criminals could exploit them.”

Thomas described another scenario when luxurious vehicles could fall into the wrong hands using some rather exclusive features.

“There are ways to open a car remotely. They are usually available only for high-end models,” Thomas said. “These systems allow the user, in case he loses his key, to contact his garage or a dealership with some secure code and they can, following his request, remotely unlock the car.”

It is therefore feasible, Thomas believes, for a resourceful hacker to breach this secure communication link and gain unauthorised access to the vehicle.

Even more common, Thomas said, is copying of unencrypted car keys. In this scenario a hacker, equipped with a simple radio receiver, could be hiding in a busy car park, waiting for unsuspecting drivers to lock their cars with a remote key. After simply recording the radio transmission between the key and the car on a special device, the criminal can replay the signal after the owner has left and get into the car.

“The signal between the car and the key is transmitted through near field communication technology and should only be possible to intercept over very short distances,” said Thomas. “However, it frequently isn’t that simple. Then it depends on whether the car manufacturer is using keys with encryption. In the optimal scenario the key should be generating a different code for every transmission, but it’s not known how many of the manufacturers do that.”

With modern cars becoming ever more computerised and with driverless vehicles on the horizon, cyber security must become one of the focal points of car manufacturers’ research, probably as significant as crash testing.

Recent demonstrations in the USA have shown that hackers could theoretically temper with critical systems of the cars including brakes or engines, possibly causing fatal accidents.

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Chair in Integrated Sensor Technology

    The University of Edinburgh
    • Edinburgh, City of Edinburgh

    The University of Edinburgh is one of the world’s top 20 institutions of higher education.....

    • Recruiter: The University of Edinburgh

    Apply for this job

  • Principal Electrical Engineer - Power

    BAE Systems
    • Bristol, England / Cumbria, Barrow-In-Furness, England
    • Negotiable

    Principal Electrical Engineer - Power Join our Electrical Power team and help design the self-contained generation and distribution system for the Successor submarine - a new generation of submarine designed to carry the UK's independent nuclear deterrent

    • Recruiter: BAE Systems

    Apply for this job

  • Operations Supervisor (Mechanical/Electrical/Instrumentation)

    National Grid
    • England, Cambridgeshire
    • £33000 - £39000 per annum

    Operations Supervisor - (Mechanical/Electrical/Instrumentation) Salary: Circa £33k - 39k dependant on experience + vehicle and great additional benefits (share scheme, pension, potential bonus).Location: Wisbech - Cambridgeshire We currently have an excit

    • Recruiter: National Grid

    Apply for this job

  • Lead NDT Trainer

    BAE Systems
    • England, Lancashire
    • Competitive package

    Would you like to be involved with training UK and international teams in Non Destructive Inspection (NDI) to support the in service fleet (Typhoon Tornado, and Hawk)?

    • Recruiter: BAE Systems

    Apply for this job

  • Systems Design - Emerging Portfolio

    • Bristol
    • Competitive Salary & Benefits

    What?s the opportunity?   There are fantastic opportunities in Systems Design for engineers to work within Future Systems. These are highly visible, fast paced roles, in...

    • Recruiter: MBDA

    Apply for this job

  • Metering Engineer

    Department for Business, Innovation and Skills
    • Teddington, United Kingdom
    • £24,109 - £27,961 plus EO Electronics PE of £8,090.00

    We are now looking for a Metering Engineer to deliver RD’s In-Service Testing (IST) scheme for gas and electricity meters.

    • Recruiter: Department for Business, Innovation and Skills

    Apply for this job

  • Assistant Professor (Tenure Track) of Smart Building Solutions

    Premium job

    ETH Zurich
    • Zurich, Canton of Zürich (CH)

    The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems

    • Recruiter: ETH Zurich

    Apply for this job

  • Process Controls Leader

    Premium job

    Phillips 66
    • Humber Refinery, South Killingholme, North Lincolnshire DN40 3DW
    • £60k - 75k plus extensive Compensation and benefits package, dependent upon experience

    Experienced Process Control Leader providing leadership and technical support for Oil Refinery. Extensive Compensation and benefits package.

    • Recruiter: Phillips 66

    Apply for this job

  • Regional Technical Support Manager

    Premium job

    • Warwick, Warwickshire

    You will be required to lead the regional Customer Services strategy and resources to maximise Customer satisfaction.

    • Recruiter: Siemens

    Apply for this job

  • PLM Engineer (Product Lifecycle Management)

    BAE Systems
    • Shropshire, England, Telford
    • Negotiable

    PLM Engineer (Product Lifecycle Management) Would you like a varied role that involves working across all engineering functions within BAE Systems Land UK? We currently have a vacancy for a PLM Engineer at our site in Telford with occasional travel within

    • Recruiter: BAE Systems

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T