Hacking behind third of London’s car theft

4 September 2014
By Tereza Pultarova
Mobile version
Share |
Modern car thieves use much subtler methods than breaking windows with baseball bats

Modern car thieves use much subtler methods than breaking windows with baseball bats

Car theft has entered the cyber age with more than one in three vehicles currently stolen in London being taken through sophisticated hacking methods, the Home Office has revealed. But experts say the issues were long predicted. 

According to Home Secretary Theresa May, criminals are turning towards digital methods to get hold of other people’s cars. Without having to steal the owner’s keys, break windows or damage locks, the hackers can create and programme their own keys to get into the cars. Frequently, they intercept the data needed to carry out the crime when the unsuspecting driver uses his or her securely coded key.

Speaking during an event organised by the Reform think-tank in Westminster, May said hackers can even use special malware to seize control over the vehicles through satellites, issuing remote commands to unlock doors, disabling alarms or starting engines.

May said the Home Office is working with the Metropolitan Police to find a cure for the emerging challenges.

"Because we have this understanding, we can now work with industry to improve electronic resilience, include this kind of resilience in the vehicle's overall security ratings, and work out the extent to which the same threat applies to other physical assets such as building security systems," she said.

Although the figures revealed by the Home Office may come as a surprise to the general public, the expert community has been anticipating and warning of the risks related to the spread of digital technologies in modern cars for quite some time.

“For instance proof of concept attacks against vehicle key security algorithms were conducted by academics nearly a decade ago and the necessary hardware has only become cheaper since then,” said Mike Ellims of the Institution of Engineering and Technology.

“Attacks where a duplicate set of electronics for a target vehicle is acquired, for example from a vehicle scrap facility and used to replace the electronics on the vehicle has also been known for a similar period of time. Attacks where the vehicle or duplicate key is reprogrammed in-situ is only a variant of this.”

Cases where cars have been stolen using this method were already described. Paradoxically, expensive luxurious cars packed with smart technology may appear more vulnerable then less high-tech main stream vehicles. 

Since 2012, multiple owners of luxurious BMW vehicles reported their cars missing without their smart keys being touched. The smart keys use near field communication technology to exchange data between the key and the car and allow the driver to enter the car or even start the engine without having to insert the key. The technology was originally only available with high end models but has increasingly been spreading into the mainstream market. 

Unfortunately for owners of cars equipped with smart keys, a device exists which allows anyone to access the on-board computer and programme a blank key. Although this device was originally sold to garages and recovery agents, it soon found another market among criminals.

“As vehicles become more connected attacks over wireless services could become more common if manufactures don’t respond,” Ellims said.

The IET’s Martyn Thomas agrees: “Whenever you introduce new technological features, you are opening up new vulnerabilities. It is therefore critical for the manufacturers to be using cutting edge engineering and computer simulation to assess the vulnerabilities before criminals could exploit them.”

Thomas described another scenario when luxurious vehicles could fall into the wrong hands using some rather exclusive features.

“There are ways to open a car remotely. They are usually available only for high-end models,” Thomas said. “These systems allow the user, in case he loses his key, to contact his garage or a dealership with some secure code and they can, following his request, remotely unlock the car.”

It is therefore feasible, Thomas believes, for a resourceful hacker to breach this secure communication link and gain unauthorised access to the vehicle.

Even more common, Thomas said, is copying of unencrypted car keys. In this scenario a hacker, equipped with a simple radio receiver, could be hiding in a busy car park, waiting for unsuspecting drivers to lock their cars with a remote key. After simply recording the radio transmission between the key and the car on a special device, the criminal can replay the signal after the owner has left and get into the car.

“The signal between the car and the key is transmitted through near field communication technology and should only be possible to intercept over very short distances,” said Thomas. “However, it frequently isn’t that simple. Then it depends on whether the car manufacturer is using keys with encryption. In the optimal scenario the key should be generating a different code for every transmission, but it’s not known how many of the manufacturers do that.”

With modern cars becoming ever more computerised and with driverless vehicles on the horizon, cyber security must become one of the focal points of car manufacturers’ research, probably as significant as crash testing.

Recent demonstrations in the USA have shown that hackers could theoretically temper with critical systems of the cars including brakes or engines, possibly causing fatal accidents.

Latest Issue

E&T cover image 1606

"Where would Frankenstein and his creative mind fit into today's workplace? Should we fear technological developments or embrace them?"

E&T jobs

  • Graduate Electrical Engineers

    AECOM
    • United Kingdom and Ireland
    • Competitive

    Due to the diverse nature of our business there are many different teams each with very different responsibilities.

    • Recruiter: AECOM

    Apply for this job

  • Network Innovation Engineer / Analyst - UK Power Sector

    Premium job

    Nortech Management Ltd
    • Birmingham, West Midlands or Pershore (Worcestershire)
    • £30,000 - £35,000 (depending on experience) + benefits

    Network Innovation Engineer / Analyst to join a team of talented technology enthusiasts who design and support the low carbon networks of the future.

    • Recruiter: Nortech Management Ltd

    Apply for this job

  • Electrical Engineer with Strong telecoms background

    Premium job

    Sure South Atlantic Ltd
    • Falkland Islands

    Sure South Atlantic Ltd currently has a unique engineering opportunity in their Falkland Islands office. Surrounded by the Atlantic Ocean, teeming ...

    • Recruiter: Sure South Atlantic Ltd

    Apply for this job

  • Cyber, Communication, Information and Data Scientist roles

    Premium job

    Dstl
    • Porton Down, Salisbury
    • Competitive salaries

    Information is everything. Use it to serve your country and help keep us safe.

    • Recruiter: Dstl

    Apply for this job

  • Production Engineer

    Premium job

    Compact Engineering
    • Thirsk / Leeds / Banbury / Colchester / Cambridge
    • Salary will be competitive and commensurate with experience, knowledge, aptitude and capability

    A Production Engineer with some knowledge and understanding of radiant energy transfer.

    • Recruiter: Compact Engineering

    Apply for this job

  • Electronics Engineer

    Premium job

    Nikon Metrology Europe
    • Tring, Hertfordshire

    Nikon Metrology is looking for an Electronics Engineer to join our Electronics Team based in Tring (UK).

    • Recruiter: Nikon Metrology Europe

    Apply for this job

  • Engineering Manager

    BAE Systems
    • Hampshire, England, Portsmouth
    • Competitive package

    Would you like to play a vital role in managing and implementing the correct governance in order to enable BAE Systems to provide assurance and integrity of supply chain data? We currently have a vacancy for an Engineering Manager - Product Integrity

    • Recruiter: BAE Systems

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    Nestle
    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Consultant Engineer - Test

    BAE Systems
    • Farnborough, Hampshire, England
    • Negotiable

    Consultant Engineer - Test Would you like to be a lead within an exciting team working on one of the UK's largest defence projects? We currently have a vacancy for a Consultant Engineer - Test at our site in Ash Vale. As a Consultant Engineer - Test, you

    • Recruiter: BAE Systems

    Apply for this job

  • ELECTRICAL PROJECT ENGINEER

    SSE
    • Reading, Berkshire
    • SALARY: £37,588 TO £55,669 + CAR (SSE8/9), DEPENDING ON SKILLS AND EXPERIENCE

    SSE are looking to recruit an Electrical Project Engineer into office in Reading

    • Recruiter: SSE

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T