Hacking behind third of London’s car theft

4 September 2014
By Tereza Pultarova
Mobile version
Share |
Modern car thieves use much subtler methods than breaking windows with baseball bats

Modern car thieves use much subtler methods than breaking windows with baseball bats

Car theft has entered the cyber age with more than one in three vehicles currently stolen in London being taken through sophisticated hacking methods, the Home Office has revealed. But experts say the issues were long predicted. 

According to Home Secretary Theresa May, criminals are turning towards digital methods to get hold of other people’s cars. Without having to steal the owner’s keys, break windows or damage locks, the hackers can create and programme their own keys to get into the cars. Frequently, they intercept the data needed to carry out the crime when the unsuspecting driver uses his or her securely coded key.

Speaking during an event organised by the Reform think-tank in Westminster, May said hackers can even use special malware to seize control over the vehicles through satellites, issuing remote commands to unlock doors, disabling alarms or starting engines.

May said the Home Office is working with the Metropolitan Police to find a cure for the emerging challenges.

"Because we have this understanding, we can now work with industry to improve electronic resilience, include this kind of resilience in the vehicle's overall security ratings, and work out the extent to which the same threat applies to other physical assets such as building security systems," she said.

Although the figures revealed by the Home Office may come as a surprise to the general public, the expert community has been anticipating and warning of the risks related to the spread of digital technologies in modern cars for quite some time.

“For instance proof of concept attacks against vehicle key security algorithms were conducted by academics nearly a decade ago and the necessary hardware has only become cheaper since then,” said Mike Ellims of the Institution of Engineering and Technology.

“Attacks where a duplicate set of electronics for a target vehicle is acquired, for example from a vehicle scrap facility and used to replace the electronics on the vehicle has also been known for a similar period of time. Attacks where the vehicle or duplicate key is reprogrammed in-situ is only a variant of this.”

Cases where cars have been stolen using this method were already described. Paradoxically, expensive luxurious cars packed with smart technology may appear more vulnerable then less high-tech main stream vehicles. 

Since 2012, multiple owners of luxurious BMW vehicles reported their cars missing without their smart keys being touched. The smart keys use near field communication technology to exchange data between the key and the car and allow the driver to enter the car or even start the engine without having to insert the key. The technology was originally only available with high end models but has increasingly been spreading into the mainstream market. 

Unfortunately for owners of cars equipped with smart keys, a device exists which allows anyone to access the on-board computer and programme a blank key. Although this device was originally sold to garages and recovery agents, it soon found another market among criminals.

“As vehicles become more connected attacks over wireless services could become more common if manufactures don’t respond,” Ellims said.

The IET’s Martyn Thomas agrees: “Whenever you introduce new technological features, you are opening up new vulnerabilities. It is therefore critical for the manufacturers to be using cutting edge engineering and computer simulation to assess the vulnerabilities before criminals could exploit them.”

Thomas described another scenario when luxurious vehicles could fall into the wrong hands using some rather exclusive features.

“There are ways to open a car remotely. They are usually available only for high-end models,” Thomas said. “These systems allow the user, in case he loses his key, to contact his garage or a dealership with some secure code and they can, following his request, remotely unlock the car.”

It is therefore feasible, Thomas believes, for a resourceful hacker to breach this secure communication link and gain unauthorised access to the vehicle.

Even more common, Thomas said, is copying of unencrypted car keys. In this scenario a hacker, equipped with a simple radio receiver, could be hiding in a busy car park, waiting for unsuspecting drivers to lock their cars with a remote key. After simply recording the radio transmission between the key and the car on a special device, the criminal can replay the signal after the owner has left and get into the car.

“The signal between the car and the key is transmitted through near field communication technology and should only be possible to intercept over very short distances,” said Thomas. “However, it frequently isn’t that simple. Then it depends on whether the car manufacturer is using keys with encryption. In the optimal scenario the key should be generating a different code for every transmission, but it’s not known how many of the manufacturers do that.”

With modern cars becoming ever more computerised and with driverless vehicles on the horizon, cyber security must become one of the focal points of car manufacturers’ research, probably as significant as crash testing.

Recent demonstrations in the USA have shown that hackers could theoretically temper with critical systems of the cars including brakes or engines, possibly causing fatal accidents.

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Sales Electronics Engineer

    Premium job

    Precision Microdrives
    • London (Greater)
    • £25,000 - £30,000 starting salary, inclusive of on-target commissions.

    Precision Microdrives (PMD) is a fast growing technology company that designs, produces and trades miniature electro-mechanical mechanisms

    • Recruiter: Precision Microdrives

    Apply for this job

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new soluti...

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Analogue Electronics Engineer

    Premium job

    Swedish Institute of Space Physics (IRF)
    • Uppsala (Stad) (SE)

    The Swedish Institute of Space Institute (IRF) in Uppsala search for an analogue electronics engineer.

    • Recruiter: Swedish Institute of Space Physics (IRF)

    Apply for this job

  • Principal Robotic Systems Engineer

    Premium job

    National Oceanographic Centre
    • Southampton, Hampshire
    • £45,271 to £49,207 per annum

    Responsible for technical oversight and project management of internally and externally funded innovation centre projects.

    • Recruiter: National Oceanographic Centre

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Engineer - Water

    Premium job

    Mott MacDonald
    • Peterborough, Cambridgeshire

    Mott MacDonald's highly successful Water and Environment Unit is recruiting an electrical engineer....

    • Recruiter: Mott MacDonald

    Apply for this job

  • Electrical Design Engineer

    Premium job

    Mott MacDonald
    • Cambridge, Cambridgeshire

    Mott MacDonald's highly successful water business continues to win and deliver a fantastic amount of work....

    • Recruiter: Mott MacDonald

    Apply for this job

  • Launcher Verication & Validation Lead

    • Bristol
    • Competitive Salary & Benefits

    What’s the opportunity? Opportunity to join a very dynamic, responsive and multinational Launcher team, focussed on rapid development, proving and manufacture to meet challenging programme...

    • Recruiter: MBDA

    Apply for this job

  • Technical Design Authority - Marine Systems (Mechanical)

    BAE Systems
    • Scotland, Glasgow
    • Negotiable

    Technical Design Authority - Marine Systems (Mechanical) Would you like to play an exciting and varied role working with the River Class Batch 2 (RCB2) vessels for the Royal Navy? We currently have a vacancy for a Technical Design Authority - Marine Syste

    • Recruiter: BAE Systems

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T