Radio Attack Lets Hackers Drive Away Your Car

When it was revealed I couldn’t believe my eyes. Someone walks up to a car and its locked, someone else walks up and can instantly get in and at the press of a button start the engine, no key required. Wireless key technology is now employed in cars all over the world and allows for users to avoid the hassle of finding their car keys, sadly it looks like a radio attack lets hackers do exactly the same thing without you even knowing.

A group of german vehicle security experts have studied how the radio hack uses your keys to break into your own key. The whole principle of wireless keys is that the engine and the doors will only work when the keys are within a certain range of the vehicle, this means that if you aren’t near your car it’s just an expensive piece of metal and technology.

Munich-based automobile club, ADAC, tested a hacking technique that uses the principle of “amplification” to fool your car into believing that the keys are actually closer than they actually are. In total, their study found 24 different vehicles were vulnerable, and it wasn’t just one manufacturer that was involved, 19 different manufacturers were vulnerable to the radio attack. What does this mean? Using this kind of attack someone can walk up to your car, and using a small pocket amplification device, unlock and drive away your car. No alarms,

What does this mean? Using this kind of attack someone can walk up to your car, and using a small pocket amplification device, unlock and drive away your car. The total cost of this hack? $225 for the device. Compare that to the cost of the Audi A3, A4 and A6, Ford Galaxy, Mitsubishi Outlander, Renaults Traffic and countless other models that are vulnerable to this attack.

The technique works by “amplifying” your keys signal. In reality, what happens is the key fobs signal is relayed through a pair of radios. Is this an example of technology being made too smart, at the cost of security, in order to save us a few seconds of inconvenience?

More Than 65,000 Range Rover Vehicles Recalled Over Software Bug

Land Rover have recalled more than 65,000 vehicles due to a software bug which automatically unlocks the car doors. The affected models are the Range Rover and Range Rover Sport with a manufacturing date from 2013 to the present day. While the introduction of keyless ignition seemed like a novel idea, it’s become prone to software errors and a prime target for car thieves. These issues are compounded further when you consider the technology is exclusively used on luxury models.

In a statement to the BBC, Land Rover said,

“No accidents or injuries were reported to have occurred as a result of the bug.”

“Range Rover owners would not have to pay for the modifications to be made.”

The widespread security concerns with blank key systems are backed by clear evidence as gangs often use a handheld black box to easily open the doors without forced entry. Possibly, there are too many concessions just to avoid the industry standard mechanical lock. This brings up the question, do we even need this technology? Software is always prone to glitches and open to hacking. Given the monetary value of high-end vehicles, it seems a bit reckless to keep relying on these devices. For example, a spokesperson for Thatcham Research which collects information on car crime argued,

“It’s been known for over a year that keyless entry and ignition systems possess certain vulnerabilities.”

“There were a number of vehicles suggested as being vulnerable in this way, Range Rovers being one of them.”

“Other cars targeted include Ford Focus and Fiestas, Audis and some light commercial vehicles.”

“That was all to do with keyless entry systems and vulnerabilities through the onboard diagnostic port.”

Do you believe keyless ignition systems can ever be completely safe?

Thank You BBC for providing us with this information. 

Lockitron Smart Locks Means You Can Throw Out The Keys

Smart locks are starting to really become popular, last year I started following a company called Apigy Inc., which is planning to bring us Lockitron. Now I am starting to see information about a new startup called August which appears very much the same. After hearing about August, I looked up to see how many of these new locks are on the market, not looking very hard I was able to see that a big name lock producer, Kwikset. has also aimed to bring us a smart lock called Kevo. All of these locks using a bluetooth device, such as an iPhone or android phone you are able to use an app to unlock or lock a door. The lock is able to sense when you are near and automatically lock or unlock the door, or you can set it so that you need to tell it to unlock or lock from your device. With both setups you are able to log who enters and exits your house, you are also able to setup who is able to have access and for how long.

I haven’t found much information about how secure these new locks are, what kind of tests have been preformed on them. As far as I can tell though, Lockitron appears to just be an attachment to your current deadbolt while the August and Kevo appear to contain all of the hardware (Lock included)

There is no shortage of new smart locks that have been announced to come out soon. Are you interested in one? If so, which one would you prefer?

The Lockitron will start shipping July 15th. The August Smart Lock will cost $199 when it goes on sale later this year. And the Kwikset Kevo doesn’t appear to have a release date.

Source / Source / Source