Top-selling cars in Ireland vulnerable to having keyless ignition ‘hacked’

Germany’s ADAC finds most hands-free ignition systems vulnerable to having wireless signals intercepted

The growth in cars available with hands-free “keyless” locking and ignition systems is dramatically increasing our vulnerability to car theft. Photograph: Getty Images

The growth in cars available with hands-free “keyless” locking and ignition systems is dramatically increasing our vulnerability to car theft. Photograph: Getty Images

 

Thousands of new cars are vulnerable to being stolen even when owners have hidden the car keys securely away. The reason? Our addiction to electronic convenience.

The growth in cars available with hands-free “keyless” locking and ignition systems is dramatically increasing our vulnerability to car theft, according to a new report from ADAC (Allgemeiner Deutscher Automobil-Club – Germany’s equivalent of the AA). All but a tiny handful of cars with keyless systems are safe from having those systems hacked. Although keyless entry and ignition is often on the options list, such systems are widely available across even the most affordable model ranges.

All modern cars have an electronic immobiliser which prevents them being started and driven away unless the key is present in the vehicle. Because of this, in recent years thieves resorted to either “fishing” through letterboxes or open windows to snag a set of keys left out in the open, or breaking into houses to take the vehicle keys.

Now though, devices which can pluck a car’s security code from the air are on sale online for as little as €3,000 and come complete with instructional videos on how to use them.

They can either “grab” the signal sent between a remote central locking key and the car, or they can simply amplify the signal from car to key, making a car on a driveway think that its key is next to it, when it could be safely upstairs in the house.

Of the 237 vehicles fitted with keyless systems tested by ADAC, 230 were found to be vulnerable to this wireless hacking. Four more could be unlocked and entered, but not necessarily started up. Three – the Volvo XC60 T5, the Mazda 2 hatchback, and the BMW i3 electric car – could not be unlocked or opened with the wireless hack, but could be started if the car had been left unlocked.

Only three cars – the current versions of the Land Rover Discovery and Range Rover, and the Jaguar i-Pace – had the right security software, which more accurately measures the distance from key to vehicle, to make this sort of hacking impossible.

It means that all of the top-10 selling vehicles in Ireland – the Hyundai Tucson, Nissan Qashqai, Ford Focus, Volkswagen Golf, Skoda Octavia, Kia Sportage, Volkswagen Tiguan, Toyota Yaris, Ford Fiesta, and Toyota C-HR – are potentially vulnerable to the hack.

Exploited

Richard BillyealdThatcham Research

“Concerned drivers should contact their dealer for information and guidance. Check if your keyless entry fob can be turned off. If it can, and your dealer can also confirm this, then do so overnight.

“Store your keys away from household entry points. Keeping your keyless entry fob out of sight is not enough – thieves only need to gain proximity to the key to amplify its signal.”

The advice from the Garda is actually to return to rather more old-fashioned methods than relying on digital security. “Do not leave your car keys on open show on hallway tables etc,” a spokesperson told The Irish Times.

“The wireless signal from some keyless fobs can be turned off, although the feature isn’t always obvious and can require a combination of button presses. Consult the manual or contact the manufacturer to find out if this is possible for the keys to your car.

“There are also tracking devices available which enables the owner to track their vehicle. A low-tech security device like a steering wheel lock, gates, and a security barrier are very good deterrents to would-be car thieves. Always stick to the basics of car security first. Ensure your vehicle is parked in a well-lit or secure area, properly locked and all valuables are removed. Once in your home or office, ensure your car keys are as far away from doors and windows as possible, preferably shut inside a drawer.”

There are some other solutions which sound high-tech, but which actually hark back to the very early days of the discovery of electricity. You could try putting a “Faraday cage” – a simple metal structure which blocks incoming and outgoing signals – around your keys when they’re not in use.

Clive Wain, head of police liaison at Tracker, a company which makes and administers vehicle tracking and location devices, said: “The good news is there are simple precautions people can take. Whilst the relay devices can receive signals through walls, doors and windows, metal is its enemy, so putting keys in a metal tin or the microwave is a cost-effective way to thwart the criminals. Alternatively, invest in a metallised signal blocking pouch, such as a Faraday wallet, which is designed to shield electronic keys from relay attacks.

“It’s also worth remembering that vehicle security should be multi-layered and shouldn’t just rely on the keyless security system. Physical barriers, such as crook locks and wheel clamps will deter thieves. And whilst investing in a tracking device won’t stop a car being stolen, it can significantly increase the chances of police locating it and returning it to the rightful owner. This, plus added vigilance, dramatically contributes to keeping thieves at bay.”

Car manufacturers have responded to the ADAC report by saying that they are looking for ways to make their systems more secure.

BMW and Mercedes pointed out that their latest models include motion sensors in the key itself, which disables the wireless signal if the key is sitting still for too long.

According to Which? magazine, older Mercedes models have a function whereby double-clicking the lock button on the key fob disables the wireless signal, while both Mazda and Peugeot told Which? that they were offering free keyless deactivation for concerned customers.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.