Hi-tech car crime on the increase

With the increasing use of keyless entry and ignition, hackers are turning their attention to car crime, stealing and then decrypting the key code used by luxury cars with nothing more than a standard laptop.

Although remote keyless entry is not new, with most cars using a keyfob that remotely deactivates a car’s alarm and unlocks the doors, the increasing use of RFID (Radio Frequency Identification) tags that broadcast their signal to any device that can receive it – not just the car the signal is aimed at – means thieves can capture the key information themselves and create a fake key.

The crime is more common in Europe, but is increasing in the UK. Last year a study was published by Johns Hopkins University and the security company RSA that showed how a keyless ignition could be circumvented with easily obtainable hardware. The group illustrated how they successfully broke into a Ford Escape SUV.

One hacker that has been caught is Radko Soucek, a 32-year-old car thief from the Czech Republic. He has been stealing cars since he was 11; armed with his laptop he can now break into some of what purport to be the world’s most secure cars. He was apprehended and charged as his car hacking attempts were all documented on his laptop.

It has now been suggested that the RFID industry needs to re-evaluate the encryption technology that they use. The current 40-bit encryption is simply too easy to crack. One recommendation is that they adopt the more secure 128-bit AES (Advanced Encryption Standard) that is used for online transactions and is much more difficult to break with affordable hardware.

The Johns Hopkins/RSA study also suggests that car owners wrap their keyless ignition fobs in tin foil to stop the RFID signal being broadcast to anyone with a receiver. However, at the annual CardTechSecureTech conference few RFID developers had knowledge of the Johns Hopkins/RSA research or had any plans to change how they handle encryption on their keyless ignition systems.