‘Relay Hack’ Lets Thieves Steal Cars Using $22 of Electronics

Chinese security researchers demonstrated a way to gain access to a car using cheap electronics.
www.thedrive.com

Share

New cars feature more integrated software than ever, and with that software comes security vulnerabilities. As a recent security issue with Hyundai’s Blue Link app demonstrates, telematics and other connected systems aren’t immune to tampering. That could potentially make life easier for car thieves. Researchers from Chinese security firm Qihoo 360 recently demonstrated a technique called a “relay hack” that can be used to break into cars using a pair of transceivers cobbled together for just $22, according to Wired.

Those cheap transceivers were used to extend the range of a car’s key fob by up to 1,000 feet. This tricks the car’s onboard sensors into thinking the key fob is close buy, allowing hackers to unlock the doors. This presumably only works on newer cars with keyless entry, which automatically unlocks doors without the driver having to actually press a key fob button.

The relay hack also requires one thief to be close to the actual key fob, wherever it is. The transceivers pick up the signal from that fob and extend the range so that the car can be unlocked even if the driver isn’t nearby. Such an attack could be used on a person shopping in a store or working in an office, with a car parked outside, Qihoo researcher Jun Li told Wired.

The researchers tested their hack on a Chinese-market BYD Qin and Chevrolet Captiva. However, the keyless-entry systems for those cars are manufactured by Dutch firm NXP, which also supplies systems to cars sold in the U.S.

Hijacking key fob signals isn’t unheard of. Last year, researchers at Germany’s ADAC demonstrated a similar hack on 24 vehicles using what they said was $225 worth of equipment, while a security flaw uncovered by German engineering firm Kasper & Oswald enabled thieves to clone key fobs for virtually every Volkswagen Group car made since 1995.

While these types of hacks are a serious issue, they’re not quite as sinister as the popular image of car hacking, fueled by a 2015 demonstration in which security researchers took control of a Jeep Cherokee using a laptop. The relay hack allows third parties to gain access to a car, but it does not allow them to gain control of one while someone else is driving.