The newest car models are basically computers on wheels, which means they’re every bit as vulnerable to hackers as your laptop is. According to new research from a group of vehicle security experts, cars with keyless entry systems are particularly susceptible.
Last week, German automobile club ADAC published the results of a study it conducted on a variety of cars in which it found 24 vehicles from 19 different manufacturers to be vulnerable to an attack targeting the wireless key fob.
The method used, a radio-based amplification attack, essentially extends the range of a driver’s key fob to open the vehicle and, in many cases, start the ignition. When executed, the method allows attackers to enter the car and drive away in it without needing the wireless key in the car.
The newest models of the following cars were found to be vulnerable to attack:
- Audi A3
- Audi A4
- Audi A6
- BMW 730d
- Citroen DS4 CrossBack
- Ford Galaxy
- Ford Eco-Sport
- Honda HR-V
- Hyundai Santa Fe CRDi
- KIA Optima
- Lexus RX 450h
- Mazda CX-5
- MINI Clubman
- Mitsubishi Outlander
- Nissan Qashqai
- Nissan Leaf
- Opel Ampera
- Range Rover Evoque
- Renault Traffic
- Ssangyong Tivoli XDi
- Subaru Levorg
- Toyota RAV4
- Volkswagen Golf GTD
- Volkswagen Touran 5T
- BMW i3
Researchers used one radio device held near a driver’s key, while a second radio was within several feet of the vehicle. The radio system impersonates the car’s key and triggers the vehicle to open and start, the same way it would if the keys were near the car.
Using parts that cost just over $200, the researchers were able to build a system that worked with a range of about 300 feet.
The concept of the attack itself isn’t new—Swiss researchers published a paper in 2011 suggesting a similar type of approach for hijacking. However, the German team was the first to perform the hack with a more guerrilla method, without using expensive equipment and software.
H/T Wired | Photo via EveryCarListed P/Flickr (CC BY SA 2.0)