Skip the navigation

Keyless systems on cars easily hacked, researchers say

Researchers at Switzerland's ETH Zurich University show how passive keyless entry and start systems can be compromised

January 19, 2011 06:00 AM ET

Computerworld - The passive keyless entry and start (PKES) systems supported by many modern cars are susceptible to attacks that allow thieves to relatively easily steal the vehicles, say security researchers at Switzerland's ETH Zurich University.

In demonstrations using 10 cars from eight makers, the researchers showed how they were able to unlock, start and drive away the cars in each case, by outsmarting the smart key system.

The break-ins were carried out using commercial, off-the-shelf electronic equipment available for as little as $100, the researchers said in a paper describing their exploits.

Although the possibility of such attacks on keyless systems has been discussed previously, it has not been clear before if they would be feasible on modern cars, the researchers said. "In this paper, we demonstrate that these attacks are both feasible and practical," they said.

Details of the hacking are scheduled to be presented at a security conference in San Diego later this month, reports the MIT Technology Review.

The keyless systems exploited in the Zurich demonstrations are designed to let car owners lock, unlock and start their vehicles without having to take the key fob out of their pockets. They allow car doors to unlock when the person carrying the key approaches the vehicle, and to lock them when the person walks away from the vehicle.

To start the keyless vehicle, the user needs to be inside the car with the key on their person or within the car. There is no need, however, for the key to be inserted physically into the ignition lock to start the vehicle.

The car and the key fob communicate with each other using a combination of both Low Frequency and Ultra High Frequency radio signals. The door lock and unlock functions, asw well as the engine start functions, are activated by the proximity of the key fob to the car. When the key is brought close to the car, it issues a command to open the car and turn on the ignition.

For the experiment, the researchers used a pair of commercially available loop antennas for capturing beacon signals from the car and relaying it to the key fobs. The antennas were used to fool the car into believing the key fob was in closer proximity to the vehicle than it actually was.

First, one of the antennas would be placed on the exterior of the car, close to the door handle, to pick up signals from the vehicle and relay it to the second antenna located some distance away. Signals received by the second antenna would then be picked by the key, which would relay instructions back to the car to unlock the doors.



Our Commenting Policies