In this article, we’re talking about a device that will allow racing drivers to sneak into the interiors of luxury cars at the push of a button.
Luxury cars, like everything else in this world, including sex toys, pacemakers, firearms, and power grids, can be hacked. But most people aren’t hackers, so a device that can automatically break into a car without a key at the touch of a button is becoming a desirable device for car thieves.
The so-called "relay attack" is ideal for an era of increasingly digitized vehicles and requires a so-called "keyless repeater" or "repeater", which allows you to amplify the signal of the key to the selected car and eventually gain access to it. After that, everything is as simple as Wiz Khalifa once said in his famous song "Black & Yellow": "No keys, push to start."
Such a device is not at all fiction, it was sold over the Internet for several thousand dollars by a person under the pseudonym "EvanConnect", who shared a video of the entire process with Motherboard reporter Joseph Cox.
It turns out that his device can be used specifically to hack luxury cars. Read on to find out how it all works.
Below is a video that the developer of the device recorded to demonstrate its operation.
The unsuspecting man drove his jeep to the underground garage, closed it and left, not even suspecting that two hackers were going to silently hijack him right now.
One of them, along with a black laptop-sized device inside his bag, pursued the victim. Using the buttons on the device’s outer casing, he scrolled through the various options on the device’s bright LED screen before settling on the one he wanted.
The second man was walking towards a bright white jeep, holding a small box with an antenna sticking out from the top. The man tried to open the car door, but it was locked. He pressed a button on the top of his device, a light came on, and voila, the machine opened instantly. He climbed into the driver’s seat and pressed the button to start the car.
To show the power of the device, the man turned off the antenna box and tried to start the car again. "Key not found," the dashboard screen read, indicating that the person in the driver’s seat did not have the wireless key needed to start the car. "Press the key button to start."
Ignoring the message, the man turned on the device in his hand and tried to start the car again. As if nothing had happened, the engine started with a characteristic growl.
Sami Kamkar, an experienced security researcher and hardware hacker, watched Evan’s video and explained this apparent attack. In most modern cars, the presence of a key as a physical device is not required (it does not need to be inserted or turned), it is enough to have it with you.
It all starts with the car owner locking their car and leaving with the key. One of the people trying to steal the car then approaches it while holding one of the devices that listens for a certain low frequency that the car sends to check if the key is nearby, and then the device retransmits it "at a higher frequency, for example, 2.4 GHz, which will easily cover much greater distances," wrote Kamkar.
The second device, located at the second hacker, picks up this high frequency signal and plays it again at the original low frequency. The real key sees this low frequency and reacts as if it were physically near the car.
Using these devices, the perpetrators create a bridge that links the car to the key in the victim’s pocket, making both of them think they are next to each other, allowing the perpetrators to unlock and start the car.
One of the men in the video, who goes by the alias "EvanConnect", plays the role of a bridge between digital and physical crimes. These devices, which he sells for thousands of dollars, allow other people to break into expensive cars and steal them. He claims to have had clients in the US, UK, Australia and several countries in South America and Europe.
“Honestly, I can tell you that I have never stolen a car with my technology,” Evan told Motherboard. "It’s very easy to do, but I see it this way: why should I get my hands dirty when I can make money just selling tools to other people."
The video does not depict the actual hijacking; Evan filmed a video using a friend’s jeep to demonstrate the feasibility of the device to journalists. These devices are sometimes used by security researchers to test the security of vehicles.
Police departments around the world have been reporting an increase in the number of vehicle thefts over the past few years, which they suspect were committed using various electronic means. In a 2015 press release, the Toronto Police Service warned residents of a spike in Toyota and Lexus SUV thefts, apparently involving electronic devices.
A 2017 video released by West Midlands Police in the UK shows two men approaching a Mercedes-Benz parked in the owner’s driveway; As in Evan’s video, one person stood next to the target vehicle with a handheld device while another positioned the vehicle near the house, hoping to pick up the signal coming from the car keys stored inside.
However, not all electronic car thefts use the same technology. Some methods are based on suppressing the signal from the vehicle owner’s key fob so that the owner thinks that he has closed his car when in fact the signal to close did not reach him.
According to Vice.