Some of the UK's newest and most popular cars are at risk of being stolen in seconds by exploiting weaknesses in keyless entry systems. The systems let drivers open and start their cars without taking their key out of their pocket. A DS 3 Crossback and Audi TT RS were taken in 10 seconds, and a Land Rover Discovery Sport TD4 180 HSE in 30.
What Car? security experts performed the tests using the same specialist technology operated by thieves. They measured the time it took to get into the cars and drive them away.
Car theft rates in England and Wales have reached an eight-year high. In 2018, more than 106,000 vehicles were stolen. And motor theft insurance claim payouts hit their highest level in seven years at the start of 2019.
The Association of British Insurers said claims for January to March were higher than for any quarter since 2012.
It said a rise in keyless car crime was partly to blame, but did not have figures on what proportion of claims were for keyless vehicles.
Previously:
Volkswagen Finally Agrees to Publication Of Vulnerability Paper, After Removal of One Sentence
(Score: 2) by sjames on Friday August 09 2019, @03:23AM (3 children)
It varies a lot. In the '80s, you really could start a car without the key more or less like in the Terminator (Disclaimer, I have never stolen a car, I tested that on my own car when the ignition lock failed).
The cars TFA is talking about just have the start button and a transponder in a keyfob, no key. You can't hotwire it because the ECU won't let the engine run without talking to the keyfob even if you connect power and cause the starter to turn. Alas, the auto industry managed to snatch defeat from the jaws of victory. It turns out you can simply relay the signal between car and fob so that while the owners key is on the dresser the car thinks it's in the car and you can just press start and go. (same setup unlocks the door). You look EXACTLY like a legitimate owner getting in to the car and driving away. Drive it onto a flatbed before your relay goes out of range.
From there, either re-program the ECU or strip the car for (very expensive) parts.
So I suppose the modern system is MUCH easier (or at least much less risky, depending on how you want to look at it) but you have to go high tech to do it at all.
(Score: 1, Interesting) by Anonymous Coward on Friday August 09 2019, @05:12AM
Automakers are not system designers of crypto auth. They just mindlessly use chips that Atmel and Co. are equally mindlessly making. Nobody is looking at the big picture - except thieves, that is.
(Score: 1, Funny) by Anonymous Coward on Friday August 09 2019, @05:00PM (1 child)
Once the car is started, it continues to run, even if you are out of range of the key fob. Most cars will beep a little bit indicating such.
My wife did this one time. Started the car, removed her purse and drive away. The beeps didn't really register as very important at the time. She got to her destination, and shut off the car. When she tried to lock the car, she realized what happened.
Maybe carmakers should put something on the in-dash display saying "You forgot your key dumbass!" It might be more obvious than a couple beeps.
(Score: 2) by sjames on Friday August 09 2019, @07:11PM
That is, all at the same time funny, obnoxious, and worse than I thought. That makes stealing the car WAY too easy.
I would say the car should have gone into full panic as soon as the fob went out of range, honking horn, flashing lights, engine shutoff (if not under acceleration).
Considering that radio probably isn't exact enough to distinguish in the car from ON the car, there will probably be a lot of problems like that.