Car owners love the convenience of that little button that unlocks and locks your car for you on your key ring. But hackers do too, evidently and it seems that manually locking or unlocking your car might be something you need to do.
In an interview with Wired, researcher Silvio Cesare for the security firm Qualys said he intended to demonstrate a technique at the Black Hat security conference that successfully mimics the wireless signal emitted by your car lock transmitter. Cesare said that in minutes, he could easily lock and unlock a car's doors and trunk. While the solution wasn't exactly cheap to come up with as the wireless radio he used cost nearly US$1,000, there are now models that cost half that.
No more coat hangers
Though the wireless Keeloq cipher has already been broken years ago, what Cesare does is novel - he uses a robot to press a key fob thousands of times, while listening to the key codes transmitted by said fob. The method helps reduce the possible permutations of unlock codes from a few million to roughly 12,500. The latter can easily be generated in minutes.
Cesare admitted he only tested his technique so far on his ten-year-old car so we can assume that newer cars might have safeguards that prevent such easy unlocking. But the key word here is 'might'.
A lot of car makes, despite having different manufacturers, use technology in their car locks that are very similar. So if a hacker manages to unlock one car, cars with similar locking mechanisms could also be vulnerable.
Wireless radios like the HackRF allows people to mimic many wireless signals which shows the limitations of wireless technology when it comes to safeguarding.
In the end, we can surmise that for now you can still wireless unlock or lock your car without worrying too much. But that will probably change so best get used to remembering where your car is instead of just relying on that familiar beep to find or unlock it. You could just be handing your car over without realising.