Ford, Audi, BMW Cars Vulnerable To Keyless Fob Hack

Fords, Audis and BMWs are all vulnerable to a serious new security flaw uncovered by German researchers.

The flaw involves the wireless keyless fob commonly found on modern cars that unlock and even start the vehicles.

Keyless Fobs

News of the vulnerability emerged last week after a report in the German business magazine WirtschaftsWoche. It cited research from the Munich-based car club ADAC, which had conducted a radio “amplification attack” test of dozens of modern cars.

The study revealed the flaw allows thieves to extend the range of the keyless fob, even if the fob is secured safely inside the victims house. The researchers were able to boost the signal of the keyless fob to unlock the car outside, and even start the ignition.

The ADAC researchers found 24 different vehicles from 19 different car makers were vulnerable to the flaw, which allowed them to unlock the target vehicles but also drive them away.

Unlike the traditional wireless key fob that still require the insertion of a metal key into the car in order to start the car, wireless keyless fobs are different, in that they allow the driver to simply walk up to his car without taking out the fob, and removing the need to press a button to unlock the car. The keyless fob also allows the engine to start, without the insertion of a traditional key.

“The obvious vulnerability in the comfort of keys facilitates thieves their craft immensely,” reads a Google translation of the research. “The radio connection between keys and car can easily be extended over several hundred meters. Regardless of whether the original key is, for example, at home or in the pocket of the owner.”

It warned that if the car engine is started, the car will run until it runs out of petrol or is stalled or switched off. This means that thieves have the potential to simply drive the car away from the victim’s house.

Another concern is that the researchers used common and cheap components costing just just over $200 in order to build the device that carried out these radio “amplification attacks”.

The researchers posted this video of the attack in action.

The researchers built two radio devices to conduct the attack. One radio is held a few feet from the victims car, whilst the other is placed near the keyless fob, say just outside the victim’s front door.

The radio device near the car then impersonates the car’s key and pings the car’s wireless entry system. This triggers the car’s keyless system to send out a signal, seeking a response from the key fob.

That signal is relayed between the two radios as far as 300 feet. This triggers a response from the keyless fob inside the house, which is then transmitted back to the car, unlocking it. It even allows for the car to be started.

So what cars are vulnerable? Well according to Wired, the full list includes the Audi A3, A4 and A6, BMW’s 730d, Citroen’s DS4 CrossBack, Ford’s Galaxy and Eco-Sport, Honda’s HR-V, Hyundai’s Santa Fe CRDi, KIA’s Optima, Lexus’s RX 450h, Mazda’s CX-5, MINI’s Clubman, Mitsubishi’s Outlander, Nissan’s Qashqai and Leaf, Opel’s Ampera, Range Rover’s Evoque, Renault’s Traffic, Ssangyong’s Tivoli XDi, Subaru’s Levorg, Toyota’s RAV4, and Volkswagen’s Golf GTD and Touran 5T.

Car Security

Concern about car security has been increasing lately, as cars become increasingly connected electronically to the outside world.

In August 2014, a group of hackers and security researchers signed an open letter encouraging car makers to improve the security systems of their latest cars.

Last September Fiat Chrysler ordered a major recall of some of its vehicles in the United States after more were found to be affected by a serious software vulnerability which could lead to them being attacked by cybercriminals.

Prior to that American car firm Telsa rushed out a patch after researchers discovered a potentially serious flaw that allowed them to assume control of the vehicle. That hack however was only possible because the researchers had access to the inside of the car.

And in February 2015, BMW confirmed it had patched a serious security flaw that could have allowed hackers to seize control of some of its cars’ systems. That flaw could have allowed hackers to the open doors of 2.2 million Rolls-Royce, Mini and BMW vehicles.

In the driving seat about connected cars? Take our quiz!