PETALING JAYA: Owners of cars using the keyless entry system are at risk of having their vehicles stolen in minutes by a frequency-hacking device that is available locally.
The device, which costs about RM150 and can be obtained online or at some electronics stores, can unlock a car and start its engine by hacking its radio frequency identification (RFID) information.
A source said the device could open almost every car with keyless entry.
The source said car thieves recruited hackers to install the required software onto their laptops and teach them how to operate the device.
“Some local hackers have been approached to offer their services to members of the car theft syndicate,” the source added.
There are three ways to steal the encryption code to unlock these vehicles.
“The device has to be attached to a computer and run with simple frequency monitoring software, which can be downloaded for free from the Internet.
“The software reads the frequency transmitted between the remote key and car system.
“It can capture the frequency code used to lock the car. At the same time, it decrypts the rolling codes transmitted back by the car to the remote key, to unlock the vehicle,” the source explained.
The other method is by “attacking” the car system. The hacking device broadcasts a signal mimicking the remote, tricking the car into responding with a rolling code.
The device captures the code and decrypts it to unlock the vehicle.
The source said the process could just take a few minutes, depending on the hackers’ code database.
“Thieves have also been known to steal the code from the remote key by broadcasting a radio signal to it.
“This emulates the car communicating with the key, which will automatically send a response.
“The car thieves will then capture and decrypt the frequency transmitted from the key and pair it with the car’s locking system to unlock the vehicle.”
The source said many keyless entry systems also included a remote keyless ignition system. As such, when thieves unlock the vehicle, they can also start the car.
Remote keyless ignition uses a push button to start the car, not a physical key.
Munich-based Allgemeiner Deutscher Automobil-Club (ADAC), the largest auto club in Europe, recently said 110 models from 27 different manufacturers were at risk of being stolen based on the keyless system they used.
An ADAC report said they were not only able to unlock the vehicles but also start them with no problem.
“To date, car manufacturers have yet to find a foolproof solution to beat these car thieves,” the ADAC findings concluded.
A police spokesman said they were aware of this high-tech method.
“Car owners should take extra precautions like installing GPS tracking devices or use steering or gear locks to deter thieves,” he said.
He added that keyless entry was impressive, but nothing beats a good physical lock, which made it much harder for thieves.
Statistics of such thefts are not available in Malaysia.
However, according to RAC Ltd, a British automotive services company, the number of thefts reported to 40 police stations in England and Wales rose from 65,783 vehicles in 2013 to 85,688 in 2016.
RAC’s data indicated that the 30% increase was attributed to thieves using the frequency-hacking method to break into cars.
Automotive industry insiders believed the good old way of securing cars – using manual keys and locks – was still effective in preventing vehicle theft.
A spokesman for a carmaker said the longer time taken to steal vehicles with old-fashioned locks discouraged thieves.
Owners are also encouraged to use anti-theft devices such as steering locks, immobilisers, motion sensors and top-grade alarms.
The spokesman said a good tracking device in a vehicle would also be of great help in the event of a theft.
A car owner, who gave his name only as Lee, said he suspected thieves used this method to steal his car.
“Five other friends lost their vehicles within two months of my car being stolen,” he said.
“I believe the thieves used a computer or gadget to open the car doors,” he said, adding that his car used push-button ignition.
He said the thieves also deactivated the alarm when unlocking his luxury car.
Source: The Star Online (12th Feb 2018)