Experts say car key fob hacks could become the latest theft tool for cyber-savvy car thieves

Recent reports have raised concerns about ability for a vehicle hacks.

July 11, 2018, 7:55 PM

A family in Ocean County, Maryland fell victim to a new type of automobile theft -- a key fob signal hack that allowed thieves to unlock their $50,000 Chevy Suburban and drive off with it.

While still apparently rare, recent reports have raised law enforcement concerns about the relatively new ability for a tech-savvy thief to hack into a vehicle's key fob, open the door and steal the car.

The threat is called a 'relay attack,' Michael Tanji, chief operating officer for the cybersecurity firm Senrio Inc., told ABC News. Basically, the attackers grab the signal being transmitted by a nearby key fob using a special receiver. That receiver then 'relays' that signal to the car, allowing the thief to unlock it and even start the ignition.

Tanji explained that although these attacks are happening, there is not enough data to show how often they are occurring nationwide.

“Just because a thing can happen doesn't mean that it will or that it is even likely,” Tanji said.

"People have no way of knowing if this is a common problem or a fringe one."

The National Insurance Crime Bureau, a non-profit organization that combats insurance fraud, tested out a relay attack device, but protected the fob by storing it in a metal box. They found that the casing seemed to stop the fob signal from reaching the device, preventing them from opening the vehicle.

While the potential is there to hack into someone’s car, NICB said in a statement to ABC News that they have no confirmed cases anywhere in the U.S. of a vehicle theft using this device.

A forecast report from NICB shows that there have been a significant number of thefts reported where a key or fob was a factor, however.

Between January 1, 2013 and December 31, 2015, there were 147,434 vehicle thefts with keys reported stolen in the United States. While these crime numbers ran high, NICB said these thefts are not due to cybersecurity hacks, but rather that they are simply people leaving their keys or fobs in the car and someone just jumping in and driving away.

Car companies like Fiat Chrysler Automotive (FCA) said they have looked into this issue, knowing the potential risks, and have started amping up their vehicle security efforts on their end -- to prevent, detect and to respond to cybersecurity risks.

“FCA U.S. is deploying both hardware and software technologies to protect against cyber intrusions,” FCA vehicle cyber-security senior manager Sandra Hosler said in a statement. “Open collaboration with our industry and transparency with our suppliers, and cooperation with security researchers through our bug bounty program, are all critical components of our vehicle cybersecurity program.”

Earlier this year, the Automotive Information Sharing and Analysis Center (Auto-ISAC), which provides intelligence about emerging cybersecurity risks to vehicles, partnered with the Department of Homeland Security (DHS) to improve vehicle cyber-threat information.

Cybersecurity experts like GlobalSecurityIQ CEO Holly Hubert said that relay attack threats were first detected in 2016 after remotes became increasingly prevalent in cars.

"Cybersecurity is a dynamic, ever-changing issue,” Hubert told ABC News.

Whether it’s wrapping your key fob in tin foil or placing it in a signal blocking pouch, reports say key fobs should be stashed in a safe spot to reduce any chance for interference from potential hackers.

Hubert said that the best people can really do is to just understand the risks.

"If you buy an item that has some cyber application or connectivity to the Internet, you should educate yourself on the risk -- and either accept that risk or exercise some mitigating control," Hubert said.

"People shouldn't be scared of technology," Hubert said. “Every time something is invented, or developed, the security piece needs to catch up with it."

Related Topics