Information Security, Top News

RFID repeater used to steal Mercedes with keys locked inside a house



Do you own a Mercedes or other fancy car that starts with a keyless fob – and which you’d rather not see thieves drive off in?

Do you own a refrigerator?

If you answered “yes” to both those questions, congratulations! You might not have to stand outside in your slippers, sobbing over a sadly empty parking spot! “Might” because, well, researchers aren’t entirely sure how much metal shielding you need to create a Faraday cage to block key fobs’ “unlock me/start me up!” radio signals.

Why does this matter? Because West Midlands Police on Sunday posted a surveillance video showing thieves mysteriously opening and getting into a Mercedes in less than 86 seconds, without a key.

Actually, it’s not all that mysterious. The video depicts a so-called relay attack. It’s well-known. We’ve seen plenty of them over recent years in this, the age of the keyless fob and the relay boxes and signal boosters that steal their signals.

The most recent case is this one in the West Midlands, UK. In the CCTV footage above, two men pull up outside the victim’s house. They’re both carrying relay boxes. West Midlands Police note that the devices are capable of receiving signals through walls, doors and windows, but not metal.

One of the men stands near the victim’s property, waving the device until he gets a signal from a key fob inside the house or garage. The other thief stands near the car with his relay box, which receives the signal from the relay box near the property. The car sniffs the unlock-me signal that’s close by, and it obligingly unlocks the door.

Police think this is the first time such a theft has been captured on CCTV in the West Midlands.

The whole thing took about a minute. Police say that they haven’t yet recovered the Mercedes, which was stolen overnight on 24 September in the Elmdon area of Solihull.

A relay box works by extending the signal coming from the car keys inside the house and tricking the car’s system into believing that it’s the actual key. That’s why the West Midlands car, and plenty of other stolen cars, unlock their doors without any warning alarm.

Here’s an example of it happening in Germany:

Here’s 2016 CCTV footage from Houston:



And here’s a video from the National Insurance Crime Bureau (NICB) featuring newscasters talking about relay attacks in California:

…and featuring NICB researchers who bought a relay attack unit to see how easy it is to steal a car with one.

TL;DR: It’s very easy.

As the NICB notes, it used to be the case that relay attacks would only unlock cars. But now you can not only get in; you can start that pretty little ride and take it for a spin.

The NICB tested a device on over 35 cars, mini vans, SUVs and a pickup truck over a two-week period last year. The relay attack unit – you can buy these things online – opened 19 out of the 35 cars tested. It started 18 of those 19 cars. With two-thirds of those cars, NICB researchers could not only start the cars and drive them away; they could also turn them off and restart them, as long as they had the device inside.

The attack devices vary in signal range and price, with powerful units fetching hundreds of dollars. But why bother? As far back as 2012, any idiot with a $30 hacking kit could bypass on-board diagnostics (OBD) security. The kits came replete with reprogramming modules and blank keys and enabled thieves to steal high-end cars such as BMWs in a matter of seconds or minutes.

In addition, the Berlin-based automobile club ADAC in March 2016 released a study in which it reported that thieves could use a $225 signal booster – in the same ballpark as a relay box – to fool cars into thinking their owners are nearby, allowing them to easily unlock the cars and start them up: a silent theft that doesn’t leave a scratch.

According to Mark Silvester of West Midlands Police, car owners should use a Thatcham-approved steering lock to physically immobilize the steering wheel. In the US, we typically call these Clubs, though that’s actually a brand name for a steering wheel lock.

And while you’re at it, you might as well try to remember to store your keys in the refrigerator, or the microwave, or whatever other Faraday cage you’ve got kicking around. It would be nice to find out if such cages are strong enough to keep the thieves from driving off with your wheels: if somebody gets your car even with your cars tucked in beside the ice cream, let us know!




Source : Naked Security



Previous ArticleNext Article

Founder and Editor-in-Chief of ‘Professional Hackers India’. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Leave a Reply