Theft of expensive vehicles by sophisticated car thieves is a big business, especially in Europe.
Many of the cars are never recovered and often sold to fund organized crime.
That’s created a brisk market for the tools to pull off thefts of BMW 7-Series and Mercedes-Benz S Class sedans.
The break-in equipment that’s legitimately sold to locksmiths and car garages (as well as police and intelligence agencies to search and plant bugs and tracking devices) often find their way to crooks. These include lock picks, decoders, keyless entry bypass systems, and readers to extract key profile information from the computers that control access security within the vehicles.
While car makers have concentrated on improving the security of locking systems, they have also made it easier to steal cars with impunity.
The security of motor vehicles can be covertly compromised in many ways, but the more sophisticated forms of technical bypass occurs by exploiting three techniques: lock picking-decoding tools, wireless intercept of communications between the car and its keyless entry systems, and the decoding and extraction of key profile information from the central computer controller systems within vehicles such as a Mercedes.
Owners have always believed the proper key was required to open or start their car. That is still true, sort of. But in their pursuit of greater convenience for drivers, automakers have been adopting more keyless entry systems that give a driver a virtual key that can stay in their pocket or purse. While this makes things easier for owners, it is also a boon to anyone that has the tech-tools to circumvent the system, all of which rely on wireless communications which is easy to intercept. Compounding the problem is the fact that car manufacturing groups such as GM and VW use common door locks, key blanks, and internal locking components which means that very clever picking tools are readily available to anyone that wants to buy them. Later in this article a Skoda is shown to be opened in seconds with such a pick tool-decoder that is manufactured in Bulgaria.
Virtually all high-end cars offer the option of keyless entry. The security technology allows wireless encrypted data interchange between key fob and vehicle to substitute for the traditional mechanical physical key. Once the data is authenticated the doors can be opened and the car started by simply pressing the ignition button. The technical name for this system is Passive Keyless Entry Start or PKES for short. The same approach is used with contactless credit cards, alarms and door locks, but it’s still a wireless signal that criminals can spoof, clone, relay, or otherwise attack.
In cars equipped with PKES, the security relies upon two separate radio systems that are built into the key fob and vehicle. When a driver is within about three feet of the car and triggers the system, usually by touching the door handle, a low-frequency (LF) beacon within the vehicle transmits a signal to the receiver in the fob. When this message is received, a second UHF transmitter on a separate frequency communicates with the authentication receiver in the vehicle. If the key is paired with the car, it is verified and the doors can be opened and the ignition activated. The design of all of these systems depends on the range of the low frequency beacon, which is broadcast at either 20 Khz or 125 Khz.
Mercedes-Benz 2015 S-Class Coupe (PRNewsFoto/Mercedes-Benz USA)
Theft of expensive vehicles by sophisticated car thieves is a big business, especially in Europe. Many of the cars are never recovered and often sold to fund organized crime. That’s created a brisk market for the tools to pull off thefts of BMW 7-Series and Mercedes-Benz S Class sedans. The break-in equipment that’s legitimately sold to locksmiths and car garages (as well as police and intelligence agencies to search and plant bugs and tracking devices) often find their way to crooks. These include lock picks, decoders, keyless entry bypass systems, and readers to extract key profile information from the computers that control access security within the vehicles.
While car makers have concentrated on improving the security of locking systems, they have also made it easier to steal cars with impunity. The security of motor vehicles can be covertly compromised in many ways, but the more sophisticated forms of technical bypass occurs by exploiting three techniques: lock picking-decoding tools, wireless intercept of communications between the car and its keyless entry systems, and the decoding and extraction of key profile information from the central computer controller systems within vehicles such as a Mercedes.
Owners have always believed the proper key was required to open or start their car. That is still true, sort of. But in their pursuit of greater convenience for drivers, automakers have been adopting more keyless entry systems that give a driver a virtual key that can stay in their pocket or purse. While this makes things easier for owners, it is also a boon to anyone that has the tech-tools to circumvent the system, all of which rely on wireless communications which is easy to intercept. Compounding the problem is the fact that car manufacturing groups such as GM and VW use common door locks, key blanks, and internal locking components which means that very clever picking tools are readily available to anyone that wants to buy them. Later in this article a Skoda is shown to be opened in seconds with such a pick tool-decoder that is manufactured in Bulgaria.
Virtually all high-end cars offer the option of keyless entry. The security technology allows wireless encrypted data interchange between key fob and vehicle to substitute for the traditional mechanical physical key. Once the data is authenticated the doors can be opened and the car started by simply pressing the ignition button. The technical name for this system is Passive Keyless Entry Start or PKES for short. The same approach is used with contactless credit cards, alarms and door locks, but it’s still a wireless signal that criminals can spoof, clone, relay, or otherwise attack.
In cars equipped with PKES, the security relies upon two separate radio systems that are built into the key fob and vehicle. When a driver is within about three feet of the car and triggers the system, usually by touching the door handle, a low-frequency (LF) beacon within the vehicle transmits a signal to the receiver in the fob. When this message is received, a second UHF transmitter on a separate frequency communicates with the authentication receiver in the vehicle. If the key is paired with the car, it is verified and the doors can be opened and the ignition activated. The design of all of these systems depends on the range of the low frequency beacon, which is broadcast at either 20 Khz or 125 Khz.
The relay attack can be carried out by one or two people. One uses a repeater to extend the range of the LF car beacon to activate a UHF transmitter on the key fob. The UHF transmission is what gets intercepted. You only need to pair the key fob and car once. Once the authentication takes place, the car can be driven away without a key and new keys can be produced for the cars at a later time after the car has been driven away.
POSTED ON FORBES
http://www.forbes.com/sites/marcwebertobias/2015/11/17/why-the-most-expensive-cars-are-the-easiest-to-steal/#1750f3d7205d