Multiple reports confirm a man walking into a Jaguar car dealership in Auckland, New Zealand before driving away with a $120,000 car. The thief did not have a key and gained access to the locked car by simply hacking the door lock of the car.
The as of yet-unidentified hacker simply walked into the car dealership and used an electronic device that fakes the signal of a wireless key to enter the car and start the engine, reports the New Zealand Herald.
Such unlocking devices are easily found on the internet and have shown, with proof-of-concept, to unlock garage doors as well as car locking systems. In London, the Metropolitan Police confirm with stats that 6,000 cars were stolen in 2014 alone using the car hacking device.
CCTV cameras show the man to walk up to the locked car that was parked in the lot in the dealership’s premises and simply drove away with it.
Andrew Beacham, manager of the dealership spoke about the theft, saying:
“This guy is a professional, it’s sophisticated. It’s something that has been organised. It’s not your everyday car theft.
“We never heard anything and only realised an hour later … that the car was missing.”
Crime is usually rare in a small country like New Zealand and it’s unlikely that the cybercriminals using the device to steal luxury cars will sell or strip the vehicle for parts.
The Inherent Vulnerability in Keyless Cars
Car hacking has gained much attention in the mainstream after the recent hacking of the Jeep Cherokee that was a much publicized news story. Despite the very real concerns that surround car hacking and the vulnerabilities inherent, there haven’t been many incidents, yet, of cars being hacked in the wild.
Related article: Hackers Remotely Hijack a Jeep While It’s Being Driven!
A recently published paper called “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser,” goes into significant detail in the way the Megamos Crypto, the keyless lock mechanism used by a majority of the cars around the world, can be easily compromised.
Keyless cars are particularly susceptible to hacking because the algorithm verifying the unique key used to unlock the car’s security locks can ultimately and even easily be exploited.
- The hacking exploit begins when the attacker activates hacking device which is both a jamming and a signal capturing device, in the vicinity of a vehicle where the owner’s first attempt to unlock the car fails due to the jamming signal used by the hacking device.
- Two things have happened already. The wireless signal released by the owner’s key has been captured by the jamming and hacking contraption.
- The owner’s 2nd attempt to use the keyless entry again will have the opportunistic hacker activate the car unlock from his key, while the car owner thinks that he or she has unlocked it instead.
The recent ruling from Congress has granted car owners the authority to hack their own vehicles. This sets a good precedence, despite the risks involved. A security-aware consumer will demand the most practical cybersecurity measures and the car industry, as big as it is, will have to listen and deliver.