Thieves can easily now disable car immobilisers and drive off with your car even without keys. According to a new car hacking study released recently, some of the car models which are affected include Volvo, VW, Fiat and Audi.
Hackers have discovered a new way to hack electronic immobilisers which are used by the top 26 car makers. New reports show that for every 10 cars stolen in big cities, four of them were stolen using some form of car hacking software.
The police have had a rough time solving some of the car thefts reported to them. In the face of this police quandary, top researchers such as Flavio Garcia, Roel Verdult and Baris Ege have started their own private investigation. Their aim is to study how car immobilisers which are supposed to prevent a car engine from starting without their specific key are being compromised.
The most vulnerable cars are those which use the ‘start/ stop’ button. Thieves with a computer seem to be having easy access to over 100 car models including those from Volvo, VW, Fiat and Audi. Because this issue is pretty sensitive, car makers ganged to stop the researchers from publishing the report for over two years.
Understanding the car immobiliser and how they are hacked into
An electronic immobiliser is now standard in all new cars since 1995 when EU car safety regulations were passed. A car cannot start unless the right key is availed. Modern thieves have obviously found a way to steal car ‘key information’.
Thieves are using this new technology to hoodwink the car into thinking that the key is available. The car can then be driven off without its key. Researchers were in some cases able to start the cars by guessing random code combinations. It’s scary to note that the trial and error method got the car to start within 30 minutes.
According to the researchers, every other car that was put under the test was seen to be compromised. This is because the communication signal from the immobiliser could be intercepted, interpreted and subsequently decoded.
In the report, a concern over the commitment on the side of the car makers was voiced on why they don’t want to invest in better car security transponders. A car whose price tag is even more than £50,000 will require a small modified chip whose cost is a mere £1. Besides working on ways to reduce chances of thieves entering the car in the first place, investing in better immobiliser technology will definitely go a long way.
Cherokee a model under the Jeep family was recently found to have serious functionality issues when put under hacker’s test. Two USA researchers discovered that Cherokee could be hacked into and consequently controlled wirelessly. This prompted the car maker to recall many cars. The 2014 Cherokee functions such as air-con, engine and brakes could be controlled remotely by a hacker.
While performing their security research, Chris Valasek and Charlie Miller accessed the car via the car’s radio system. They then sent some codes wirelessly to the car’s on-board computer. They were easily able to toy and joggle the car’s infotainment. This allowed them to even switch off the car’s engine remotely.
In view of this serious threat, Fiat Chrysler Automobiles gave a notice to recall 1.4 million cars in the US alone. The cars recalled included Dodges, Jeeps and Chryslers.