You arrive home and toss your car keys on a table near your front door. It’s an ordinary habit that is all today’s thieves need to launch a “relay attack” to capture the signal from your key fob, unlock your car and drive it away. And it’s just one of the high-tech methods more criminals are adopting to steal cars.
Experts say in recent years,have increasingly targeted keyless entry vehicles by breaching the computer systems that are built into the cars’ communication network.
Less than a minute to reprogram a key fob
The latest method capturing the attention of car security experts is the “CAN bus attack.” “CAN” stands for “controller area network,” and the “CAN bus” is the auto industry term used to describe the message-based electronic system that allows various parts of the vehicle to communicate with each other.
“Probably the most common one that I do see is actual key programmers that you can just plug into the vehicle’s diagnostic port or onto the CAN bus network,” said Steve Lobello, owner of S&A Security in the Chicago suburb of River Grove, Illinois.
“It’s basically the nervous center in the vehicle where everything has to process,” said Lobello. “You can pretty much do things such as delete keys, program, new keys, and just basically speak to the vehicle.”
Lobello says the tablets that locksmiths and security specialists use to reprogram key fobs have been stolen or can be bought online legally by thieves looking for a way to hack into targeted cars.
We won’t reveal exactly how he did it, but Lobello used one of these tablets to demonstrate how quickly he could gain access to a vehicle’s main frame and reprogram a key.
It took him less than a minute.
High value target
Ivy Stryker of Farmington, Michigan, became a victim of the CAN bus attack not once but twice. The first time, his car was parked against a brick wall at an apartment complex.
“It’s about 1 a.m., my phone goes off, my iPads are going off, alarm sounds everywhere,” said Stryker. He ran outside to find another vehicle next to his and a stranger inside his car. “A guy’s popping out the top of the moonroof.”
Stryker had no illusions about how tempting his Dodge Charger Hellcat would be to thieves and had a security system installed to protect it.
“When I was looking at the thing, I already knew that it was one of the most, if not the most stolen car,” said Stryker.
According to a recent report from the Highway Loss Data Institute, the Charger SRT Hellcat ranked as the No. 1 targeted car built between 2020 and 2022. It’sthan any other car built in that same time period.
“If you own a Hellcat, you better check your driveway,” Matt Moore, the organization’s senior vice president, said in a statement on the institute’s website. “These numbers are unbelievable.”
Car thefts in general are up across makes and models nationwide. More than one million cars were stolen in 2022, the highest number since 2008, according to the National Insurance Crime Bureau (NICB), the insurance industry association that tracks annual vehicle thefts.
That’s about two vehicles stolen every minute.
Trying to stay one step ahead
“The criminal organizations and the suspects are always looking for what the security protocols are and how to defeat them,” said NICB President & CEO David Glawe.
“We work with the insurance industry and the manufacturers to identify these vulnerabilities and to try to slim this gap,” said Glawe. “But we’re always having to stay one step ahead of the criminals, and they’re always trying to stay one step ahead of us.”
For years the bureau has publicized the number cars stolen due to keys being left inside vehicles — 287,024 between 2019 and 2021. But that represents just a fraction — 11% — of the total number of cars — more than 2.6 million — that were stolen during the same time.
“We have the real raw information of stolen vehicles. But how they’re stolen, it comes down to the local law enforcement,” said Glawe. “When you document and report, you have to put that in a police report. If that’s not captured by an algorithm or report, it’s hard necessarily to track.”
NICB told us they don’t break down exactly how the vehicles were stolen, and we learned the auto industry doesn’t track this data either.
Automakers provide few answers
Concerned that keyless entry systems “may be contributing to rising rates of vehicle theft,” in July 2022 U.S. Senator Ed Markey, a Democrat from Massachusetts, sent letters to 17 carmakers urging them to “…take all necessary steps to ensure that keyless entry systems, once a security innovation that deterred thieves, do not become a security liability for them to exploit.”
In the dozen responses that came back, while automakers all stated a commitment to theft prevention, none could provide the exact number of their vehicles that had been stolen or details on the method car thieves used to steal them.
Some industry experts suggest automakers should be tracking this data to help combat the rise in vehicle thefts.
“I think it’s incredibly important because unless the industry has a knowledge of how vehicles are being compromised, then, you know, nothing’s going to be done about it,” said former detective Clive Wain, who now works as head of police liaison for Tracker UK, a company that specializes in recovering stolen cars in the United Kingdom.
Wain says a spike in hot-wiring thefts during the 1980s put pressure on auto manufacturers to enhance vehicle security. That led to the modernization of vehicle locking mechanisms, and the introduction of “smarter” key systems and vehicle immobilizer technology.
Since then, Wain says, organized criminal groups have developed capabilities to download data from these key transponder fobs, and by downloading data via the vehicles’ onboard diagnostic device, they could clone and upload that data onto a “donor” key for that specific make and model of vehicle.
“Circa 2015, in the U.K., as some manufacturers were introducing ‘keyless entry’ vehicles, instances of electronic compromise started to surface where this technology had been compromised. The most prevalent method progressively has become the ‘relay attack,'” said Wain. ”More recently, we have seen the significant emergence of ‘CAN bus’ compromise attacks.”
Tracker UK makes a practice of collecting monthly high-tech car theft data.
Their numbers show that in July 2023, keyless car theft reached an all-time high in the U.K., accounting for 98% of all stolen vehicles the company helped recover in that one-month period.
“As quickly as manufacturers start to [update vehicle locking] technology for security purposes, that technology is being reverse-engineered — almost within a matter of days or weeks,” said Wain. “I think manufacturers have known about the vulnerability for some years, but it takes many, many years to develop technology on a production line and it’s a costly process.”
Wain says while keyless entry technology was initially developed and introduced in more high-end makes and models, it has now been extended to most mainstream vehicles, making them much more vulnerable to this kind of attack and compromise.
Steve Lobello agrees.
“A little more than 90% of vehicles are vulnerable,” he said. “All this information [on breaching a car’s technology] is already out there. It’s readily available on YouTube and social media.”
“It’s not like [thieves] need to go to school to learn how to use this thing,” he added. “YouTube is their school.”
The growing threat of high-tech car theft is why Lobello suggests his clients install an after-market security system (he recommends one called IGLA). These systems, which can cost as much as $1,200, create a firewall to fend off CAN bus attacks, and require the driver to enter a pre-programmed code using a combination of existing factory buttons in sequence to start the car. Even if a thief manages to plug into a vehicle’s CAN bus, without the secondary button code authentication, the car will shut down and be immobilized.
Lobell installed one of the systems in Ivy Stryker’s Dodge Charger, and the investment paid off:
thieves who attempted to steal it were thwarted – two times. In one of those cases, when the car wouldn’t start, the criminals resorted to using a second car to push the Dodge. They made it 17 miles before giving up and ditching the car on the side of the road. Stryker later tracked it down via GPS.
Stryker believes automakers should be the ones stepping up to solve the problem.
“It’s too easy now. The onus should be on the manufacturer,” said Stryker. “It should be their responsibility to tighten up their security as much as possible.”
In a statement, Stellantis, which makes the Dodge Charger, told CBS News that their vehicles “…meet or exceed all applicable federal standards for safety and security. …Notwithstanding, we urge all motorists to take due care in securing their vehicles.”
Experts say consumers don’t have to install expensive after-market security systems to minimize the risk of being “carhacked.” Other precautions can include storing keys in a metal container, signal-blocking pouch or “Faraday Box,” to prevent relay attacks.
The National Insurance Crime Bureau recommends a “layered approach,” adding on physical protection like steering column locks, alarms and tracking devices. Ironically, high-tech thieves may be deterred when confronting low-tech protection measures.