For their experiment, the researchers at Switzerland's ETH Zurich University used antennas costing as little as $100 to take advantage of passive keyless entry and start, or PKES systems. These convenience systems lock and unlock your car just based on the key fob's proximity to the car, for example, as you approach your vehicle with arms full of groceries and the key fob in your pocket. PKES systems also allow a driver to start the car without inserting a key into an ignition lock, usually with a push button.
The Swiss researchers used a pair of antennas (one near the key holder and a second near the vehicle, connected wirelessly or via cables) to trigger and relay signals across longer distances, up to 50 meters.
"Car thieves are pretty resourceful, and more sophisticated than people would guess," said Jack Nerad, executive editorial director and executive market analyst for Kelley Blue Book. "This kind of vulnerability will probably become well known to them."
Research Vehicles With The Highest Insurance Claims For Theft
As an immediate fix, the ETH study authors say users can protect against PKES signal hijacking by placing their key fob in a small key case lined with aluminum. "When the key is in the key case, it would not receive any signals from the car (relayed or direct)," the researchers write. This would, of course, detract from the convenience factor of not having to physically retrieve a key for the PKES functions. Plus, the researchers note, attackers might be able to increase the reading power of their gear enough to break through the protective shield.
Another option suggested in the study calls for removing the battery that powers the radio from the key, thereby disabling its wireless communication function. Users would then be required to use a backup physical key (typically hidden in the wireless key fob) to unlock the car. Starting the engine would be a bit more tricky. "Given that the cars that use PKES cannot be started using a physical key," a user in this scenario would have to, "place the key in the close proximity of some predesignated location in the car (e.g. the car start button)." This way the car could communicate with the key using short-range communication.
Research Vehicles With The Lowest Insurance Claims For Theft
According to Nerad, PKES systems are becoming very prevalent, "something that people seek out even in lower end cars," he said, with keyless start becoming available throughout most model lines. PKES systems are "a convenience feature that a lot of people like and are willing to pay more for," making them important for automakers who earn big profits on options like these, he said.
At this point, however, Nerad believes that "the threat, while real, is not all that great." He says vendors will move quickly to make these systems more secure and automakers will be able to implement software fixes to stay ahead of the curve.
New technologies sometimes require an outside entity to point out Achilles heels, said Nerad. Over the last few years, researchers have revealed potential vulnerabilities in tire pressure monitoring systems, onboard navigation systems and electronic control units governing key vehicle functions like braking and steering.
Wade Newton, a spokesperson for the Alliance of Automobile Manufacturers, told AOL Autos that automakers continue looking at electronic security issues "before it becomes a problem." He added that the Society of Engineers, which develops consensus-based vehicle standards, "is considering potential standards that can proactively be applied on this. While SAE does that, automakers continue to dedicate researchers and engineers to focusing on ensuring that state-of-the-art security procedures are available for our products."
Chris Martin, a spokesperson for American Honda Motor Co., noted that real security is somewhat of a moving target. "We have evolved our technology over the years to make our cars more and more difficult to steal," he said, noting innovations such as engine immobilizers, advanced key cutting and "rolling code" in keyless entry systems that prevents an attacker from "eavesdropping" once on the unlock command and then being able to replicate it at will.