The European version of AAA found some problems with keyless entry and smartphone apps on popular model vehicles sold in the United States and Europe.
Munich-based ADAC (Allgemeine Deutsche Automobil-Club) tested a radio “amplification attack” that extends the range of a driver’s wireless key fob by boosting the signal to open car doors/trunk or to start the car if the function is on the key fob. This is the hack best known in Los Angles that happened to New York Times’ Nick Bilton in the Silverlake area of Los Angeles.
24 different models from 19 automakers were found to be vulnerable. The vulnerability allows cars to be unlocked and started but leaves no trace of the hack. Signals can be extended over several hundred meters. This is regardless of whether the original key is, for example, at the owner’s home or pocket. To prevent the boost signal hack, they suggest storing the keyfob in a tin with lid.
IT Pros Cracked the Smartphone Code
Police authorities from Hessen and Rheinland-Pfalz in the second half 2015, reported multiple thefts, which used radio technology. Last week it was reported by the ZDF magazine “WiSo” there was a theft of a BMW by transmitting the keyless signals. The crime was recorded the surveillance camera of the vehicle owner. Similar crimes have been reported in U.S. cities.
SMS/App HACK Too
If the owner initiates door unlocking in the BMW Remote app, the receives the vehicle an SMS from the BMW backend. The hacker monitors the phone to see how the code works similar to how the code was cracke for the Nissan LEAF app hack. A hacker can send fake SMS and data to the vehicle to unlock the door then steal the contents of the vehicle without the owner knowing what happened.
It has also been reported that since there is no trace of of break-in often it is difficult for owners of vehicle to collect on insurance claims.
Vehicle models ADAC found vulnerable are:
- Audi A3, A4 and A6
- BMW 730d,
- Ford Galaxy and Eco-Sport,
- Honda’s HR-V
- Hyundai’s Santa Fe
- KIA’s Optima
- Lexus’s RX 450h
- Mazda’s CX-5
- MINI’s Clubman
- Mitsubishi Outlander
- Nissan Qashqai and Leaf
- Opel Ampera
- Range Rover Evoque
- Renault Traffic
- Ssangyong’s Tivoli XDi
- Subaru Levorg
- Toyota RAV4
- Volkswagen’s Golf GTD / Touran 5T.