Gone are the days where a shattered window was the only telltale sign of a car break-in. At the Black Hat conference last month, Silvio Cesare, an Australian researcher, revealed a technique demonstrating how to spoof the signal from a wireless key fob and unlock a car without leaving any physical evidence behind.
How does this work exactly? The hacking technique involves a codebreaking attack made possible by a series of off-the-shelf tools. Cesare started with a software-defined radio, a device that can digitally emit or pick up frequencies to include Bluetooth and WiFi. Upon attaching this radio, an antenna and amplifier, he was able to successfully transmit the same frequency as the wireless key fob.
He performed a “brute force” attack, or exhaustive key search, to crack the code by systematically checking all keywords to find the code that would unlock the car. Although the tools cost an impressive $1,000 to purchase, Cesare said he is fairly certain that the radio equipment used in the attack will get progressively cheaper and potential hackers will continue to refine his technique.
There are some caveats to this method. The car and key fob use a rolling code that changes with each use and the attacker must identify a portion of the unlocking code prior to completing the attack. The individual would need to eavesdrop on one lock/unlock command sent from the victim’s key fob to pick up the car’s unique code prior to issuing the spoofed unlock command.
Whatever the case may be, Cesare intends for his research to serve as a warning to automakers for future models. He declined to make the code or his tools available to the public in the event individuals with bad intentions may seek to imitate his attack.