a new era of science and technology, want to be a thief, a blade and the “old crime tools” is already OUT. In the black hat conference “held recently, Qualys company researcher Silvio Cesare showed cool” stealing cars “new plan, remote unlock/lock the car through radio equipment, the principle of implementation, it is almost the same and the anti-theft lock itself. And this way, will be able to smoothly in the case of without leaving any traces to unlock new cars!
Cesare using wireless devices cost about $1000, the actual operation according to the different scenarios, sometimes also and the need to unlock the target vehicle in a certain range for up to 2 hours. Cesare test also has certain limitation, of course, he was only in his purchased 10 years in the car doing the experiment.
at first glance, Cesare unlock way equipment is expensive, and there is no universal. But according to the current industrial development, relevant radio equipment cost is cheaper and cheaper, heart is also will always find a reasonable price, and can overcome similar to radio the vulnerability of the equipment. And in general this, although Cesare only own a test vehicle, but the operating mode from the technical level and not too many, therefore, at least for the same period production estimates of the number of many cars is also applicable. Cesare pointed out that manufacturers for economic point of view, often for many cars are equipped with wireless unlock technology similar security keys, such as the Atmel, TRW production wireless devices. Cesare gave no specific models, saying only that is a popular style. He has proposed early warning to the appropriate vendor.
Cesare use of radio equipment to fire or other wireless signal interception, including FM radio, bluetooth signals, Wifi, etc. As long as the assembly tool of radio access to computers, deserve to go up in a simple antenna and power amplification device, Cesare can emit and security key to vehicle homogeneous radio signals. Since then, if you keep your last try changing frequency, 1 seconds, 2 to 3 times the speed of radio signals, can “unlock” violence within minutes.
due to the launch of car alarm key signal is real-time changes, therefore, Cesare violence unlock method each time and unpredictable. However, Cesare said, as long as someone parked in the garage a night train, then the feasibility of this way of unlock is absolutely. He also pointed out that been violence unlock the vehicle, the next from the original security key to open the can appear adapter error, must according to one or two more to restore the unlock function – that is, when you meet this kind of “suddenly can’t unlock then can”, may have to consider whether someone slightly moved your car.
in Cesare trial, he also found that the same set of signals, would be able to lock in many experiments. This portends car makers, he said, could reserved “unlock the back door”, this group of signals can be when can be used for the first time to unlock the vehicle. But after Cesare test many times, suddenly can’t use this set of signals. Currently Cesare also verify whether this “unlock the back door” is widespread, and is able to support continuous use.
but then again, whether violence unlock or preset unlock the back door, all need recognition owing to the different models of the first part of the signal spectrum. Therefore, thieves are likely in months or even years ago unlock signal interception, copying the owner in advance.
so Cesare advising people to avoid using in public security key remote lock, and encourage the manual lock.
Cesare on carmakers warning at the same time, also said he would not have the results of the study were leaked, to prevent the car thief of real research and copying his unlock method.
Cesare is not the first study, open a car wireless devices. Three years ago with Swiss researchers through the homemade equipment fake security key signal to unlock. Unlock way to Cesare, however, think that their research is Israel seven years ago, researchers in Belgium crack Keeloq encryption technology, the first real break lock wireless encryption mechanism.
Cesare research also is indeed very carefully, in order to obtain spectrum database, also self-assembly automatically according to the security key to launch signal, the robot to capture information – from 43 million groups of signal intercept the 12500 groups of data available information.
of course, no thief would like Cesare so seriously, also assembled a robot remote unlock cars to help their study plan. However, as the radio function optimization, falling prices, can be used to crack related vulnerability by radio device is likely to continue to increase. Cesare using USPR radio device at present, but the new HackRFID price as long as half, but function. Now, Cesare said cautiously, the world, technology development, the more complete, safety problems also increasingly diverse, to be reckoned with.