Monday, 24 January, 2022

Car theft: the hands-free key remains the weak link


Each innovation goes through a more or less arduous development phase before reaching satisfactory maturity and reliability. This is true for hands-free access as it is for all kinds of electronic systems which have enriched the content of our cars over the past thirty years. In the case of this famous wrench (which isn’t really one anymore since it takes the shape of the credit card or the dragee), the engineers have not finished pulling out their hair – and consumers to suffer from their negligence. Because if locking and starting the engine is satisfactory, protection against break-ins and theft leaves much to be desired. And it has been for too long already.

The driver starts his car without taking the key from his pocket; the thief copies it without breaking and entering

In its edition dated March 18, 2016, the weekly Auto Plus demonstrated how easily a simple handyman could take possession of a brand new Renault, as part of a first survey devoted to what was then a new phenomenon: the electronic theft. This is how it is agreed to call hacking of the signal emitted by the hands-free key.

The TCS tests the vulnerability of hands-free keys Ten years earlier, in the fall of 2000, Renault paid

the chronicle by being the first generalist manufacturer to popularize an equipment appeared on the Mercedes-Benz S-Class limousine sold ten times more expensive. Forgetting its status as a humble family sedan, the all-new Laguna II replaced the traditional ignition key with a remote control in bank card format. On the most upscale versions, this “hands-free key” studied with the Valeo equipment manufacturer allowed the doors to be unlocked by simply pulling on the handle. Conversely, to lock them, it was enough to move away from the car. Magic.

The hands-free key can be hacked with astonishing ease, without the manufacturers being moved by it

Taken over by all manufacturers, hands-free access is now available on the smallest of cars as well as on the most expensive. With always the same logic that is a priori unstoppable: a low range radio signal allows the on-board computer to communicate with the key in the driver’s pocket; once it has recognized it, it unlocks the door locks and enables the functions to be switched on by simply pressing the start button on the instrument panel. A longer press starts the engine.

Renault Mégane GT TCe 205 EDC (2015)By definition, dialogue is constant between the transmitter (the key) and the receiver (the on-board computer), the only way to dispense the driver from having to press the button bearing the padlock image on his remote control. But this characteristic constitutes a terrible weakness, as Yves Martin and Lars Ly, authors of a spine-chilling survey for the monthly What to choose, to be released on June 25, 2020.

Electronic theft: specialist magazines, insurers and consumers have sounded the alarm for 10 years

Their conclusions have the same tone as those ofAuto Plus in 2016, which came in support of those of the Swiss (TCS) and German Automobile Clubs (ADAC). In short, it is enough for a thug to pick up the frequency emitted by the key from the victim’s home, through the closed door. The signal is amplified and its range increased until it reaches an accomplice armed with a transmitter held near the coveted car. Fraudulent, the on-board computer frees the locks and authorizes the engine to start. Obviously, the encryption of the data exchanged only offers symbolic protection against theft.

Maserati Ghibli (2013)The investigators of What to choose can say so with all the more serenity that they have put to the test no less than 333 car models. Excuse the little! The results are alarming, concludes the monthly: “Only five of them (or 1.5% of the total!) Were found to be safe and have resisted this type of hacking. All brands are affected by this scourge and it affects both small city cars and large cars as well as high-end SUVs. ”

Vehicles that find favor in the eyes of What to choose are, in alphabetical order, the Audi A5, the Jaguar e-Pace and I-Pace, as well as the Land Rover Discovery and Range Rover. Proof that manufacturers are making efforts, three Audi were blacklisted in 2016 by technicians from TCS and ADAC.

Thieves copy the signal from the remote control stored in the driver’s pocket

That’s only half reassuring. In 2016, the manufacturers assured the TCS and ADAC that everything was being done to prevent this type of burglary and that the advance of the perpetrators would only take time. The results of the tests carried out four years later by What to choose allow us to doubt it. Journalists from the weekly Auto Plus were probably right in 2016 when they thought that insurers should decide to increase premiums on vehicles deemed to be poorly protected to see their manufacturers invest in a serious shielding of the radio signal emitted by the remote controls.

Consider that in 2016 already, the technicians of the TCS and the ADAC noted that the retransmission of the signal worked even if the thief equipped with the receiver was more than 100 meters from the key. In short: whether the key is left at home or kept warm in the owner’s pocket when paying for purchases at the cash desk, the target car can be opened and started.

For passenger safety reasons, manufacturers prefer to allow the engine to run as long as the tank is full of fuel or is not turned off, in the event that the rightful owner has dropped his key on the ground in s ‘installing on board. “Thieves can therefore travel several hundred kilometers,” laments What to choose. Enough to rally a discreet workshop where the car will be dismantled and sold in spare parts.

According to Auto Plus, a hands-free key hacking box would cost less than 100 euros to make

A conclusion is binding on the authors of the investigation What to choose : “It is not tolerable that vehicles with a hands-free device (equipment delivered as standard with luxury finishes or offered quite expensive as an option) are easier to steal than those operating with a normal remote control key. These systems should be, at a minimum, deactivatable, in order to secure the cars. This is now the case on some models, but the procedure is not always easy. ”

In his file, the monthly What to choose is also interested in the latest development in keyless access, via the smartphone and its NFC transmitter (for Near Field Communication): “Very short-range waves (3 to 5 cm maximum) allow the vehicle to be unlocked and started with enhanced security,” explains the magazine without verifying its tamper-proofing. As for the Ultra Large Frequency (UWB) path, it is the one that Land Rover chose and which allowed its Discovery model to withstand the onslaught of investigators from What to choose. Promising.

While waiting for its generalization, manufacturers encourage their customers to take advantage of the remedies available to them. “In order to avoid theft, do not leave the electronic key within a radius of 2 meters from the vehicle,” says the Toyota Yaris user manual, pretending to ignore the power of the pirate boxes that collect the frequency. Better to refer to the appropriate chapter and completely deactivate the hands-free access. Or slip your key into one of these pockets that block signals. Unless you have a remote control whose transponder stops transmitting after a few minutes without movement. To check, precisely, in this famous notice that no one takes the trouble to consult.

Theft without burglary: the insurer can discard

In the absence of any trace of break-in, insurers are sometimes reluctant to believe in the theory of theft, even though they are aware of the electronic theft process. Monthly What to choose reminds that this type of theft without break-in is in principle covered, unless otherwise specified in the contract. If the insurer suspects a false report of theft, it can launch an investigation – which raises the question of proof. Good news, even when the locks remain intact, judges are increasingly inclined to concede the possibility of hacking theft.

UFC What To Choose