On 24 September, two men pulled up alongside a home in Elmdon in the county of West Midlands, England. One of the men walked up to the house while the other approached a Mercedes parked outside. The former waved a box in front of the victim’s house. Seconds later, the latter opened the driver’s door of the victim’s car, got in, and drove away behind his partner.

More than two months later, the West Midlands Police has yet to recover the car. Its officers are currently analyzing CCTV footage of the crime for possible clues that could help them identify the culprits. That recording is displayed below:

So how did the thieves make off with the car without needing the owner’s keys?

In all likelihood, they conducted a relay attack. It’s a type of hack that works against vehicles’ keyless entry systems.

When someone approaches a car equipped with a keyless entry system, that component attempts to talk with the key via electromagnetic signals. Such communication allows the vehicle to authenticate the key and unlock the door without requiring the individual to press any buttons. It’s all about convenience; someone can unlock the door without needing to fumble with the key as long as they have it in their possession.

To prevent instances of abuse, these systems do have some restrictions. A vehicle can seek out the key only within a limited range. If it does not successfully communicate with the key in that radius, the keyless entry system quits looking and keeps the vehicle’s door locked.

However, an attacker’s ingenuity can effectively circumvent those safeguards.

Indeed, a malicious actor can leverage a keyless entry system to silently break into a vehicle using a relay box. This device can amplify the distance that the car can search to tens if (Read more...)