As part of a talk on the insecurity of wireless devices at the Black Hat security conference later this week, Cesare plans to reveal a technique that could allow anyone to spoof the signal from a wireless key fob and unlock a car with no physical trace, using a codebreaking attack that takes as little as a few minutes to perform. “I can use this to lock, unlock, open the trunk,” says Cesare, an Australian researcher for the security firm Qualys. “It effectively defeats the security of the keyless entry.”
For now, Cesare’s hack requires off-the-shelf tools that cost just over $1,000, and in some cases may require the attacker to remain within wireless range of the car for as long as two hours. He’s also only tested it on his own car, which is ten years old.
But the radio equipment Cesare used in his research and proof-of-concept attack is rapidly getting cheaper, potentially inviting less friendly hackers to refine his technique and seek out similar wireless vulnerabilities. Cesare’s method was straightforward enough that he suspects some variant of it would likely work on other automobiles, too—at least of the same era. Carmakers, he points out, tend to use commercially available key fob technology that might be common among many makes and models. Manufacturers of the devices include the companies Amtel and TRW, for instance.