Traditionally we knew of car theives as people with not so technical skills but people with skills to brute force a car door with a metal or people who would smash a window of a car to gain entry and steal. But with the advancement of factory built alarm systems and key less entry options these theives have a hard time stealing while remaining under the radar. This has made them go high tech and learn the basics of hacking in order to fool a car to get access.
Image Courtesy : The Star Malaysia
With the commercially available Radio Frequency hacking devices these days and by reading some documentation online, anyone can become a high tech car theif now. Recently there was a CCTV footage circulating in social media of a high class car theft using high tech. In that case the theives used a Man in the Middle Relaying attack to read the radio frequency of the key fob that was inside the house and mimic the key fob using a computer so that the car was fooled to believe that the key was actually near and inside the car.
Software Defined Radio (SDR) devices which were traditionally used to do Wireless Penetration Testing can be used listen to radio frequencies emitted by key fobs and mimic a key fob even if it is not in vicinity of the car.
An SDR Dongle as small as a USB Flash Drive
Freely available open source software like GNU Radio can be used along with a SDR to set up a laptop computer get this working in no time.
This post was intended to educate the car owners of the potential theft and how easy it is to acquire the hardware and knowledge required to carry out such a theft. These sort of theft can be mitigated by keeping your remote key fobs private, If you are parking your car outside of a gated wall then keeping your key fobs in a metal casing to block the Radio signals as much as possible and taking adequate physical security and monitoring (CCTV) measures.
RSocket Jwt Authentication/Authorization using Spring Security 5.2.0.RC1. Read More
Performance Monitor using ElectronJS, Flot Chart and justgauge. Read More
RSocket Authentication/Authorization using Spring Security 5.2.0.RC1. Read More