A friend of ours has a car with a keyless ignition. That means that when he goes somewhere, he does not have to put the key in the ignition of the car to start the car–the key can simply be in his pocket. I will admit that I don’t actually understand the purpose of this technology–if you have to have the key with you, why does it matter whether or not you have to put the key in the ignition? At any rate, if you own a Volkswagen, Fiat, Audi, Ferrari, Porsche or Maserati, your car might have a keyless entry. So what’s the problem?
Bloomberg News posted a story yesterday which stated:
“Keyless” car theft, which sees hackers target vulnerabilities in electronic locks and immobilizers, now accounts for 42 percent of stolen vehicles in London. BMWs and Range Rovers are particularly at-risk, police say, and can be in the hands of a technically minded criminal within 60 seconds.
Security researchers have now discovered a similar vulnerability in keyless vehicles made by several carmakers. The weakness – which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers – was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings.
The article goes on to explain that the transponders that allow the vehicles to sense when the RFID chip is in the car can be hacked. Since the chips are used in some very high-end cars–Audi, Porsche, Bentley and Lamborghini, as well as Fiats, Hondas, Volvos and some Maserati models, there is an increased risk of theft to begin with. The signal from the RFID chip to the car can be amplified and copied by a hacker. Then, when the car is left unattended, the signal can be duplicated, and the car can be easily stolen.
I am not opposed the progress, but if a car is more vulnerable to theft because of the RFID system, it might be a good idea to go back to the old system of putting the key into the ignition until you get the bugs out of the RFID system. However, the Bloomberg article points out that Volkswagen has spent the past two years trying to hide the security problem with the RFID chip, so the average car buyer has no idea he has an increased risk of having his car stolen because it uses an RFID chip instead of a good old-fashioned ignition key. That is a problem. If I spend the kind of money it takes to buy a Maserati, I don’t want an increased possibility of having my car stolen as part of the package.