Thieves can take your car in seconds, and some automakers don?t care
David Booth
The Province
This is all that an enterprising young — and digital-savvy — car thief has to do to steal your new, high-tech, it’s-computerized-so-it’s-got-to-be-luxury sedan. First, follow you into your favourite chic little boîte, wait for you to get nice and comfy at your favourite table, then walk over and ….
Sit down.
That’s it. Sit down. No violence. No subterfuge. Actually, no interaction at all is required. He doesn’t even have to be facing you. Just sit down at the table next to yours and maybe sip a little oh-so-fruity Chablis.
Meanwhile, outside, another bad actor with a similar lack of fanfare walks up to the car you’re absolutely sure you locked — you hit the lock button twice and the horn beeped, didn’t it? — and opens the door as if he was Ali Baba himself. He pushes the starter button — yes, the high-tech, anti-theft random number-generating key fob is still in your pocket — and faster than you can say “open sesame,” your fancy new Mercedes/BMW/Audi is on its way to a shipping container destined for Upper Slobovia.
Even the trick to this subterfuge — an amplifier that artful dodger No. 1 has in his pocket that increases the output of your key fob’s radio transmission — isn’t particularly complicated. Experts who know better than I say they’re not much harder to construct than the little Heathkit ham radios we old farts used to put together when they were the avant-garde of high-tech.
The only defence against such seemingly simple trickery is to construct something called a “Faraday cage” — you know it as the proverbial tin foil hat every dime-store Hollywood director scripts into their conspiracy theory blockbuster — or keep your key fob in something impervious to radio transmission like, say, the icebox in your refrigerator.
I know, I know. You’re thinking this is a joke. So did I when I first penned that exact same recommendation some three months ago in top-10 ways to avoid getting your car hacked. Who could seriously recommend you wrap your car keys in Reynolds Wrap or hide them under the Swanson’s TV Dinner as a serious deterrent to auto theft? Allgemeiner Deutscher Automobil-Club e.V or ADAC, the German equivalent to CAA, that’s who.
In a recent public announcement, they put together a video depicting exactly the scenario described above to illustrate how easy it is to steal a modern car. Car theft never looked so comfortable. Even more telling, however, was some real footage showing two reprobates stealing a new BMW 3 Series Touring in less time than it takes the owner — you have to fumble in your pockets for the key fob, after all — to get in and start his own vehicle.
Perhaps what will surprise you most, however, is ADAC’s list of vulnerable vehicles. This is not a bunch of low-cost rust buckets lacking in supposedly high-tech protections, but a veritable who’s who of high-dollar automobiles that most owners are convinced offer all manner of protection. BMW’s 7 Series leads the list, but Audi’s A3, A4 and A6, Ford’s Galaxy (a Sienna-like minivan Ford sells in Europe) and VW’s high-performance-diesel GTD version of the Golf are also vulnerable. The only car the automotive club couldn’t unlock was BMW’s i3, but they could start its little three-cylinder 1.5-litre engine.
“The radio connection between keys and car can easily be extended over several hundred metres, regardless of whether the original key is, for example, at home or in the pocket of the owner,” ADAC’s researchers said.
What made their announcement all the more interesting is it coincided with the first automotive cybersecurity super summit held July 22 at Detroit’s Cobo Hall, the same gargantuan arena that hosts the North American International Auto Show. Hosted by Thomas K. Billington, it was a veritable who’s who of doomsday prognosticators. U.S. Homeland Security was there, as was the FBI, the National Highway Traffic Safety Administration and even the American Federal Trade Commission, each trying to out-trump the other with tales of the terrible calamities the modern connected car might wreak on an unsuspecting public.
What started out as predictions of ne’er-do-wells merely misdirecting Autopilot turned into prophecies of Nice-like truck rampages, only with hundreds of inter-connected, self-driving buses wreaking unimaginable havoc.
All the assembled — there were many automotive captains of industry nodding their collective affirmation — agreed the only solution was complete technological transparency and an unprecedented level of cooperation — and not only between industry and regulators. They also claimed they could put aside the industry’s famed interbrand Hatfield and McCoy-like chicanery for the public good.
They even formed an organization — the Automotive Information Sharing and Analysis Center (Auto-ISAC) that will dedicate itself entirely to the thwarting of high-tech skulduggery and protection of its automotive citizenry. Such was the level of official co-operation on display before the cameras.
In the hallway outside this august arena, however, we got a different story. One marketing manager from a well-known computer security software provider (I’m withholding his name to protect the thankfully direct) complained that some car companies — not all — are not willing to spend even a dollar to augment their cybersecurity.
That’s not $1 for a superior antitheft key fob. Or even $1 to protect the engine control unit to prevent the horrible acts of terrorism the prognosticators of doom were predicting.
That’s not even $1 per car for all the cybersecurity measures needed to protect you and yours from any intrusion a high-tech miscreant might want to perpetrate on a car that, let me remind you, probably cost you anywhere between $20,000 and $150,000.
That’s how much they really care.
© 2016 Postmedia Network Inc.