Car Relay Attacks: The Chocolate Tin Approach
By David Johnson, Cyber Director
Published on: 29th June 2023
Car theft is on the rise, in 2022 alone it rose by almost 25%. This is mainly due to the vulnerabilities introduced by technology becoming more wireless, for instance keyless entry and start.
For the end users increased convenience and simplicity comes a cost greater than the price tag. But, the solution to car relay attacks doesn’t have to be complicated, as we will explore in this blog.
With the rise in vulnerabilities, car manufacturers are looking to mitigate the risk. One example is Mercedes, who are now fitting motion sensors in the keys which will deactivate the keys signal if the key has not moved. But of course, this and other innovations take time to drip feed across the market.
Police recommend the keys should not be able to seen or possible to grab through the letterbox. However, they also advice your keys should be close to the front door to protect you from attack. The idea here is that a thief would be less likely to confront someone if they have what they came for. This is a very good idea but does leave your keys vulnerable to the “relay attack”.
Typically, two thieves will work together. One holds a transmitter and stands next to the car while the other stands close to the house holding an amplifier. The amplifier boosts the signal from the key inside the property and sends it to the transmitter. The signal is then relayed directly the car, which can be used for the purpose of opening the car, starting the ignition, and ultimately driving away.
Whilst technology on the criminal and manufacture side is advancing, there are still many low-tech options to mitigate and reduce the risk of car theft.
One simple approach rather than being reliant on technology is the use of a metal tin, for example Quality Streets or Roses, which blocks the signal from the keys travelling from the amplifier to the transmitter. This means the car cannot be opened and the engine started using the Relay method.
All you have to do to bypass this attack is pop your keys in a tin when you get home. Any metal tin will block the signal, and we’ve tested using cardboard boxes lined with tinfoil and this does work too.
So, why are we talking about chocolate tins? With any cyber security or defence against emerging threats, we first see if there is a simple solution to the problem before we resort to changing things or buying something new. We often see people coming up with expensive or ineffective ‘solutions’ that don’t remove the risk but introduce new ones.
With the risk of car relay attacks, some advice suggests people taking their keys to bed, and whilst the risk is rare this advice invites thieves closer to you and your family. Similarly, we see many companies buying new technology to mitigate a risk which some small development would mitigate.
If you’re posed with an IT or telecoms challenge which looks complicated to solve, feel free to get in touch and we’ll see if we can work together to simplify the solution.
