• Club news: Security risks for keyless entry systems remain high, reports ADAC

    18 April 2018

    The Allgemeine Deutsche Automobil-Club (ADAC) has tested 108 keyless entry systems and the LandRover Discovery 2018 is the only car with keyless entry to be protected from hacking.

    Using the ADAC devices, it was neither possible to unlock the LandRover illegally nor to drive off in it. According to the manufacturer, the 2018 Range Rover, Range Rover Sport and Jaguar E-Pace models are also equipped with this technology. However, the retrofitting of other models is not possible.

    It is much easier for thieves to steal a keyless vehicle – where the driver keeps the key fob pocketed – than a vehicle with a conventional remote key fob. Using a self-constructed wireless extender, it took the ADAC engineers only seconds to open the cars equipped with keyless entry systems and drive off in them. The tests left no visible traces of a break-in or theft.

    Because of their obvious security flaws, comfort keys are worryingly easy prey for thieves: it is an easy task to extend the range of the wireless communication between the key fob and the car by up to one kilometre. And this regardless of whether the original key fob is at home or in the car owner’s pocket. Plus, the thieves thus usually also disable immobilisers and alarm systems. The ADAC experts believe that off-the-shelf electronic components are all it takes to easily build your own car theft device. Further models are tested on an ongoing basis.

    ADAC advises its members to take extra care when it comes to storing their key fob. ADAC calls upon carmakers to systematically protect all vehicle electronic systems against theft, as has been standard practice in the IT industry for a long time – ideally in a manner allowing neutral verification, e.g. via Common Criteria.  And they should fix/retrofit affected vehicles as soon as possible.

     

    Read more (in German)