With auto theft still a growing national problem, newer cars are no longer safe from thieves.
We wanted to see how easily thieves can steal a new car these days by hiring a locksmith to demonstrate some of the tools available on the internet today.
We invited Chamara, owner of the Brisbane based company Tapsy Locksmithto demonstrate the tools available to anyone on the internet and Take a video showing how the process works.
We are reviewing this article, which was first published last year.
We didn’t write this story because we wanted to teach people how to steal cars. All tools Chamara used for this test are legitimate tools that Chamara uses lawfully for her business.
However, these tools, according to Chamara, can be purchased by almost anyone on the internet. And you can imagine how easily these tools fall into the wrong hands.
That’s why we spent a lot of time in the video hiding anything that revealed the site or the tools Chamara used.
Background
To start, let’s provide some context. When accessing modern cars, people often use a traditional key with a central locking system or a proximity sensor key, which remains in the user’s pocket when they activate the car lock.
In most cases, even if the car uses a proximity sensor key, the physical key is still embedded in the smart key. This is to ensure manual access to the vehicle if the battery of the proximity key is depleted. The physical keyhole can be concealed behind a plastic coating or other decorative element.
An exception to this rule includes vehicles like the Tesla, which rely solely on RFID-enabled cards or smartphones for access.
However, Teslas are equipped with a manual front bonnet release mechanism located behind the bumper in case the battery fails. In the bonnet, there is a mechanism that powers the 12V battery, which then allows authentication to the car.
The physical key is hidden in the keychain or the key used to start, such as the example from the Hyundai i30, has a relatively special cut. However, this uniqueness is not absolute because multiple versions of the same key can exist worldwide.
Therefore, it’s very likely that someone in another part of the world that possesses a physical key that resembles your physical key, has the ability to gain access to your vehicle. However, these are often region-restricted, making it impossible for vehicles in your area to share the same lock configuration.
This particular key configuration is assigned a “Key Code”. Locksmiths use this Key Code in conjunction with key cutters and decryption software to create an exact replica of the key, including its ridge profile.
The key code also informs the locksmith of the type of key required, as some keys have a cutout on one side, while others have a cutout on both sides.
In addition to Key Codes, locksmiths use a variety of electronic devices to encode new car keys.
This process varies between car manufacturers and brands. Some require only the base PIN, while others require the installation of new firmware before encrypting the vehicle’s keys.
Regardless of the method, performing this process outside of the manufacturer’s domain usually requires third-party hardware. Typically, this hardware incorporates a decryption mechanism that uses the vehicle’s existing algorithm to access the car’s electronics based on its unique Vehicle Identification Number (VIN).
Get on the Hyundai i30
It is not uncommon for manufacturers to charge exorbitant fees, often in the range of hundreds or even thousands of dollars, for programming services and authentication keys.
Locksmiths, such as Tapsy Locksmiths, can provide these services for a fraction of the cost using after-sales service or, in some cases, genuine OEM keys that they can make themselves. program or instruct the customer to program through the manufacturer.
In particular, for Hyundai vehicles, it is surprisingly simple to cut a new key working at the door and program a new key within seconds of accessing the vehicle.
Chamara demonstrated a website that, when given the vehicle’s VIN number, generates a Key and PIN for the vehicle. While the site is ostensibly for locksmiths only, Chamara notes that the access verification process is rather lax.
Chamara continued to work on an i30, using the vehicle’s registration number (easily obtained by thieves) to obtain a VIN from the Queensland registry office.
After entering the VIN on the website, he took the Key Code and PIN, which he used to cut a new key identical to the one in the owner’s possession.
He then proceeds to the car with the necessary electronics to program the key. When using the newly cut key to open the door, the alarm was activated. Chamara connected her electronic device to the OBD port and entered the PIN from the website, which immediately turned off the alarm.
It’s worth noting that when a car alarm is triggered, most people don’t investigate immediately, but often wait until the alarm continues for several minutes.
Chamara managed to disable the alarm within 10 seconds of reaching the Hyundai, leaving no one to notice the brief triggering of the alarm.
After entering the PIN, Chamara programmed a new key to the car with a blank key. This new key disabled the car’s immobilizer, allowing him to start the engine with the newly cut key.
In less than a minute, Chamara was able to access and be able to drive a Hyundai i30 that was previously inaccessible.
Step into the Toyota Kluger
How about a brand new Toyota? Chamara informed us that the company has updated its security system in recent years.
In the past, stealing a new Toyota was as easy as stealing a Hyundai, but it’s become more difficult with new security measures. However, last year the updated security system was compromised, leading to the development of a third-party tool designed to bypass the system.
Toyota’s process was initially parallel to that of Hyundai. First, it was necessary to cut the car’s keys, which Chamara accomplished using a VIN obtained through the Queensland registry and registration website.
When entering the car using the keyhole on the door, the alarm starts to sound. Chamara then used another electronic device connected to the OBD port and an intermediate adapter connected to another security module. With this setup, he wrote a new firmware for the car that allows it to recognize an empty key as an authorized smart key.
He then instructs the car that all existing keys have been lost and the empty key informs the vehicle that a new key can be generated in the vehicle’s key database. After programming these new keys with the device, the car can start and drive away.
The whole process takes about 2-3 minutes. As with the previous example, the alarm is activated when the door is opened but is quickly deactivated after Chamara authenticates with the vehicle.
How to protect yourself
An increasingly popular method used by thieves involves the use of relay devices.
In this approach, a thief aims the relay device at the front door of a residence, where the proximity key is usually left. The device then transmits the key’s signal to an accomplice near the driver’s door of the vehicle. As a result, the vehicle notices the key is present, allowing the thief to unlock and start the vehicle.
While the car can’t be restarted without the key, thieves can use one of the devices demonstrated by Chamara to reprogram a new set of keys in a remote location.
To protect against such relay attacks, consider purchasing a small Faraday bag to keep your car keys at home, preventing the key’s signal from reaching beyond the bag’s inner lining.
In the absence of a website to obtain a Key Code, criminals can use a turbo decoder. The tool inserts into the keyhole and, within 15 seconds, obtains the internal key configuration of the lock, allowing thieves to unlock the door as if they possessed the real key.
Again, thieves can use electronics that locksmiths have access to to program a new key and escape with the vehicle.
How to prevent unauthorized access to OBD port for key programming? Unfortunately, there is no simple solution. Disconnecting the OBD or completely disabling access to it may provide some protection, but OBD will be required for future mechanical diagnostics.
A more effective deterrent involves reverting to traditional security measures, such as purchasing steering wheel locks. Although thieves may be successful in programming a new key, they will not be able to control the vehicle once it is started, thus hindering a theft attempt.
CarExpert lost
It is alarming to discover how easily a brand new car can be stolen in today’s world. This vulnerability becomes easier to understand upon closer inspection.
For example, in the case of the Hyundai i30, launched in 2016, the car had been in the prototype engineering stage for many years before that. At the time, the security system chosen for cars could be several years old – say 2014.
Fast forward to now, and the security system is almost a decade old, providing plenty of time for malicious actors to decipher encryption and identify entry points.
One potential solution to mitigating such threats includes over-the-air security updates that can adjust the security mechanism as needed. However, this can be difficult to do with cars with keys or proximity devices that use outdated technology.
Tesla seems to be on the right track by allowing phone or RFID exclusive access to their vehicles. This approach allows the company to deploy security updates as vulnerabilities emerge, providing stronger defenses.
Unfortunately, most of the older security systems in other vehicles on the market are essentially obsolete as soon as the vehicle is sold. This urgent issue needs attention and action to protect both consumers and producers.
