The secret to stealing a high-tech car
The theft of a high-performance Jaguar from an Auckland dealership has thrown the spotlight on the effectiveness of high-tech car security systems.
A Jaguar XFR was stolen from Beacham Independent Jaguar and Range Rover in Penrose, Auckland, by a man who was seemingly able to unlock the car and drive it away without the key. The man was identified walking past the dealership earlier in the day by CCTV footage.
How could he do that? Modern cars have sophisticated immobiliser systems that use rolling codes every time you lock the car. Hotwiring is largely a thing of the past, as an immobiliser locks out the engine's electronics unless it receives the correct code.
There's no such thing as a set code, either. Every time the car is locked, the keyfob and engine management computer create a new rolling "handshake" together. There are literally billions of combinations to choose from every single time. It's virtually impossible for a would-be thief to grab the code as the vehicle is locked, because it's created by an algorithm, stored in the car rather than the keyfob and activated only at very close range.
But a thief with the right equipment can crack the algorithm, especially if it's not complex enough to keep up with attacks from the very latest mobile devices. Remember - cars leave the factory with certain level of security that is very difficult to upgrade as time goes on. And technology moves very fast indeed.
A number of researchers identified weaknesses in the security systems used by carmakers as far back as 2009, when there was a marked rise in vehicle thefts in Europe after 16 years of decline. It's all to do with the level of encryption being used. While 128-bit encryption is regarded as a minimum for online transactions, it was revealed that many carmakers were still using 40 or 48-bit protocols.
The car stolen in Auckland belonged to a parallel import dealership. Jaguar New Zealand has declined to comment on the theft or specifics of XFR security technology, but it's unlikely to be an issue specific to the brand. Security system and immobiliser technology is outsourced by carmakers and the same core systems are used by many brands, both mainstream and premium.
A group of security researchers from Radboud University in The Netherlands investigated car-security encryption systems on 26 different carmakers two years ago and found many were vulnerable to attack. Intercepting locking codes a few times gave valuable hints about the level of encryption and allowed the researchers to crack some codes within a few minutes using only a laptop.
The findings were published in a paper entitled Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser. The publication was blocked by legal action from Volkswagen and French defence group Thales, but the restriction was lifted this year.
This type of theft is still rare in New Zealand because it's difficult to dispose of a high-profile luxury car in a small country.
In Europe, it's much more common, as vehicles can be secretly exported and either stripped down, or given new identities. It's estimated that over 6000 luxury vehicles are stolen in London using keyless devices every year.