Trying to stay ahead of high-tech auto thefts

Omaha has already seen its highest auto theft rates on record in 2023
The latest from our Live at 10 newscast.
Published: Jul. 11, 2023 at 11:00 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

OMAHA, Neb. (WOWT) - Across the country, car theft numbers have reached record highs, and it’s not just because of a TikTok challenge or kids taking joy rides.

Thieves are finding ways to hack into your personal information and data through what you save on your car’s computer and how you connect to it.

We love our gadgets, and when it comes to cars and the wireless world, it’s a match made in heaven.

But the bad guys are hijacking that relationship, and they’re using our key fobs to trick your car into thinking it’s you.

“They all transmit frequencies, and not only do they transmit frequency, but our cars are actually asking all the time, ‘Are you close, are you close, are you close, do you have a signal for me?’” FNTS chief information security officer Don Pecha said. “So, the cars are part of the problem, too, because they don’t wait for you to get proximity. They’re just asking ‘Is someone nearby that’s gonna connect with me?’ There’s this constant chatter between these devices and that just tells the thieves to identify that there’s a vulnerable source there.”

As the auto manufacturing industry struggles with solutions to remote keyless entry and fob-related attacks, auto thefts in the U.S. topped one million for the first time in 2022.

In Omaha, 2023 has already seen its highest auto theft rates on record.

And it’s not just KIAs and Hyundais that are susceptible. That company was hit with $200 million in highly publicized legal awards for failing to address theft vulnerabilities in their cars.

“The auto manufacturers have been aware of the attacks... and they have not come up with a solution yet,” Pecha said. “They have not determined how they’re gonna fix it. Cars up to 2023 and 2024 are susceptible to this. As you can imagine, when attackers or malicious actors are coming after a car, they’re gonna wanna get a high-end car or a car that has a lot of value because that’s gonna return a good investment for them.”

In fact, key fob relay attacks are a problem that’s been known about in remote entry cars since 2009, and thieves are way ahead of that now.

“It’s essentially a computer, it’s a tablet, in the car that has its own WiFi signal, and has that WiFi signal whether you’re paying for it or not because it’s actually communicating back to the manufacturer,” Pecha said. “So, if we figure out how to secure key fobs, then the next thing’s gonna be those interfaces in your car that are connecting to now your steering, to your brakes, to your mapping for your engine. if you think about the fully electric cars, they have even more technology in them that can be attacked.”

After-market auto retailers like Stereo West Autotoys have seen a bump in alarms for KIA and Hyundai owners, but they also do their best to keep up with the evolving threats to all car owners, including ways to hide keys in a secure environment.

“This will actually keep the key in a secured environment,” Stereo West Autotoys general manager Brian Hampson said, explaining a device that blocks signals from hacking key fob data. “They can’t steal the signal while the key is inside this unit here.”

Insurance rates have risen in the wake of the increased thefts, too, and several states have seen a series of lawsuits seeking relief from the coverages they have had to pay out on stolen vehicles.

Pecha says the concern goes beyond just the cars and the insurance claims, because when someone steals your car, they may be after the information you’ve downloaded onto the onboard computer.

Imagine a company CEO who syncs her contacts every time she gets into the car.

“Yeah, because they have employment contact information, they have emails, they have ways for that hacker to pull that data out of that device, that car, and then use that to say, ‘I can now fish this individual because I have access to send texts to him that are malicious,’” Pecha said. “I have access to send email to them that’s malicious, and once they get them to click on something, they now have access into your network.”

So Pecha says the burden - you’re not gonna like this - falls on us.

“You have to manage your own security for your own devices, whether it’s your car, whether it’s your key fob, your phone, your chip-enabled devices in your wall at your passport,” Pecha said. “You need to do the research and figure out how to secure them.”

He recommends using the modern equivalent of a Faraday device, a bag or box, or even a backpack to block signals from reaching your device.

“There are RFID devices, they can be hard cases, they can be soft cases, that you put your key fob in and you roll it or you click it shut,” Pecha said. “The hard ones seem to work better because they’re actually aluminum. They have a soft casing of RFID lining them, and they actually are better at protecting a better seal. And then the ones that have a simple fold over the top, it’s magnetic that actually secures so that there’s no ability for the RFID or the transmission to get outside that bag.”