Not just computers, even your cars aren’t safe from hackers

Study reveals how criminals manipulate key-fobs with ease

March 08, 2020 03:10 am | Updated December 03, 2021 06:55 am IST - Mumbai

Representational image. File

Representational image. File

If you thought only your computers and cell phones were under threat from hackers, think again. A recent research has revealed that not even your cars are safe from cyber attacks.

A joint study was conducted by the Katholieke Universiteit Leuven (KU Leuven) in Belgium and the University of Birmingham in the U.K., the results were made public earlier this week. The research paper describes how electronic key-fobs, which are used to lock and unlock cars, can be hacked by cyber criminals with surprising ease, and millions of cars are at risk.

The key-fob, or immobiliser, enables the user of a vehicle to lock or unlock their car with the touch of a button. The system was invented to try and control car thefts, which are traditionally executed by bringing together certain wires in the ignition, known as “hot-wiring” a car, which starts the ignition without a key. The research paper points out vulnerabilities in the immobilisers of several models of Hyundai, Toyota and Kia.

RFID device

According to the report, all a hacker has to do is to use a radio frequency identification (RFID) device within close range of a key-fob, which exploits the vulnerability in the immobiliser system and downloads its secret code to the hacker’s device. Using this information, the hackers can clone the target’s key-fob, use it to unlock the car and drive away without raising any alarm whatsoever. The only challenge that remains after hacking the key-fob is to override the ignition, but car thieves had surpassed that hurdle way back when they invented hot-wiring.

The car models named in the research report include Auris, Camry, Corolla, FJ Cruiser, Fortuner, Hiace, Highlander, Hilux, Land Cruiser, RAV4, Urban Cruiser and Yaris by Toyota, and I-10, I-20, Veloster, IX20 and I-40 by Hyundai.

The report describes how the research team obtained a large number of electronic control units used in immobilisers of several cars and reverse-engineered their firmware — the permanent software programmed in devices — which enabled them to spot the vulnerabilities.

Also read | ‘2020 will be the year of mobile sneak attacks’

DoS attack

Apart from car thefts, the other possibility pointed out in the report is that of a denial of service (DoS) attack, where hackers can take over a large number of key-fobs and simply not let users unlock their vehicles. On a large enough scale, such an attack could be chaotic.

The report states, “Performing this type of DoS attack can be automated by building a device which repeatedly broadcasts the required commands. While there might be little incentive for someone to do this type of attack, it could lead to bad publicity for the affected car manufacturers and increased revenue for local garage owners.”

“Such hacks prove that cybersecurity is a separate discipline, which is difficult for the IT infrastructure provider to fathom,” Special Inspector General of Police Brijesh Singh said.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.