12th December 2017
The escalation in ‘relay’ vehicle theft is a concern for rental and other fleets, but simple deterrents along with more advanced solutions will hopefully result in a decline
Much to the delight of scores of private and business motorists, most manufacturers offer keyless entry for some or all of the models in their ranges, with 95% of European car brands, for example, featuring the technology. ‘Smart key’ entry can be traced back to the early nineties when the Chevrolet Corvette boasted an early incarnation2, before Mercedes cars began to offer such functionality a few years later.
The hunger for smart key entry is understandable, proving hugely convenient for drivers whose hands are full or who don’t fancy fumbling around in their handbags or pockets if the weather is inclement. As with many things in life, though, there’s an unfortunate downside to this otherwise laudable technology.
Over the last few years, headlines have emerged of high-tech’ criminals using powerful but nevertheless quite simple technology to steal cars and vans across the UK and other countries, often while their owners are asleep.
The technique used is commonly referred to as a transmitter ‘relay’ attack or hack and involves one criminal using a radio transmitter to obtain the target vehicle’s car fob signal, which is then transmitted to a second relay box held by another perpetrator positioned close to the car or van the pair is stealing. By capturing the signal from the fob inside a building and then relaying it to the vehicle by means of the two devices or ‘boxes’, entry can be gained and the ignition started.
Around a week ago, police in the West Midlands released footage to the media showing car thieves using this relay technique to steal a Mercedes from outside the victim’s home, taking just one minute to complete the deed3. This may indeed be the first time that a high-tech’ crime like this has been captured on CCTV, but criminals have been using this method for a while, one source4 found that dates back to 2011.
The ADAC, which is essentially Germany’s equivalent to the AA or RAC, conducted tests5 in spring 2016 and found that they were able to hack into 24 different car models fairly cheaply and easily, from a relatively humble Renault Trafic van to a BMW 730d. Highlighting the urgency of tackling this proliferating trend, ADAC’s researchers were even able to devise an effective method costing less than £200, which could work as far as 90 metres away. More sophisticated systems can even hack signals over several hundred metres.
In April of this year, an online headline read ‘Shocking moment car hackers are able to steal a £60,000 BMW simply by holding a bag up to the front door of a house’, once again highlighting the rapidity with which this latest technique allows car thieves to operate. Commenting on the thefts of this X5 and also a Mercedes, which both happened on his home patch of Essex, security expert Ray Anderson suggested that vehicle owners or leasers should keep key fobs in metal boxes or even in their fridges6.
With a survey7 finding that a quarter of respondents keep their car keys in the hallway during the night, 13% leaving fobs visibly on show on a table and 15% placing them in a drawer, Thatcham Research’s CTO reassured motorists that the body is working closely with the police and car manufacturers to address any vulnerabilities8. ADAC found the most easily hacked models to include the Renault Kadjar, MINI Clubman, SKODA Superb and Hyundai Santa Fe, but it’s fair to say that the list of over fifty cars they came up with covers more or less every manufacturer.
Thatcham Research’s advice includes asking dealerships whether any software updates exist to provide more robust protection for various models and whether key fobs can be turned off manually for required durations.
Police forces across the UK are increasingly recording vehicle thefts as ‘stolen without the keys’9 and statistics show that last year two-thirds of vehicles recovered by using trackers were originally stolen in relay attacks, leading various automotive spokespeople to advise placing keys in microwaves or investing in a Faraday wallet, which blocks electronic signals. Physical deterrents such as steering wheel locks and wheel clamps are also suggested10. Once a vehicle has been stolen and is out of the range of the fob, it’s difficult for the engine to be restarted, so many cars stolen ‘to order’ in relay attacks are broken up into parts or shipped out of the country11.
In the wake of an RAC study revealing that vehicle theft has risen by 30% between 2013 and 2016, vehicle leasing company Alphabet has published security and safety advice for drivers12. Their five-page guide highlights that even ‘rolling’ security signals that change each time a vehicle is opened can still be sniffed out by clever gadgets in the wrong hands. They advise drivers to check their vehicles’ user manuals to ascertain exactly what the buttons on their key fobs do, pressing ‘lock’ twice actually disabling the alarm on some vehicles13.
“Fleet drivers are statistically more likely to be targeted by criminals, who are increasingly trying to exploit technology like keyless entry and remote ignition, as well as ‘connected car’ services, that are widely found in the latest, modern company vehicles”, comments John Chuhan, Alphabet’s Chief Risk Officer. However, he points out that “this new ‘tech’ approach to car crime doesn’t mean that the traditional threats to business drivers have gone away either.”
UK police data reveals that as many as 30,000 vehicle thefts each year are not investigated and that of 117,000 cars stolen annually, 59,000 are never recovered, costing their owners around £229 million14. An Express article brought attention to the police generally classifying the theft of fleet or courtesy vehicles as a civil rather than criminal act. APU, the motor fraud investigation arm of the Accident Exchange, puts this down to the police considering that the business gave someone else permission to use the vehicle.
Car and van rental, contract hire and car sharing firms, as well as business fleets, clearly need to ensure that the vehicles under their care are duly protected. In addition to the advice mentioned throughout this blog, the use of tracking technology is also a key step that can be taken in improving the chances of a vehicle being recovered promptly even if it does unfortunately fall foul of a relay attack.
At Trak Global Group our hardware and app-based telematics systems along with our tracker solutions have aided various UK police forces in swiftly recovering stolen vehicles owned by young motorists, mobility firms and fleets. Although criminal gangs will inevitably continue to refine their techniques, it’s hoped that the combined efforts of manufacturers, technology companies and indeed vehicles’ custodians will help reduce this escalating trend.
- January 2020 (1)
- October 2019 (2)
- September 2019 (4)
- August 2019 (5)
- July 2019 (4)
- June 2019 (5)
- May 2019 (4)
- April 2019 (5)
- March 2019 (1)
- February 2019 (2)
- January 2019 (6)
- December 2018 (5)
- IMS Brings Carrot UBI Platform to North American Insurers
- Road usage charging to solve our transportation funding dilemma
- Depression, stress and anger can make drivers more likely to have accidents, according to new YouGov research to support Mental Health Awareness Day
- Carrot Insurance wins ‘Best Customer App’ at Insurance Times Tech & Innovation Awards
- Leon Hurst appointed CEO of Mobility at Trak Global Group