12th December 2017
The escalation in ‘relay’ vehicle theft is a concern for rental and other fleets, but simple deterrents along with more advanced solutions will hopefully result in a decline
Much to the delight of scores of private and business motorists, most manufacturers offer keyless entry for some or all of the models in their ranges, with 95% of European car brands, for example, featuring the technology. ‘Smart key’ entry can be traced back to the early nineties when the Chevrolet Corvette boasted an early incarnation2, before Mercedes cars began to offer such functionality a few years later.
The hunger for smart key entry is understandable, proving hugely convenient for drivers whose hands are full or who don’t fancy fumbling around in their handbags or pockets if the weather is inclement. As with many things in life, though, there’s an unfortunate downside to this otherwise laudable technology.
Over the last few years, headlines have emerged of high-tech’ criminals using powerful but nevertheless quite simple technology to steal cars and vans across the UK and other countries, often while their owners are asleep.
The technique used is commonly referred to as a transmitter ‘relay’ attack or hack and involves one criminal using a radio transmitter to obtain the target vehicle’s car fob signal, which is then transmitted to a second relay box held by another perpetrator positioned close to the car or van the pair is stealing. By capturing the signal from the fob inside a building and then relaying it to the vehicle by means of the two devices or ‘boxes’, entry can be gained and the ignition started.
Around a week ago, police in the West Midlands released footage to the media showing car thieves using this relay technique to steal a Mercedes from outside the victim’s home, taking just one minute to complete the deed3. This may indeed be the first time that a high-tech’ crime like this has been captured on CCTV, but criminals have been using this method for a while, one source4 found that dates back to 2011.
The ADAC, which is essentially Germany’s equivalent to the AA or RAC, conducted tests5 in spring 2016 and found that they were able to hack into 24 different car models fairly cheaply and easily, from a relatively humble Renault Trafic van to a BMW 730d. Highlighting the urgency of tackling this proliferating trend, ADAC’s researchers were even able to devise an effective method costing less than £200, which could work as far as 90 metres away. More sophisticated systems can even hack signals over several hundred metres.
In April of this year, an online headline read ‘Shocking moment car hackers are able to steal a £60,000 BMW simply by holding a bag up to the front door of a house’, once again highlighting the rapidity with which this latest technique allows car thieves to operate. Commenting on the thefts of this X5 and also a Mercedes, which both happened on his home patch of Essex, security expert Ray Anderson suggested that vehicle owners or leasers should keep key fobs in metal boxes or even in their fridges6.
With a survey7 finding that a quarter of respondents keep their car keys in the hallway during the night, 13% leaving fobs visibly on show on a table and 15% placing them in a drawer, Thatcham Research’s CTO reassured motorists that the body is working closely with the police and car manufacturers to address any vulnerabilities8. ADAC found the most easily hacked models to include the Renault Kadjar, MINI Clubman, SKODA Superb and Hyundai Santa Fe, but it’s fair to say that the list of over fifty cars they came up with covers more or less every manufacturer.
Thatcham Research’s advice includes asking dealerships whether any software updates exist to provide more robust protection for various models and whether key fobs can be turned off manually for required durations.
Police forces across the UK are increasingly recording vehicle thefts as ‘stolen without the keys’9 and statistics show that last year two-thirds of vehicles recovered by using trackers were originally stolen in relay attacks, leading various automotive spokespeople to advise placing keys in microwaves or investing in a Faraday wallet, which blocks electronic signals. Physical deterrents such as steering wheel locks and wheel clamps are also suggested10. Once a vehicle has been stolen and is out of the range of the fob, it’s difficult for the engine to be restarted, so many cars stolen ‘to order’ in relay attacks are broken up into parts or shipped out of the country11.
In the wake of an RAC study revealing that vehicle theft has risen by 30% between 2013 and 2016, vehicle leasing company Alphabet has published security and safety advice for drivers12. Their five-page guide highlights that even ‘rolling’ security signals that change each time a vehicle is opened can still be sniffed out by clever gadgets in the wrong hands. They advise drivers to check their vehicles’ user manuals to ascertain exactly what the buttons on their key fobs do, pressing ‘lock’ twice actually disabling the alarm on some vehicles13.
“Fleet drivers are statistically more likely to be targeted by criminals, who are increasingly trying to exploit technology like keyless entry and remote ignition, as well as ‘connected car’ services, that are widely found in the latest, modern company vehicles”, comments John Chuhan, Alphabet’s Chief Risk Officer. However, he points out that “this new ‘tech’ approach to car crime doesn’t mean that the traditional threats to business drivers have gone away either.”
UK police data reveals that as many as 30,000 vehicle thefts each year are not investigated and that of 117,000 cars stolen annually, 59,000 are never recovered, costing their owners around £229 million14. An Express article brought attention to the police generally classifying the theft of fleet or courtesy vehicles as a civil rather than criminal act. APU, the motor fraud investigation arm of the Accident Exchange, puts this down to the police considering that the business gave someone else permission to use the vehicle.
Car and van rental, contract hire and car sharing firms, as well as business fleets, clearly need to ensure that the vehicles under their care are duly protected. In addition to the advice mentioned throughout this blog, the use of tracking technology is also a key step that can be taken in improving the chances of a vehicle being recovered promptly even if it does unfortunately fall foul of a relay attack.
At Trak Global Group our hardware and app-based telematics systems along with our tracker solutions have aided various UK police forces in swiftly recovering stolen vehicles owned by young motorists, mobility firms and fleets. Although criminal gangs will inevitably continue to refine their techniques, it’s hoped that the combined efforts of manufacturers, technology companies and indeed vehicles’ custodians will help reduce this escalating trend.
- January 2019 (1)
- December 2018 (5)
- November 2018 (3)
- October 2018 (1)
- September 2018 (2)
- July 2018 (1)
- June 2018 (1)
- May 2018 (4)
- April 2018 (5)
- March 2018 (7)
- February 2018 (4)
- January 2018 (6)
- Trak Global Group has acquired Intelligent Mechatronic Systems Inc (IMS), North America’s leading insurance telematics business
- How the UK’s landscape for potential EV adopters is increasingly making the switch more feasible
- The latest OEM strides, statistics and governmental moves in the race to clean up vehicular emissions
- Shell’s Future of Fleet Report illustrates the exciting road ahead – with a key role for telematics
- Mental health and driver safety in today’s technology-assisted world of fleet management