A group of German researchers from ADAC have published their work on extending last year's amplification attack that let thieves steal Priuses with a $17 gadget that detected your key's unlock signal and amplified it so it would reach the car.
The researchers have shown that at least 24 different car models from 19 manufacturers are vulnerable to this attack, and can be unlocked and driven away with cheap, easy-to-make radio amps.
The researchers say that thieves are already using this method to steal cars, and point to the surveillance video above as an example of a real-world theft.
Audis have had a similar, unpatched vulnerability for at least five years — though its details have never been revealed because Volkswagen threatened to sue the researchers who discovered it.
Here's the full list of vulnerable vehicles from their findings, which focused on European models: the Audi A3, A4 and A6, BMW's 730d, Citroen's DS4 CrossBack, Ford's Galaxy and Eco-Sport, Honda's HR-V, Hyundai's Santa Fe CRDi, KIA's Optima, Lexus's RX 450h, Mazda's CX-5, MINI's Clubman, Mitsubishi's Outlander, Nissan's Qashqai and Leaf, Opel's Ampera, Range Rover's Evoque, Renault's Traffic, Ssangyong's Tivoli XDi, Subaru's Levorg, Toyota's RAV4, and Volkswagen's Golf GTD and Touran 5T. Only the BMW i3 resisted the researchers' attack, though they were still able to start its ignition. And the researchers posit—but admit they didn't prove—that the same technique likely would work on other vehicles, including those more common in the United States, with some simple changes to the frequency of the equipment's radio communications.
Keyless: Easy prey for car thieves
Radio Attack Lets Hackers Steal 24 Different Car Models [Andy Greenberg]
"The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies"
Hackers working for China's government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
Everybody's got a story. Unfortunately, not everybody has the tools to tell that story the right way. That's especially true for someone looking to produce their first screenplay. Just as with any type of writing, penning a script for the screen has a set of rules all its own. Understanding that structure, as well as […]
Even as the world takes tentative steps toward reopening against the ebbs and flows of COVID-19, movie theaters remain in a netherworld limbo. High-profile film releases continue shuffling as theater chains, studios and filmgoers grapple with the fact that an enclosed theater may not be a safe place to be for some time to come. […]
The year 2020 has basically kicked down that door and dragged us all into the Zoom age, whether we like it or not. And now that we're basically inviting our boss, co-workers and other business associates into our homes via video, we've unwittingly stumbled into all kinds of new potential for embarrassment. Like when you're […]