THREE million cars on Britain鈥檚 roads can be unlocked easily by hackers using
a handheld computer. And if they steal the valuables from inside your car, the
stealth with which they break in means you may never know that they have been
there.
Using the right software, it only takes about 10 seconds to copy the codes
from the remote controls used to operate a modern car鈥檚 central-locking system.
A thief using this technique would be almost undetectable. And your insurance
company may refuse to pay up for theft which occurs in this way.
The technique was recently discovered by Lars S酶rensen, a computer journalist
on PC World, when he was trying out a new software package on his Palm
Pilot, a 鈥減almtop鈥 computer. The computer has a built-in infrared port, with
software designed to record the infrared signals from TV and video remote
controls, enabling owners to use the Palm Pilot to control all their
gadgets.
Advertisement
However, S酶rensen also tried to record the signal from a friend鈥檚 infrared
control for locking a car. To his surprise, he was able to use the code to
unlock the car and disable the alarm. 鈥淭his is definitely a threat to car
owners, because someone could take belongings from their car without leaving any
sign of a break-in,鈥 he says.
The Motor Insurance Repair Research Centre in Thatcham, Berkshire, which
approves locking systems for cars, believes that as many as three million out of
the 22 million cars on the road have infrared remote controls that are
vulnerable to palmtop-wielding hackers.
Tim Shallcross, a security expert with Britain鈥檚 Automobile Association says
鈥渢here have been code grabbers available for a few years鈥, but these were
specialist devices. However, he adds that modern systems should not be
vulnerable to this sort of attack since they use sophisticated rolling codes,
which change each time the key is used, making it virtually impossible to
predict the next one. Some systems have as many as 1064 different code
sequences, which would take even a powerful computer months to break.
Nevertheless, one of the cars S酶rensen hacked into, in Denmark, was a 1998
model. This alarmed Mark Inman, a security researcher at Thatcham. 鈥淭he problem
is, there are different specifications for different countries,鈥 he says.
And if phantom thieves do steal valuables from your car, your insurance
company may not believe you. 鈥淚f there鈥檚 no obvious sign of forced entry then
the first thing insurance companies will be concerned with is whether the claim
is genuine,鈥 says Malcolm Tarling of the Association of British Insurers.
鈥淕rabbing a code is like lock-picking,鈥 says Inman, 鈥渢hough it isn鈥檛 as easy
as it sounds.鈥 Capturing a signal as it bounces off a car would make it
difficult to get a complete code, he says.
However, a new infrared amplifier for the Palm Pilot is due to go on sale
soon, making it easier for thieves to grab the signal from a distance. 3Com, the
company that makes Palm Pilots, says it is taking this problem 鈥渧ery seriously鈥
and is investigating.