CURepossession

Where the repossession industry gets its news

Illinois law proposes cracking down on auto relay hack devices

Illinois law proposes cracking down on auto relay hack devices
2017 camera footage of car thieves using a relay hack device to steal a car from behind the front door of a house

But repossessors and locksmiths are exempt!

It’s only been almost five years since we first showed you all how car thieves are using cheap $11 relays to hack keys to steal cars. Well, the state of Illinois seems to have woken up to the issue and have just submitted a bill making possession of one of these a crime. Fortunate for the repossession and locksmith industries, they’re exempt!

On November 11th, the Illinois Senator John Curran, ( R ), introduced Illinois Senate Bill 3071 which states;

Amends the Criminal Code of 2012. Creates the offense of possession of a relay vehicle theft device. Provides that a person commits the offense when he or she knowingly possesses a relay vehicle theft device. Exempts from a violation: (1) an employee of a facility subject to the Automotive Repair Act or the Automotive Collision Repair Act; (2) a new vehicle dealer or used vehicle dealer licensed under the Illinois Vehicle Code; (3) a locksmith licensed under the Private Detective, Private Alarm, Private Security, Fingerprint Vendor, and Locksmith Act of 2004; (4) a repossession agent; or (5) a federal, State, or local law enforcement officer. Provides that possession of a relay vehicle theft device is a Class 3 felony. Defines “relay vehicle theft device”. Effective immediately.

I am currently unaware of anyone in the repossession industry who is or has used these but considering the expense of towing and the ever-increasing security features being created on vehicles, there may come a day when this is more what the repossession industry looks like. Oddly, this is almost going full circle in that getting agents out of trucks and into the cars is a lot more like repossession used to look like.

In case anyone forgot what a real theft of one of these looks like, we covered teh story of a relay hack caught on an English driveway security camera back in November of 2017, but the video has since been taken down.

For years, automakers and hackers have known about a clever attack that spoofs the signal from a wireless car key fob to open a vehicle’s doors, and even drive it away. But even after repeated demonstrations and real thefts the technique apparently still works on a number of models.

The attack essentially tricks both the car and real key into thinking they’re in close proximity. One hacker holds a device a few feet from the victim’s key, while a thief holds the other near the target car. The device near the car spoofs a signal from the key. That elicits a radio signal from the car’s keyless entry system, which seeks a certain signal back from the key before it will open.

Rather than try to crack that radio code, the hacker’s devices instead copy it, then transmit it via radio from one of the hackers’ devices to the other, and then to the key. Then they immediately transmit the key’s response back along the chain, effectively telling the car that the key is in the driver’s hand.

Speaking the Language

That relay attack on keyless entry systems dates back to at least 2011, when Swiss researchers pulled it off with multi-thousand-dollar software-defined radios. Last year, researchers at the German car-owners group the ADAC showed they could achieve the same results with what they described at the time as just $225 in equipment. They also found that it still worked on 24 different vehicles. Given the broad scope of the problem and the rarity of software or hardware automotive security fixes, many of the cars and trucks on their list—sold by companies ranging from Audi to BMW to Ford to Volkswagen—likely remain vulnerable to the attack.

Hackey – from Team Unicorm, Qihoo 360

Back in 2017, Beijing-based Team Unicorn, Qihoo 360, took radio relay theft a step further. Instead of merely copying the raw radio signal and sending it whole, they built their own custom devices that included chips to demodulate the signal, unpacking it into ones and zeros. That reverse engineering, they said, meant they could send the decomposed signal bit by bit at a much lower frequency, which allowed longer range signals—1,000 feet compared with 300 feet in the ADAC tests—while using less energy.

The hardware for this came with a much cheaper price tag. In total, they spent about 150 Chinese yuan on chips, transmitters, antennas, and batteries for both devices. That’s about $11 each. Unfortunately for anyone looking to buy one from them, they’ve turned to selling their security to auto makers.

Now that it may become legal for the repossession industry to employ and possess these, let’s see if it gains traction.

 

Illinois law proposes cracking down on auto relay hack devices – Repossession
Print Friendly, PDF & Email

Facebook Comments

You may have missed

What Can be Done to Mitigate Repo Confrontation and Risk in the Field?

What Can be Done to Mitigate Repo Confrontation and Risk in the Field?

December 20, 2024 Editor
Repo Crazed Borrower Leads to Police Standoff

Repo Crazed Borrower Leads to Police Standoff

December 19, 2024 Editor
Repossessions Down Under

Repossessions Down Under

December 17, 2024 Editor
Killer Finally Sentenced For 2022 Repossession Murder

Killer Finally Sentenced For 2022 Repossession Murder

December 16, 2024 Editor