High-Tech Thieves Use Laptops to Steal Cars
By JOHN HOLL
NEW YORK -- Security technology created to
protect luxury vehicles may now make it easier for tech-savvy thieves to drive
away with them. In April, high-tech criminals made international headlines when
they used a laptop and transmitter to open the locks and start the ignition of
an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5
stolen from him using this technology within six months.
The most recent theft occurred while Beckham and his two sons were eating at a
restaurant in suburban Madrid. Spanish police suspected a Bulgarian gang of car
thieves that specialize in stealing luxury cars. At the time of publication, no
suspects had yet been apprehended.
This highly publicized theft was not the first indication that keyless systems
were vulnerable to wireless break-ins. Back in 2004, when keyless technology was
still new and touted as unbreakable and secure, Dr. Aviel D. Rubin, a professor
of computer science at Johns Hopkins University, along with several of his
graduate students examined this possibility. Within three months they had
successfully cracked the code embedded within the ignition keys of newer model
cars, theoretically allowing them to steal the autos.
Using a laptop computer, an antenna and specifically designed software, Rubin
and his team extracted a code that transmits from a small Radio Frequency
Identification (RFID) chip inside the key. From there the team tested more than
one trillion possible encryption answers.
"It was a trial-and-error process," Rubin said. "We wanted to see if it could be
broken and found out that it could. We were surprised."
Realizing the ramifications of their discovery, Rubin and his team presented
their findings to Texas Instruments — the makers of the chip — and automaker
representatives and posted their research paper online. On the site, the team
does not reveal the specifics of how they broke the code, so as to not enable
criminals to harness the technology.
Texas Instruments’ reaction was one of surprise, Rubin said. The chip
manufacturer was skeptical at first, but once the engineers received an
in-person demonstration, they relented that the technology could be broken.
Unfortunately, there wasn't much that TI, the world’s largest integrated maker
of RFID tags, smart labels and reader systems, could do about it. A recall would
be nearly impossible and very expensive.
Bill Allen, director of business development for Texas Instruments' RFID
division, did not dispute what the Johns Hopkins team did, but said it is "a
complex thing and not something that can be done easily."
He said that researchers were working on staying one step ahead of criminals.
Texas Instruments, he said, had already introduced 128-bit encrypted RFID tags
to make it harder for thieves and hackers to manipulate the system.
"In practicality, consumers are as safe today as they were yesterday," Allen
Kevin P. McHugh, president of the International Association of Auto Theft
Investigators, said RFID thefts "are known and growing" in Europe, especially
with expensive cars. However, because the method used to steal a car isn’t
always noted in police reports here, the specific number of how many cars had
been stolen in the U.S. using laptops is unknown, confirmed Frank Scafidi,
director of public affairs for the National Insurance Crime Bureau.
Yet these recent thefts may be no cause for alarm in America. The number of
reported car thefts in the U.S. has increased in 2004 there were more than 1.8
million cars stolen in the U.S., up 1.9 percent from 2003, according to the
Department of Justice.
"It is getting harder for the amateur to steal cars," McHugh said. "The
professional thief with high-tech experience who wants your car for reason ‘x’
is going to come up with a way to get it, and these days that often involves
RFID chips are used in everything from supermarket scanners to credit cards. Of
the hundreds of millions of RFID ignition keys in use in the United States, most
operate with a 40-bit frequency that broadcasts their number through the air. In
order for thieves to get access to the numbers, they first must get within
several inches of the key with a receiver. From there, the signal can be
downloaded onto a computer, processed and broken in about 15 minutes. The
thieves can then feed the signal to the car and successfully hotwire the
Nick Twork, a technology spokesman for Ford Motor Company, said that while no
technology is foolproof, RFID has contributed to a drop in thefts over the last
"We are always coming up with new ways to make it harder for people to steal
cars," Twork said. "And if a car is stolen, we are making it easier to recover."
Twork said that Ford is also working on next-generation antitheft measures but
declined to elaborate when asked for specifics.
Loretta Worters, a spokeswoman for the Insurance Information Institute, said
that insurance companies are inclined to offer reduced rates to consumers who
drive cars equipped with antitheft devices like RFID, alarm systems and safety
devices like airbags.
"We feel that anything that can help reduce the number of thefts is a good
thing," Worters said. "It benefits the owner of the vehicle and the insurance
She added that RFID thefts "are not a big problem in the [insurance] industry.”
With millions of these tags in circulation, Rubin says there is not a lot
drivers can do to protect themselves. "You can wrap [your keys] in tinfoil, but
that's not very practical," he said. "It is best to wait until the
second-generation tags come out."