5 Impressive Ways Criminals Use Wireless Signals to Steal Everything—Even Your Car
Imagine coming home after a long day of work, kicking off your shoes, setting your key fob on the table, and heading to bed. Sounds pretty normal. Sounds pretty boring.
Now imagine waking up the next day, putting those shoes back on, grabbing your keys, and heading outside—only to find that your car is missing.
Unfortunately, this is becoming an all-too-frequent occurrence. Bad actors are using technology to steal from us in some of the most clever, infuriating ways. Luckily, there are some really simple precautions you can take to avoid auto theft, credit card fraud, and even having your Amazon Alexa device hacked into.
Here are some of the sneakiest ways these thieves are taking advantage of security flaws—and how you can take matters into your own hands to protect yourself.
1) Transmitting Car Key Fob Signals
It's convenient to open your car door without having to dig around in your bag or pocket for the key fob. Certainly it's one of the selling points for push-to-start cars, but it's also making life ridiculously easy for thieves. As with so many advances in technology, there have been unintended consequences for this standard in newer cars.
According to FBI statistics, auto theft hit an eight-year high in 2017, with 773,139 reported cases—up from an all-time low of 686,803 in 2014. That occurred in tandem with an increase in keyless ignition systems: In 2018, 62 percent of cars sold use keyless ignition as standard equipment, up from 11 percent in 2008, according to car-buying site Edmunds.
So why is it possible to pull off this kind of theft? Keyless ignition systems come with a fob that transmits a unique low-frequency signal to the car's computer system, which then validates that the correct signal has been sent and allows you to push a button on the dashboard or console to unlock the doors and start the engine.
Hackers can take advantage of this by using a cheap relay box to copy and transmit the signal from your key fob while it's still inside your home or on your person, making it easy to steal your vehicle. This is called a relay attack, and it's simple for thieves to pull off as long as they have a friend.
Here's how it works: Each person carries a relay box, which can be purchased for as little as $20 online. The boxes can pick up the radio frequency from a car key fob that's sitting on a table inside, hung up on a key rack, or even resting in a purse. The relay boxes allow one person to stand near the home to pick up and amplify the key fob signal and then transmit it to the second box, which the other person holds outside the door of a car. Once the key fob signal reaches the second box, it unlocks the door, as the car thinks you're holding your key fob nearby. Now the criminals just have to drive away without getting caught and then change the locks.
Virtually every car with an automatic-open key fob is susceptible to theft, even if it isn't push-to-start. The good news? It's pretty quick and cheap to prevent yourself from falling victim to a relay attack.
Stay safe: Shove your key fob in your refrigerator, freezer, microwave, or some other giant hunk of metal that can block the radio signal so that thieves can never pick it up. (Just don't cook your keys.) You can also try wrapping the keys tightly in tin foil to keep the signal from getting out or try storing your keys really, really far away from your car.
The best, most practical way to avoid auto theft: Store your keys in a Faraday cage, which is an enclosure that blocks all electromagnetic fields. Invented by scientist Michael Faraday in 1836, these "cages" have come a long way. In fact, you can purchase special Faraday pouches on Amazon that are shaped perfectly for your key fob to keep it protected at all times. Another option is to keep a Faraday box where you'd normally keep your keys and stash them in there. We even found one that's disguised as a book:
Remember getting your first passport? You had your fingerprints taken, signed a bunch of documents, cut down a picture of your face to the tiny square size required for the booklet and waited—and waited some more—for the damn thing to show up in the mail.
Sure, passports open up a whole world of travel, but they also open up a whole world of possible theft and fraud. That's because once your passport booklet is published, the U.S. Department of State personalizes the booklet with an RFID (radio-frequency identification) chip, which stores your personal information.
The chip contains pretty much all the same information you'll find on the photo page of a passport. That includes your full name, date of birth, social security number, address and more. It also stores your cryptographic signature, photo, and biometric data, which allows border officials to verify that the passport hasn't been tampered with or altered.
In theory, all a bad actor must do is hold an RFID scanner a few inches to a few feet from your passport to retrieve data from it. But that's pretty hard to do in practice, because the U.S. government has taken security measures to help prevent this sort of fraud.
That's according to Michael Holly, director of International Affairs Staff at the U.S. Department of State. He told travel magazine Afar that U.S. passports are secured with "basic access control", which is similar to what's seen in an ATM machine. It requires that the passport be open and inside a special machine-readable zone to be read. From that zone, a PIN number originates and the chip releases information to an RFID reader, but all the information is still encrypted.
We also use random user identification (RUID) in order to prevent tracking. When a chip is queried by the reader, the first thing that is provided is the chip’s serial number. In our case, each and every time the chip is queried, a different identification number is provided.
Stay safe: Invest in an RFID-blocking case or sleeve for your passport. Most new passport cases come with RFID-blocking capabilities, but double check when you go to buy yours. Or, if you're feeling cheap, just keep your passport closed at all times—the data can't be ripped from your passport with an RFID reader unless the booklet is open.
Even when a laptop is sitting by idly, like in the backseat of a car or a trunk, it emits a wireless Bluetooth signal so that devices can find and connect to it. The problem? Thieves are now using Bluetooth scanners to walk around cars and locate devices, making targeted break-ins an art.
And finding a cheap Bluetooth scanner is easy; there are even Bluetooth-scanning apps that use a phone's Bluetooth sensors to find nearby signals. But worst part is these apps and scanners tell you exactly what kind of device nearby is putting out the Bluetooth signal.
Stay safe: You have three options: Put your device in Airplane Mode, power off the electronics completely, or simply remove all electronic devices from your vehicle when you exit.
If you can't take everything out of the car, double down and buy a Faraday cage or blanket large enough to fit your laptop that you can keep in the trunk of your car. It will prevent any wireless signals from escaping the enclosure.
Building access badges do eliminate the need to wiggle around a key inside a lock, but present new challenges, like criminals who want to clone them.
To understand how your work access badge or apartment building swipe card could be copied, let's first dissect the innards. While there are various sorts of access cards, the most common is called a proximity card (or "prox card" for short). These use an LC circuit, which is a simple electric circuit with an inductor connected to a capacitor.
When a card is presented to a reader, the reader's electrical field excites the metal coil inside the card. That charges the capacitor (a device that stores energy in an electric field), which, in turn, powers the integrated circuit. The circuit spits out the card number to the coil and then transmits it to the reader. Voilà, you're in.
All that's needed to copy your access card is a basic understanding of radio technology. Hackers need the card number to create a copy—and machines that can easily do that only cost about $10.
Stay safe: This technique is stupid easy, sure, but it only works on an old prox card standard that emits a 125 kHz signal. Most new access badges use a higher signal that's harder to crack. If you're concerned, double check your badge. If the numbers on the side are in a format with five numbers and then nine numbers (see image below), you may want to invest in RFID blocking cards for your wallet or a whole RFID-blocking wallet.
5) Swiping Credit Card Information
If you don't believe credit card skimming, or the act of copying an RFID signal from credit cards, actually happens, here's a nightmare scenario from a Redditor:
Today, I noticed that there were two large charges in my checking account at Fred Meyer - a place I OFTEN shop and spend a decent amount of money - one yesterday and one today. I checked with my spouse, and neither of us spent it. A little more digging and I realize that over $700 has been spent at Fred Meyer since the beginning of February. Normally, I would notice this kind of money missing - but I have been super busy this month and not really paying attention - plus my spouse and I share accounts, so it's pretty easy to brush off small charges. To complicate things, some of the charges WERE ours because it's where we shop! A fine-tooth comb through finances revealed that EVERY SINGLE ONE of our accounts and credit cards has at least a couple unexplainable charges at Fred Meyer since early January - as well as some random Safeway, Best Buy, and other places that I am pretty sure we didn't make. Most of them are small amounts - 8, 10, 25 dollars. Only recently, I think, have they become bolder and started charging larger amounts. But add it all up... it's a significant amount of money.
I called the bank and got everything turned off, but they mentioned that it is VERY likely my whole wallet came into contact with a RFID Skimmer at Fred Meyer because that's where they've mostly using it since. They know we shop there, so they knew I wouldn't really question a charge here or there from a store we already frequent. We suspected nothing, because my cards are still in my wallet.
I am hoping that most of my new cards come chip-and-pin, but I know our CU doesn't have them yet so I bought some RFID Blocking sleeves on Amazon to keep our cards in, to prevent this from happening again. Be warned: all it takes is a thief getting close to you in a line with your wallet in your back pocket and they have everything. If you have an Extended Driver's License, your Passport, all credit and debit cards on your person they can just steal all that information. There are people doing this in Spokane, it happened to us and it sucks. (Also there have been stories of skimmers installed in gas pumps, ATMS, etc.)
Stay safe: Wrap all of your cards in a thick layer of tin foil, invest in an RFID-blocking wallet, or buy RFID-blocking cards that you can throw in your current wallet. Just be careful: If you have a bifold wallet, you need to put an RFID-blocking card on both sides of the wallet.