In replay attacks the signal is forwarded from the key to the vehicle in order to cover a greater distance for unlocking and starting the vehicle. Once the engine is started the key doesn’t need to be in close proximity to the vehicle anymore and therefore can be driven large distances. The required hardware needed to perform this attack is just around 100$, making it an attractive attack for criminals to steal cars.
Car manufacturers have implemented different ways to cope with relay attacks, however, the UWB (Ultra-Wideband) technology is the most secure mechanism to cope with relay attacks. Its accuracy for measuring the distance to the vehicle cannot be tricked with current devices used for relay attacks. Other mechanisms are (i) to include a motion sensor in the key so that it turns off when it is not moved for a few minutes (37 of the tested models) and (ii) to allow the keyless feature to be only used for starting the car and require interaction with the key in order to open it (3 of the tested models). However, using a motion detector is not sufficiently secure as relay attacks can be still performed when the key is in motion, e.g., when the owner walks.
More news on ransomware attacks on the automotive supply chain
- In the last newsletter we reported on the Kojima-Toyota incident where attackers focused on disturbing the supply chain. This attack wasn’t the only one targeting Toyota. Denso, another important supplier for Toyota, also got attacked. More specifically the network of its German company, DENSO Automotive Deutschland GmbH, got subject of an attack by the Pandora group. The group announced on Sunday 13/3 that they stole classified information and threatened to release it.
- The US subsidiary of the Japanese tire manufacturer Bridgestone also got hit by a ransomware attack on 28th February according to their press release from last week.
More automotive security news
- The cybersecurity market is forecasted to grow from 2 billion USD to 5.3 billion USD in 2026 according to Research and Markets’ “Global Automotive Cybersecurity Market” report. You can also find a short summary on yahoo!finance.
Written by Thomas Rosenstatter