Watch CBS News
MoneyWatch Tech

Latest target for hackers -- your car

By Erik Sherman

/ MoneyWatch

That high-tech keyless car security system is pretty sweet -- for hackers. According to a new report in Wired, thieves can use off-the-shelf hardware and software to impersonate a vehicle's security fob and break into a car in no more than a few minutes.

This vulnerability in keyless vehicles illustrates what is practically an axiom in technology: Convenience often reduces security. And in a corollary truth, hackers are usually at least one step ahead of the technologies intended to thwart them.

Australian security researcher Silvio Cesare plans to review his findings about this new approach to keyless break-ins at this week's Black Hat Internet security conference in Las Vegas. The annual event is a place where people from law enforcement, security experts, military intelligence and even the shady side of the street come together.

Heading off hackers: Protecting your information while shopping 03:44

People have previously found weaknesses in keyless entries. In 2012, for instance, a rash of Chicago car break-ins were linked to someone using some kind of electronic tool.

Meanwhile, Swiss researchers have found a way to get someone's key fob to broadcast an open command so it can be duplicated, potentially allowing thieves to break into and operate a car.

However, Cesare thinks that he may be the first to actually crack the encryption intended to guard they keyless systems. He built a device that would keep pressing the buttons on his own fob. After collecting thousands of samples of the codes intended to be picked up by the car, he found patters that reduced the number of possible codes to unlock a vehicle from 43 million to less than 13,000.

That's still a big number for humans, but computers can try that many sequences without getting bored, wasting time or needing a bathroom break.

Driverless cars are just around the corner 03:24

Other auto threats are also a topic of discussion at the Black Hat conference. According to InformationWeek, as cars increasingly feature on-vehicle wireless networks that connect with satellite services and smartphones, they become more vulnerable to remote attacks. By breaking into a car's Bluetooth network or a phone app, for instance, someone could in theory control a car's steering, braking or automated parking.

Last year, researchers showed how they could take control of many basic functions in a 2010 Toyota Prius and 2010 Ford Escape. Among new vehicles, the 2014 Jeep Cherokee, 2014 Infiniti Q50 and 2015 Escalade are the most vulnerable to attack, according to security researchers. A 2014 Audi A8 was deemed the least vulnerable model to electronic attack because the car's networked systems are separate from its physical operational systems.

The automobile industry has begun to take such threats more seriously. Last month it announced a mechanism to share security vulnerabilities.

Erik Sherman

Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.

First published on August 4, 2014 / 1:21 PM EDT

© 2014 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.