Why you should keep your key fob in a metal (coffee) can

A top global cybersecurity expert says the threat of car theft now is greater than ever and urges taking simple precautions to prevent car owners from becoming victims of tech-savvy criminals.

Thieves have perfected the art of stealing the code from that key fob sitting on a kitchen counter or hung on a hook by the door. And tools that make theft fast and easy can be purchased on the internet. Worse, the latest theft devices allow criminals to amplify a vehicle's radio signal so that thieves can better access and copy the key fob signal to steal a vehicle.

"The problem is, this is not a story, it's reality," Moshe Shlisel, a veteran of the Israeli Air Force and now CEO of GuardKnox Cyber Technologies, told the Detroit Free Press by phone from his office in Ramla, Israel.

Thieves are gaming "smart" key systems, which Shlisel said use nonsecure commercial radio waves to signal when the key fob is near or inside the vehicle. These key fobs allow car owners to unlock the door, start the engine, or even open the trunk from far away. But that's not all.

"You may think of your car key as little more than a tool to start the car," says AAA on its website. "But have you ever considered that it may also be the best tool to prevent your car from being stolen?" says AAA on its website.

How do hackers steal cars?

Car thieves who steal all or valuable parts of cars are going beyond just disassembling steering columns or removing the catalytic converter anti-pollution devices made with precious (and costly) metals, according to AARP. Car owners now need to be proactive to prevent these cyberattacks:

◾ The Relay Attack, a two-person attack, is when a thief walks up to the victim’s home with a piece of equipment that captures the signal from the key fob and then transmits the signal from a car key fob. "An accomplice waits nearby at the car door, usually with another device, to open the car when the signal is received," the AARP website said. The copied signal can fool the car into starting the ignition.

◾ Code Grabbing happens when you're in a parking lot, headed into a grocery store, and click your key fob to lock the vehicle door. The headlights flash to signal connection. That also cues thieves, who can intercept the radio frequency from your key fob and copy your code. Devices used for this attack are sold for only a few hundred dollars, along with key fobs that can be reprogrammed.

Code grabbing, according to the AARP website, "means that thieves don’t have to track cars to the owner’s abode. Often, orders for high-end luxury cars are placed in advance, so thieves sit and wait until the right model drives into the parking lot and follow it to a spot. So, be aware of your surroundings and instead of hitting the remote lock button, lock your car before you walk away.​"

The cloning action is so easy to do, that it's commonly used by maintenance workers in gated communities to reset the remote control system for homeowners, Shlisel said.

Copying a key fob signal and stealing a car can happen in 20 to 30 seconds, according to the Master Locksmiths Association in Warwickshire, England.

Recent key fob theft incidents

In November, Ann Arbor, Michigan, police identified thefts that appeared to be tied to vulnerable key fobs.

Police incidents of car hacking have been covered in Texas and Florida too.

Car theft data released in October showed that the U.S. continues to experience "near record levels of vehicle theft," according to the National Insurance Crime Bureau, the insurance industry’s not-for-profit association dedicated to preventing and combating insurance crime. At the time, "nearly 500,000 vehicles were reported stolen nationwide in the first half of 2023, marking an increase of more than 2% compared to the first half of 2022."

Stop cargo thieves:This go-to tech gadget is like the Ring camera - but for your cargo bed

How do I protect my key fob from thieves?

The single most important tip is that car consumers should always store their key fob in a metal container or a metal wire bag often called a Faraday cage that prevents the key fob from communicating with hackers, Shlisel said. Anytime it's just sitting on a table or carried in a pants pocket, it can be hacked.

Now hacking has become even easier, not only with cheap tools but also through YouTube videos and tips all over the internet on how to use cloning devices to steal vehicles, Shlisel said.

But cloning key fob signals is serious and preventable, he said.

"Just don't leave the key fob next to the door at home if you're parking nearby," Shlisel said. "Put the key fob as far away from your vehicle as often as you can. There's always communication between the key and the car itself."

Distance between the car and key fob helps prevent theft by people in the vicinity.

Should I wrap my key fob in aluminum foil?

The mechanism that works between the key fob and the vehicle is based on pairing," Shlisel said. "You can connect it to your iPhone via Bluetooth, right? This is called pairing devices. If I’m taking your headset and separating that from your phone, and the phone is in one room and your headset is 10 meters away, there’s a possibility you’ll not be able to hear through the headset. That’s the first step on disconnecting the pairing."

Codes in the vehicles can be copied. Codes in the key fob can be copied. Tech researchers have worked to try and prevent this problem but it's expensive and already key fobs can cost up to $1,000 to replace, Shlisel said.

"People have tried to implement much more secure methods and failed," he said.

"When I'm pushing the "on" or "off" button for the car door to open or close ... you can clone the communications," Shlisel said.

For skiers and boaters, the worst thing to do is leave a key fob in the vehicle, he said.

And if nothing else, wrap the key fob in layers of aluminum foil to block the signal, Shlisel said.

Contact Phoebe Wall Howard: 313-618-1034 or phoward@freepress.com. Follow her on X @phoebesaid.

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.