The XFR and other keyless vehicles like it, might be vulnerable to electronic 'lockpicks'. Image via Wikimedia commons
The XFR and other keyless vehicles like it, might be vulnerable to electronic 'lockpicks'. Image via Wikimedia commons

A Jaguar car has reportedly been ‘hacked' in Auckland New Zealand. Last week, a man sauntered into a car dealership in New Zealand's largest city and stole a Jaguar XFR, worth nearly £80,000.

This unidentified thief did not have the key, which was locked safely away inside the dealership, nor was the car unlocked when it was taken. The car was stolen, it has been concluded, using an electronic device used to hack the lock system.

Such devices, which fake the signal of a wireless key fob allowing the thief to enter the car and start the engine, are apparently easy to procure on the internet. The Metropolitan Police statistics show 6,000 cars in London were stolen in 2014 using these techniques.

This signifies a stark change in New Zealand vehicle crime said detective sergeant Callum McNeil to the New Zealand Herald: "Generally they have broken in and stolen the keys from the dealers, but the technology is now available. We have seen it in the UK and even in Australia and now we are starting to get it here where offenders have access to the technology."

That said, McNeil added that considering that this kind of crime is so rare and New Zealand is such a small place, the criminals who stole the car were unlikely to be able to sell it or even strip the Jaguar for parts and then sell those.

Jaguar did not respond for comment at the time of publication. 

Hacking cars has loomed large in the news in recent years, particularly Chris Valasek and Charlie Miller's famed hacking of a Jeep Cherokee this year. A public-private project in the US state of Virginia recently showed that even police vehicles can be hacked. Concerns have also been raised about the vulnerability of automated vehicles to hacking, a scenario that is still on the horizon but indefatigably approaching and one that could conceivably yield horrific results.

Despite those fears, car hacking has yet to be seen much in the wild. This potential case of car hacking signals is yet another in the few, but growing, number of cases in which this highly specialised form of crime occurred.  

Keyless cars, however, are considered to be particularly vulnerable. In Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser, the paper detailed how vulnerable the widely used keyless lock system, Megamos Crypto, was to compromise. Attackers could exploit the vulnerability, said the paper, by discovering the unique algorithm that verifies the key.

The paper offers an example of how such a hack might be performed on a keyless car. The hack takes advantage of the vehicle's immobiliser, a system which ironically, prevents the car from being hot-wired or stolen by cutting off the engine. It ensures the owner's possession over the vehicle by detecting the key fob used instead of a car key; the car simply cannot start without that fob in proximity.

But when the researchers listened in to the electronic exchange between the fob and the immobiliser system, the researchers could crack the algorithm and falsify the signal between the fob and the car's immobiliser system. The researchers cracked it in under in less than 30 minutes.  

The paper noted that mysterious car thefts prompted them to undertake that research: “From our collaboration with the local police it was made clear to us that sometimes cars are being stolen and nobody can explain how.” the paper added that “They strongly suspect the use of so-called ‘car diagnostic' devices. Such a device uses all kind of custom and proprietary techniques to bypass the immobiliser and start a car without a genuine key. This motivated us to evaluate the security of vehicle immobiliser transponders.”