You are using an older browser version. Please use a supported version for the best MSN experience.

Criminals could steal a McLaren and other supercars in seconds using new hijacking scam

The Telegraph logo The Telegraph 10/09/2018 Alan Tovey
a car parked on the side of a building: The £750,000 McLaren Senna © Provided by Telegraph Media Group Limited The £750,000 McLaren Senna


McLaren is racing to get ahead of car thieves after researchers claim to have found a hole in the security systems protecting the company’s supercars.

Researchers at Belgium’s KU Leuven University are this week expected to detail how wireless key fobs for McLaren and other high-end car companies can be hacked.

So-called “relay attacks” have been widely reported where criminals trick a key fob into transmitting a security code which they then “grab”. This is then transmitted to a car, tricking it into unlocking and allowing it to be started. This method can only be used once, meaning that cars cannot be unlocked or started again.

Download the all-new Microsoft News app – available now on iOS and Android

The new vulnerability is understood to wirelessly grab and decode the algorithm which creates security codes for cars. Once it has decoded them, they can be used to create perfect copies of key fobs that can be used repeatedly.

Thieves targeting vehicles are understood to be able to scan and decode quickly the algorithm of a key fob if they are up to 30ft from it. At long distances - up to 300ft - decoding takes about 100 days. Relay attacks can be completed in matter of seconds. 

The equipment needed to create cloned key fobs is available on the internet. Although it requires specialised knowledge to use it, as awareness of the vulnerability becomes widespread it is expected that more cars will be targeted.

Car thief disarming car protections with laptop computer © Getty Car thief disarming car protections with laptop computer

Researcher Tomer Ashur tweeted his discovery on August 28, saying that “it’s all fun and games until someone uses weak crypto to secure a €100,000 car”.

Mr Ashur - who describes himself as some who “understand systems, then I break them” - and his colleagues are expected to publish details of the vulnerability this week in an academic paper.

They are understood to have contacted affected car companies to alert them to their discovery, and also the suppliers of key fobs to the car companies.

a blue car parked in a parking lot: McLaren 570S Spider in pictures - Cars gallery © Provided by Telegraph Media Group Limited McLaren 570S Spider in pictures - Cars gallery

Lennert Wouters, a researcher specialising in wireless security systems at KU Leuven University, said: “We discovered a security vulnerability in the passive keyless entry and start system used in some high-end vehicles. The vulnerability allows us to clone a car key fob in a few seconds.”    

McLaren said it had been alerted to the threat and is contacting the 16,000 owners of its £150,000-plus cars, warning them of the danger.

The company - which said that none of its cars have ever been stolen - is currently working to issue owners with protective pouches in which to store their keys to prevent them being scanned.

McLaren is understood to view the threat as “credible”.

A spokesman for the company said: “While this potential method has not been proven to affect our cars and is considered to be a low-risk, plus we have no knowledge of any McLaren vehicle being stolen by this or the previously reported ‘relay attack’ method, nevertheless we take the security of our vehicles and the concerns of our customers extremely seriously.” 

AdChoices
AdChoices

More from The Telegraph

image beaconimage beaconimage beacon