Thatcham Research has announced forthcoming updates to the New Vehicle Security Assessment (NVSA) programme, centred on securing cars against the growing threat presented by digital compromise.
The NVSA is the security standard against which all new cars are assessed as part of the insurance Group Rating and will be updated in 2019 giving carmakers the opportunity to bring in fresh measures to address the challenges presented by digital theft techniques. The new criteria will be designed to shut down the Keyless Entry vulnerability, while anticipating other potential methods of digital and cyber-compromise.
Richard Billyeald, Chief Technical Officer, Thatcham Research comments, “Car crime is on the increase, with intelligence suggesting that electronic compromise is a factor in as many as one in four vehicle thefts. In the 1990s, the NVSA effectively brought an end to a car crime epidemic by introducing alarms and double-locking door functions, amongst other measures. Initiated in 1992, a year which saw 620,000 car thefts, this approach was instrumental in driving theft levels down by 80% up to 2016. In the same way, collaborative and concerted action from Thatcham Research, carmakers, Police and insurers will close the digital vulnerabilities exploited by today’s criminal gangs.”
Thatcham Research has identified vulnerabilities in on-board electronic systems and criteria covering these areas will be included in the new standards. In addition, Police authorities have drawn attention to the increase in ‘chop shops’ – illicit garages where cars are dismantled to be sold on the spare parts market – and therefore criteria related to parts identification will also be carefully reviewed.
Billyeald continues, “CCTV footage of criminal gangs exploiting a vulnerability in keyless entry systems has been highly visible in recent months. However, we estimate that only 1% of cars on the road have this technology. Carmakers are already introducing keys with motion sensors which deactivate when stored, and new secure signal transmission technologies. In the short term, while these counter-measures come into the market, concerned drivers should contact their dealer to discuss the digital functionality of their cars.
“The online availability of tools which criminals can plug into vehicles to programme a false key is also a concern. We support recent calls from the Police for closer regulation of the sale of these devices, which have no use outside of a licensed bodyshop or garage.”
What should drivers do?
Thatcham Research advice for drivers with concerns about car security:
Current digital theft techniques explained
The OBD Hack
The On-Board Diagnostic port gives licenced garages access to a car so that service fault lights can be reset, and a new key programmed if the owner requires one. Because of EU fair-trading legislation, the OBD port must be easily accessible and uniform – allowing non-franchised garages to access using On-Board Diagnostic tools. These tools can be expensive – up to £5,000 – but kits which allow a blank key to be reprogrammed can cost as little as £50.
The Relay Attack
The relay attack exploits a vulnerability in passive keyless entry systems, which allow drivers to open and start their cars without removing the key fob from their pocket. Usually operating in pairs, one criminal will hold a device up against the front wall or porch of a home, searching for a signal from the keyless fob. The device then relays the key’s signal to an accomplice, who is holding another device against the car door. The car is effectively fooled into believing that the owner is within a defined range (usually within two metres) and is approaching the car with his key. The door opens, and the signal is relayed to the accomplice a second time, allowing the car to start. Once started the engine will not restart without the key present.
Jamming relies on driver inattentiveness. A criminal will hide a signal blocking device in a residential street or car park – preventing the locking signal from standard remote fobs from reaching the car. The car thief will then return to the location and test all the car doors within range of the device. Once opened the car can be stolen using an OBD device or the car’s contents taken.
Drivers can protect against this technique by simply observing for visual confirmation that their car has locked successfully (e.g. audible locking sound, flashing indicators or folding wing mirrors).
* All vehicle images and car descriptions on this site are for illustration and reference purposes only and are not necessarily an accurate representation of the vehicle on offer.
T: 01242 500255
MPH Vehicle Solutions Limited
122 Winchcombe Street
Registered Office : Pittville House, 122 Winchcombe Street, Cheltenham GL52 2NW
| Registered in England & Wales with company number : 06676289 | Data Protection No : Z3442443 | VAT No : 939 878 444 |
MPH Vehicle Solutions Limited are a credit broker and not a lender, we are authorised and regulated by the Financial Conduct Authority. Registered No : 677046
Copyright © 2019 MPH Vehicle Solutions Limited, All rights reserved.