Cars just aren’t safe from hackers these days. Whether their doors are popped open or their brakes killed, vehicles are becoming complex little networks on wheels, making the possibility of compromise all the more real, as the FBI warned last week.
Now German researchers have shown how easy it is to pop open hundreds of thousands of cars with a simple hack of wireless key fobs. As many as 24 models are affected, including Audi , BMW, Ford and Toyota cars, according to ADAC, a German automotive body.
The attack involves two hackers, whose radios collect the signals sent between the fob and the car to unlock doors and start engines. One hacker carries a radio that collects signals from a target vehicle’s fob. This is then passed to an accomplice, as as far away as several hundred meters, who uses it to open the doors and start the engine. They each need to be several meters away from their respective targets to harvest the data, but it’s possible to use antennas to extend the attack. Any vehicle alarms are rendered redundant, as the car trusts the signal.
Though demonstrated before, ADAC provided a full list of affected manufacturers, which also included Citroen, Honda, Lexus and Range Rover, amongst many others. The models were relatively new too, from 2013 to 2015.
ADAC’s long list of vulnerable cars. It was able to start the engines and open doors of all those tested.
ADAC urged the industry to act fast to address the issue, pointing to multiple concerns about the attacks outside of simple theft. Not only is it cheap to carry out such an attack – the cost for two suitable radios likely under $200 given the tools used in previous, not dissimilar hacks – they’d also leave no trace. “In tests, our experts were able to open cars with [keyless fob] locking system by means of a self-built wireless extension within seconds and [get away]. This left no visible burglar or tracks,” a note on the ADAC website read.
ADAC released a video replaying CCTV footage of what it believes was a theft perpetrated using the techniques it tried. With security protections lacking across such a broad range of cars, such thieves will only be more attracted to the hacker way of thinking.
This article originally appeared on Forbes.
