paint-brush
Signal Amplification Relay Attack (SARA)by@vincetabora
56,665 reads
56,665 reads

Signal Amplification Relay Attack (SARA)

by Vince TaboraAugust 21st, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

During “Hacker Week” in Las Vegas, thousands of information security professionals that include actual hackers, converge. It is best to be alert since there are bad actors who have rogue intentions. Finding victims can be easy when there is no awareness of the imminent threats. With that said, car hacking has become more commonplace in recent years, due to the increased integration with electronic systems that include the car’s own lock system. With keyless entry systems, it uses wireless or radio signals to unlock the car. These signals can in turn be intercepted and used to break into the car and even start it. One such technique is called SARA or Signal Amplification Relay Attack.

Company Mentioned

Mention Thumbnail
featured image - Signal Amplification Relay Attack (SARA)
Vince Tabora HackerNoon profile picture

During “Hacker Week” in Las Vegas, thousands of information security professionals that include actual hackers, converge. It is best to be alert since there are bad actors who have rogue intentions. Finding victims can be easy when there is no awareness of the imminent threats. With that said, car hacking has become more commonplace in recent years, due to the increased integration with electronic systems that include the car’s own lock system. With keyless entry systems, it uses wireless or radio signals to unlock the car. These signals can in turn be intercepted and used to break into the car and even start it. One such technique is called SARA or Signal Amplification Relay Attack.

All roads lead to DEF CON 2018 (Las Vegas, NV)

This keyless entry hack is probably one of the simplest out there. This follows a similar principle to “relays” which transmit an RFID signal across a longer distance. Keyless entry systems use a “handshake” signal that sends a signal from the key fob to the car’s lock controller unit. When the fob is within proximity of the car, the controller unit detects it and unlocks the car automatically. The radio transmitter relay device works on that principle using two devices. One device must be placed next to the car, while the other must be within close proximity to the car owner’s key fob. A signal is boosted from the car to the fob to trick it in a sense by sending the signal from the device next to the car to the device that is near the key fob. Then the signal is copied rather than decrypted and can be used to not only open the car, but to start the car as well. So it doesn’t even try to decrypt the signal, just copy and use. It’s like intercepting someones private key.

There are vulnerable car models, mostly European. There is no fix or update to download to fix the problem unfortunately. Covering your key fob with foil or a faraday cage certified box works, but to the owner’s inconvenience. You can ask your car dealer if the car model you have is vulnerable to this hack. They may or may not know, so consulting the auto manufacturer might be best. Old school solution I would suggest is to get a anti-theft lock on the car’s steering wheel or brake pedal. Those are not electronic and use actual keys. Other solutions include putting the key fob in a shielded pouch or a signal blocking fob holder.

Anti-theft steering wheel lock, The Club, is one of the best ways to secure against SARA (Source: Autozone)

In 2016, security researchers at the Munich-based automobile club ADAC published their findings of attacks they performed to test the vulnerability. They did this to 24 vehicles from 19 different manufacturers.


Here is a list of some cars affected:https://www.forbes.com/sites/thomasbrewster/2016/03/21/audi-bmw-ford-thief-car-hacking/#2cccd9514f1e

Note: This information is given for educational and reference purposes only. Hacking for malicious purposes is an illegal activity which is punishable by the law.