On the “Biantian” vulnerability platform, several hacker teams have exposed weaknesses in the anti-theft systems of Volvo, BYD, and Buick. These systems are surprisingly cheap—just a few tens of dollars. They allow for remote door and trunk operations, and the whole process doesn’t even require the car to be online. The risk comes from the fact that if a car key can unlock the vehicle remotely, it could also be exploited.

But how can a hacker break into a car that isn’t connected to the internet? Is it something like the “car locking interference” we often hear about? Well, it’s not that simple. There’s more going on behind the scenes.

An 18-year-old hacker from the “Mythical Team” Ghost Lab was recently discovered. During a presentation where he shared his findings, he revealed the full process of how these attacks work. However, due to the sensitivity of the core vulnerabilities, some details remain confidential.

The real issue lies in the “synchronization value.”

Although the core vulnerabilities can’t be disclosed, the overall method is straightforward (though not very exciting): hackers can intercept the wireless signal from a car key and replay it using a specific mechanism, allowing them to mimic the key’s function indefinitely.

So how do they manage to crack the system without an internet connection? It all comes down to the use of HCS rolling chips and the Keeloq algorithm. These are encryption technologies developed by a U.S. company in the 1980s. They were widely used in car anti-theft systems and access control devices, and are still a common choice for keyless entry systems today.

To simplify, HCS rolling code chips and the Keeloq algorithm are hardware and software solutions used in many remote keys. If they’re compromised, it can lead to widespread security issues.

Let’s go back to the actual attack. Every time the owner presses the lock or start button on the key, a new signal is sent. The car processes this signal and checks whether it’s valid. Within each command, there is a unique serial number and a synchronization value that changes with every operation (it increments by one after each use).

Each time a key is issued, both the key and the car store the synchronization value. When a command is received, the car must verify this value before proceeding. For example, if the key sends a signal with a sync value of “11,” but the car has stored “10,” the system will accept it as long as the difference is within a certain range—this prevents accidental triggering.

This calculation involves both decimal and hexadecimal algorithms, and they need to be converted multiple times. When programmers wrote the code, they left a flaw: if two consecutive unlock commands (like “10” and “11”) are received, the system can’t tell if they came from the original key and will execute them automatically.

In short, once a hacker captures two consecutive synchronization values (which requires the owner to send two commands in quick succession), they can simulate the key’s function without limits. That means the car is vulnerable to being hacked.

Is this dangerous? Yes, it definitely is. At the hacking demonstration, we even saw an interesting “accident.” Due to unknown interference, multiple attempts to send commands to the car failed. Eventually, it turned out that the projector’s remote control signal was interfering with the cracking device. This showed that the equipment is highly sensitive to external conditions and needs to be used in ideal environments.

Because the entire command sequence was captured, the hacker couldn’t determine the unique identification code for each car and key. So, this exploit is currently limited to a single vehicle and cannot be used on all cars of the same model.

According to Wang Yingjian, the head of the “Mythical Action” team, this vulnerability has been found in some models like the 2008 Volvo XC90, BYD F0, and Buick Regal. However, the total number of affected vehicles is still unclear. Since it’s a hardware and software issue, owners may need to return to the factory or a 4S shop for repairs or upgrades. Also, because these chips and algorithms have been around for a long time, some models are already difficult to maintain.

Now, let’s compare this method with the traditional “car locking interference” technique. This new approach gives hackers more control. Users can’t avoid being targeted, even if they think they’ve locked their car properly.

Once a hacker gains access, the consequences could be severe—privacy breaches and property loss could spiral out of control. Plus, hackers can use this vulnerability to lock the car, making it hard for the owner to detect if the vehicle has been tampered with.

Optical Lens

Optical Lens,Biconcave Spherical Lens,Meniscus Lens,Biconvex Spherical Lens

Danyang Horse Optical Co., Ltd , https://www.dyhorseoptical.com