Faults in Keyless Car Entry Systems

Ignition System Button Push Car Start Keyless
Ignition System Button 

Keyless entry systems in cars may be a step forward in convenience, but that benefit comes at the steep price of compromised security.

Business Insider reported that two carjackers had been filmed using devices called relay boxes to pick up the signal from the set of keys inside the house and re-broadcast that signal in another location, thus opening up the car. The entire process was less than a minute long.

Another method reported by the Telegraph utilized a radio amplifier, which involves altering the radio frequency in the car to trick the keyless sensor technology into detecting a nearby “fob”. The affected European models include the Ford Galaxy, Audi A3, Toyota Rav4, Volkswagen Golf GTD, and Nissan Leaf. Researchers believe that dozens of other keyless models could be at risk.

The National Insurance Crime Bureau tested a similar relay device on used cars at dealerships and found that in 19 of its 35 tests, the device was able to unlock the vehicle. In 18/19 of those entries, it was able to start the car. NICB said that these relay boxes are just one variety of a vast potential for wireless theft devices, which means that automakers are going to have to bolster vehicle security.

While it is ultimately up to the manufacturers to develop defenses for this, there are a few things you can do as a car-owner to protect your vehicle.

First, you should contact your dealer and ask about the digital features in your car, specifically whether or not there have been any software updates that can be implemented. Next, check if your keyless entry fob can be turned off – if it can, do so when you will be away from the vehicle.

Finally, for additional peace of mind you can use a steering-lock or keep your fob in a faraday bag – which is a pouch designed to block radio transmissions.

This article was written by Kristina Weber of Centry Ltd. For more information like this, follow @CentryLTD on Twitter!

Business, Information Security, Risk Management

5 Ways Businesses Blunder on Compliance


An effective compliance program is essential to ensuring business functionality across the globe. It is not enough to merely implement the program – it must also be fluid, in that it is properly and competently administered. The list below outlines some common mistakes that organizations make, which can lead to inefficient compliance strategies or breaching regulations.

Poor due diligence:

Failing to properly vet a third party entity before conducting business can drag a company’s reputation and standard down. Most companies spend time making sure that they are operating above board and in accordance with both domestic and international regulations. However, where the mistake comes in is assuming that the third party entity has a similar moral standard. The findings from due diligence can be priceless, whether it is detecting non-compliant actions in a potential third party and saving your company’s reputation and money, or investing in trust knowing that the third party has a clean slate.  

Using out of date technology for compliance programs:

Another common error that companies make is using legacy technologies that don’t work to manage their compliance programs. Oftentimes these go un-updated due to factors such as cost or technical constraints. These programs can become a headache for global compliance efforts because they can be fragmented according to activity-specific vendors, which makes reporting more difficult on a grand scale and increases the administrative cost. Companies that want to avoid issues arising from legacy tech might want to consider compliance platforms and secure cloud-based solutions.

Lack of effective communications between different teams:

Siloed security teams can lead to mixups or situations in which the relevant information is not available to an involved party.  There is a lot of teamwork that goes into developing security policies – there are those who create and enforce the policies, those who ensure optimal system functionality, and those who tie those security policies to business applications. Sometimes these teams don’t always interact with each other, but their responsibilities are collaborative.

Allowing undocumented changes on the fly:

An essential part of compliance and risk management is documenting everything. If businesses don’t encourage documentation, they run the risk of – at best, having policies for which there is no explanation, and at worst – breaching compliance regulations.

Failure to thoroughly train employees:

Once the compliance program has been implemented, it is of utmost importance to ensure that it gets clearly communicated to everyone in the business. Training should be frequent and thorough, making sure to cover all aspects of the program and how it translates into everyday work life for company personnel. So many data breaches in recent times have been due to human error. Whether these were instances caused by a lack of adherence to security policies or simply ignorance on part of the individual, your business has the ability to address both issues. Training is an easy win in the long run of compliance.

This article was written by Kristina Weber of Centry Ltd. For more content like this, follow @CentryLTD on Twitter!

Cyber Security, Risk Management, Social Media

Centry’s Online Guide

Working in office situation

Security is more than the concept of a guard holding vigil over a point of access, or data breach of some far off corporation. Our readers may have noticed a common theme in our posts wherein we talk about security being only as strong as the weakest link. This is because the concept of protection is not an external force that works its way in, but rather it is highly personal, relying on a network of individuals to make conscientious choices.

Today, we are moving away from the grand scale of business security to focus on just one point: You.

Think about all of the ways that you almost automatically take precautions to protect yourself and your belongings in the physical space around you. You may lock the door when you leave your house, or ensure that your vehicle has an alarm to deter intruders. Maybe you choose to wear cross-body bags instead of ones that fit only over the shoulder. Perhaps your important documents are kept in a locked file cabinet.

All of these are precautions and measures taken to protect your belongings and livelihood.

But what about online?

Now consider all of the times you have entered your credit card information into a website as you were shopping. All of the emails you open and send. All of the apps on your smartphone. Perhaps, even, a VPN that you have chosen.

Are you protected?

Fortunately, we are here to help you! Over the past few months, we have written a variety of quick and easy guides to secure your online life. Here, we provide the breakdown for you. Empower yourself with knowledge, and feel free to share this master post!

Social Media

5 Tips for Smart Social Media

Hook, Line, and Sinker: Phishing on Social Media


4 Ways to Secure Your Email


4 Tips to Secure Your Smartphone


VPNs: What Not to Choose

We hope that you find this list helpful, and feel free to contact us @CentryLTD on Twitter or here on our blog if you have any questions or comments!

Data Breach

The Paradise Papers

Over the past week, we have been confronted with a steady stream of revelations from the Paradise Papers, which refers to a trove of 13.4 million files taken mostly from the offshore law firm, Appleby. The documents were obtained by Süddeutsche Zeitung, a German newspaper.

Appleby is a market leader in the offshore legal service provider business, with locations in Bermuda, the British Virgin Islands, the Cayman Islands, Isle of Man, Jersey, Guernsey, Mauritius, and Seychelles as well as Hong Kong and Shanghai. It’s a member of the “Offshore Magic Circle,” which is a global network of lawyers, consultants and other execs that advise companies in tax havens.

Since the Paradise Papers have made their way around journalism venues, Appleby made a statement criticising the media outlets for using information that may have “…emanated from material obtained illegally and that this may result in exposing innocent parties to data protection breaches.”

However, as evidenced by the Paradise Papers, we have been able to see that Appleby has a history of dubious clients. Among them, many are corrupt politicians, internationally sanctioned businessmen, and convicted tax evaders. Some examples of these include a suspected member of the Chinese mafia, a man who was extradited to Mexico for fraud, and a client with ties to financial gains from criminal activity – who was later murdered.

Money typically moves through tax havens in various countries mainly for the purpose of hiding the true wealth of the assets, to launder it, or otherwise evade taxes. People who do this are typically involved in large businesses or are wealthy individuals.

The first day of the disclosures revealed some big names, and among them were some 120 US politicians including Mr. Trump’s Commerce Secretary Wilbur Ross.

Ross has a stake in a shipping form that has millions of dollars in revenue from a company whose key owners include Putin’s son in law and a Russian oligarch that has been sanctioned by the US Treasury Department.

The firm is called Navigator Holdings, and it draws in millions of dollars transporting gas for one of its top clients – Sibur, which is a Russian energy giant. Although Ross sold off a number of other holdings, he retained an investment in Navigator, which continued to conduct business with Sibur even in the wake of the of the unrest in Ukraine.

Others reported in the papers include Stephen Bronfman – friend and advisor of Justin Trudeau, Queen Noor of Jordan, Uganda Foreign Minister Sam Kutesa, Brazil Foreign Minister Campos Meirelles and a Russian billionaire investor named Yuri Milner. The details on Milner additionally reveal large stakes in Facebook and Twitter, both of which have come under fire recently for airing US political ads created by Russians.

Another big firm to come under scrutiny is Apple. The Paradise Papers have shed light on the company’s search for a new place to bank after more than twenty years of benefiting from the artificially low taxes in Ireland. For years Apple funneled most of its overseas profits through Ireland, where arrangements with the Irish government permit the company to pay an artificially low rate of tax.

While in some cases, investing offshore is not expressly illegal, it is secretive in nature and can be twisted to suit nefarious purposes. It is difficult to obtain a clear picture of what someone is doing with their money when they are using five or six different offshore havens, especially because law enforcement does not have an easy time crossing borders.

For more content like this, follow us on Twitter @CentryLTD and check back for weekly updates on Centry Blog!