As car security has become more sophisticated, so have attempts to steal cars. The last method involved a device in the form of a Bluetooth speaker, access to a headlight and the trust of an unsuspecting Electronic Control Unit (ECU).
Dr. Ken Tindell, CTO of UK-based Canis Automotive Labs who has worked on vehicle electronics for automakers such as Volvo, offered an explanation on his site for how these thefts can occur, based on -se in your experience with a similar incident that happened. to his friend Ian Tabor.
What started as apparent vandalism — someone removing the front bumper of Tabor’s Toyota RAV4 from its clips — eventually resulted in a vehicle disappearing entirely. The first indication of what really happened was that Tabor’s MyT telematics system had registered a series of errors after his bumper had been pulled out of place.
Tindell and his friend Ian Tabor investigated the problem and discovered that the latest form of car theft involves attaching a device to the vehicle to bypass its security systems.
Read: Relay attacks make keyless entry cars surprisingly easy to steal
As Tindell explains, modern keys are secure enough to deter car thieves. Recently, this has led to an increase in the popularity of relay attacks (which use a device to extend the effective range of a key, allowing a vehicle to be unlocked), but some solutions to this are being developed, including keys that they go to sleep after a period of immobility.
This has given rise to something called CAN Injection. This uses a device to hijack the vehicle’s internal communications system where defenses are lowered. The downside of this system is that it has to be attached to the vehicle, hence the Tabor bumper pull. In the case of a Toyota RAV4 (Tindell is clear that there are devices like these for other vehicles from other manufacturers), the easiest physical access point is through the headlight.
Using a device that looks like a JBL Bluetooth speaker (so as not to arouse suspicion), thieves can get into the headlight wiring, which is connected to the rest of the car. From there, the device says the key is present, and since it’s already behind the vehicle’s strongest defensive wall (so to speak), it can easily fool the car into thinking it’s been to unlock and then boot.
The process actually requires a few more steps than that, but the good news is that there are simple fixes for this type of hack that can be implemented with an over-the-air software update.
Tindell says automakers can respond to the particular type of mayhem the Can Injector tool uses to trick a vehicle into opening by refusing to open the vehicle under those circumstances. This is more of a Band-Aid than a real solution, though. The second method would be to adopt what Tindell calls a “zero trust” approach, in which even messages shared on a vehicle’s internal network must be encrypted. This is not without its disadvantages, but it would be a reasonably permanent solution to the problem.
array(11) [0]=> string(245) "As automotive security has become more sophisticated, so have attempts to steal cars. The latest method involved a device shaped like a Bluetooth speaker, access to a headlight, and the trust of an unsuspecting electronic control unit (ECU)." [1]=> string(424) "
Dr. Ken Tindell, chief technical officer of U.K.-based Canis Automotive Labs who has worked on vehicle electronics for automakers like Volvo, provided an explanation on his site as to how such thefts can occur, based on his experience with a similar incident that happened to his friend Ian Tabor." [2]=> string(410) "
What started out as apparent vandalism – someone pulled the front bumper of Tabor’s Toyota RAV4 out of its clips – eventually led to a vehicle disappearing entirely. The first hint of what actually happened was that Tabor’s MyT telematics system had logged a number of errors after his bumper had been pulled out of place." [3]=> string(191) "
Tindell and his friend Ian Tabor investigated the issue and discovered that the latest form of car theft involves plugging a device into the vehicle to circumvent its security systems." [4]=> string(198) "
Read: Relay Attacks Make Keyless Entry Cars Shockingly Easy To Steal" [5]=> string(2285) "
As Tindell explains, modern keys are secure enough to deter car thieves. Recently, that has led to a rise in the popularity of relay attacks (which use a device to expand the effective range of a key, allowing a vehicle to be unlocked), but some solutions to that are being developed – including keys that go to sleep after a period of motionlessness." [6]=> string(534) "
That has led to something called CAN Injection. This uses a device to hijack the vehicle’s internal communications system where defenses are lowered. The disadvantage of this system, is that it needs to be hardwired into the vehicle, hence the pulling on Tabor’s bumper. In the case of a Toyota RAV4 (Tindell is clear to say that devices like these exist for other vehicles from other manufacturers), the easiest point of physical access is through the headlight." [7]=> string(417) "
Using a device that looks like a JBL Bluetooth speaker (so as not to arouse suspicion), thieves can splice their way into the headlight wiring, which is connected to the rest of the car. From there, the device says that the key is present, and since it is already behind the vehicle’s strongest wall of defense (as it were), it can easily fool the car into believing that it should unlock and then start." [8]=> string(262) "
The process actually requires a few more steps than that, but the good news is that there are simple solutions to this kind of hack that can actually be implemented with an over-the-air software update." [9]=> string(552) "
Tindell says that automakers can either respond to the particular kind of mayhem that the Can Injector tool uses to fool a vehicle into opening, by refusing to open the vehicle under those circumstances. That’s more of a band-aid than a real solution, though. The second method would be to adopt what Tindell calls a “Zero Trust” approach, in which even messages shared on a vehicle’s internal network must be encrypted. This isn’t without its downsides, but would be a reasonably permanent solution to the problem." [10]=> string(576) " "
array(11) [0]=> int(0) [1]=> int(1) [2]=> int(2) [3]=> int(3) [4]=> int(4) [5]=> int(5) [6]=> int(6) [7]=> int(7) [8]=> int(8) [9]=> int(9) [10]=> int(10)