How car thieves are turning ‘hackers’ to steal more modern models

[ad_1]

It is important to keep the vehicle’s software up to date, as we already do with phones and computers, to avoid intrusions. How car thieves are turning to ‘hackers’ to steal more modern models Getty Images Cars these days are basically computer centers on wheels. State-of-the-art vehicles can contain over 100 computers and millions of lines of software code. These computers are all connected to the internet and can operate all aspects of the vehicle. It is not surprising, then, that car theft has also become a high-tech operation. Onboard Computers The computers in a vehicle can be divided into four categories. Several of them are dedicated to operating the vehicle’s driveline, including controlling fuel, battery or both, monitoring emissions and operating cruise control. The second category is dedicated to providing security. These computers collect data from the vehicle and the external environment and provide functions such as lane keeping assist, automatic braking and reversing monitoring. The third category is infotainment systems, which provide music and video and can interact with your personal devices via bluetooth connection. Many vehicles can also connect to cellular services and provide WiFi connectivity. The final category is the navigation system, including the car’s GPS system. Computers in one category often need to communicate with computers in another category to function fully. For example, the security system must be able to control the transmission system and infotainment systems. One difference between your car’s network and a typical computer network is that all the devices in your car trust each other. Therefore, if an attacker can access one computer, he can easily access all the others. Getty Images One difference between your car’s network and a typical computer network is that all the devices in your car trust each other. Therefore, if an attacker can access one computer, he can easily access all the others. As with any new technology, some aspects of high-end cars make theft more difficult, while others make the thieves’ job easier. Anyway, there are several methods to steal a car that are made possible by current technology. Invasion of keys by approximation A feature present in several cars today is the key by approximation, which does not need to be inserted in the lock to open the doors or in the ignition to start. The technology is very convenient and works by transmitting a signal with a code, which pairs the key with the car. But unlike remote controls, which also unlock cars, proximity keys are always transmitting a signal, so as soon as you get close to your car and touch the door, it will unlock. On the older model, you had to press a button on the key fob to open the doors and then use the key to start the car. The first touch keys transmitted a digital code to the car and thieves quickly realized they could monitor the radio signal and make a recording. They could then replay the recording and unlock the car. To help with security, the new keys use a unique code to open the doors. To help with security, the new keys use a unique code to open the doors. Getty Images Another method of car theft involves using two devices to build an electronic bridge between the keys and the car. Here’s how it works: a person approaches the car and uses a device to trick the vehicle into sending a digital code used to verify the owner’s keys. The thief’s device then sends this signal to an accomplice who is close to the owner, who transmits a copy of the signal. When the owner’s key responds to the communication, the device next to the car owner sends a code to the other device next to the vehicle, which unlocks. The thieves can then drive off with the car, but once they have turned off the engine, they cannot restart it. Automakers are currently trying to avoid this type of scam by requiring the key to be inside the car for it to start. Information security on the rise: see how to enter the industry Hacking the network The networks used by all the computers in the same car to communicate are called CAN networks. They are designed to allow devices in a vehicle to send commands and information to each other. CAN networks were not designed for safety, as all devices are considered autonomous. But that premise leaves the car vulnerable to hackers. Car thieves usually try to break into the CAN network and, from there, the computers that control the car’s engine. The engine control unit stores a copy of the proximity key code, and thieves can clone it to start the victim’s car. Another method is to access a car’s on-board diagnostics through a physical port or wireless connection intended for repair technicians. Thieves who access the onboard diagnostics gain access to the CAN network. There are even gangs that break the glass of one of the headlights to reach a direct wiring of the CAN network. Retro attack Modern thieves also use a hack against the USB connection, which exploits a design flaw in Hyundai and Kia vehicles. This is more of an old-style “hot-plug” than a high-tech computer error, really. Basically, after breaking into the car, thieves look for a USB port on the steering column. They then insert a device that allows you to turn on the ignition. This technique became popular thanks to a gang of young car thieves in Milwaukee, United States, nicknamed the Kia Boyz, who gained notoriety on TikTok. Hyundai and Kia then released an update that requires the proximity key to be in the car to start it. Limiting Car Vulnerability Given that there are so many different car models, with increasing complexity, it is likely that there will continue to be new and creative ways for theft. So what to do? The tips are the same as always: keep your vehicle locked and don’t leave your keys in it. The newest advice, however, is to keep the vehicle’s software up to date, just as we already do with phones and computers. *Doug Jacobson is Professor of Electrical and Computer Engineering at Iowa State University *This article originally appeared on the academic news site The Conversation and is republished under a Creative Commons license. Read the original English version here.

[ad_2]

Source link