Gone are the days of crowbars and ignition short circuits. A tricking of the radio key is now getting old. Car thieves now use completely different systems to trick a vehicle’s electronics. Because not only the cars are becoming increasingly modern with a switch to electromobility, but also the form of theft.
Ian Tabor from London had to experience this himself. His fate is in the media: in April 2022 he reported vandalism on his car for the first time on Twitter. The front bumper and part of the paneling had been torn off – as well as the connector for the headlight wiring. Three months later again: this time he was annoyed by defective headlights and even more cracks in the paint. A little later, however, the plug-in hybrid disappeared. And: Tabor’s neighbor’s car, also a Toyota model, was also stolen. The vehicle was equipped with intelligent safety systems and an immobilizer, according to Tabor’s colleague Ken Tindell, who wrote in detail about the incident a few days ago on his technology blog “Canis Automotive Labs”.
Tabor, who happens to be an automotive cybersecurity researcher, got to the bottom of the mysterious disappearance of his car. He initially looked at Toyota’s “MyT” telematics system. After all, the control units in modern cars are networked with one another using so-called CAN (Controller Area Network) bus technology and enable diagnostics to be generated. If there is no communication between the control units, the system assumes that there is an error, which would then be displayed in the “MyT” app on the vehicle owner’s smartphone.
In Tabor’s car, communication with the control unit, which is responsible for the correct functioning of the headlights, was disrupted. That was probably not surprising, because the thieves had torn off the connecting cables. But there would also have been no communication with other systems, such as the control of the front cameras and the engine.
The cybersecurity researcher began researching car theft methods on the internet and dark web. He found out that an emergency start system was offered there that was camouflaged in the housing of a Bluetooth speaker. If you press the “Play” button on the speaker, you can unlock the vehicle and simply start the engine. The system is offered for various Lexus and Toyota models for three to four-digit sums of money.
Tabor bought such a device himself to investigate how it works together with his colleague Ken Tindell. According to his own statements, he managed a start-up some time ago that developed the CAN software that Volvo now uses in its vehicles. In fact, the thieves bypassed Tabor’s car’s entire smart key system by clicking into the CAN bus on the headlight connector and using a “CAN injector” to send the signal of a fake smart key. After all, they would have deactivated the immobilizer and outwitted the ignition.
Tabor told The Telegraph that the testing process took him about 30 seconds. “You plug the thing in. The engine makes whirring noises to deactivate the immobilizer. If you press another button, the doors unlock and the thieves can get in and drive off,” says the cybersecurity expert.
The adapted approach of car thieves is also noted by car insurance companies, writes the British daily newspaper “The Times”. The new generation of anti-theft devices developed from the well-known relay devices. Here, perpetrators sent a signal to the key in the owner’s apartment, which was then sent back to the car. The vehicle accepted this, after which it could be unlocked. “Thieves are now gaining access through the electronic components at the front of the vehicle without the need for a key or key signal, and using well-disguised devices that appear to be familiar electronic devices. This new trend seems to be spreading in London,” quoted ” The Times” a source.
In addition to Bluetooth speakers, thieves nowadays also use old mobile phones to unlock a modern car and ultimately start its engine. In some cars, for example, vehicle body parts can be detached to access wires that allow access to the vehicle’s electronic system. It often takes just 90 seconds for the vehicle to be taken over by the thieves.
Manufacturers are shocked at the ease with which cars can be stolen, Ken Munro of British security firm Pen Test Partners told The Times. “What we’re seeing is someone finds a vulnerability in brand x and vehicle x, recognizes it, ‘makes it a product’ and then sells it. Then there’s a sudden spike in thefts of a particular vehicle type.” The risk of car theft is by no means limited to Toyota models. Rather, vehicles from other manufacturers can also be stolen in this way.
According to Tabor’s colleague Tindell, however, this does not mean that modern vehicles today should do without electronic ignition systems for safety reasons. He points out that a “CAN injector” can be switched off, for example, by means of a software correction or the use of encryption and authentication codes. However, the right solution is to use hardware that means that one control unit does not automatically accept messages from other control units, writes Tindell.
Quellen: Canis Automotive Labs, The Times, The Telegraph