Upon arriving at your residence, you casually place your car keys on a nearby table by the front entrance. This seemingly innocuous act is all it takes for modern thieves to execute a “relay attack,” intercepting the signal from your key fob, and subsequently unlocking and stealing your vehicle. This is just one example of the advanced techniques that criminals are using to steal cars.
In recent years, it has been noted by experts that…
Thieves have been increasingly focusing on cars with keyless entry systems by hacking into the computer systems that control the car’s communication network.
It takes less than one minute to reprogram a key fob.
A new technique that has caught the interest of car security specialists is known as the “CAN bus attack.” The term “CAN” represents “controller area network,” and it refers to the electronic system in cars that uses messages to enable communication between different components of the vehicle.
Stealing through text messages: Vehicles at risk of being hacked.
Lobello stated that the vehicle’s nervous system is located in its center and is responsible for processing all functions. This system allows for tasks like deleting and programming keys, as well as communicating with the vehicle.
Lobello claims that key fob reprogramming tablets, commonly used by locksmiths and security experts, have either been stolen or can be purchased legally online by criminals seeking to exploit vulnerable vehicles.
We won’t reveal exactly how he did it, but Lobello used one of these tablets to demonstrate how quickly he could gain access to a vehicle’s main frame and reprogram a key.
He was able to finish in under a minute.
High value target
Ivy Stryker from Farmington, Michigan experienced the CAN bus attack twice, the first time while their car was parked against a brick wall at an apartment complex.
At approximately 1 a.m., Stryker was awoken by the sound of his phone and iPads. As he rushed outside, he discovered a stranger inside his car, with another vehicle parked next to it. Stryker noticed that the person was climbing out of the moonroof.
Stryker was well aware of the allure his Dodge Charger Hellcat would have for potential thieves, so he had a security system installed in order to safeguard it.
Stryker stated that upon seeing the object, they were already aware that it was a highly targeted vehicle for theft.
1 out of 10 cars that are most likely to be stolen.
The Charger SRT Hellcat has been identified as the most targeted vehicle from 2020 to 2022, according to a new report by the Highway Loss Data Institute. It ranks first among the top 10 cars at risk for theft.
60 times more likely to be stolen
This car was built during a specific time period and is superior to all other cars built during that time.
Matt Moore, the senior vice president of the organization, advised Hellcat owners to inspect their driveway due to the astonishing numbers revealed on the institute’s website.
There has been an increase in overall car thefts throughout the country among various brands and models. In 2022, over one million vehicles were reported stolen, marking the highest amount since 2008, according to the National Insurance Crime Bureau (NICB), an organization that monitors yearly occurrences of car thefts in the insurance industry.
Approximately one vehicle is stolen every 30 seconds.
Attempting to stay ahead of the game.
According to David Glawe, President and CEO of NICB, criminal groups and individuals are constantly seeking to uncover security protocols and find ways to bypass them.
Glawe stated that they collaborate with insurance companies and manufacturers to detect vulnerabilities and reduce the gap. However, they constantly have to stay ahead of criminals, who are also constantly trying to outsmart them.
The bureau has been reporting the amount of cars that were stolen because of keys being left inside, which totaled 287,024 from 2019 to 2021. However, this only accounts for a small portion, 11%, of the overall number of cars that were stolen during this timeframe, which was over 2.6 million.
Experts in security and law enforcement provide tips on how to avoid theft of keyless cars.
Glawe stated that they possess accurate and unaltered data on stolen cars. However, the method of theft is determined by the authorities in the specific area. When creating a record and providing details, it is important to include this information in the police report. If it is not recorded in an algorithm or report, it can be difficult to trace.
The NICB informed us that they do not provide a detailed breakdown of how the vehicles were stolen, and we also discovered that the automotive industry does not monitor this information either.
Car manufacturers offer limited responses
In July 2022, Senator Ed Markey of Massachusetts, a Democrat, expressed concern about the potential increase in vehicle theft due to keyless entry systems. He sent letters to 17 car manufacturers, urging them to take necessary measures to prevent keyless entry systems from becoming a security vulnerability for thieves to exploit.
Out of the twelve replies received, car manufacturers expressed a dedication to preventing theft. However, none were able to disclose the specific number of stolen vehicles or the tactics employed by car thieves.
Industry professionals recommend that car manufacturers monitor this information in order to address the increasing number of car thefts.
According to Clive Wain, a former detective who currently serves as head of police liaison for Tracker UK, a company dedicated to retrieving stolen cars in the UK, having knowledge of how vehicles are being hacked is crucial in taking action against it.
During the 1980s, there was a significant increase in hot-wiring thefts, which pushed auto manufacturers to improve the security of vehicles. This resulted in the advancement of vehicle locking mechanisms and the development of more advanced key systems and immobilizer technology.
According to Wain, criminal groups have improved their ability to extract data from transponder fobs, using the vehicle’s onboard diagnostic device to clone and transfer the information onto a “donor” key for the same make and model of car.
Car owners have been cautioned about the possibility of their key fobs being susceptible to hacking.
Around 2015, in the United Kingdom, there were reports of electronic breaches involving keyless entry vehicles being introduced by some manufacturers. These incidents were attributed to a technique known as the “relay attack,” which has since become the most common method of compromise. In more recent times, there has been a noticeable increase in attacks on CAN bus systems.
Tracker UK regularly gathers data on monthly instances of high-tech car theft.
In July 2023, it was reported that there was a significant increase in keyless car thefts in the U.K., with 98% of all recovered stolen vehicles being stolen through this method during that month.
According to Wain, manufacturers are constantly updating vehicle locking technology for security reasons. However, this technology is quickly being reverse-engineered within a short period of time. Wain believes that manufacturers have been aware of this vulnerability for a while, but it takes a significant amount of time and resources to implement new technology in the production process.
According to Wain, keyless entry technology was first created and implemented in luxury cars, but it has now spread to common vehicles, making them easier targets for attacks and breaches.
Steve Lobello agrees.
He stated that over 90% of cars are at risk and that there is a wealth of information on accessing car technology, easily accessible through platforms like YouTube and social media.
He remarked, “Thieves don’t have to attend school to acquire the skills to use this device. YouTube serves as their educational platform.”
With an increase in car thefts, numerous thieves are able to enter the United States without being properly screened at the border.
Lobello advises his customers to install an after-market security system, specifically the IGLA system, to combat the increasing risk of high-tech car theft. These systems, with a price tag of up to $1,200, act as a barrier against CAN bus attacks and require the driver to input a pre-set code using a series of factory buttons to start the car. Even if a thief gains access to the car’s CAN bus, the car will be rendered immobile without the secondary button code verification.
Lobell successfully installed a system in Ivy Stryker’s Dodge Charger, resulting in a profitable return on investment.
Two separate attempts were made by thieves to steal the car, but both were unsuccessful. In one instance, the car did not start and the criminals attempted to use a second car to push it, but they only managed to travel 17 miles before abandoning the Dodge on the side of the road. The car was later located using GPS by Stryker.
Stryker holds the belief that it is the responsibility of automakers to address and resolve the issue.
Stryker stated that the current situation is too simple and that the burden should be on the manufacturer to improve their security measures as much as they can.
Stellantis, the manufacturer of the Dodge Charger, stated to CBS News that their cars comply with or surpass all federal safety and security requirements. However, they also remind drivers to be cautious in securing their vehicles.
According to experts, there is no need for consumers to spend money on costly security systems to protect against “carhacking.” Other measures such as keeping keys in a metal container, signal-blocking pouch, or “Faraday Box” can also help prevent relay attacks.
The National Insurance Crime Bureau suggests using a “layered approach” to security, which includes installing physical measures such as steering column locks, alarms, and tracking devices. Surprisingly, technologically advanced thieves may be discouraged when faced with more basic forms of protection.