>Car thieves found using handheld fobs to hack automatic car locks
#1
>Car thieves found using handheld fobs to hack automatic car locks
News
Car thieves found using handheld fobs to hack automatic car locks
2013
A mystery technology is allowing car thieves to pop open automatic car locks over the air using a hand-held device – but police have no idea how they’re managing to do it.
A surveillance video from Long Beach, Calif., captured the device in action, showing two thieves as they approached cars parked in driveways and proceeded to gain access to them with an antilock device of some kind that appears to function just like a standard key fob. Then they rifle through the car and take everything of value.
"This is bad in the sense we're stumped," Long Beach Deputy Police Chief David Hendricks told the Today Show. “We are stumped and we don't know what this technology is."
He added that even the car manufacturers have no idea what’s happening. Typically, the “unlock” button on a key fob sends a one-time encrypted code to the car telling it to open up – by virtue of the dynamically generated code, it should be impossible to clone a key fob. Also, the hack appears to work only on some makes and models. Security video shows the devices failing, for instance, when it comes to Ford SUVs and Cadillacs.
"We've reached out to the car manufacturers, the manufacturers of the vehicle alarm systems: Nobody seems to know what this technology is," Hendricks added. "When you look at the video and you see how easy it is, it's pretty unnerving."
The hack is spreading, too. Home security cameras in Illinois have caught the exact same behavior.
Car security is not a newcomer to the cyberthreat scene, it should be noted. Researchers at the University of Washington and the University of San Diego in 2010 created CarShark, a laptop-based program that can hack into telematics software to control engines, brakes, locks, alerts and more. Meanwhile, at the 2011 BlackHat security conference, iSec Partners unlocked and started a Subaru Outback using only their Android smartphones. By setting up their own GSM network, the researchers snagged authentication passwords by way of text messages. This gained them entry to the vehicle, and also allowed them to fire up the engine.
"It's interesting to see that the researchers have identified that most cars built since the late 1990s have a computer diagnostic port, since this port needs direct physical access to operate and therefore hack", said Barmak Meftah, Fortify Software's chief products officer, speaking to Infosecurity about CarShark. "But now these systems are being wirelessly enabled and held together with several tens of megabytes of code; it's a relatively small step to modify the code and allow hackers an easy and wireless back door into a car's computer system", he added.
As cars get smarter, and more connected, the threats simply increase. That's why last year, McAfee, Ford, Intel and others said that they were working on a way to “protect the dozens of tiny computers and electronic communications systems that are built into every modern car” by uncovering and locking up vulnerabilities.
"It used to be that drivers only had to worry about driving safely, following the rules of the road and maintaining their vehicle, but now vehicle owners have a new issue to worry about: IT security," said Neil DuPaul, a security researcher for Veracode, in a blog post. "Automotive companies are competing for our business, and are looking for ways to set their vehicles apart from all the other options consumers have. Enter connected cars. First introduced in luxury vehicles, these cars offer features that make driving more enjoyable and convenient. These features are becoming more common in cars at all price points, meaning consumers should be aware of the security issues they introduce."
This article is featured in:
Application Security • Identity and Access Management • Industry News • Malware and Hardware Security • Wireless and Mobile Security
Comment on this article
Car thieves found using handheld fobs to hack automatic car locks
2013
A mystery technology is allowing car thieves to pop open automatic car locks over the air using a hand-held device – but police have no idea how they’re managing to do it.
A surveillance video from Long Beach, Calif., captured the device in action, showing two thieves as they approached cars parked in driveways and proceeded to gain access to them with an antilock device of some kind that appears to function just like a standard key fob. Then they rifle through the car and take everything of value.
"This is bad in the sense we're stumped," Long Beach Deputy Police Chief David Hendricks told the Today Show. “We are stumped and we don't know what this technology is."
He added that even the car manufacturers have no idea what’s happening. Typically, the “unlock” button on a key fob sends a one-time encrypted code to the car telling it to open up – by virtue of the dynamically generated code, it should be impossible to clone a key fob. Also, the hack appears to work only on some makes and models. Security video shows the devices failing, for instance, when it comes to Ford SUVs and Cadillacs.
"We've reached out to the car manufacturers, the manufacturers of the vehicle alarm systems: Nobody seems to know what this technology is," Hendricks added. "When you look at the video and you see how easy it is, it's pretty unnerving."
The hack is spreading, too. Home security cameras in Illinois have caught the exact same behavior.
Car security is not a newcomer to the cyberthreat scene, it should be noted. Researchers at the University of Washington and the University of San Diego in 2010 created CarShark, a laptop-based program that can hack into telematics software to control engines, brakes, locks, alerts and more. Meanwhile, at the 2011 BlackHat security conference, iSec Partners unlocked and started a Subaru Outback using only their Android smartphones. By setting up their own GSM network, the researchers snagged authentication passwords by way of text messages. This gained them entry to the vehicle, and also allowed them to fire up the engine.
"It's interesting to see that the researchers have identified that most cars built since the late 1990s have a computer diagnostic port, since this port needs direct physical access to operate and therefore hack", said Barmak Meftah, Fortify Software's chief products officer, speaking to Infosecurity about CarShark. "But now these systems are being wirelessly enabled and held together with several tens of megabytes of code; it's a relatively small step to modify the code and allow hackers an easy and wireless back door into a car's computer system", he added.
As cars get smarter, and more connected, the threats simply increase. That's why last year, McAfee, Ford, Intel and others said that they were working on a way to “protect the dozens of tiny computers and electronic communications systems that are built into every modern car” by uncovering and locking up vulnerabilities.
"It used to be that drivers only had to worry about driving safely, following the rules of the road and maintaining their vehicle, but now vehicle owners have a new issue to worry about: IT security," said Neil DuPaul, a security researcher for Veracode, in a blog post. "Automotive companies are competing for our business, and are looking for ways to set their vehicles apart from all the other options consumers have. Enter connected cars. First introduced in luxury vehicles, these cars offer features that make driving more enjoyable and convenient. These features are becoming more common in cars at all price points, meaning consumers should be aware of the security issues they introduce."
This article is featured in:
Application Security • Identity and Access Management • Industry News • Malware and Hardware Security • Wireless and Mobile Security
Comment on this article
Last edited by Space; 08-08-2013 at 06:28 PM.
#2
Rossen Reports: Wave of auto thefts 'stumps' cops - Video on ... < Click 2 view `vid
►►
<cite>www.today.com/video/today/52104998</cite>
<cite></cite>
<cite></cite>
Last edited by Space; 08-08-2013 at 06:34 PM.
#4
Give me a Day or 3. I figure things out for a living. And electronics, computers and cars are my toys! Maybe I won't get it, But it sounds like a fun problem. Where can I get a copy of the video? Lol
#5
Sucks to get broken into but having them simply auto unlock the door beats smashing in the lock, breaking the windows and tearing up the inside, all for a $150 GPS and nothing else. I just can't comprehend causing $1000+ in damage to steal an item you can sell on ebay for $70.
#8
it's always good to be cautious and take extra care with your possessions. Problem is that every night when I go to bed, I do the rounds and look outside for anything out of the ordinary, then I lock the front and back door and pull the curtains aside on the front door and do another quick look. Then I realize it takes about 2 seconds to break in to a home or auto. If someone wants it bad enough they will get it, and unfortunately more often than not do some serious damage along the way, all for something you probably don't have a use for other than to sell.
Thread
Thread Starter
Forum
Replies
Last Post
dez2188
Monte Carlo Repair Help
1
08-20-2013 08:21 AM
James O'Conor
Monte Carlo Repair Help
8
06-26-2012 10:20 PM