A new form of car theft is emerging in the United States, which targets vehicles equipped with the Smart Key electronic entry and starting system. Ken Tindell from Canis Automotive Labs documented a corresponding injection attack on the CAN bus (Controller Area Network) using a Bluetooth loudspeaker. A video surfaced in which an old Nokia 3310 cell phone is used to connect to the vehicle’s internal control system to bypass the immobiliser. During the attack, a simple input tool is used to feed fake messages through the serial data bus network, which then allows the compromised vehicle to be stolen.
The underground marketplace on the internet is growing, where products for bypassing safety precautions in cars are sold. With devices available online for a few thousand dollars, the barrier to entry for theft of even high-end luxury cars has dropped. The online magazine “Motherboard” came across numerous YouTube videos demonstrating this technology, and as a result, they also show devices used in Maserati, Land Cruiser, and Lexus vehicles. The providers of these devices often speak euphemistically of “emergency start” devices that are actually intended for locksmiths.
Tindell appealed to affected car manufacturers to issue a software update to prevent the functioning of the growing number and range of CAN input devices. In addition, encryption of the log messages is necessary. BMW did not respond to a request for comment, and Toyota takes the issue seriously, states a spokesman for the Japanese automaker’s US division.
Despite technical progress, thieves keep finding ways to circumvent existing anti-theft systems. The keyless go system, working similarly to a smart key, has long been considered unsafe. Attackers can, for example, extend all active radio codes from the car and the key with their transmitter and unlock the lock with a relay attack.
