A new type of car theft has emerged in the United States, where i criminals use NOKIA 3310 phones to interact with the car’s control system.
A new method of theft allows a thief, even without technical experience, to steal cars without a key in 10-15 seconds.
Thanks to accessories that can be purchased online, the barrier to entry for theft of even expensive luxury cars is greatly reduced.
Ken Tindell, CTO of automotive cybersecurity company Canis Labs, He talked about the operation of the equipment.
All the thief has to do is break the headlight and disconnect the car wire. The hijacker can use open connections to access the CAN bus as well sending messages to the car’s internal system.
This method of theft is used for cars Toyota, Maserati, Land Cruiser and Lexus. On the Internet and in various Telegram channels, this technology is sold at prices ranging from 2700 to 19600 dollars. Despite their high prices, some refurbished NOKIA 3310 phones have components for less than $10, a chip with CAN hardware and firmware, as well as other CAN-related chips.
Researchers called the attack CAN Injection (Network Area Controller, CAN). In a CAN injection attack, thieves are able to send a false message to the car’s system to unlock the car and disable the engine immobilizer (anti-theft system), allowing the car to be stolen.
Once the device manufacturer allocates a vehicle-specific message, each device It will only take a few minutes to build. The whole job is to make a few wires.
According to the researchers, the only correct solution would be to introduce encryption protection for CAN messages. This can be done with a software update. “The software is simple and the only hard part is implementing the cryptographic key management infrastructure. But since new car platforms already use cryptographic solutions, this infrastructure is either already there or not yet built,” experts noted.
According to Ken Tindell, the issue is being actively discussed by various car manufacturers and there is every chance that in future generations of popular products the access to the CAN bus will be implemented differently or additional protection systems will be introduced, which will reduce the possibility. of car theft in this way.
The editorial staff of Red Hot Cyber is made up of a group of original people and anonymous sources who actively collaborate to provide critical information and information on computer security and information technology in general.