The almighty phone can now start a car engine.
A new type of car theft has emerged in the US, in which criminals use NOKIA 3310 phones to interact with the vehicle's control system.
A new hijacking method allows a thief, even without technical experience, to steal cars without a key in 10-15 seconds. Thanks to devices that can be bought online for several thousand dollars, the barrier of entry to stealing even expensive luxury cars is drastically reduced.
Ken Tindell, CTO of car cybersecurity company Canis Labs, spoke about the operation of such devices. Essentially, the device does all the work for the hijacker. All the thief has to do is hack the headlight and rip out the car's wiring. After that, the hijacker can connect the device to the CAN bus and send messages instructing the internal systems of the car to remove all blockages.
This method of theft applies to Toyota, Maserati, Land Cruiser and Lexus vehicles. On the Internet and in various Telegram channels, this technology is sold at prices ranging from $2,700 to $19,600. Despite their high prices, some modified NOKIA 3310 phones contain components for as little as $10 - a chip with CAN hardware and firmware, as well as another chip related to with CAN.
The researchers called the attack CAN Injection (Controller Area Network, CAN). In a CAN injection attack, thieves have the ability to send fake messages to the car's system as if they were coming from a smart key receiver. These messages allow you to unlock the vehicle and disable the engine immobilizer (anti-theft system), allowing the vehicle to be stolen.
Once a device manufacturer reverse-engineered vehicle-specific messaging, each device would only take a few minutes to build. The whole job is to solder a few wires.
According to the researchers, the only correct solution would be to introduce cryptographic protection for CAN messages. This can be done with a software update. “The software is simple and the only hard part is implementing the cryptographic key management infrastructure. But since new automotive platforms are already using cryptographic solutions, this infrastructure either already exists, or it still needs to be built, ”the experts noted.
According to Ken Tindell, the problem is being actively discussed with various automakers, and there is every chance that in the next generations of popular brands access to the CAN bus will be implemented in a different way, or additional protection systems will be introduced, which will reduce the likelihood of car theft by this method.
Earlier this month, Ken Tindell also described a way to hijack cars using a JBL Bluetooth speaker, based on direct access to the system bus through the headlight wiring. The worst thing is that cars of many brands are subject to this method, since in almost all modern models the wiring is organized in a similar way. The first to sound the alarm was Ian Tabor, a cybersecurity researcher and automotive consultant for EDAG. His Toyota RAV4 was prepared for theft for several days, gradually breaking into external electronic components.