Car thieves have found a powerful new hack.
A new breed of car theft is spreading across the U.S. This method does not involve screwdrivers or clunky devices; seemingly, all it takes is an old phone from the ‘90s.
DON’T MISS: Two Major Car Brands are More at Risk of Being Stolen
In a brief clip uploaded to Youtube by Motherboard, a man is able to successfully turn over the engine of a Toyota Rav4 with a single cable and a click of a Nokia 3310 phone. The reality is a little more complicated.
The old cell phone is not the secret; it’s just a shell. Hidden within the Nokia is a tiny device that allows car thieves to connect with – and override – a vehicle’s control system, Dr. Ken Tindell, CTO of Canis Automotive Labs, wrote in a recent blog post. With relative ease, criminals are able to use these devices to turn over the engine of a car in just a few seconds, all without a key.
Motherboard found several websites and Telegram channels that were advertising the devices – some hidden inside JBL speakers – for between $2,700 and $19,600. These sellers, according to Motherboard, often refer to this tech as “emergency start” devices.
Tindell began researching these devices after a friend in the cybersecurity world – Ian Tabor – had his car stolen, apparently, with one of these devices. Tindell purchased one of the devices, which he was able to reverse-engineer.
The devices work through something called CAN (Controller Area Network) Injections. They access a car’s internal communication network and inject false messages “as if from the smart key receiver,” Tindell wrote. Cars trust these internal messages without verifying them, which makes the process relatively straightforward.
“The device does all the work for them,” Tindell told Motherboard. “All they have to do is take two wires from the device, detach the headlight, and stuff the wires into the right holes in the vehicle side of the connector.”
Tindell has, however, found a permanent fix: cryptographic messaging, an encryption that would force a vehicle to verify the authenticity of internal messages. The problem now lies in getting this fix implemented.
The Street has reached out to several major automakers – including Toyota – for comment, but did not immediately receive a response.
TheStreet, Inc. All rights reserved. Action Alerts PLUS is a registered trademark of TheStreet, Inc.
This story was originally published April 24, 2023, 5:21 PM.
Read the full article here