A step ahead of the car thieves
KEEPING TRACK AS CAR THEFT EVOLVES We find out how the security experts at Thatcham have stayed a step ahead as car thieves move from brute force to hi-tech hacking
We meet security experts keeping watch as vehicle crime evolves
“No longer do crooks force entry to a car with heavy-duty tools; these days, they use a laptop, software and computer wizardry”
A SCREWDRIVER, hammer and brute force – that was all you needed to smash your way into a car and drive off with it 25 years ago. It was so quick and easy that thieves embarked on a car crime wave that saw 620,000 vehicle thefts and one million thefts from inside cars and vans on UK roads in 1992 alone.
But vehicle manufacturers and insurers vowed that enough was enough, and fought back, creating new vehicle security standards to stop thieves in their tracks. The continually evolving system to tackle criminal tactics over the past quarter of a century has helped bring car crime down by 80 per cent. In 2015, there were just 75,000 vehicle thefts and 200,000 thefts from motors.
The fight isn’t over yet, though, because new threats are constantly emerging. The CV of the modern car thief has changed and their armoury has been upgraded. No longer do they force entry with heavy-duty tools; instead, they use a laptop, software and computer wizardry.
The industry is facing these challenges head on, and at the forefront of this is Thatcham Research. Based in Berkshire, it’s a global leader in this field, having set up its security team in 1992 and developed the New Vehicle Safety Assessment (NVSA) structure, rating new cars in the UK market to help inform insurance groups.
The idea was so radical that Thatcham and its partners battled some countries in the EU, such as Germany, to include this test in their ratings, but over time, NVSA was accepted as vital. Now the standard drives global product development of security, and the UK’S processes have been rolled out as far afield as Asia and Australia.
These days, Thatcham’s engineers travel the world to analyse the latest methods and techniques used by thieves, too. This information can then be fed back into the NVSA guidelines to create new criteria, close weak spots in vehicles and try to stay ahead of crooks.
The NVSA standards have continually developed over the past 20 years with more changes scheduled for 2020 and beyond, in a bid to halt the progress of car thieves – or more accurately these days, car hackers.
Auto Express caught up with security expert Steve Launchbury at Thatcham Research’s Crime Lab to find out how the tests have changed and why drivers should be reassured that their pride and joy on the driveway is as safe as it can be.
Launchbury, Thatcham’s vehicle crime research project engineer, said: “I have been here for 20 years and seen the fall of crime, but also the shift as it’s become a lot more tech-based.” Back in the nineties, there was a focus on screwdrivers and hammers to smash glass or force locks, leading to the development of internal shields, reinforced locks and the removal of linkages to stop the “coat-hanger” trick.
Police reports helped direct these early tests. One included details that magnets had been found in the cabins of several stolen cars, which led to the introduction of ‘double locking’ to stop thieves breaking the glass and opening the door from the inside.
All this work started to pay dividends, with the early 2000s showing a reduction in car thefts. Launchbury said: “If you make it difficult, they will move on to
something else.” Unfortunately, those words rang true, and gradually, criminals became more technically minded with the mechanical elements now secure. This forced manufacturers to strengthen the engine control unit (ECU) protection, introduce encryption and start to mark cars.
Launchbury said: “Theft was still higher than we would like, but by introducing ID marking [in 2006], it deterred people from stealing vehicles to break them up for parts. Police can track it back to a stolen vehicle so it makes it difficult to create a ringer, and reduces the market.
“There’s a lot going on behind the scenes. Sometimes a criminal might get lucky, but more often than not, we’ve done everything we can in that area.” These huge strides made in vehicle security have meant the type of car theft
“We work with car makers to find a balance between tech and safety. But tech is starting to run away with itself” STEVE LAUNCHBURY Vehicle crime research project engineer, Thatcham Research
“Lone opportunists of old have made way for organised gangs stealing highvalue targets via computer software”
has changed, with opportunist lone operators replaced by organised gangs stealing high-value targets via computer software, often to be shipped abroad to order.
Technology like keyless entry offers criminals prepared to do their homework an easy way in. The NVSA had to introduce a parameter of two metres for keyless systems to meet insurance standards, and prevent long-range jammers – available for legitimate use on the market – from blocking signals on the same frequency. Car keys, for example, operate on the same frequency as garage doors.
“As much as we work with manufacturers to find the balance between tech and safety, there will always be a degree of car theft, even if it’s small,” said Launchbury. “If anything, it’s getting easier. There’s a fine balance as tech is starting to run away with itself.” The biggest problem facing the industry currently is on-board diagnostic port (OBD) access, which has exploded in recent years. This entry point, normally found under the dash, is used by dealers to plug in diagnostic tools to determine fault codes.
However, because of EU fair-trading rules that dictate any garage – not just franchised sites – must be able to access the OBD, criminals can do the same. While the full kit used by dealers costs £5,000, some gadgets are available for as little as £10. Both can be bought online by anyone.
Launchbury said: “We need to regulate buying of the OBD diagnostic tool. Anybody can buy it for your car; I gave evidence in a case recently and a judge could not believe it.” The problem first arose in 2013 and OBD protection – which includes physical “lockboxes” for the port – now falls under NVSA standards, but because the criteria had to be set up and product cycles of cars last for two to three years, the benefits are only now being seen.
And that time lag means Thatcham’s experts already need to be looking ahead, developing the next generation of testing to avoid giving criminals free passage.
Chief technical officer Andrew Miller explained: “We’re moving to the connected world with GPS, vehicle-to-vehicle and vehicle-to-infrastructure. All that provides opportunity to get into vehicle systems, so it’s an emerging threat.”
Smart entry will be added to the NVSA along with new cyber security assessments in 2020, while beyond that, Thatcham is working with Government and other cyber specialists to build a framework for manufacturers.
“It’s a story and it’s had an impact,” said Miller. “Manufacturers are responding to fitment of tech and reducing theft as a problem, and already we’re starting to talk to car makers about the future.”
CRIMINAL REVOLUTION Modern thieves are now more likely to work with a laptop than a hammer; car security needs to be able to stand up to this new threat
KITTED OUT Thatcham’s Launchbury (above, right) talks us through modern thief’s toolkit, and why the OBD port needs protecting