Remote auto theft targets connected cars
“Mouse jacking” a global trend as hackers crack security systems and thieves just keep . . . stealing
Gone in 60 seconds?
It can happen, and it often does, in less time than that.
And while cars are increasingly being electronically swiped these days by thieves hacking into vehicle security systems, many owners are still making simple mistakes leaving their vehicles wide open to theft.
So, if you value your car, why aren’t you taking the simplest of steps it takes to stop someone from stealing it?
Leaving a running car unattended — even for just a few seconds — outside a gas station, coffee shop, convenience store or the dry cleaners, is one of the best ways to kiss your wheels goodbye.
In fact, about 20 per cent of all vehicles stolen in Canada last year were driven off by culprits on the hunt for just that kind of break.
It’s a major auto theft scenario in big cities and small towns, a grand theft opportunity with the lowest risk of getting caught and the highest profit margin, as a stolen car complete with an original set of keys or a keyless entry fob is the perfect score.
“Thieves get more money when they steal a vehicle with the keys or the fob, so they really go out of their way to get at the ones left running and unattended,” said Rick Dubin, vice-president of investigations for the Insurance Bureau of Canada.
He said he’s amazed at how many police reports, from coast to coast, indicate that motorists had their cars stolen because they just stopped for a few moments and didn’t bother to turn them off and lock them up.
And the arrival of colder weather makes it more tempting for people to leave the car running so it’ll be warm when they get back.
“Just park outside a doughnut shop that doesn’t have a drive-through for an hour during the morning rush and it’ll surprise you how often it happens,” said Dubin, who has done just that to see for himself.
“A lot of people still leave their vehicles idling with the keys in the ignition, even high-end cars and SUVs, assuming nothing will happen in just a couple of minutes.”
Car thefts have been on the decline in the past decade because of immobilizers and other security advancements, but there was a 1-per-cent increase in thefts nationally in 2014, with a total of 73,964 vehicles stolen.
Following a rash of thefts of vehicles, predominantly high-end SUVs in Toronto’s affluent midtown area last spring, Toronto police issued a public warning that thieves “may have access to electronic devices, which can compromise an SUV’s security system” after investigators found no evidence of how many of the vehicles were taken. “The Toronto Police Service has received reports of the thefts of vehicles in a similar manner,” said Const. Victor Kwong, media relations officer. “They are under investigation.”
Whether the car thefts were the result of “mouse jacking,” a phrase coined in France where an astounding 74 per cent of car thefts in a four-month period were found to be done by thieves with electronic devices, remains to be seen.
It’s the higher-end vehicles, especially SUVs, thieves target the most in Ontario because of the great returns they get when sold in Africa, Asia, Eastern Europe, Central America and the Middle East.
Packed in shipping containers at the ports of Montreal and Halifax, as well as Vancouver, stolen luxury vehicles are routinely being seized by Canadian Border Services agents working in conjunction with police and insurance bureau investigators.
“We’ve found that a number of vehicles were being shipped in containers after being taken apart for the purpose of being reassembled at their destinations,” Dubin said.
“That’s a new trend. We saw the odd container before, but now we’re seeing that new pattern more often. And we’re seeing all different types, but predominantly newer 2013 to 2015 high-end stuff with a significant majority being all-wheel- and fourwheel-drive SUVs.
“We don’t know how they’re being stolen, whether they’re breaching immobilizers, targeting vehicles left running and unattended, getting at the keys and fobs, or towing them away.” Wireless theft A huge spike in the number of car thefts in which thieves electronically hacked vehicles in Europe has prompted researchers and the media to press manufacturers into making cars less vulnerable to hacking after it was found that the majority of cars stolen in France this year were hacked.
According to Traqueur, a French firm that specializes in the detection and recovery of stolen vehicles, 74 per cent of the vehicles stolen in the first four months of 2015 were electronically unlocked, started and driven away. “I find 74 per cent to be remarkable and I’m surprised it’s only in France that this is being raised because I genuinely believe these (devices) are being used, as they are readily available online,” said Raj Samani, vice-president and chief technology officer with Intel Security. “And I think mouse jacking would apply to Canada as well.”
After being suppressed for two years by a U.K. court injunction on the grounds the information would cause an explosion of made-to-order car thefts, the findings of British and Dutch computer researchers were finally released this summer.
The researchers from England’s Birmingham University and Radbound University in Nijmegen, the Netherlands, found that 26 car brands, including Audi, Fiat, Honda, Volvo and Volkswagen, as well as high-end brands such as Bentley, Ferrari, Porsche and Maserati, used immobilizers that were vulnerable to hacking.
By picking up the coded signals sent from car-key fobs to the vehicle’s security system, hackers can digitally capture the codes and use them to steal vehicles.
“Capturing signals and replaying them back is something we’ve known for some time now,” said Intel’s Samani. “In IT, we’ve been protecting against replay attacks for ages. That’s not new. Every component in a car is electronically enabled through ECUs (electronic control units), so making sure we have them protected is imperative.
“As the car that comes out today has been in the design phase for years, identifying the vulnerability and fixing it afterwards involves expensive recalls.”
Speaking at a security conference in Madrid, Samani was surprised by the answer he got when he asked car company reps about how many members of their security team were part of the innovation process. “And they were like: ‘None of us. Why would we have a security person there?’
“This is going to sound ominous but there is no such thing as ‘hack-free’ because there will always be vulnerabilities. The question becomes, how do you reduce the risk?”
Nonetheless, Samani is convinced the next generation of vehicles will not only be safer with systems that address the element of human error but also with more security features. No proof in Canada Although thieves may be using electronic devices to bypass vehicle security systems in Canada, insurance bureau investigators have yet to recover such a gadget used in a theft.
“There is a concern about that kind of technology being out there because a large number of certain manufacturers’ vehicles are being found at the ports, leading us to believe security systems of specific vehicles (brands) are being breached, but I have to stress we have no proof (of such a device),” Dubin said.
Using electronic devices and wireless connections, cyber thieves have managed to hack into on-board automotive systems to unlock and manipulate a vehicle’s connected components.
Electronic devices and programs capable of capturing the wireless signals of keyless entry fobs to unlock and remotely start cars are available online for as little as $17 to more than $700.
Last June, Fiat Chrysler issued a recall for 1.4 million vehicles in the U.S. after it was demonstrated that a 2014 Jeep Cherokee could be hacked to take control of engine functions, locks, and components that run a vehicle’s climate controls, stereo, windshield wipers and other connected features, all from a laptop miles from the targeted vehicle.
Researches have proved that sophisti- cated thieves using laptops with transmitters have the ability to determine carkey fob’s specific code by cycling through countless combinations until hitting on the right one that unlocks a door and remotely turns on the ignition, allowing the car thief to be driven off.
In August, the National Insurance Crime Bureau (NICB) conducted a poll at its annual training seminar asking a gathering of auto-theft investigators from around the globe what they knew about “mystery devices” thieves were using to breach car security systems.
The response was 74 per cent believed there are devices capable of unlocking a vehicle and 26 per cent said they did not, while 36 per cent were convinced such devices could also turn on ignitions. Only 8 per cent said they had actually witnessed the use of a device unlocking or starting a car.
But the NICB reported it had yet to find evidence in a single case where such a “mystery device” was used to steal a car anywhere in the U.S.
“It was just over a year ago the insurance bureau was the first to warn about the threat of these mystery devices,” said Jim Schweitzer, the agency’s COO, who conducted the poll at the seminar.
“Last year, this was barely a blip on the radar of law enforcement and theft investigators. Now it’s getting everyone’s attention, including the manufacturers who are the front line of defence against these devices,” he said in a news release.
While vulnerabilities in vehicle control and security systems to hacking is something all manufacturers are concerned about as they try to stay ahead of thieves, speakers at the Phoenix seminar said, by exposing the security weaknesses, hackers are actually helping car manufacturers build more secure systems.
In cases where stolen autos are recovered with the original set of keys or the fob, investigators suspect thieves target the pockets of people’s clothing, jackets and coats at restaurants, coat-check locations and house break-ins. Once a thief gets the fob, a person’s car is just steps and a remote horn beep away.
Anyone with information regarding car theft or identity fraud cases can help by contacting the Insurance Bureau of Canada’s tip line, 1-877-IBCTIPS. It works in conjunction with CrimeStoppers.