The Future of Hi-Tech Auto Theft

NicknamesAreStupid writes "Over the past twenty years, car theft has declined as new models incorporated electronic security methods that thwarted simple hot-wiring. The tide may now be turning, as cars become the next Windows PC. The Center for Automobile Embedded Systems Security has posted an interesting paper from UCSD and UW that describes how modern cars can be cracked (PDF). Unlike the old days of window jimmies, these exploits range from attacks through the CD or iPod port to cellular attacks that take inventory of thousands of cars and offer roaming thieves Yelp-like choices ('our favorite is mint green with leather') with unlocked doors and running engines."

Yes,

[Moheeheeko]

Yes I would download a car.

Re:Yes,

[forkfail]

What happens if the app store decides to disable your car, though?

Re:Yes,

[N0Man74]

Yes, in the future, when 3D printers improve by leaps and bounds and when the Music and Movie industries have won and it will become illegal to hum copyrighted works in the elevator, we will see Public Service Advertisements that say...

"You wouldn't steal a song would you!? Don't steal that car! Downloading a car is illegal!"

what will they do with stolen cars?

[alen]

one of the reasons auto theft declined is police busted and closed chop shops that took and resold the parts. and you can now buy cheap off brand parts for any car as well. not like anyone stole cars back in the day for personal use

Re:what will they do with stolen cars?

[hedwards]

That's one, but around here it's increasingly common for cars to be stolen and then returned hours later after having completed a drug run in the stolen vehicle.

Beyond that bait cars and lojacks as well as other countermeasures make it a lot more likely that car thieves will be caught before they can profit from their crime.

Re:what will they do with stolen cars?

[AlienSexist]

My understanding is that there is a very hot market for stolen whole cars in Asia, Mexico, and Central & South America. Driven across the border to Mexico for further distribution, sometimes by ship. Pickup trucks in particular are being taken for this purpose. You're right though. Most often cars are not stolen, only broken into for their contents or disassembled for valuable parts. Catalytic converter thefts have been very high because they contain various mixtures of platinum, palladium, rhodium and prices for those precious metals were very high. Just like there's been a huge rash in national copper thefts.

Re:what will they do with stolen cars?

Here in Texas, car theft is up because there is one type of vehicle highly sought after: Larger pickups, SUVs, and 4x4s in general. These are promptly taken to the border to smash through the excuse of a fence and to ferry weapons to Mexico, and narcotics/illegals back to the US. A good diesel 4x4 is prized down there because it can easily outrun police vehicles over the terrain. They also are taken to Mexico to be up-armored.

The trick I do with keeping the vehicle from being "borrowed" is the classic kill switch. However, I use two. One is for the fuel pump, the other one turns on and off the RFID antenna. This way, someone trying to clone a PATS key might get my key's serial number, but when they try to jam a clone in the vehicle, it will just give them the middle finger.

Re:what will they do with stolen cars?

[clm1970]

Yep. I had an older but still running Toyota pickup. I sold it to a couple of guys who were taking it to Guatemala. Make them come to the bank first so they could certify the bills were not fake as they insisted on paying in cash. DA's office said no known scam going around like that but it was a little freaky to say the least.

Re:what will they do with stolen cars?

Joyriding isn't stealing. At least not in the UK. Theft (aka stealing) requires an intention to permanently deprive, which joyriding lacks. Joyriding is why the offence of taking without consent (aka TWOCing) was introduced.

Re:what will they do with stolen cars?

[Shakrai]

That's one, but around here it's increasingly common for cars to be stolen and then returned hours later after having completed a drug run in the stolen vehicle.

The last time I parked my car in a New York City dirt lot it was returned to me with 30 extra miles on odometer. It was also washed, detailed and had a full tank of gas. I don't want to think about what they did with my car but at least they were polite about it....

Re:what will they do with stolen cars?

[johnny+cashed]

4runner is a truck, no need for a jack. They make pipe cutters with multiple wheels on a chain and a vise-grip like handle. It allows for plumbers to do repairs in tight spaces. Quiet, quick. Or just turn up your stereo while your buddy uses a cordless sawzall (TM).

Re:what will they do with stolen cars?

[Mashiki]

Here in Canada, auto theft is roughly the same. Most cars aren't chopped and sold. Anything from '09-99, they're devinned, and resold with a remarked vin from a wreck. Strip-vinning has long since gone out of style because it's a hassle, every part on cars made in the last 5 years or so has the VIN on it. From the windows, and bumpers, to the air and A/C compressor, down to the taillamp and wiring harness. So it did it's job. Their favorite targets are mostly cars/trucks/suv's in the '02-08 range where VINs were only stamped on engine/body frames. And where salvages are easy to find. So fair warning, see a deal, get it checked. And double check that dash VIN against the body, frame and engine. Otherwise, your vehicle is forfeit nearly everywhere to the owner, and you're out your money.

The new thing is to simply either pull up and drive away with the vehicle using a stolen tow, or they pay a tow driver on the side to dump a vehicle somewhere. And then strip out the computer and replace it with a new one along with a new keyset. These are then sold overseas, mostly in russia, china and the middle east.

Re:what will they do with stolen cars?

[GameboyRMH]

There's a truck in Texas with a kill switch, oh noes!

Re:what will they do with stolen cars?

[CyberTech]

Correct. They used a cordless tool to do it. There is video.. the only car that parked next to the truck all day only stopped for 90 seconds. That's all the time it took :)

why is the CD player on the same network?

[Trepidity]

It's not clear to me why the CD player should even be on the same network as the engine-related microcontrollers.

Re:why is the CD player on the same network?

Sometimes the electronics to control certain parts of the car are in the stereo to keep you from upgrading the stereo. Ford, for example, uses strange oval shapes to keep you from replacing their crappy stereo. Chevrolet in the case of my old Monte Carlo put the door chime and some of the interior light controls in the stereo. The work-around Best Buy did in my car was to move the original stereo to the glove compartment and leave it connected to everything but the speakers. In my wife's Lexus, the car wouldn't even start without the radio. I gave-up on upgrade the stereo in it. Car makers these days go to great lengths to make sure you do not get good sound in your car and buy any upgrades from them.

Re:why is the CD player on the same network?

[427_ci_505]

Depends on the car. The Corvette, for example, has three variants on the engine, each variant costing a different amount of money.

Re:why is the CD player on the same network?

[Ouchie]

The reason why the Car Stereo is on the same network is because too many people were buying cars with no stereo or the basic stereo then going to after market shops where they could get a much better stereo for the same amount of money. Manufacturers decided that to reduce this they would just make the car stereo a required part for the whole system to work. It gives you a good reason to pay $1200 for the stereo upgrade which we know isn't worth $600.

Re:why is the CD player on the same network?

You have a great point about Chevrolet. I install stereos for a living, and Corvettes have some very creative protections against replacing the stereos. GM really wants you to have to suffer with the absolutely horrible Bose stock stereo. GM uses non-standard line out voltages in the Corvette so you can't connect the head unit to a real amplifier. Also, they place the amplifiers in the door which doesn't leave you with enough room to put even a tiny Alpine amp in the door even if you ignore the air flow problems. A real amp will fit under the seat but only if you have one of the few Vettes without power seats. In addition they use proprietary thin woofers in the doors which, of course due to physics, sound horrible. The speakers are a weird and complicated size so you have to fabricate mounting brackets. Also the speakers are a nonstandard impedance so you can't drive them with a standard car amp. Even with all of that work, GM decides to take the door and key chimes away from you if you replace the headunit.

What all of that means is if you want to upgrade or repair any single component, you must replace the entire system.

Re:why is the CD player on the same network?

[Lumpy]

nope.

It's on the bus to listen for vehicle speed so the active volume can go up and down. Advanced one spit out channel and RDS data for the HUD. there is zero possibility to send out a "lock up the breaks" command from the car stereo into the CANBUS unless you rewrite the stereo's firmware first. and that is not gonna happen, There are a LOT of guys looking to hack GM and Ford satnav systems to get past the damn CANBUS VIN lock. They have had ZERO success in the past 5 years.

Re:why is the CD player on the same network?

[Lumpy]

Really? I seem to find it different.

Just helped a friend with his 2010 Vette 2 months ago, dingy thingy replacements are available at scosche for less than $25.00 so all your chimes are retained. Steering wheel controls are also easily adapted with a $79.00 box.

speaker upgrades are worthless as the Vette with premium sound that has the amps on the backs of the speakers sound better than any of the aftermarket stuff, speaker placement in the vette is crap anyways, $300 each drivers will not sound any better in that car, but it's easy to do with adapter plates from..... Scosche, that place again.

as for a "real amp" almost nobody puts in a 10,000 watt Rockford Phosgate anymore. replace the head unit with the new kenwood stanav one, hooked into the existing wiring for the speakers and simply removed the speakers and disconnected the "premium sound" amps.

All done. Anyone that has done car stereos in the past 2 years knows this, you dont have to " replace the entire system" not by a long shot.

Re:why is the CD player on the same network?

[BitZtream]

They aren't 'put in the stereo to intentionally make it harder' as you imply, but when you disconnect the stereo's internal bus, you do fuck up a portion of the cars' network.

GM really doesn't give a fuck if you put in a different stereo after you bought the car ... YOU ALREADY PAID FOR THE STEREO IN THE CAR.

Replacing the stereo is also rather trivial, you just need an interface kit that will interface your stereo with the cars data bus. These interface kits are well known (Best buy sells the damn things) and fit pretty much any car on the planet and make it work with any kind of stereo from old school analog systems to fully modernized systems with blutooth phone audio relays and text output to the display.

Its not the car makers that don't know what they are doing in your case, its you and best buy.

Re:why is the CD player on the same network?

[BitZtream]

Wow, you are one of the worst 'stereo installers' I have ever fucking met.

You do realize there is an interface kit for every GM vehicle on the planet that will make it 'normal' or 'industry standard', right? Give you standard line outs, standard speaker outs, will still make sure that you get all your interface sounds piped through your speakers like door chimes and warning bells, blinker clicks, ect ...

Whats great is you're talking about them using weird speakers shapes in places where ... NORMAL SHAPES WON'T FIT.

What all of this means is that you don't actually know what you're talking about.

GM only has 2 or 3 interface busses for the dash electronics in their cars and there are interfaces for all of them. Get a clue about your job.

Re:why is the CD player on the same network?

[garyebickford]

To entertain the arm candy.

yo.

[grub]

So the other day I was on the bus and I saw this hot woman driving a car. I pulled out the iPhone, SSH'd into home and ran nmap on her license plate.

LOL, stupid woman didn't notice her gas cap was left off from the last fill but nmap caught it. Used nc to push 'fire.jpg' into her tank and she blew up.

True story, fucker.

Car security has been plummeting for ages

[Riceballsan]

In many many ways we've been opening more security holes in our cars as time progressed, the wireless unlockers. Even if we pretend that wireless isn't heaven to sniff and spoof. People leave their keys out in all sorts of public places, not everyone locks them up at the gym, most people leave them unattended at a waterpark or beach etc... before wireless that was reasonable, no-one is going to steal my keys because there are 500 cars in the parking lot, nobody can try each one. now with wireless, if you steal someones keys, you can just walk around the lot and push a button to make it beep and find out where the car is.

Re:Windows PC?

[kiwimate]

It's a stupid flamebait analogy. The summary goes like this

* Windows PCs are as secure as a piece of tissue paper (LOL, for teh win!)
* Cars with their increasingly computerized systems are now becoming vulnerable to hacking.
* Windows PCs are vulnerable to hacking.

I don't quite get it

[kav2k]

We need a car analogy here.

Re:Windows PC?

[SQLGuru]

The concept is that electronicly secured cars become wide-spread and common. It was why Windows PCs were attacked with viruses first. Now that Mac is more common, you see more attacks against them. It's why you see malicious Android apps. Soon, you'll start seeing malicious car apps......

It's all about wide spread opportunity. You need a lower percentage of successful attacks as the number of targets increases.

Re:Wrong demographic

[DMUTPeregrine]

I think you're (somewhat) wrong. Initially it won't mean much, but just like pre-packaged malware suites for credit card fraud (ZeuS being the biggest example) point-and-drool interfaces for car theft will be made eventually.

MagnaVolt

[sycodon]

I'll stick with my trusty MagnaVolt System.

Re:Windows PC?

We had car analogies for computers, now we have computer analogies for cars.

Re:Sometimes hi-tech is not the best solution....

[CanHasDIY]

Well, here is the same, but in our case if a theft ring wants your car they just show up with a .22 on your window...

You must not live in a right-to-carry state, if thieves are carjacking folks with pea-shooters...

'Round these parts, that's the fastest way to get your ass blown off by someone with a real gun.

Re:Wrong demographic

[phoenix321]

Remember Stuxnet.

Covert assasination anyone?

Implant a well-disguised piece of trojan code inside an ECU of opportunity.

Have it triggered at a specific speed, at local nighttime. Disable brakes, lights, airbags and stomp on the accelerator. If any crash is detected, quickly recover the firmware to an original, untampered backup that was stored away somewhere beforehand.

Crash investigators will find nothing but "reckless speeding" to be the cause.

bluetooth dongles on OBD-II

[nazsco]

always wondered. you can pretty much drive by some OBD-II ports... bmw can be started even by my old obd-I.

and lots of people buy those bluetooth dongles just so they can have an extra tachometer on their iphones on the dash.

may not be so usefull for stealing the car... as i doubt it has power when the car is off... but may very well be the case, i don't know. But imagine sending the acelerate signal on the highway to everyone around you that has such device