You may have heard of the recent spurts in carjacking all over the globe by a new breed of smart thieves.
Perhaps you brushed it off as a problem only afflicting the latest smart cars that are increasingly tied to the internet.
Conversely, you may have brushed aside the problem as only being associated with older vehicles with more primitive systems.
But this is wrong on both counts.
The most common horror stories concerning electronic carjacking have been spreading across the internet over the last five to ten years, and they involve thieves intercepting earlier, less secure remote keyless entry systems.
Fortunately for most people, comprehensive auto insurance will cover their loss, which is probably the reason why there hasn’t been much panic among the general public regarding electronic carjacking just yet.
Generally speaking, the newer a car is, the more likely the owner is to purchase a comprehensive insurance policy.
As keyless entry cars get older, however, we will see more and more of these vulnerable cars on the road where the manufacturer’s warranty periods will have expired and they will no longer be offering free recalls of cars prone to electronic carjacking.
Just like older, unpatched operating systems, we can expect these aging technologies to become more vulnerable if ignored.
Bear in mind, as more and more of these older cars with older music players join the ranks of their auto brethren on the streets, the temptation among car thieves will start to escalate to much higher levels than it is at currently.
Demand drives supply, as we know, and the desire to acquire appropriate software and hardware for compromising cars is certainly not going to go down.
The last few years has seen the growing popularity of software defined radio systems. This has resulted in more and more sophisticated gadgets reaching the market for enthusiasts and prospective car thieves to experiment with.
(DefCon 21 presentation demonstrates hacking with software defined radio.)
You may be asking yourself why someone would spend so much extra money on SDR hardware when the simple $20 carjack kit mentioned earlier would do the job?
Because the rabbit hole goes much deeper than you think. Let’s take a quick look at how thousands of VW cars have been made prone to electronic carjacking.
The hardware used in the carjacking is easy enough to assemble. The trick, however, lies in reverse engineering VW hardware to retrieve one or more cryptographic keys stored in the remote entry computer.
This is not something your typical petty car thief can do unassisted, however today we do have the dark web complete with highly competent cybercrime groups where such work can be outsourced and shared amongst an organized ring of car thieves.
But did you think all you’d have to worry about is getting your unattended car stolen in a parking lot with CCTV recording every detail?
No. Since 2009,GM and other manufacturers have been fitting vehicles with theft recovery systems.
The cars equipped with the OnStar theft recovery system have a built-in kill switch which owners can activate if they wish, or it can inadvertently be activated by mistake due to oversight close to the time of purchase, or it can be activated by malicious intent.
If a car thief has access to the encryption keys in the OnStar firmware, then it would be quite simple to follow the vehicle while it is being driven in a remote location.
They could instruct it to slow down and stop, at which point an accomplice would hijack the vehicle without being on camera or with any law enforcement officials or security guards being nearby.
Besides your standard carjacking risk, this also makes kidnapping for ransom a lot easier as you can well imagine.
The newer a car is, the more complex its systems become. The number of electronic attack vectors also increase as it becomes possible for thieves to carry out activities like hacking your car’s music playerwithout even being nearby as you innocently plug in a USB key with some tunes.
It will also become easier for them to establish a long-term presence within your smart car. If they succeed in compromising the music player, this also positions them to perform attacks on the garage door opener. They can steal its codes and upload the information to the original thief.
This technique is referred to as System Persistence, where an attacker establishes a presence on two or more subsystems on the target—making it significantly harder to both detect and remove a threat.
It is already accepted that the NSA is no longer the only group with such a capability.