Stealing cars used to involve breaking a window and jacking the ignition with a dent puller. Now you can do it with cheap hardware bought online.
After pouring himself a cup of coffee, Nick Bilton, a tech reporter at The New York Times, saw an unusual sight outside his window, where his 2013 Toyota Prius was parked:
I saw two teenagers on bikes (one girl, one boy)…. I watched as the girl, who was dressed in a baggy T-shirt and jeans, hopped off her bike and pulled out a small black device from her backpack. She then reached down, opened the door and climbed into my car. As soon as I realized what had happened, I ran outside and they quickly jumped on their bikes and took off. I rushed after them, partly with the hope of catching the attempted thieves, but more because I was fascinated by their little black device. How were they able to unlock my car door so easily?
It turns out the car thieves were using a cheapo power amplifier, which does nothing more complicated than signaling the key fob — in this case, on a counter in Bilton’s house — that it should open the car door when the handle is lifted. The poor guy ends up putting his key fob into the freezer so the bad guys don’t get in again, but let’s hope better options appear soon.
It’s a small board with $26 worth of electronic parts (an Arduino mini pro, resistors, a voltage regulator, Ethernet cable, LCD and SD card reader among them) that plugs into a car’s Controller Area Network (popularly known as the CAN bus) to enable all kinds of remote mischief.
The device Bilton’s thieves had allows them to merely get into the car, not start it. But that Radio Shack stuff above, when plugged into the car’s CAN bus, gives the bad actors complete control over braking, steering and power windows — using just their cellphones and Bluetooth. They could steal a self-driving car remotely and have it deliver itself to their hideout.
The go-to guy in Congress on these issues is Sen. Edward Markey (D-MA). He issued a report in February, based on automaker inquiries his office conducted, that found:
- Nearly 100 percent of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real time, and most say they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.
Full article > http://tinyurl.com/yacmxbtb