Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Transportation Technology

The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com) 44

An anonymous reader quotes a report from Motherboard: A man sitting in the driver's seat of a Toyota is repeatedly tapping a button next to the steering wheel. A red light flashes -- no luck, the engine won't start. He doesn't have the key. In response, the man pulls up an usual tool: a Nokia 3310 phone. The man plugs the phone into the car using a black cable. He then flicks through some options on the 3310's tiny LCD screen. "CONNECT. GET DATA," the screen says. He then tries to start the car again. The light turns green, and the engine roars. This under 30 second clip shows a new breed of car theft that is spreading across the U.S. Criminals use tiny devices, sometimes hidden inside innocuous looking bluetooth speakers or mobile phones, to interface with the vehicle's control system. This allows thieves with very little technical experience to steal cars without needing the key, sometimes in just 15 seconds or so. With the devices available to buy online for a few thousand dollars, the barrier of entry for stealing even high-end luxury cars is dramatically reduced.

The video showing the man using a Nokia 3310 to start a Toyota is just one of many YouTube videos Motherboard found demonstrating the technique. Others show devices used on Maserati, Land Cruiser, and Lexus-branded vehicles. Multiple websites and Telegram channels advertise the tech for between 2,500 Euro and 18,000 Euro ($2,700 and $19,600). One seller is offering the Nokia 3310 device for 3,500 Euro ($3,800); another advertises it for 4000 Euro ($4,300). Often sellers euphemistically refer to the tech as "emergency start" devices nominally intended for locksmiths. Some of the sites offer tools that may be of use to locksmiths, but legitimate businesses likely have no use for a tool that is hidden inside a phone or other casing. Some of the sites even claim to offer updates for devices customers have already purchased, suggesting that development of the devices and their capabilities is an ongoing process.
"At the moment, impacted vehicles are generally wide open to these sorts of attacks," says Motherboard. "The only proper fix would be to introduce cryptographic protections to CAN messages [...] via a software update."
This discussion has been archived. No new comments can be posted.

The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers

Comments Filter:
  • by Anonymous Coward

    The car makers will "introduce cryptographic protections" alright.

    Though they'll mysteriously do nothing against theft, being full of holes and shoddily done, but will serve nicely as argument that "right to repair" is simply impossible for "security reasons". As a bonus, they might even serve as argument that "you must've left the car unlocked" since the car "is cryptographically protected", so no insurance coverage for you.

    And we, well, the government's consumer protection agency, will perforce put up w

    • Was that an upgrade from the wagon, Joe?

      • by ksw_92 ( 5249207 )

        He can't tell you; he lost his license, now he don't drive.

        • Yeah but's got a limo and rides in the back. He keeps the doors locked in case he's attacked. Unfortunately he's in the US where that won't help. Somebody will just shoot him through the window.
  • by rsilvergun ( 571051 ) on Friday April 21, 2023 @03:43PM (#63468046)
    that if a thief manages to start it, well, I think they earned it.
  • by Slayer ( 6656 ) on Friday April 21, 2023 @04:16PM (#63468132)

    One of the simplest tasks in cryptography should be; build a device, which authenticates with another, independent device and thereby authorizes its operation. The connection used for this purpose is exclusive to this task (except for optional service and debug modes).

    Yes, it may prove a challenge, that this authentication device must run on a small battery for years, but at the same time its cryptographic engine is only energized when its owner intentionally activates it, which is a few seconds per day. The keys to open the car are kept secretly stowed away at the car maker, there's no public record or online data base for these key codes. If that car ever needs new keys, it can be a nightmare to get that done, and an expensive one, too.

    So here we are:

    • You can buy devices, which open all cars of a certain make.
    • You could buy devices, which opened all cars of a certain make, 20 years ago. The only thing which changed: back then it required a device with the form factor of a business briefcase, now the magic fits into a tiny old cell phone.
    • I have yet to hear of a car maker, which would not be affected by this issue.
    • Car theft is a rampant crime, which costs the insurance industry, and car owers, billions every year.
    • Yet barely anybody seems to care one bit about this problem ... you rarely read something about this issue even in car related news.

    Please someone explain to me the technical difficulty in creating a working, reliable and safe car key, which can not be imitated by a tiny gadget worth less than a new motor control unit. Until then I tend towards an explanation in form of "endemic mixture of criminal negligence, unmitigated corruption, and reckless incompetence"

    • by tlhIngan ( 30335 )

      Please someone explain to me the technical difficulty in creating a working, reliable and safe car key, which can not be imitated by a tiny gadget worth less than a new motor control unit. Until then I tend towards an explanation in form of "endemic mixture of criminal negligence, unmitigated corruption, and reckless incompetence"

      Incompetence actually.

      Before electronic keys, car keys used cheap wafer locks, known by the lock industry to be basically piss-poor security. Think about it this way - the lock on

      • by codebase7 ( 9682010 ) on Friday April 21, 2023 @05:43PM (#63468410)
        Actually it's an impossibility. You are asking for a secure method to access something that is more convenient (a key), and therefore less secure, than the secure method used to protect the entire system (the OBD-II port which can reset the allowed keys list). While demanding equal protections from both. Fast, Secure, Reliable. You can only pick 2. Trying to pick all 3 is fool's decision that leads to none of them working as intended. As is here.

        As for the car manufacturers... If they wanted actual security, they'd start not with crypto (which, given your implementation, is just DRM by another name, and DRM never works long term.) but with an ethernet switch port + Access Control List like design. People shouldn't be able to plug in random crap to the headlamp port to start a car [slashdot.org], any more than they should be able to use a cell phone to do the same. Having a basic list of what ports on the ECU can have what devices connected to them and limiting what commands those ports can receive as a result is fucking basic security. As is limiting the "secure" ports to physically secure endpoints. (I.e. You should need the key to be able to reach a secure port without damaging the car in a very visible and obvious way.) None of which requires any crypto to do. The fact that this is not the case already shows massive incompetence by the industry in basic physical security. Of which, no electronics can ever fix because they are dependent on it.
        • by JaredOfEuropa ( 526365 ) on Friday April 21, 2023 @06:05PM (#63468460) Journal
          “Having a basic list of what ports on the ECU can have what devices connected to them and limiting what commands those ports can receive as a result is fucking basic security.”

          Mod this up insightful.

          Some car manufacturers actually tried encryption. And then turned it off as it drove dealers crazy, and car owners got pissed that they were not able to add upgrades like a CD changer themselves (when those were still a thing).
          • People hate being locked out of their car when they don't have the physical key to the physical lock, and they hate being locked out of their car with cryptography to which they don't have the key. They also hate when their mechanic is locked out of their car.

            Encryption means it's "locked", and if you don't have a key you're locked out of your own car.

        • by Slayer ( 6656 )

          As for the car manufacturers... If they wanted actual security, they'd start not with crypto (which, given your implementation, is just DRM by another name, and DRM never works long term.)

          No, sir, this is not a DRM situation, unless the crook steals your key and copies it. The article, however, described little devices, which would open any car of a certain make, without the need to ever see that key, and different such devices available for a wide range of cars.

          I insist on that fact: a safe protocol as required for the implementation of a safe and reliable car key system, is old technology. The last necessary patent for such a thing must have expired years ago. It is up for grabs, it runs o

        • So correct - can't mod you up any further. So here is the truth, crooks can and do borrow dealer only diagnostic machines, and log /decrypt the protocols later. Many car dealers are going broke and belly up, and a bit of cash on the side is good for them. They also borrow and test ECU's from written off car wrecks, and will do ecu transplants if need be. Things are so bad, that the crooks know more than so called vehicle locksmiths. I will never buy a car off VAG, as a set of lost keys can stretch to over
        • by AmiMoJo ( 196126 )

          It's entirely possible to do in a manner that is at least as secure as a key.

          Public key crypto to authenticate, i.e. the car encrypts a random number and the key is the only device that can decrypt it.

          Add an accelerometer to the key that blocks authentication when it's not in motion. Only needs to be a tiny amount of motion, like it would get when on someone's person.

          Also add a strict time-out that requires the key to respond instantly, and send an encrypted frequency to respond on. That way a relay attack

    • The thing that makes this *hard* is that one does not want a lost key fob to render the vehicle useless. Therefore, there needs to be some way to deal with lost keys. And that blows up the whole security model.
  • What years of Toyota vehicles are vulnerable?
  • More like custom J2ME was loaded into the phone to cause it to send the appropriate unlocking codes over a serial link.

      But wording it as a 1960s spy novel is more "exciting".

  • And with a small hack you would be able to connect to USB as well.

  • All the ideas sound great but... This is easier than a tow truck, they use tow trucks when they can't start car easily. They often jam cellular gps tracking and remove tracking sim cards. They know exactly how to disable standard trackers. For cars with cryptographically secure systems they remove the ecu computer and replace it with one they brought along. This makes sense for specific high value cars and less suspicious than a tow truck. In other cases they break into the house and steal the keys. In s
  • How about a more precise description of the vulnerable platform(s)?

    Is a car that simply has an RFID fob vulnerable, or just cars that feature (say) app connectivity for remote start, etc

You are always doing something marginal when the boss drops by your desk.

Working...