In the past few decades, building a car has gone from being almost entirely hardware focused to adding a full fleet of software capabilities.
Most modern cars today have features that weren’t even around 20 years ago, including:
● Information and entertainment systems with voice assistants, connectivity for navigation, and streaming services
● Sensors to assist with safe driving or, in some cases, full self-driving capabilities
No worries,They won’t be robo-cars, because their imminent use has been canceled for a long time.
Anyway, in this context the automotive industry has been advancing, for example Volkswagen created Cariad, its in-house software company, which employs 5,000 software engineers and makes Volkswagen one of the largest software companies in Germany.
Now, with cars being as much a mobile computing platform as a vehicle, software it will only get more challenging and with that the risk of theft become more technology related…
Well, because now we have the “keyless car”
The new cars does not have a traditional metal key to open the doors or start the motor.
Instead, a digital fob, card or smartphone app is used to gain entry, and as long as the digital key is detected inside the car, a push button on the inside allows the car to be powered up.
Or using Fobs, compatible smartphones or RFID (radio frequency identification) cards that can emit a short-range “friendly” radio signal that carries only a few yards. When the associated vehicle is close by (usually within a few metres), the car recognises the signal and allows the doors to be unlocked — often by simply touching a door handle. The same process is used for the ignition on cars with start buttons; the digital key needs to be inside the car itself.
And if you use a digital key there is always a tech risk, like Keyless car theft.
When a thief accesses and steals your vehicle without the possessing the original fob or card.
If an attacker can compromise a mobile device, they could potentially control many of the applications on it including a user’s vehicle control app. The control channels between a user’s mobile device, the manufacturer’s cloud services, and the vehicle itself are another attack surface threat actors could leverage.
In 2016, during a show in Las Vegas Famed car hackers Charlie Miller and Chris Valasek have taken their 2015 a Jeep Cherokee to the next level: controlling its accelerator, brakes, steering, and electronic parking brake at more dangerous high driving speeds.
The biggest problem: Car's Apps
The latest scandal in the automotive industry has been KIA’s App
At least three mobile apps tailored to allow drivers to remotely start or unlock their vehicles were found to have security vulnerabilities that could allow unauthenticated malicious types to do the same from afar. Researchers say securing APIs for these types of powerful apps is the next phase in preventing connected car hacking.
Apps that allow drivers to unlock their car can let thieves do the same thing on their own phone if they can log in to the app as the vehicle’s owner. Someone can access the app of your car only with your email account and then have control of your car including opening your car, start the engine and in very sophisticated cases drive and break.
If a thief steals or hacks a driver’s phone, all they need to access the car is the username and password for the vehicle app, which may be stored in the phone itself.
The latest cars allow digital keys to be shared from one smartphone to another, which can be very convenient if you want to allow a relative or friend to borrow your car without being nearby to hand over a physical key, but it’s a new area of security concern.
Or USB ports on Kia and Hyundai
The videos shared on TikTok, known as “Kia Challenge” where the author uses a USB connector on a naked key slot and successfully hotwires a car; show how to remove the steering column cover to access a USB-A slot that can be used to connect to the car. This vulnerability exists on a type of ignition switch used in many Kia/Hyundai cars sold until 2021 in US and Australia, which are not equipped with an immobilizer system, because they are too expensive, increasing the total price of the auto #TRUEstory
Why only there, because countries like Germany and Canada required an immobilizer system by law.
The video was taken down on July 25, but it was already viral, and thousands of cars in US were stolen by adolescents, resulting in 4 deads.
Showing, again, that social media is use not only for good…
1. Intercepting your digital keys
There are multiple ways to intercept your digital keys, the two most famous are by signal relaying and key programming but this required a close physical approximation.
2. Signal relaying
Relay thieves use wireless transmitters held up to the front door or window of a house (or the handbag/pocket of a car owner), to capture the signal from a genuine digital key and relay it to a target vehicle. An accomplice standing close to the vehicle captures the signal, fooling the car into thinking the key is within range, allowing it to be unlocked. Once the accomplice is inside the car, the process can be repeated to start the engine.
And once inside the vehicle, a thief can also programme a blank fob to work with the car, allowing it to be sold on. This way is not that new neither, and requires zero effort to try to steal your key.
This is a two-man job that can be done in less than one minute.
Computer hackers have developed devices that plug into the port, boot up a vehicle’s software and then program a blank key fob. In keyless cars this can be used to start the engine as well as unlock the doors. The time needed for the programming process is as short as 14 seconds. The cost of programming gadgets on foreign websites is as low as 10 euros.