Responsive Navbar Refined

The Hidden World of Car Hacking: How Vulnerable Is Your Vehicle?

by William Downing | September 26, 2024

The Hidden World of Car Hacking: How Vulnerable Is Your Vehicle?

As technology advances, our vehicles have transformed into sophisticated computers on wheels. While this evolution brings unparalleled convenience and features, it also opens the door to a new realm of vulnerabilities. Today, we’ll delve into the often-overlooked yet growing issue of car hacking and how it intertwines with the world of car theft.

The Cyclical Nature of Car Theft and Security

One of the most intriguing aspects of car theft, including hacking, is its cyclical pattern. Historically, as car thefts rise, manufacturers respond by introducing enhanced security features. These innovations initially lead to a decline in theft incidents. However, as these new systems become widespread, they attract the attention of hackers and criminals eager to exploit any weaknesses. Eventually, someone discovers a method to circumvent the latest security measures, leading to another spike in thefts — a cycle that continues to repeat.

We are currently witnessing an upswing in this cycle, not just due to the proliferation of car hacking knowledge, but because modern vehicles are introducing new attack vectors. Bluetooth, Wi-Fi, and cellular hotspots are becoming standard features, each representing potential entry points for hackers. While some of these attack vectors are still theoretical or less prevalent, one immediate concern stands out: key fobs and their associated radio frequencies.

Key Fobs: A Vulnerable Entry Point

Key fobs are integral to modern vehicle security but also represent one of its weakest links. Operating on radio frequencies, they are susceptible to being jammed, intercepted, and replayed by attackers. But how does this process work, and what steps can you take to protect yourself?

Contrary to popular belief, your vehicle is more likely to be targeted when parked at home than when you’re out in public. Thieves prefer the cover of night and the reduced risk of being caught in residential areas. When you press the unlock button on your key fob, it sends a radio signal with an embedded code to your vehicle, instructing it to unlock the doors. Attackers can use basic equipment to jam this signal, preventing your car from receiving it, or capture and replay the signal later to gain unauthorized access.

A HackRF One is a very common example of a tool that can jam radio signals from a laptop

Most modern vehicles employ a security feature called a “rolling code” or “hopping code,” which changes the unlock code each time the fob is used. This mechanism makes it significantly more challenging for attackers to reuse an intercepted signal. However, some vehicles, particularly older models or those from manufacturers that haven’t adopted this technology universally, may lack this feature.

For example, certain models from major manufacturers produced before the widespread adoption of rolling codes are more vulnerable. Honda was the slowest manufacturer to adopt these measures, as Hondas up to 2020 lack rolling codes. In these cases, a hacker can capture the signal and simply replay it to unlock the vehicle.

The Real Danger: Nighttime Relay Attacks

While many envision car theft occurring in public spaces during daylight hours, these scenarios pose a higher risk for the thief due to increased surveillance and the presence of witnesses. Instead, a more common method involves a relay attack executed at night. In this scenario, two attackers collaborate: one stands near your home with a device that amplifies the signal from your key fob inside, while the other stands near your car with a receiver. This setup tricks your car into thinking the key fob is nearby, allowing the thieves to unlock and even start the vehicle if it has a remote starter.

A night time replay attack, this whole process took less than 30 seconds.

Even vehicles equipped with rolling codes can be susceptible to relay attacks because the system is being fooled into authenticating the key fob’s presence.

The OBD-II Port: A Thief’s Gateway

Once inside, attackers often turn to the On-Board Diagnostics (OBD-II) port, located under the dashboard. This port, intended for mechanics to diagnose vehicle issues, can be exploited to program a new key or inject commands directly into the car’s computer system. With readily available devices, some costing less than $100, a hacker can connect to the vehicle and, in some cases, start the engine without the original key. There even exist remote OBD-II port devices which allow an attacker to inject commands such as brake or accelerate from a distance.

Example of an OBD-II Port and Placement

However, this method isn’t universally applicable. While all vehicles use the same Controller Area Network (CAN) bus, the commands and protocols for each vehicle’s computer system are unique, varying not only between manufacturers but also between different models and years. Hackers who specialize in car theft often focus on specific makes and models, acquiring the necessary knowledge through experience, online forums, or illicit databases.

CAN BUS commands sniffed in their raw hexadecimal format

The Cost and Accessibility of Car Hacking Tools

While the threat is real, it’s important to note that car hacking typically requires specialized equipment and technical expertise. Devices capable of intercepting and transmitting radio frequencies can range from a few hundred to several thousand dollars. Professional-grade tools, such as advanced signal relays and key programming devices, can cost upwards of $15,000. For organized criminal groups, however, this investment can be justified by the potential profits from stealing high-value vehicles.

Vehicles of all types continue to be, and will most likely always be, high-value currency in the criminal underworld. A commodity that has high value and is (relatively) easy to steal will always be sought after by thieves and professional criminals.

Staying One Step Ahead of the Hackers

As cars become more technologically advanced, the methods used by criminals to exploit them also evolve. For vehicle owners, awareness and proactive measures are crucial. Here are some steps you can take to protect your vehicle:

  1. Key Fob Protection: Use a signal-blocking pouch or Faraday cage for your key fob when not in use. This prevents unauthorized amplification of its signal. Make sure to get one from a reputable source, as many fake Faraday pouches exist online. If that’s not ideal, a second option can be to move your key fob as far away as possible from your vehicle while at home.
  2. Vehicle Security Updates: Ensure your vehicle’s software is up-to-date. Manufacturers often release patches to address known vulnerabilities.
  3. Physical Barriers: Park your car in a garage if possible. Consider using steering wheel locks or wheel clamps as visible deterrents.
  4. Aftermarket Security Systems: Install additional security features such as alarm systems, immobilizers, or tracking devices.
  5. Vigilance: Be aware of your surroundings. If your key fob behaves erratically, such as not locking or unlocking consistently, it could be a sign of signal interference.
  6. Education: Stay informed about potential vulnerabilities specific to your vehicle’s make and model.
Example of a Faraday Pouch

Conclusion

Car hacking represents a sophisticated and evolving threat in the modern age of connected vehicles. While it remains primarily the domain of professional criminals due to the technical expertise and equipment required, the increasing accessibility of hacking tools means that awareness is more important than ever. By understanding the risks and implementing preventative measures, vehicle owners can significantly reduce the likelihood of falling victim to this new wave of car theft.

In a world where our cars are becoming computers on wheels, staying one step ahead of potential threats is not just advisable — it’s essential.