Tag Archive for: car

Crooks can hack your Honda’s key fob signal to unlock or steal your car

/in


When a manufacturer releases a defective product, it can volunteer to recall it. If the risk is significant enough, the government will step in and enforce it. Either way, the consumer may not know about the recall until later.

Regarding cars, problems with the mechanical parts, safety issues or software upgrades are the usual culprits. We compiled a list of the latest recalls affecting thousands of Fords, Nissans, Hyundais and Hondas. Tap or click here to see if your car is on the list and what you need to do about it.

No matter the fault, the line between cybercrime and the real world is becoming blurrier by the day. A technological trick is exposing Honda vehicles to criminals. The worst part is that the scheme is almost as old as some of the affected models, but luckily there is something you can do about it.

Here’s the backstory

When you park your car and walk away, how sure are you that the familiar beep from the vehicle indicates that it’s locked? You might hear the right sounds, but you’ll never know unless you go back to check.

In a research paper detailing how the Rolling-PWN attack works, the authors from Star-V Lab explain that the vulnerability has been known for some time. The research team tested 10 Honda vehicles ranging from 2012 to 2022 models, and guess what? All the tested vehicles failed.

Activating the key fob sends an electronic code to lock the car. The same code must be transmitted from the fob to unlock it. Each time you press the button, the rolling code system ensures that it increases the synchronizing counter. But criminals figured out a way to send the codes in a consecutive sequence, resynchronizing the counter.

“This weakness allows anyone to permanently open the car door or even start the car engine from a long distance,” researchers explained.

RELATED: Feeling pain at the pump? Check out these top 5 bestselling electric vehicles

Honda’s letting it go

This isn’t the first time that the problem has come to light. Two years ago, computer scientist Blake Berry and researcher Ayyappan Rajesh ran similar tests with the same results.

The pair tested 2016-2020 Honda Civic (LX, EX, EX-L, Touring, Si, Type R) models, while the Star-V Lab team…

Source…

Car thieves face curbs on online sales of key hacking technology fuelling surge in crime

/in


Criminal gangs of car thieves face new legal curbs to prevent them buying DIY devices online to hack keyless technology and steal vehicles.



TELEMMGLPICT000296745048.jpeg - Moment RF

© Moment RF
TELEMMGLPICT000296745048.jpeg – Moment RF

Ministers and police chiefs are considering legislation to close loopholes that allow the devices to be bought online on sites including eBay and Amazon.

Amid a surge in thefts, the Telegraph found firms freely selling electronic equipment to hack keyless cars, jammers to disable trackers and modern “skeleton” keys to open and drive away vehicles.

Police chiefs and motor manufacturers are concerned the ready availability of the technology is fuelling a rise in car thefts which increased by 14 per cent last year to more than 105,000.

Criminals are getting the equipment online and then “productionizing” it for cheap mass use by gangs of thieves, according to Thatcham Research, the motor insurers’ automotive research centre.

Kit Malthouse, the policing minister, held a summit of police and car industry chiefs last week to consider counter measures and is understood to be “open” to new laws to close the loopholes.

Assistant chief constable Jenny Sims, the National Police Chief Council’s (NPCC) lead on vehicle crime, said she was engaged in a “big piece of work” with the online firms to prevent sales of the devices to criminals and restrict it to legitimate businesses like garages, car dealers and locksmiths.

“We are looking at whether or not there are any legislative changes we can make, but at the same time we are working with sellers as legislation takes time. We’d rather do it voluntarily through the sellers who are cooperating,” she said.



TELEMMGLPICT000000835508.jpeg - PA

© Provided by The Telegraph
TELEMMGLPICT000000835508.jpeg – PA

It is not illegal to sell, buy or possess the technology but police can arrest prospective thieves if they have the equipment with them and can be shown to be “going equipped” to steal a vehicle.

One company based in Bulgaria offered an off-the-shelf “car relay attack unit.” This enables one member of a gang to scan and capture the signal from a keyless fob in a house before “relaying” it to a colleague by the car to open it and drive it…

Source…

Cybersecurity analysts warn motorists of car hacking, recommend trackers, others

/in


In a rapidly changing technology world ravaged by criminal activities, the era of smashing of car windows and hotwiring cars appears over with the emergence of hacking to steal vehicles.

Online sources define car hacking as when someone takes control of one’s car or some of the car’s systems remotely over the internet.

The vulnerabilities of cars have been exploited for many years, but new hacks are now possible due to the now-common internet capabilities of modern vehicles.

This is done by accessing a car’s computer systems through software such as CAN bus, Bluetooth pairing, or via physical access to connectors and ports. Technological advancements seem not to have kept up with the checking of these limitations.

One of the most infamous car hacks occurred in 2015 when two security researchers killed the throttle to a Jeep.

With modern technology, carjacking, jamming, cloning key fobs, defeating immobilisers and scanners are different methods used by hackers to steal someone else’s car. In fact, research shows that in the future, motorists may have to worry about vehicle occupants being driven remotely to specific locations by hackers and robbed of their vehicle.

Recently, the Nigerian Communications Commission warned Nigerians to be wary of hackers now unlocking vehicles for purpose of stealing and other vices, saying the new trend also offered hackers an opportunity to make away with the hacked cars.

According to the NCC, the ongoing cyber-vulnerability allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with cars.

The NCC stated, “The fact that car remotes are categorised as short-range devices that make use of radiofrequency to lock and unlock cars informed the need for the commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car.

“According to the latest advisory released by the Computer Security Incident Response Team, the cybersecurity centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote…

Source…

GM credential stuffing attack exposed car owners’ personal info

/in


General Motors logo on a building

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards.

General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points.

Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

Targeted in credential stuffing attack

GM disclosed that they detected the malicious login activity between April 11th and April 29th, 2022, and confirmed that the hackers redeemed customer reward points for gift cards in some cases.

“We are writing to follow up on our [DATE] email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization,” explains a data breach notification sent to affected customers.

GM states they will be restoring rewards points for all customers affected by this breach.

However, these breaches are not a result of a General Motors being hacked but rather are caused by a wave of credential stuffing attacks targeting customers on their platform.

Credential Stuffing attacks are when threat actors use collections of username/password combinations leaked in other sites’ data breaches to gain access to user accounts on a website.

“Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself,” explains a different data breach notification from GM

“We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.”

GM requires affected users to reset their passwords before logging in to their accounts again.

Personal information exposed

When the hackers successfully breached a GM account, they could access certain information stored on the site. This information includes the following personal details:

  • First and last name,
  • personal email address,
  • personal address,
  • username and phone number for…

Source…