Tag: cars | Page 3

Thieves Key on Hack That Leaves Hyundai, Kia Cars Vulnerable

September 24, 2022/in Computer Security

DETROIT (AP) — Some Hyundai and Kia cars and SUVs are missing a “key” anti-theft device, and thieves know.

An insurance industry group says these cars are stolen at nearly twice the rate of the rest of the auto industry because their keys lack computer chips for theft “immobilizer” systems.

The thefts apparently started in the Milwaukee area two years ago and spread to multiple Midwest cities and as far away as Colorado and New Mexico after instructional videos appeared on social media.

The Highway Loss Data Institute, a unit of the Insurance Institute for Highway Safety, found that Hyundais and Kias without immobilizers had a vehicle theft claim rate of 2.18 per 1,000 insured vehicle years. The rest of the industry combined had a rate of 1.21. An insured vehicle year is equal to one vehicle insured for one year.

The institute, which issued its findings on Thursday, compared vehicles from the 2015 through 2019 model years. It studied vehicle theft claims from 2021.

Chip keys, which started to show up in the 1990s, communicate with another chip in the ignition switch. If they match, the engines will start. If they don’t match, a thief can’t start the engine.

Keys don’t have an immobilizer system in several lower-priced versions of vehicles from the two South Korean automakers such as the Kia Rio and Sportage and the Hyundai Accent, the institute said.

“Our earlier studies show that vehicle theft losses plunged after immobilizers were introduced,” said Matt Moore, senior vice president of the institute. “Unfortunately, Hyundai and Kia have lagged behind other automakers in making them standard equipment.”

In the 2015 model year, immobilizers were standard on 96% of other manufacturers’ models, the institute said. But they were standard on only 26% of Hyundai and Kia models. The carmakers haven’t explained their decision to not include immobilizers on some models.

Videos show thieves prying the ignition cover off the Hyundai and Kia vehicles, then using a screwdriver or USB cable to start them and drive away.

Last year in Milwaukee, 66% of the 10,476 stolen vehicles were Hyundais or Kias, according to the Milwaukee Journal Sentinel newspaper….

Source…

All cars will be connected to the internet ‘by 2026’ – Expert tips to stop hackers

May 30, 2022/in Computer Security

More info As vehicles and homes get more digitally connected it provides thieves and hackers with a range of opportunities to access valuable data, leaving the public more vulnerable to fraud and …

Source…

Keyless hack can unlock and start cars — including Teslas

May 17, 2022/in Internet Security

Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of electric vehicles.

A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group.

By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said.

The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as a method that hackers exploit to unlock smart technologies, including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in the lock app.

A…

Source…

New Warnings Show How Hackers in Nigeria Can Remotely Steal Cars – IT News Africa

May 16, 2022/in Computer Security

Hacker Stealing Car — Image sourced from Car Throttle.com.

Nigeria’s Communications Commission (NCC) published a warning yesterday advising drivers in the West African country to beware of a new cybercrime method being used by hackers where car doors can be opened and vehicles can be started without keys, all done remotely while the criminals hide nearby.

According to the NCC, owners of Honda and Acura-model vehicles are the most susceptible to these kinds of new attacks.

The NCC discovered these new grand theft auto methods via investigations made by the Computer Security Incident Response Team (CSIRT), a cybersecurity body established to protect the country’s telecom sector by the NCC.

According to CSIRT’s report, released to the media by Dr Ikechukwu Adinde, Director Public Affairs at the NCC, there is an existing cyber-vulnerability with certain makes of vehicles that allows hackers to remotely unlock vehicles, start their engines wirelessly and then steal the cars. The only requirement is that the hackers be nearby the vehicles to allow the process to take place.

“CSIRT discovered that because car remotes are categorised as short-range devices that make use of radiofrequency to lock and unlock cars, there are immediate dangers in a new hacking method which sees hackers take advantage to unlock and start a compromised car,” said Adinde, quoted by Vanguard Nigeria.

According to CSIRT’s report, the cybercrime attack is what is known as a “Man-in-the-Middle” attack, or a reply attack, in which a threat actor intercepts the radio signal used by car remotes and manipulates the signal in order for the criminal to remotely unlock the car at a later time – like when the owner has lost sight of the vehicle – and gain access.

Some vehicles are more susceptible to these attacks than others, such as certain Honda or Acura models which can be started without ignition keys. These model vehicles can have their engines started wirelessly using the same reply attack method. By the time the owner returns, their car has vanished with no broken glass or alarm bells to tell the owner of what occurred.

“The attack consists of a threat actor capturing the radiofrequency…

Source…

Tag Archive for: cars