Recent car thefts have involved technology concealed inside outdated Nokia phones and Bluetooth speakers. This brand-new type of car theft is becoming more prevalent in the US.
Criminals use tiny gadgets to interface with the car’s control system, sometimes hidden within innocent-looking Bluetooth speakers or cell phones.
This makes it possible for thieves with little technological expertise to steal cars without a key, sometimes in as little as 15 seconds.
With the gadgets available online for a few thousand dollars, the barrier to stealing even high-end luxury cars is significantly decreased.
How Thieves Steal Cars Using Outdated Cell Phones?
According to YouTube videos exhibiting the technique, identified by Motherboard is the one where a man uses a Nokia 3310 to start a Toyota.
A man is repeatedly tapping a button next to the steering wheel while seated in the driver’s seat of a Toyota.
The engine fails to start, and a red light flashes. Because he lacks the key, the man pulls out an everyday object: a Nokia 3310 phone.
Using a black cable, the man connects his phone to his vehicle. He selects a few options on the tiny LCD screen of the 3310. The display reads, “CONNECT. GET DATA.” He then tries starting his car once more. The engine roars while the light turns green.
Reports say the technology is sold for between $2,700 and $19,600 on numerous websites and Telegram channels. One vendor sells the Nokia 3310 phone for 3,500 Euros ($3,800), while another advertises it for 4,300 Euros ($4,300).
When one person offered to sell engine starters online, Motherboard pretended to be an interested buyer. That person stated they would use DHL to send a device to the United States.
“Yes, Nokia works with USA cars,” they wrote, referring to the engine starter hidden inside a Nokia phone. The seller said they take Western Union, MoneyGram, bank transfers, and cryptocurrency.
One advertisement for a device concealed inside a Bluetooth speaker bearing the JBL logo reads, “JBL Unlock + Start.” “No key is required!”
According to the advertisement, a range of Toyota and Lexus vehicles can use this particular device: “Our device has a cool stealthy style and look,” it claims.
Ken Tindell, CTO at vehicle cybersecurity company Canis Labs, wrote in an email to Motherboard, “The device does all the work for them, all they have to do is take two wires from the device, detach the headlight, and stuff the wires into the right holes in the vehicle side of the connector.”
Tindell and Ian Tabor, a colleague in automotive cybersecurity where Tabor purchased a device for reverse engineering after it appeared that auto thieves used one to steal his own Toyota RAV4 last year.
Tabor researched and discovered devices for sale that target Jeeps, Maseratis, and other car models.
Keyless repeaters are a different kind of vehicle theft deterrent that Motherboard has previously spoken with vendors about.
These send signals from a victim’s car key, which may be in their home, to their automobile, either in the driveway or nearby. But thieves don’t need the car key to operate with these modern gadgets.
Despite the devices’ high cost, the one Tabor purchased only had parts worth $10. These comprise another CAN-related chip and a chip containing CAN hardware and firmware.
The assault, known as CAN (controller area network) injection, operates, by Tindell and Tabor’s study, by delivering fake messages that seem to originate from the car’s smart key receiver, the research adds.
The Effective Solution
The only efficient remedy, according to Tindell, would be to add cryptographic protections to CAN messages. He stated that a software update may accomplish this.
“The software is straightforward, and the only complex part is introducing the cryptographic key management infrastructure. But since new vehicle platforms are already deploying cryptographic solutions, that infrastructure is either in place or has to be built anyway,” Tindell said.
“Vehicle theft is an industry-wide challenge that Toyota takes seriously. Even with technological advances, thieves reportedly are devising ways to circumvent existing anti-theft systems.
We are committed to continuing to work on this issue with theft prevention experts, law enforcement, and other key stakeholders”, Corey Proffitt, senior manager of connected communications at Toyota Motor North America, told Motherboard in an email.
Building Your Malware Defense Strategy – Download Free E-Book
Also Read:
The Relatively Unknown Car Hacking Threat
PASTA – A New Car Hacking Tool Developed by Toyota to Test The Security Vulnerabilities