Can bus now been hacked for vehicle theft

[yvesjv]

This on the geek channels, its quite a good read on how smart the crooks are evolving into
https://www.theregister.com/2023/04/06/can_injection_attack_car_theft

[voids]

Quite smart actually.  but the reality is most car thieves our way are just opportunistic or break into houses and steel keys that are easily found.   

cant speak for the later Isuzus but the Ist gen Mux doesn't have canbus in the exterior lighting circuts.

Either way even if they do get my keys wont be starting mine too easy unless they know where the hidden switch is.   

[mewgaf]

Not very surprising.
Car electronics are about as sophisticated as computers in the 70’s and 80’s.
I worked in IT security for a long time after being a motor mechanic.
The CAN Bus has no protection and getting added user function is more important.
Like I want to start my car and have it warm or remote open doors or wind down windows from any part of the world.

[wj957]

Worse than that, most cars today, keyless or not, have a RF function within the key or fob.

Today sensitive devices can pick up the RF signal from your key/fob whilst parked in front of your house, and your keys sitting on the kitchen bench etc.

With that code they can transmit a signal to unlock your car and start it, all while you watch TV or sleep.

The answer, KEEP YOUR KEYS IN AN RFID POUCH! (about $15 on the web)

[rockfall]

Not overly familiar with CAN bus protocols but did quick search, and as mewgaf said, it seems to lack security. There's a focus on integrity (i.e. messages sent within the vehicle have not been corrupted) rather than security (rejecting messages injected by an attacker). These types of attacks are probably rare enough that manufacturers can keep skimping.

I don't think RFID is needed. I'm sure modern keys (like garage door openers) use a different code each time they are used. That doesn't mean they are invulnerable, but more than just a simple record/playback would be needed.

If the car has keyless entry, maybe an attacker could send a signal pretending to be the car and try to capture what the key sends back in response, but again these codes are probably only used once. Sounds like a fairly sophisticated attack, if it's feasible at all.

[mewgaf]

The early version of keyless entry you could open car and drive off car and then car would only need key once the car engine was stopped and you needed to start it again.
Now the car polls key fob every x period of time, but it still won’t stop the engine while you are driving (they don’t want you to cause freeway jams with your stolen car).
But the key fobs do a hash key exchange every x period to make it harder. But you can buy the tools to scan this traffic and decrypt this traffic easy enough.
The tools to recode fobs are not that expensive.


Mark

[CirLott]

This on the geek channels, its quite a good read on how smart the crooks are evolving into
https://www.theregister.com/2023/04/06/can_injection_attack_car_theft_here

Hell, it's not just thieves anymore, it's real hackers.....

[CirLott]

Not very surprising.
Car electronics are about as sophisticated as computers in the 70’s and 80’s.
I worked in IT security for a long time after being a motor mechanic.
The CAN Bus has no protection and getting added user function is more important.
Like I want to start my car and have it warm or remote open doors or wind down windows from any part of the world.

I don't know anything about electronics. But I have a question: why not just protect the CAN bus?

[yvesjv]

I don't know anything about electronics. But I have a question: why not just protect the CAN bus?

That is an excellent question.

The CAN bus probably has a focus on real time messaging and retaining integrity of the message.
But we are seeing IOT devices that are running some real time kernel types everywhere.
Wouldn't be surprised if someone has already thought of placing an IOT type controller (running on arm or similar) smack bang in the car as the 'brains'. This would make it possible to secure the car.

[mewgaf]

The problem with the Can Bus Protocol, is that it does not have any security built in. So it’s like building a house and not fitting locks to the doors. Anybody can walk in and then they could listen to messages or pretend to send a message from any device and nobody says are you really you or is your message from you.
A complete rework of this protocol needs to be done (which was needed in the 80’s) but who is going to do it?
Until cars are being crashed and people killed nothing will be done.
Like most things with politics and so many players something one day will happen, as it is there is a base standard but most car manufacturers go their own way.


Hope this helps
Mark

[yvesjv]

Yep, you're right.
Just looked it up.
It's wide open for a mitm attack or more...
https://www.vice.com/en/article/ae33jk/we-drove-a-car-while-it-was-being-hacked

[rockfall]

Interesting topic. I did a bit of looking, and as you would expect, seems like some smart people are working on solutions.

e.g. I found this interview with a guy who is the CTO of  a company focusing on CAN bus security. It's mainly on a technical level, very interesting read (I read the transcript rather than watching it).

https://resources.altium.com/p/security-can-bus-ken-tindell

The company website looks like it has a lot of interesting info - wish I had time to read it: https://canislabs.com/

Sounds like there are some current or upcoming ways that CAN bus security can be greatly improved. But it comes down to vehicle manufacturers, and what resources they want to put into addressing the issues.

[mewgaf]

To be honest
[size=78%]Systems can be Locked down (secured).[/size]
But there are costs.
It costs more to produce to parts, because they need extra processing power for security.
It costs more in time to transact authentication. (AAA).
By any means I’m not saying it shouldn’t be secure.
Also Security and systems should be done in separate layers. The media systems and engine systems should be seperate and isolated.


But people think its important to drive there cars by there phones now and security is always a second thought.


Mark

[yvesjv]

Also Security and systems should be done in separate layers. The media systems and engine systems should be seperate and isolated.

Totally agree with you there but probably will not happen easily.
The media systems should be its own and have read access only to the the core system(s) of the vehicle. I do like the statistics provided on the screen.
Anyone with a bluetooth scanner, nfc or an rfid scanner (think kali) should be blocked.

Or get an old car to drive, no technology there.
If anyone wants to trade their 1976 Torana SS LX for my Dmax, get in touch with me. I'll even settle for the 1978 SL/R 

[mewgaf]

yvesjv
I had a 77’ A9X Torana LX for many years. Great touring car. Wanted to keep it till I was old and grey.